Jump to content

trojan:dos/alureon.a


ozzie4
 Share

Recommended Posts

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)

Hello there, ozzie4

 

:wp:

 

I'm Conspire, I'll be glad to help you with your computer problems.

 

Please observe these rules while we work:

  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Link to comment
Share on other sites

Hello there,

 

I'd like you to copy/paste the logs for easier reading instead of uploading it as attachment in future. Thanks :)

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

 

On your next reply please post :

DDS log

Checkup log

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Edited by Conspire
Link to comment
Share on other sites

Hi Conspire,

 

I must confess, I had a brain cramp and ran tdsskiller from kaspersky after posting the HJT log so I have posted a updated HJT log also. Hope I didn't screw us up. I am off to work for the day after this post. I may have time at noon to get on computer. Thanks, ozzie4

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:09:41 AM, on 2/6/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

 

Running processes:

C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29ccSvcHst.exe

C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe

C:Program Files (x86)HallmarkHallmark Card Studio 2007 DeluxePlannerPLNRnote.exe

C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe

C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe

C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

C:WindowsSysWOW64RunDll32.exe

C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe

C:Program Files (x86)CyberLinkYouCamYCMMirage.exe

C:PROGRA~2MICROS~1Office14OUTLOOK.EXE

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0mswinext.exe

C:Program Files (x86)MicrosoftSearch Enhancement PackSCServerSCServer.exe

C:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe

C:UsersDavidDesktopHijackThis.exe

 

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://g.msn.com/HPNOT/1

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://g.msn.com/HPNOT/1

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=<local>

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1;<local>

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29IPSIPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~1Office14URLREDIR.DLL

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29coIEPlg.dll

O3 - Toolbar: @C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll

O4 - HKLM..Run: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe

O4 - HKLM..Run: [iMSS] "C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe"

O4 - HKLM..Run: [Microsoft Default Manager] "C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume

O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe

O4 - HKLM..Run: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

O4 - HKLM..Run: [Conime] %windir%system32conime.exe

O4 - HKCU..Run: [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden

O4 - HKCU..Run: [Google Update] "C:UsersDavidAppDataLocalGoogleUpdateGoogleUpdate.exe" /c

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..RunOnce: [KodakHomeCenter] "C:Program Files (x86)KodakAiOCenterAiOHomeCenter.exe" (User 'SYSTEM')

O4 - HKUS.DEFAULT..RunOnce: [KodakHomeCenter] "C:Program Files (x86)KodakAiOCenterAiOHomeCenter.exe" (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Event Planner Reminder.lnk = ?

O4 - Global Startup: Snapfish PictureMover.lnk = C:Program Files (x86)PictureMoverBinPictureMover.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~1Office14EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:PROGRA~2MICROS~1Office14ONBttnIE.dll/105

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O15 - Trusted Zone: http://*.myfairpoint.net

O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} (SlingHealth Class) - http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program Files (x86)CanonCALCALMAIN.exe

O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program Files (x86)Common FilesLightScribeLSSrvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29ccSvcHst.exe

O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: RoxioNow Service - Roxio - C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:Program FilesIDTWDMSTacSV64.exe

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe

O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

O24 - Desktop Component 1: Warning homepage - C:WINDOWSwarnhp.html

 

--

End of file - 14250 bytes

 

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by David at 7:00:50 on 2012-02-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2077 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Program FilesIDTWDMSTacSV64.exe

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32WLANExt.exe

C:Windowssystem32conhost.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe

C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe

C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe

C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe

C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe

C:Program Files (x86)Common FilesLightScribeLSSrvc.exe

C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe

C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29ccSvcHst.exe

C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe

C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe

C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Windowssystem32taskhost.exe

C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29ccSvcHst.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program Files (x86)CanonCALCALMAIN.exe

C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe

C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE

C:Windowssystem32SearchIndexer.exe

C:WindowsSystem32rundll32.exe

C:Windowssystem32svchost.exe -k bthsvcs

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WindowsSystem32hkcmd.exe

C:WindowsSystem32igfxpers.exe

C:Program FilesIDTWDMsttray64.exe

C:WindowsSystem32spooldriversx643EKAiO2MUI.exe

C:Program FilesMicrosoft Security Clientmsseces.exe

C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe

C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe

C:Program Files (x86)HallmarkHallmark Card Studio 2007 DeluxePlannerPLNRnote.exe

C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe

C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe

C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe

C:WindowsSysWOW64RunDll32.exe

C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe

C:Windowssystem32taskeng.exe

C:Program Files (x86)CyberLinkYouCamYCMMirage.exe

C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPrivacyIconClient.exe

C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe

C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Main.exe

C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe

C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

C:Program Files (x86)Hewlett-PackardSharedhpCaslNotification.exe

C:PROGRA~2MICROS~1Office14OUTLOOK.EXE

C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0mswinext.exe

C:Program Files (x86)MicrosoftSearch Enhancement PackSCServerSCServer.exe

C:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32igfxsrvc.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:WindowsSysWOW64cmd.exe

C:Windowssystem32conhost.exe

C:WindowsSysWOW64cscript.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.msn.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.msn.com

uInternet Settings,ProxyOverride = 127.0.0.1;<local>

uInternet Settings,ProxyServer = http=<local>

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29IPSIPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:PROGRA~2MICROS~1Office14URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29coIEPlg.dll

TB: @C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll

uRun: [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden

uRun: [Google Update] "C:UsersDavidAppDataLocalGoogleUpdateGoogleUpdate.exe" /c

mRun: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe

mRun: [iMSS] "C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe"

mRun: [Microsoft Default Manager] "C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe

mRun: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun: [Conime] %windir%system32conime.exe

dRunOnce: [KodakHomeCenter] "C:Program Files (x86)KodakAiOCenterAiOHomeCenter.exe"

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupBLUETO~1.LNK - C:Program Files (x86)WIDCOMMBluetooth SoftwareBTTray.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupEVENTP~1.LNK - C:WindowsInstaller{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSNAPFI~1.LNK - C:Program Files (x86)PictureMoverBinPictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - C:PROGRA~2MICROS~1Office14ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll

Trusted Zone: myfairpoint.net

DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 64.222.165.243 64.222.84.243

TCP: Interfaces{2D38F8DA-1844-454B-9458-4B12725B2A08} : DhcpNameServer = 64.222.165.243 64.222.84.243

TCP: Interfaces{2D38F8DA-1844-454B-9458-4B12725B2A08}2496274644F676D27657563747 : DhcpNameServer = 64.222.165.243 64.222.84.243

TCP: Interfaces{2D38F8DA-1844-454B-9458-4B12725B2A08}34963736F62363332343 : DhcpNameServer = 64.222.165.243 64.222.84.243

TCP: Interfaces{2D38F8DA-1844-454B-9458-4B12725B2A08}45865602D4F6F63756 : DhcpNameServer = 68.87.71.230 68.87.73.246

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common Filesmicrosoft sharedOFFICE14MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:Program Files (x86)Common FilesLightScribeLSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29IPSIPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~1Office14URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29coIEPlg.dll

TB-X64: @C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MSN ToolbarPlatform6.0.2282.0npwinext.dll

mRun-x64: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe

mRun-x64: [iMSS] "C:Program Files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe"

mRun-x64: [Microsoft Default Manager] "C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume

mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun-x64: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe

mRun-x64: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

mRun-x64: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun-x64: [Conime] %windir%system32conime.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:Windowssystem32driversNISx641206000.01DSYMDS64.SYS --> C:Windowssystem32driversNISx641206000.01DSYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:Windowssystem32driversNISx641206000.01DSYMEFA64.SYS --> C:Windowssystem32driversNISx641206000.01DSYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsBASHDefs20100810.004BHDrvx64.sys [2011-3-12 945200]

R1 IDSVia64;IDSVia64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsIPSDefs20100706.002IDSVia64.sys [2011-3-12 463408]

R1 MpFilter;Microsoft Malware Protection Driver;C:Windowssystem32DRIVERSMpFilter.sys --> C:Windowssystem32DRIVERSMpFilter.sys [?]

R1 SymIRON;Symantec Iron Driver;C:Windowssystem32driversNISx641206000.01DIronx64.SYS --> C:Windowssystem32driversNISx641206000.01DIronx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:Windowssystem32DriversNISx641206000.01DSYMNETS.SYS --> C:Windowssystem32DriversNISx641206000.01DSYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:Windowssystem32DRIVERSvwififlt.sys --> C:Windowssystem32DRIVERSvwififlt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:Program Files (x86)Common Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE [2010-10-20 821664]

R2 HP Support Assistant Service;HP Support Assistant Service;C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe [2011-6-21 85560]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-7-21 103992]

R2 HPClientSvc;HP Client Services;C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-9-1 227896]

R2 HPWMISVC;HPWMISVC;C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2011-6-14 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-3-12 13336]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe [2011-12-19 394672]

R2 NIS;Norton Internet Security;C:Program Files (x86)Norton Internet SecurityEngine18.6.0.29ccsvchst.exe [2011-6-2 130008]

R2 RoxioNow Service;RoxioNow Service;C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-9-11 399344]

R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2011-8-14 1153368]

R2 sftlist;Application Virtualization Client;C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [2010-9-14 508264]

R2 UNS;Intel® Management & Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2011-3-12 2320920]

R3 btwampfl;Bluetooth AMP USB Filter;C:Windowssystem32driversbtwampfl.sys --> C:Windowssystem32driversbtwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:Windowssystem32DRIVERSbtwl2cap.sys --> C:Windowssystem32DRIVERSbtwl2cap.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:Windowssystem32DRIVERSclwvd.sys --> C:Windowssystem32DRIVERSclwvd.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:Windowssystem32DRIVERSHECIx64.sys --> C:Windowssystem32DRIVERSHECIx64.sys [?]

R3 Impcd;Impcd;C:Windowssystem32DRIVERSImpcd.sys --> C:Windowssystem32DRIVERSImpcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:Windowssystem32DRIVERSIntcDAud.sys --> C:Windowssystem32DRIVERSIntcDAud.sys [?]

R3 osppsvc;Office Software Protection Platform;C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:Windowssystem32DRIVERSRt64win7.sys --> C:Windowssystem32DRIVERSRt64win7.sys [?]

R3 Sftfs;Sftfs;C:Windowssystem32DRIVERSSftfslh.sys --> C:Windowssystem32DRIVERSSftfslh.sys [?]

R3 Sftplay;Sftplay;C:Windowssystem32DRIVERSSftplaylh.sys --> C:Windowssystem32DRIVERSSftplaylh.sys [?]

R3 Sftredir;Sftredir;C:Windowssystem32DRIVERSSftredirlh.sys --> C:Windowssystem32DRIVERSSftredirlh.sys [?]

R3 Sftvol;Sftvol;C:Windowssystem32DRIVERSSftvollh.sys --> C:Windowssystem32DRIVERSSftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2010-9-14 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:Windowssystem32DRIVERSvwifimp.sys --> C:Windowssystem32DRIVERSvwifimp.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:Windowssystem32DRIVERSWSDPrint.sys --> C:Windowssystem32DRIVERSWSDPrint.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-6-7 136176]

S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-6-7 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:Windowssystem32DRIVERSMpNWMon.sys --> C:Windowssystem32DRIVERSMpNWMon.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:Windowssystem32DRIVERSnetw5v64.sys --> C:Windowssystem32DRIVERSnetw5v64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:Windowssystem32DRIVERSNisDrvWFP.sys --> C:Windowssystem32DRIVERSNisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-4-27 288272]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:Windowssystem32DRIVERSRtsPStor.sys --> C:Windowssystem32DRIVERSRtsPStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:Windowssystem32DRIVERSVSTAZL6.SYS --> C:Windowssystem32DRIVERSVSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:Windowssystem32DRIVERSVSTDPV6.SYS --> C:Windowssystem32DRIVERSVSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:Windowssystem32DRIVERSVSTCNXT6.SYS --> C:Windowssystem32DRIVERSVSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:Windowssystem32driverstsusbflt.sys --> C:Windowssystem32driverstsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:Windowssystem32DRIVERSyk62x64.sys --> C:Windowssystem32DRIVERSyk62x64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-02-06 11:43:52 69000 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{BBA0554E-8C92-4CEE-B4EC-CC3E24643F92}offreg.dll

2012-02-05 21:27:04 8602168 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-02-05 21:26:54 8602168 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{BBA0554E-8C92-4CEE-B4EC-CC3E24643F92}mpengine.dll

2012-02-05 16:57:18 -------- d-----w- C:TDSSKiller_Quarantine

2012-02-05 13:16:30 20480 ----a-w- C:Windowssvchost.exe

2012-02-05 12:44:47 -------- d-----w- C:UsersDavidAppDataRoamingMalwarebytes

2012-02-05 12:44:33 -------- d-----w- C:ProgramDataMalwarebytes

2012-02-05 12:44:31 23152 ----a-w- C:WindowsSystem32driversmbam.sys

2012-02-05 12:44:31 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware

2012-02-04 22:44:22 -------- d-----w- C:ProgramDataPC Tools

2012-02-04 20:19:38 917840 ------w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{77C727A1-18EE-436A-8783-58386F473BB5}gapaengine.dll

2012-02-04 19:16:15 -------- d-----w- C:Program Files (x86)Microsoft Security Client

2012-02-04 19:16:00 -------- d-----w- C:Program FilesMicrosoft Security Client

2012-02-04 19:02:58 514560 ----a-w- C:WindowsSysWow64qdvd.dll

2012-02-04 19:02:58 366592 ----a-w- C:WindowsSystem32qdvd.dll

2012-02-04 19:02:58 1572864 ----a-w- C:WindowsSystem32quartz.dll

2012-02-04 19:02:58 1328128 ----a-w- C:WindowsSysWow64quartz.dll

2012-02-04 18:59:53 1731920 ----a-w- C:WindowsSystem32ntdll.dll

2012-02-04 18:59:53 1292080 ----a-w- C:WindowsSysWow64ntdll.dll

2012-02-04 18:59:18 912504 ----a-w- C:WindowsSystem32driversNISx641207000.00Dsymefa64.sys

2012-02-04 18:59:18 744568 ----a-w- C:WindowsSystem32driversNISx641207000.00Dsrtsp64.sys

2012-02-04 18:59:18 450680 ----a-w- C:WindowsSystem32driversNISx641207000.00Dsymds64.sys

2012-02-04 18:59:18 40568 ----a-w- C:WindowsSystem32driversNISx641207000.00Dsrtspx64.sys

2012-02-04 18:59:18 386168 ----a-w- C:WindowsSystem32driversNISx641207000.00Dsymnets.sys

2012-02-04 18:59:18 171128 ----a-w- C:WindowsSystem32driversNISx641207000.00Dironx64.sys

2012-02-04 18:59:06 77312 ----a-w- C:WindowsSystem32packager.dll

2012-02-04 18:59:06 67072 ----a-w- C:WindowsSysWow64packager.dll

2012-02-04 18:59:03 -------- d-----w- C:WindowsSystem32driversNISx641207000.00D

2012-02-04 18:33:11 8822856 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{8F407FDD-1FD7-4FD3-A0AE-2FAEB7DD729D}mpengine.dll

2012-02-04 18:01:20 -------- d--h--w- C:_Exception1

2012-02-04 00:42:50 6656 ----a-w- C:ProgramDataMicrosoftWindowsDRM25C7.tmp

2012-02-04 00:42:50 6656 ----a-w- C:ProgramDataMicrosoftWindowsDRM25C6.tmp

2012-02-03 12:19:55 -------- d-----w- C:Program Files (x86)Common FilesIntel Corporation

2012-01-22 14:09:19 -------- d-----w- C:UsersDavidAppDataRoamingPrinter Info Cache

2012-01-18 11:58:51 -------- d-----w- C:Program Files (x86)Sling Media

2012-01-14 01:32:07 -------- d-----w- C:UsersDavidAppDataLocal{0365AC1B-F1C9-4E3D-BC77-C052CC1494AA}

2012-01-14 01:31:55 -------- d-----w- C:UsersDavidAppDataLocal{90D0458D-B533-4ABB-9A24-1FBC9FDD6842}

2012-01-14 01:27:44 -------- d-----w- C:UsersDavidAppDataLocal{AA911243-F142-4CB7-A326-361100670A30}

2012-01-14 01:27:32 -------- d-----w- C:UsersDavidAppDataLocal{B16CFB5B-346D-4F8F-A9F0-D2D15AEA700F}

2012-01-12 23:01:49 -------- d-----w- C:UsersDavidAppDataLocal{4C5D7F47-D4AC-4072-A5AC-7A9346A2A7AA}

2012-01-12 23:01:38 -------- d-----w- C:UsersDavidAppDataLocal{A7B6032F-124C-4032-AC67-351DA4E9F104}

2012-01-12 23:00:17 -------- d-----w- C:UsersDavidAppDataLocal{0BF9B659-EFFC-44A2-B0DA-B49A4E010BEB}

2012-01-12 23:00:05 -------- d-----w- C:UsersDavidAppDataLocal{D0DD6E83-630E-4C29-9552-18A3A6C8CF7D}

2012-01-08 21:09:17 -------- d-----w- C:UsersDavidAppDataLocal{43011CD4-8649-427A-A22B-10B910275753}

2012-01-08 21:09:05 -------- d-----w- C:UsersDavidAppDataLocal{E2C58202-C60C-463C-95C6-2F429A69F47B}

.

==================== Find3M ====================

.

2012-01-31 12:44:20 279656 ------w- C:WindowsSystem32MpSigStub.exe

2011-12-10 15:22:44 1058304 ----a-w- C:WindowsSystem32EKAiO2MON.dll

2011-12-10 15:22:28 177664 ----a-w- C:WindowsSystem32EKAiO2COI07.dll

2011-12-10 15:21:38 122368 ----a-w- C:WindowsSystem32EKaio2WiaCoInst.dll

2011-12-10 15:21:36 10240 ----a-w- C:WindowsSystem32EKaio2WiaCoInstRes.dll

2011-12-04 16:15:57 414368 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2011-11-24 13:55:11 90112 ----a-w- C:WindowsSystem32igfxCoIn_v2476.dll

2011-11-24 13:53:25 74272 ----a-w- C:WindowsSystem32RtNicProp64.dll

2011-11-24 13:53:25 565352 ----a-w- C:WindowsSystem32driversRt64win7.sys

2011-11-24 13:53:25 107552 ----a-w- C:WindowsSystem32RTNUninst64.dll

2011-11-24 04:52:09 3145216 ----a-w- C:WindowsSystem32win32k.sys

2011-11-17 06:49:14 95600 ----a-w- C:WindowsSystem32driversksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:WindowsSystem32driversksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:WindowsSystem32driverscng.sys

2011-11-17 06:35:28 395776 ----a-w- C:WindowsSystem32webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:WindowsSystem32sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:WindowsSystem32sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:WindowsSystem32schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:WindowsSystem32secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:WindowsSystem32lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:WindowsSystem32lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:WindowsSysWow64webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:WindowsSysWow64schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:WindowsSysWow64secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:WindowsSysWow64sspicli.dll

.

============= FINISH: 7:01:53.72 ===============

 

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Spybot - Search & Destroy

Java 6 Update 26

Java version out of date!

Adobe Reader 9 Adobe Reader out of date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Windows Defender MSMpEng.exe

Spybot Teatimer.exe is disabled!

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Attach.txt

Link to comment
Share on other sites

A couple of things I need from you. Please copy/paste TDSSK log in your next reply. It should be somewhere in C:TDSSKiller.<version_date_time>log.txt

 

Also I need you to tell me what is the current state of your computer i.e. symptoms etc

Link to comment
Share on other sites

After running the tdsskiller, rebooting and running it again as instructed, computer seems to running fine. Startup and shut down are much faster than Friday night when I discovered I had big problems. Accessing the internet is much faster as is browsing thru IE. I had to uninstall Google Chrome as computer would shut down when trying to open it although I did not try it after tdsskiller, I just downloaded a fresh Chrome. I do notice popups when on IE opening that I haven't clicked on though. I have been avoiding sending e-mail because I don't want to infect another machine. Is it safe to send email or should I not?

 

11:55:13.0509 5340 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

11:55:15.0537 5340 ============================================================

11:55:15.0537 5340 Current date / time: 2012/02/05 11:55:15.0537

11:55:15.0537 5340 SystemInfo:

11:55:15.0537 5340

11:55:15.0537 5340 OS Version: 6.1.7601 ServicePack: 1.0

11:55:15.0537 5340 Product type: Workstation

11:55:15.0537 5340 ComputerName: OZZIE

11:55:15.0537 5340 UserName: David

11:55:15.0537 5340 Windows directory: C:Windows

11:55:15.0537 5340 System windows directory: C:Windows

11:55:15.0537 5340 Running under WOW64

11:55:15.0537 5340 Processor architecture: Intel x64

11:55:15.0537 5340 Number of processors: 4

11:55:15.0537 5340 Page size: 0x1000

11:55:15.0537 5340 Boot type: Normal boot

11:55:15.0537 5340 ============================================================

11:55:16.0130 5340 Drive DeviceHarddisk0DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:55:16.0130 5340 DeviceHarddisk0DR0:

11:55:16.0130 5340 MBR used

11:55:16.0130 5340 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

11:55:16.0130 5340 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385CF000

11:55:16.0130 5340 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x38633000, BlocksNum 0x1D1F000

11:55:16.0130 5340 DeviceHarddisk0DR0Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830

11:55:16.0224 5340 Initialize success

11:55:16.0224 5340 ============================================================

11:55:24.0835 5280 ============================================================

11:55:24.0835 5280 Scan started

11:55:24.0835 5280 Mode: Manual;

11:55:24.0835 5280 ============================================================

11:55:25.0771 5280 1394ohci (a87d604aea360176311474c87a63bb88) C:Windowssystem32drivers1394ohci.sys

11:55:25.0771 5280 1394ohci - ok

11:55:25.0896 5280 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:Windowssystem32driversACPI.sys

11:55:25.0896 5280 ACPI - ok

11:55:26.0020 5280 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:Windowssystem32driversacpipmi.sys

11:55:26.0020 5280 AcpiPmi - ok

11:55:26.0145 5280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:Windowssystem32DRIVERSadp94xx.sys

11:55:26.0161 5280 adp94xx - ok

11:55:26.0286 5280 adpahci (597f78224ee9224ea1a13d6350ced962) C:Windowssystem32DRIVERSadpahci.sys

11:55:26.0286 5280 adpahci - ok

11:55:26.0395 5280 adpu320 (e109549c90f62fb570b9540c4b148e54) C:Windowssystem32DRIVERSadpu320.sys

11:55:26.0395 5280 adpu320 - ok

11:55:26.0551 5280 AFD (d5b031c308a409a0a576bff4cf083d30) C:Windowssystem32driversafd.sys

11:55:26.0551 5280 AFD - ok

11:55:26.0691 5280 agp440 (608c14dba7299d8cb6ed035a68a15799) C:Windowssystem32driversagp440.sys

11:55:26.0691 5280 agp440 - ok

11:55:26.0832 5280 aliide (5812713a477a3ad7363c7438ca2ee038) C:Windowssystem32driversaliide.sys

11:55:26.0832 5280 aliide - ok

11:55:27.0300 5280 amdide (1ff8b4431c353ce385c875f194924c0c) C:Windowssystem32driversamdide.sys

11:55:27.0300 5280 amdide - ok

11:55:27.0409 5280 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:Windowssystem32DRIVERSamdk8.sys

11:55:27.0409 5280 AmdK8 - ok

11:55:27.0518 5280 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:Windowssystem32DRIVERSamdppm.sys

11:55:27.0518 5280 AmdPPM - ok

11:55:27.0627 5280 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:Windowssystem32driversamdsata.sys

11:55:27.0627 5280 amdsata - ok

11:55:27.0690 5280 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:Windowssystem32DRIVERSamdsbs.sys

11:55:27.0690 5280 amdsbs - ok

11:55:27.0752 5280 amdxata (540daf1cea6094886d72126fd7c33048) C:Windowssystem32driversamdxata.sys

11:55:27.0752 5280 amdxata - ok

11:55:27.0846 5280 AppID (89a69c3f2f319b43379399547526d952) C:Windowssystem32driversappid.sys

11:55:27.0846 5280 AppID - ok

11:55:27.0924 5280 arc (c484f8ceb1717c540242531db7845c4e) C:Windowssystem32DRIVERSarc.sys

11:55:27.0924 5280 arc - ok

11:55:28.0017 5280 arcsas (019af6924aefe7839f61c830227fe79c) C:Windowssystem32DRIVERSarcsas.sys

11:55:28.0017 5280 arcsas - ok

11:55:28.0080 5280 AsyncMac (769765ce2cc62867468cea93969b2242) C:Windowssystem32DRIVERSasyncmac.sys

11:55:28.0095 5280 AsyncMac - ok

11:55:28.0220 5280 atapi (02062c0b390b7729edc9e69c680a6f3c) C:Windowssystem32driversatapi.sys

11:55:28.0220 5280 atapi - ok

11:55:28.0345 5280 b06bdrv (3e5b191307609f7514148c6832bb0842) C:Windowssystem32DRIVERSbxvbda.sys

11:55:28.0360 5280 b06bdrv - ok

11:55:28.0470 5280 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:Windowssystem32DRIVERSb57nd60a.sys

11:55:28.0470 5280 b57nd60a - ok

11:55:28.0688 5280 BCM43XX (461e574d7967e895640109a371a912a5) C:Windowssystem32DRIVERSbcmwl664.sys

11:55:28.0782 5280 BCM43XX - ok

11:55:28.0922 5280 Beep (16a47ce2decc9b099349a5f840654746) C:Windowssystem32driversBeep.sys

11:55:28.0922 5280 Beep - ok

11:55:29.0109 5280 BHDrvx64 (95da658498248d5832aa240850706150) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsBASHDefs20100810.004BHDrvx64.sys

11:55:29.0125 5280 BHDrvx64 - ok

11:55:29.0234 5280 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:Windowssystem32DRIVERSblbdrive.sys

11:55:29.0234 5280 blbdrive - ok

11:55:29.0359 5280 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:Windowssystem32DRIVERSbowser.sys

11:55:29.0359 5280 bowser - ok

11:55:29.0468 5280 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:Windowssystem32DRIVERSBrFiltLo.sys

11:55:29.0468 5280 BrFiltLo - ok

11:55:29.0562 5280 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:Windowssystem32DRIVERSBrFiltUp.sys

11:55:29.0562 5280 BrFiltUp - ok

11:55:29.0686 5280 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:WindowsSystem32DriversBrserid.sys

11:55:29.0686 5280 Brserid - ok

11:55:29.0796 5280 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:WindowsSystem32DriversBrSerWdm.sys

11:55:29.0796 5280 BrSerWdm - ok

11:55:29.0905 5280 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:WindowsSystem32DriversBrUsbMdm.sys

11:55:29.0905 5280 BrUsbMdm - ok

11:55:30.0014 5280 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:WindowsSystem32DriversBrUsbSer.sys

11:55:30.0014 5280 BrUsbSer - ok

11:55:30.0154 5280 BthEnum (cf98190a94f62e405c8cb255018b2315) C:Windowssystem32driversBthEnum.sys

11:55:30.0154 5280 BthEnum - ok

11:55:30.0279 5280 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:Windowssystem32DRIVERSbthmodem.sys

11:55:30.0279 5280 BTHMODEM - ok

11:55:30.0388 5280 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:Windowssystem32DRIVERSbthpan.sys

11:55:30.0404 5280 BthPan - ok

11:55:30.0529 5280 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:WindowsSystem32DriversBTHport.sys

11:55:30.0544 5280 BTHPORT - ok

11:55:30.0685 5280 BTHUSB (f188b7394d81010767b6df3178519a37) C:WindowsSystem32DriversBTHUSB.sys

11:55:30.0685 5280 BTHUSB - ok

11:55:31.0168 5280 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:Windowssystem32driversbtwampfl.sys

11:55:31.0168 5280 btwampfl - ok

11:55:31.0278 5280 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:Windowssystem32driversbtwaudio.sys

11:55:31.0278 5280 btwaudio - ok

11:55:31.0402 5280 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:Windowssystem32driversbtwavdt.sys

11:55:31.0402 5280 btwavdt - ok

11:55:31.0512 5280 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:Windowssystem32DRIVERSbtwl2cap.sys

11:55:31.0512 5280 btwl2cap - ok

11:55:31.0621 5280 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:Windowssystem32DRIVERSbtwrchid.sys

11:55:31.0621 5280 btwrchid - ok

11:55:31.0761 5280 cdfs (b8bd2bb284668c84865658c77574381a) C:Windowssystem32DRIVERScdfs.sys

11:55:31.0761 5280 cdfs - ok

11:55:31.0870 5280 cdrom (f036ce71586e93d94dab220d7bdf4416) C:Windowssystem32DRIVERScdrom.sys

11:55:31.0870 5280 cdrom - ok

11:55:32.0011 5280 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:Windowssystem32DRIVERScirclass.sys

11:55:32.0011 5280 circlass - ok

11:55:32.0089 5280 CLFS (fe1ec06f2253f691fe36217c592a0206) C:Windowssystem32CLFS.sys

11:55:32.0104 5280 CLFS - ok

11:55:32.0245 5280 clwvd (50f92c943f18b070f166d019dfab3d9a) C:Windowssystem32DRIVERSclwvd.sys

11:55:32.0245 5280 clwvd - ok

11:55:32.0354 5280 CmBatt (0840155d0bddf1190f84a663c284bd33) C:Windowssystem32DRIVERSCmBatt.sys

11:55:32.0354 5280 CmBatt - ok

11:55:32.0448 5280 cmdide (e19d3f095812725d88f9001985b94edd) C:Windowssystem32driverscmdide.sys

11:55:32.0448 5280 cmdide - ok

11:55:32.0572 5280 CNG (c4943b6c962e4b82197542447ad599f4) C:Windowssystem32Driverscng.sys

11:55:32.0572 5280 CNG - ok

11:55:32.0697 5280 Compbatt (102de219c3f61415f964c88e9085ad14) C:Windowssystem32DRIVERScompbatt.sys

11:55:32.0697 5280 Compbatt - ok

11:55:32.0838 5280 CompositeBus (03edb043586cceba243d689bdda370a8) C:Windowssystem32driversCompositeBus.sys

11:55:32.0838 5280 CompositeBus - ok

11:55:32.0962 5280 crcdisk (1c827878a998c18847245fe1f34ee597) C:Windowssystem32DRIVERScrcdisk.sys

11:55:32.0962 5280 crcdisk - ok

11:55:33.0118 5280 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:Windowssystem32Driversdfsc.sys

11:55:33.0118 5280 DfsC - ok

11:55:33.0259 5280 discache (13096b05847ec78f0977f2c0f79e9ab3) C:Windowssystem32driversdiscache.sys

11:55:33.0259 5280 discache - ok

11:55:33.0384 5280 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:Windowssystem32DRIVERSdisk.sys

11:55:33.0384 5280 Disk - ok

11:55:33.0524 5280 drmkaud (9b19f34400d24df84c858a421c205754) C:Windowssystem32driversdrmkaud.sys

11:55:33.0524 5280 drmkaud - ok

11:55:33.0649 5280 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:WindowsSystem32driversdxgkrnl.sys

11:55:33.0664 5280 DXGKrnl - ok

11:55:33.0836 5280 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:Windowssystem32DRIVERSevbda.sys

11:55:33.0914 5280 ebdrv - ok

11:55:34.0086 5280 elxstor (0e5da5369a0fcaea12456dd852545184) C:Windowssystem32DRIVERSelxstor.sys

11:55:34.0101 5280 elxstor - ok

11:55:34.0210 5280 ErrDev (34a3c54752046e79a126e15c51db409b) C:Windowssystem32driverserrdev.sys

11:55:34.0210 5280 ErrDev - ok

11:55:34.0351 5280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:Windowssystem32driversexfat.sys

11:55:34.0351 5280 exfat - ok

11:55:34.0460 5280 fastfat (0adc83218b66a6db380c330836f3e36d) C:Windowssystem32driversfastfat.sys

11:55:34.0460 5280 fastfat - ok

11:55:34.0600 5280 fdc (d765d19cd8ef61f650c384f62fac00ab) C:Windowssystem32DRIVERSfdc.sys

11:55:34.0600 5280 fdc - ok

11:55:34.0741 5280 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:Windowssystem32driversfileinfo.sys

11:55:34.0741 5280 FileInfo - ok

11:55:34.0834 5280 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:Windowssystem32driversfiletrace.sys

11:55:34.0834 5280 Filetrace - ok

11:55:34.0959 5280 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:Windowssystem32DRIVERSflpydisk.sys

11:55:34.0975 5280 flpydisk - ok

11:55:35.0084 5280 FltMgr (da6b67270fd9db3697b20fce94950741) C:Windowssystem32driversfltmgr.sys

11:55:35.0100 5280 FltMgr - ok

11:55:35.0224 5280 FsDepends (d43703496149971890703b4b1b723eac) C:Windowssystem32driversFsDepends.sys

11:55:35.0224 5280 FsDepends - ok

11:55:35.0334 5280 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:Windowssystem32driversFs_Rec.sys

11:55:35.0334 5280 Fs_Rec - ok

11:55:35.0474 5280 fvevol (1f7b25b858fa27015169fe95e54108ed) C:Windowssystem32DRIVERSfvevol.sys

11:55:35.0490 5280 fvevol - ok

11:55:35.0599 5280 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:Windowssystem32DRIVERSgagp30kx.sys

11:55:35.0599 5280 gagp30kx - ok

11:55:35.0770 5280 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:Windowssystem32drivershcw85cir.sys

11:55:35.0770 5280 hcw85cir - ok

11:55:35.0942 5280 HdAudAddService (975761c778e33cd22498059b91e7373a) C:Windowssystem32driversHdAudio.sys

11:55:35.0942 5280 HdAudAddService - ok

11:55:36.0051 5280 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:Windowssystem32driversHDAudBus.sys

11:55:36.0051 5280 HDAudBus - ok

11:55:36.0160 5280 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:Windowssystem32DRIVERSHECIx64.sys

11:55:36.0160 5280 HECIx64 - ok

11:55:36.0285 5280 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:Windowssystem32DRIVERSHidBatt.sys

11:55:36.0285 5280 HidBatt - ok

11:55:36.0394 5280 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:Windowssystem32DRIVERShidbth.sys

11:55:36.0394 5280 HidBth - ok

11:55:36.0519 5280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:Windowssystem32DRIVERShidir.sys

11:55:36.0519 5280 HidIr - ok

11:55:36.0675 5280 HidUsb (9592090a7e2b61cd582b612b6df70536) C:Windowssystem32DRIVERShidusb.sys

11:55:36.0675 5280 HidUsb - ok

11:55:36.0909 5280 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:Windowssystem32driversHpSAMD.sys

11:55:36.0909 5280 HpSAMD - ok

11:55:37.0096 5280 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:Windowssystem32driversHTTP.sys

11:55:37.0112 5280 HTTP - ok

11:55:37.0237 5280 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:Windowssystem32drivershwpolicy.sys

11:55:37.0237 5280 hwpolicy - ok

11:55:37.0377 5280 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:Windowssystem32DRIVERSi8042prt.sys

11:55:37.0377 5280 i8042prt - ok

11:55:37.0518 5280 iaStor (d469b77687e12fe43e344806740b624d) C:Windowssystem32DRIVERSiaStor.sys

11:55:37.0533 5280 iaStor - ok

11:55:37.0689 5280 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:Windowssystem32driversiaStorV.sys

11:55:37.0689 5280 iaStorV - ok

11:55:37.0876 5280 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsIPSDefs20100706.002IDSVia64.sys

11:55:37.0876 5280 IDSVia64 - ok

11:55:38.0204 5280 igfx (33faa40b288002c89529dbd14f3ab72c) C:Windowssystem32DRIVERSigdkmd64.sys

11:55:38.0454 5280 igfx - ok

11:55:38.0578 5280 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:Windowssystem32DRIVERSiirsp.sys

11:55:38.0578 5280 iirsp - ok

11:55:38.0688 5280 Impcd (dd587a55390ed2295bce6d36ad567da9) C:Windowssystem32DRIVERSImpcd.sys

11:55:38.0688 5280 Impcd - ok

11:55:38.0812 5280 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:Windowssystem32DRIVERSIntcDAud.sys

11:55:38.0828 5280 IntcDAud - ok

11:55:38.0953 5280 intelide (f00f20e70c6ec3aa366910083a0518aa) C:Windowssystem32driversintelide.sys

11:55:38.0953 5280 intelide - ok

11:55:39.0046 5280 intelppm (ada036632c664caa754079041cf1f8c1) C:Windowssystem32DRIVERSintelppm.sys

11:55:39.0046 5280 intelppm - ok

11:55:39.0156 5280 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:Windowssystem32DRIVERSipfltdrv.sys

11:55:39.0156 5280 IpFilterDriver - ok

11:55:39.0265 5280 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:Windowssystem32driversIPMIDrv.sys

11:55:39.0265 5280 IPMIDRV - ok

11:55:39.0374 5280 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:Windowssystem32driversipnat.sys

11:55:39.0374 5280 IPNAT - ok

11:55:39.0483 5280 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:Windowssystem32driversirenum.sys

11:55:39.0483 5280 IRENUM - ok

11:55:39.0592 5280 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:Windowssystem32driversisapnp.sys

11:55:39.0592 5280 isapnp - ok

11:55:39.0702 5280 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:Windowssystem32driversmsiscsi.sys

11:55:39.0717 5280 iScsiPrt - ok

11:55:39.0842 5280 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:Windowssystem32driverskbdclass.sys

11:55:39.0842 5280 kbdclass - ok

11:55:39.0967 5280 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:Windowssystem32driverskbdhid.sys

11:55:39.0967 5280 kbdhid - ok

11:55:40.0107 5280 KSecDD (da1e991a61cfdd755a589e206b97644b) C:Windowssystem32Driversksecdd.sys

11:55:40.0107 5280 KSecDD - ok

11:55:40.0216 5280 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:Windowssystem32Driversksecpkg.sys

11:55:40.0216 5280 KSecPkg - ok

11:55:40.0341 5280 ksthunk (6869281e78cb31a43e969f06b57347c4) C:Windowssystem32driversksthunk.sys

11:55:40.0341 5280 ksthunk - ok

11:55:40.0482 5280 lltdio (1538831cf8ad2979a04c423779465827) C:Windowssystem32DRIVERSlltdio.sys

11:55:40.0482 5280 lltdio - ok

11:55:40.0622 5280 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:Windowssystem32DRIVERSlsi_fc.sys

11:55:40.0638 5280 LSI_FC - ok

11:55:40.0747 5280 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:Windowssystem32DRIVERSlsi_sas.sys

11:55:40.0747 5280 LSI_SAS - ok

11:55:40.0872 5280 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:Windowssystem32DRIVERSlsi_sas2.sys

11:55:40.0872 5280 LSI_SAS2 - ok

11:55:40.0996 5280 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:Windowssystem32DRIVERSlsi_scsi.sys

11:55:40.0996 5280 LSI_SCSI - ok

11:55:41.0121 5280 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:Windowssystem32driversluafv.sys

11:55:41.0121 5280 luafv - ok

11:55:41.0215 5280 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:Windowssystem32DRIVERSmegasas.sys

11:55:41.0215 5280 megasas - ok

11:55:41.0308 5280 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:Windowssystem32DRIVERSMegaSR.sys

11:55:41.0308 5280 MegaSR - ok

11:55:41.0433 5280 Modem (800ba92f7010378b09f9ed9270f07137) C:Windowssystem32driversmodem.sys

11:55:41.0433 5280 Modem - ok

11:55:41.0542 5280 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:Windowssystem32DRIVERSmonitor.sys

11:55:41.0542 5280 monitor - ok

11:55:41.0683 5280 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:Windowssystem32DRIVERSmouclass.sys

11:55:41.0683 5280 mouclass - ok

11:55:41.0854 5280 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:Windowssystem32DRIVERSmouhid.sys

11:55:41.0854 5280 mouhid - ok

11:55:41.0979 5280 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:Windowssystem32driversmountmgr.sys

11:55:41.0979 5280 mountmgr - ok

11:55:42.0120 5280 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:Windowssystem32DRIVERSMpFilter.sys

11:55:42.0120 5280 MpFilter - ok

11:55:42.0229 5280 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:Windowssystem32driversmpio.sys

11:55:42.0229 5280 mpio - ok

11:55:42.0369 5280 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:Windowssystem32DRIVERSMpNWMon.sys

11:55:42.0369 5280 MpNWMon - ok

11:55:42.0478 5280 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:Windowssystem32driversmpsdrv.sys

11:55:42.0478 5280 mpsdrv - ok

11:55:42.0603 5280 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:Windowssystem32driversmrxdav.sys

11:55:42.0603 5280 MRxDAV - ok

11:55:42.0712 5280 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:Windowssystem32DRIVERSmrxsmb.sys

11:55:42.0712 5280 mrxsmb - ok

11:55:42.0837 5280 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:Windowssystem32DRIVERSmrxsmb10.sys

11:55:42.0837 5280 mrxsmb10 - ok

11:55:42.0946 5280 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:Windowssystem32DRIVERSmrxsmb20.sys

11:55:42.0946 5280 mrxsmb20 - ok

11:55:43.0056 5280 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:Windowssystem32driversmsahci.sys

11:55:43.0056 5280 msahci - ok

11:55:43.0165 5280 msdsm (db801a638d011b9633829eb6f663c900) C:Windowssystem32driversmsdsm.sys

11:55:43.0165 5280 msdsm - ok

11:55:43.0305 5280 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:Windowssystem32driversMsfs.sys

11:55:43.0305 5280 Msfs - ok

11:55:43.0430 5280 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:WindowsSystem32driversmshidkmdf.sys

11:55:43.0430 5280 mshidkmdf - ok

11:55:43.0539 5280 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:Windowssystem32driversmsisadrv.sys

11:55:43.0539 5280 msisadrv - ok

11:55:43.0836 5280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:Windowssystem32driversMSKSSRV.sys

11:55:43.0836 5280 MSKSSRV - ok

11:55:43.0960 5280 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:Windowssystem32driversMSPCLOCK.sys

11:55:43.0960 5280 MSPCLOCK - ok

11:55:44.0101 5280 MSPQM (4ed981241db27c3383d72092b618a1d0) C:Windowssystem32driversMSPQM.sys

11:55:44.0116 5280 MSPQM - ok

11:55:44.0226 5280 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:Windowssystem32driversMsRPC.sys

11:55:44.0226 5280 MsRPC - ok

11:55:44.0350 5280 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:Windowssystem32driversmssmbios.sys

11:55:44.0350 5280 mssmbios - ok

11:55:44.0460 5280 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:Windowssystem32driversMSTEE.sys

11:55:44.0460 5280 MSTEE - ok

11:55:44.0553 5280 MTConfig (7ea404308934e675bffde8edf0757bcd) C:Windowssystem32DRIVERSMTConfig.sys

11:55:44.0569 5280 MTConfig - ok

11:55:44.0647 5280 Mup (f9a18612fd3526fe473c1bda678d61c8) C:Windowssystem32Driversmup.sys

11:55:44.0662 5280 Mup - ok

11:55:44.0787 5280 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:Windowssystem32DRIVERSnwifi.sys

11:55:44.0803 5280 NativeWifiP - ok

11:55:44.0974 5280 NAVENG (a507b7d1c5f957a1aab98794eb377654) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsVirusDefs20100813.009ENG64.SYS

11:55:44.0974 5280 NAVENG - ok

11:55:45.0177 5280 NAVEX15 (0d7d6c0fd46f12780c3bab6af891ede3) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsVirusDefs20100813.009EX64.SYS

11:55:45.0208 5280 NAVEX15 - ok

11:55:45.0364 5280 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:Windowssystem32driversndis.sys

11:55:45.0380 5280 NDIS - ok

11:55:45.0520 5280 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:Windowssystem32DRIVERSndiscap.sys

11:55:45.0520 5280 NdisCap - ok

11:55:45.0614 5280 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:Windowssystem32DRIVERSndistapi.sys

11:55:45.0614 5280 NdisTapi - ok

11:55:45.0754 5280 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:Windowssystem32DRIVERSndisuio.sys

11:55:45.0754 5280 Ndisuio - ok

11:55:45.0848 5280 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:Windowssystem32DRIVERSndiswan.sys

11:55:45.0848 5280 NdisWan - ok

11:55:45.0942 5280 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:Windowssystem32driversNDProxy.sys

11:55:45.0942 5280 NDProxy - ok

11:55:46.0051 5280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:Windowssystem32DRIVERSnetbios.sys

11:55:46.0051 5280 NetBIOS - ok

11:55:46.0176 5280 NetBT (09594d1089c523423b32a4229263f068) C:Windowssystem32DRIVERSnetbt.sys

11:55:46.0176 5280 NetBT - ok

11:55:46.0441 5280 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:Windowssystem32DRIVERSnetw5v64.sys

11:55:46.0581 5280 netw5v64 - ok

11:55:46.0722 5280 nfrd960 (77889813be4d166cdab78ddba990da92) C:Windowssystem32DRIVERSnfrd960.sys

11:55:46.0722 5280 nfrd960 - ok

11:55:46.0862 5280 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:Windowssystem32DRIVERSNisDrvWFP.sys

11:55:46.0878 5280 NisDrv - ok

11:55:46.0987 5280 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:Windowssystem32driversNpfs.sys

11:55:46.0987 5280 Npfs - ok

11:55:47.0127 5280 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:Windowssystem32driversnsiproxy.sys

11:55:47.0127 5280 nsiproxy - ok

11:55:47.0268 5280 Ntfs (a2f74975097f52a00745f9637451fdd8) C:Windowssystem32driversNtfs.sys

11:55:47.0314 5280 Ntfs - ok

11:55:47.0439 5280 Null (9899284589f75fa8724ff3d16aed75c1) C:Windowssystem32driversNull.sys

11:55:47.0439 5280 Null - ok

11:55:47.0580 5280 nvraid (0a92cb65770442ed0dc44834632f66ad) C:Windowssystem32driversnvraid.sys

11:55:47.0580 5280 nvraid - ok

11:55:47.0704 5280 nvstor (dab0e87525c10052bf65f06152f37e4a) C:Windowssystem32driversnvstor.sys

11:55:47.0704 5280 nvstor - ok

11:55:47.0814 5280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:Windowssystem32driversnv_agp.sys

11:55:47.0814 5280 nv_agp - ok

11:55:47.0954 5280 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:Windowssystem32driversohci1394.sys

11:55:47.0954 5280 ohci1394 - ok

11:55:48.0157 5280 Parport (0086431c29c35be1dbc43f52cc273887) C:Windowssystem32DRIVERSparport.sys

11:55:48.0157 5280 Parport - ok

11:55:48.0282 5280 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:Windowssystem32driverspartmgr.sys

11:55:48.0282 5280 partmgr - ok

11:55:48.0391 5280 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:Windowssystem32driverspci.sys

11:55:48.0406 5280 pci - ok

11:55:48.0516 5280 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:Windowssystem32driverspciide.sys

11:55:48.0516 5280 pciide - ok

11:55:48.0625 5280 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:Windowssystem32DRIVERSpcmcia.sys

11:55:48.0640 5280 pcmcia - ok

11:55:48.0750 5280 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:Windowssystem32driverspcw.sys

11:55:48.0750 5280 pcw - ok

11:55:48.0890 5280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:Windowssystem32driverspeauth.sys

11:55:48.0906 5280 PEAUTH - ok

11:55:49.0093 5280 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:Windowssystem32DRIVERSraspptp.sys

11:55:49.0093 5280 PptpMiniport - ok

11:55:49.0171 5280 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:Windowssystem32DRIVERSprocessr.sys

11:55:49.0171 5280 Processor - ok

11:55:49.0342 5280 Psched (0557cf5a2556bd58e26384169d72438d) C:Windowssystem32DRIVERSpacer.sys

11:55:49.0342 5280 Psched - ok

11:55:49.0467 5280 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:Windowssystem32DRIVERSql2300.sys

11:55:49.0498 5280 ql2300 - ok

11:55:49.0654 5280 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:Windowssystem32DRIVERSql40xx.sys

11:55:49.0654 5280 ql40xx - ok

11:55:49.0717 5280 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:Windowssystem32driversqwavedrv.sys

11:55:49.0732 5280 QWAVEdrv - ok

11:55:49.0779 5280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:Windowssystem32DRIVERSrasacd.sys

11:55:49.0779 5280 RasAcd - ok

11:55:49.0842 5280 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:Windowssystem32DRIVERSAgileVpn.sys

11:55:49.0842 5280 RasAgileVpn - ok

11:55:49.0888 5280 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:Windowssystem32DRIVERSrasl2tp.sys

11:55:49.0888 5280 Rasl2tp - ok

11:55:49.0966 5280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:Windowssystem32DRIVERSraspppoe.sys

11:55:49.0966 5280 RasPppoe - ok

11:55:50.0013 5280 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:Windowssystem32DRIVERSrassstp.sys

11:55:50.0013 5280 RasSstp - ok

11:55:50.0060 5280 rdbss (77f665941019a1594d887a74f301fa2f) C:Windowssystem32DRIVERSrdbss.sys

11:55:50.0060 5280 rdbss - ok

11:55:50.0232 5280 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:Windowssystem32DRIVERSrdpbus.sys

11:55:50.0232 5280 rdpbus - ok

11:55:50.0310 5280 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:Windowssystem32DRIVERSRDPCDD.sys

11:55:50.0310 5280 RDPCDD - ok

11:55:50.0356 5280 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:Windowssystem32driversrdpencdd.sys

11:55:50.0356 5280 RDPENCDD - ok

11:55:50.0419 5280 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:Windowssystem32driversrdprefmp.sys

11:55:50.0419 5280 RDPREFMP - ok

11:55:50.0466 5280 RDPWD (15b66c206b5cb095bab980553f38ed23) C:Windowssystem32driversRDPWD.sys

11:55:50.0481 5280 RDPWD - ok

11:55:50.0544 5280 rdyboost (34ed295fa0121c241bfef24764fc4520) C:Windowssystem32driversrdyboost.sys

11:55:50.0544 5280 rdyboost - ok

11:55:50.0606 5280 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:Windowssystem32DRIVERSrfcomm.sys

11:55:50.0606 5280 RFCOMM - ok

11:55:50.0762 5280 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:Windowssystem32DRIVERSRtsPStor.sys

11:55:50.0762 5280 RSPCIESTOR - ok

11:55:50.0856 5280 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:Windowssystem32DRIVERSrspndr.sys

11:55:50.0856 5280 rspndr - ok

11:55:51.0027 5280 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:Windowssystem32DRIVERSRt64win7.sys

11:55:51.0043 5280 RTL8167 - ok

11:55:51.0183 5280 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:Windowssystem32driverssbp2port.sys

11:55:51.0199 5280 sbp2port - ok

11:55:51.0292 5280 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:Windowssystem32DRIVERSscfilter.sys

11:55:51.0292 5280 scfilter - ok

11:55:51.0464 5280 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:Windowssystem32driverssdbus.sys

11:55:51.0464 5280 sdbus - ok

11:55:51.0620 5280 secdrv (3ea8a16169c26afbeb544e0e48421186) C:Windowssystem32driverssecdrv.sys

11:55:51.0620 5280 secdrv - ok

11:55:51.0760 5280 Serenum (cb624c0035412af0debec78c41f5ca1b) C:Windowssystem32DRIVERSserenum.sys

11:55:51.0760 5280 Serenum - ok

11:55:51.0885 5280 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:Windowssystem32DRIVERSserial.sys

11:55:51.0885 5280 Serial - ok

11:55:51.0994 5280 sermouse (1c545a7d0691cc4a027396535691c3e3) C:Windowssystem32DRIVERSsermouse.sys

11:55:51.0994 5280 sermouse - ok

11:55:52.0104 5280 sffdisk (a554811bcd09279536440c964ae35bbf) C:Windowssystem32driverssffdisk.sys

11:55:52.0104 5280 sffdisk - ok

11:55:52.0197 5280 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:Windowssystem32driverssffp_mmc.sys

11:55:52.0197 5280 sffp_mmc - ok

11:55:52.0338 5280 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:Windowssystem32driverssffp_sd.sys

11:55:52.0338 5280 sffp_sd - ok

11:55:52.0462 5280 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:Windowssystem32DRIVERSsfloppy.sys

11:55:52.0462 5280 sfloppy - ok

11:55:52.0634 5280 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:Windowssystem32DRIVERSSftfslh.sys

11:55:52.0650 5280 Sftfs - ok

11:55:52.0743 5280 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:Windowssystem32DRIVERSSftplaylh.sys

11:55:52.0743 5280 Sftplay - ok

11:55:52.0837 5280 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:Windowssystem32DRIVERSSftredirlh.sys

11:55:52.0837 5280 Sftredir - ok

11:55:52.0915 5280 Sftvol (393b22addd89979eb1c60898f51c3648) C:Windowssystem32DRIVERSSftvollh.sys

11:55:52.0915 5280 Sftvol - ok

11:55:53.0055 5280 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:Windowssystem32DRIVERSSiSRaid2.sys

11:55:53.0055 5280 SiSRaid2 - ok

11:55:53.0164 5280 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:Windowssystem32DRIVERSsisraid4.sys

11:55:53.0180 5280 SiSRaid4 - ok

11:55:53.0336 5280 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:Windowssystem32DRIVERSsmb.sys

11:55:53.0336 5280 Smb - ok

11:55:53.0492 5280 spldr (b9e31e5cacdfe584f34f730a677803f9) C:Windowssystem32driversspldr.sys

11:55:53.0492 5280 spldr - ok

11:55:53.0695 5280 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:WindowsSystem32DriversNISx641206000.01DSRTSP64.SYS

11:55:53.0710 5280 SRTSP - ok

11:55:53.0882 5280 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:Windowssystem32driversNISx641206000.01DSRTSPX64.SYS

11:55:53.0882 5280 SRTSPX - ok

11:55:54.0022 5280 srv (441fba48bff01fdb9d5969ebc1838f0b) C:Windowssystem32DRIVERSsrv.sys

11:55:54.0038 5280 srv - ok

11:55:54.0194 5280 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:Windowssystem32DRIVERSsrv2.sys

11:55:54.0210 5280 srv2 - ok

11:55:54.0381 5280 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:Windowssystem32DRIVERSVSTAZL6.SYS

11:55:54.0397 5280 SrvHsfHDA - ok

11:55:54.0568 5280 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:Windowssystem32DRIVERSVSTDPV6.SYS

11:55:54.0600 5280 SrvHsfV92 - ok

11:55:54.0771 5280 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:Windowssystem32DRIVERSVSTCNXT6.SYS

11:55:54.0787 5280 SrvHsfWinac - ok

11:55:54.0943 5280 srvnet (27e461f0be5bff5fc737328f749538c3) C:Windowssystem32DRIVERSsrvnet.sys

11:55:54.0943 5280 srvnet - ok

11:55:55.0114 5280 stexstor (f3817967ed533d08327dc73bc4d5542a) C:Windowssystem32DRIVERSstexstor.sys

11:55:55.0114 5280 stexstor - ok

11:55:55.0286 5280 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:Windowssystem32DRIVERSstwrt64.sys

11:55:55.0302 5280 STHDA - ok

11:55:55.0473 5280 StillCam (decacb6921ded1a38642642685d77dac) C:Windowssystem32DRIVERSserscan.sys

11:55:55.0473 5280 StillCam - ok

11:55:55.0660 5280 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:Windowssystem32driversswenum.sys

11:55:55.0660 5280 swenum - ok

11:55:55.0832 5280 SymDS (6160145c7a87fc7672e8e3b886888176) C:Windowssystem32driversNISx641206000.01DSYMDS64.SYS

11:55:55.0848 5280 SymDS - ok

11:55:56.0050 5280 SymEFA (96aeed40d4d3521568b42027687e69e0) C:Windowssystem32driversNISx641206000.01DSYMEFA64.SYS

11:55:56.0082 5280 SymEFA - ok

11:55:56.0253 5280 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:Windowssystem32DriversSYMEVENT64x86.SYS

11:55:56.0269 5280 SymEvent - ok

11:55:56.0456 5280 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:Windowssystem32driversNISx641206000.01DIronx64.SYS

11:55:56.0456 5280 SymIRON - ok

11:55:56.0643 5280 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:WindowsSystem32DriversNISx641206000.01DSYMNETS.SYS

11:55:56.0643 5280 SymNetS - ok

11:55:56.0830 5280 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:Windowssystem32DRIVERSSynTP.sys

11:55:56.0877 5280 SynTP - ok

11:55:57.0080 5280 Tcpip (fc62769e7bff2896035aeed399108162) C:Windowssystem32driverstcpip.sys

11:55:57.0127 5280 Tcpip - ok

11:55:57.0345 5280 TCPIP6 (fc62769e7bff2896035aeed399108162) C:Windowssystem32DRIVERStcpip.sys

11:55:57.0361 5280 TCPIP6 - ok

11:55:57.0517 5280 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:Windowssystem32driverstcpipreg.sys

11:55:57.0517 5280 tcpipreg - ok

11:55:57.0673 5280 TDPIPE (3371d21011695b16333a3934340c4e7c) C:Windowssystem32driverstdpipe.sys

11:55:57.0673 5280 TDPIPE - ok

11:55:57.0813 5280 TDTCP (e4245bda3190a582d55ed09e137401a9) C:Windowssystem32driverstdtcp.sys

11:55:57.0813 5280 TDTCP - ok

11:55:57.0969 5280 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:Windowssystem32DRIVERStdx.sys

11:55:57.0969 5280 tdx - ok

11:55:58.0125 5280 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:Windowssystem32driverstermdd.sys

11:55:58.0125 5280 TermDD - ok

11:55:58.0344 5280 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:Windowssystem32DRIVERStssecsrv.sys

11:55:58.0344 5280 tssecsrv - ok

11:55:58.0515 5280 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:Windowssystem32driverstsusbflt.sys

11:55:58.0515 5280 TsUsbFlt - ok

11:55:58.0671 5280 tunnel (3566a8daafa27af944f5d705eaa64894) C:Windowssystem32DRIVERStunnel.sys

11:55:58.0671 5280 tunnel - ok

11:55:58.0827 5280 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:Windowssystem32DRIVERSuagp35.sys

11:55:58.0827 5280 uagp35 - ok

11:55:58.0983 5280 udfs (ff4232a1a64012baa1fd97c7b67df593) C:Windowssystem32DRIVERSudfs.sys

11:55:58.0983 5280 udfs - ok

11:55:59.0139 5280 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:Windowssystem32driversuliagpkx.sys

11:55:59.0139 5280 uliagpkx - ok

11:55:59.0280 5280 umbus (dc54a574663a895c8763af0fa1ff7561) C:Windowssystem32DRIVERSumbus.sys

11:55:59.0280 5280 umbus - ok

11:55:59.0420 5280 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:Windowssystem32DRIVERSumpass.sys

11:55:59.0420 5280 UmPass - ok

11:55:59.0576 5280 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:Windowssystem32DRIVERSusbccgp.sys

11:55:59.0576 5280 usbccgp - ok

11:55:59.0716 5280 usbcir (af0892a803fdda7492f595368e3b68e7) C:Windowssystem32driversusbcir.sys

11:55:59.0732 5280 usbcir - ok

11:55:59.0872 5280 usbehci (c025055fe7b87701eb042095df1a2d7b) C:Windowssystem32driversusbehci.sys

11:55:59.0872 5280 usbehci - ok

11:56:00.0013 5280 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:Windowssystem32DRIVERSusbhub.sys

11:56:00.0028 5280 usbhub - ok

11:56:00.0169 5280 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:Windowssystem32driversusbohci.sys

11:56:00.0169 5280 usbohci - ok

11:56:00.0340 5280 usbprint (73188f58fb384e75c4063d29413cee3d) C:Windowssystem32DRIVERSusbprint.sys

11:56:00.0340 5280 usbprint - ok

11:56:00.0496 5280 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:Windowssystem32DRIVERSusbscan.sys

11:56:00.0512 5280 usbscan - ok

11:56:00.0652 5280 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:Windowssystem32DRIVERSUSBSTOR.SYS

11:56:00.0652 5280 USBSTOR - ok

11:56:00.0777 5280 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:Windowssystem32driversusbuhci.sys

11:56:00.0777 5280 usbuhci - ok

11:56:00.0918 5280 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:WindowsSystem32Driversusbvideo.sys

11:56:00.0918 5280 usbvideo - ok

11:56:01.0074 5280 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:Windowssystem32driversvdrvroot.sys

11:56:01.0074 5280 vdrvroot - ok

11:56:01.0198 5280 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:Windowssystem32DRIVERSvgapnp.sys

11:56:01.0198 5280 vga - ok

11:56:01.0308 5280 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:WindowsSystem32driversvga.sys

11:56:01.0323 5280 VgaSave - ok

11:56:01.0464 5280 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:Windowssystem32driversvhdmp.sys

11:56:01.0479 5280 vhdmp - ok

11:56:01.0620 5280 viaide (e5689d93ffe4e5d66c0178761240dd54) C:Windowssystem32driversviaide.sys

11:56:01.0620 5280 viaide - ok

11:56:01.0744 5280 volmgr (d2aafd421940f640b407aefaaebd91b0) C:Windowssystem32driversvolmgr.sys

11:56:01.0744 5280 volmgr - ok

11:56:01.0885 5280 volmgrx (a255814907c89be58b79ef2f189b843b) C:Windowssystem32driversvolmgrx.sys

11:56:01.0885 5280 volmgrx - ok

11:56:02.0041 5280 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:Windowssystem32driversvolsnap.sys

11:56:02.0041 5280 volsnap - ok

11:56:02.0212 5280 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:Windowssystem32DRIVERSvsmraid.sys

11:56:02.0212 5280 vsmraid - ok

11:56:02.0337 5280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:Windowssystem32DRIVERSvwifibus.sys

11:56:02.0337 5280 vwifibus - ok

11:56:02.0540 5280 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:Windowssystem32DRIVERSvwififlt.sys

11:56:02.0540 5280 vwififlt - ok

11:56:02.0712 5280 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:Windowssystem32DRIVERSvwifimp.sys

11:56:02.0712 5280 vwifimp - ok

11:56:02.0868 5280 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:Windowssystem32DRIVERSwacompen.sys

11:56:02.0868 5280 WacomPen - ok

11:56:03.0024 5280 WANARP (356afd78a6ed4457169241ac3965230c) C:Windowssystem32DRIVERSwanarp.sys

11:56:03.0024 5280 WANARP - ok

11:56:03.0024 5280 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:Windowssystem32DRIVERSwanarp.sys

11:56:03.0024 5280 Wanarpv6 - ok

11:56:03.0242 5280 Wd (72889e16ff12ba0f235467d6091b17dc) C:Windowssystem32DRIVERSwd.sys

11:56:03.0242 5280 Wd - ok

11:56:03.0414 5280 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:Windowssystem32driversWdf01000.sys

11:56:03.0429 5280 Wdf01000 - ok

11:56:03.0616 5280 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:Windowssystem32DRIVERSwfplwf.sys

11:56:03.0616 5280 WfpLwf - ok

11:56:03.0757 5280 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:Windowssystem32driverswimmount.sys

11:56:03.0772 5280 WIMMount - ok

11:56:03.0960 5280 WinUsb (fe88b288356e7b47b74b13372add906d) C:Windowssystem32DRIVERSWinUsb.sys

11:56:03.0960 5280 WinUsb - ok

11:56:04.0162 5280 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:Windowssystem32driverswmiacpi.sys

11:56:04.0162 5280 WmiAcpi - ok

11:56:04.0365 5280 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:Windowssystem32driversws2ifsl.sys

11:56:04.0365 5280 ws2ifsl - ok

11:56:04.0552 5280 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:Windowssystem32DRIVERSWSDPrint.sys

11:56:04.0568 5280 WSDPrintDevice - ok

11:56:04.0740 5280 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:Windowssystem32driversWudfPf.sys

11:56:04.0740 5280 WudfPf - ok

11:56:04.0911 5280 WUDFRd (cf8d590be3373029d57af80914190682) C:Windowssystem32DRIVERSWUDFRd.sys

11:56:04.0911 5280 WUDFRd - ok

11:56:05.0114 5280 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:Windowssystem32DRIVERSyk62x64.sys

11:56:05.0114 5280 yukonw7 - ok

11:56:05.0176 5280 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) DeviceHarddisk0DR0

11:56:05.0208 5280 DeviceHarddisk0DR0 ( Rootkit.Boot.Pihar.b ) - infected

11:56:05.0208 5280 DeviceHarddisk0DR0 - detected Rootkit.Boot.Pihar.b (0)

11:56:05.0223 5280 Boot (0x1200) (b273eaccb8ff4a0d4c2a21c044b6c30b) DeviceHarddisk0DR0Partition0

11:56:05.0239 5280 DeviceHarddisk0DR0Partition0 - ok

11:56:05.0239 5280 Boot (0x1200) (4baec38957c0939dcd1020ab92a4ad5c) DeviceHarddisk0DR0Partition1

11:56:05.0239 5280 DeviceHarddisk0DR0Partition1 - ok

11:56:05.0286 5280 Boot (0x1200) (87b0d40b2491e9152864c5d2271bde34) DeviceHarddisk0DR0Partition2

11:56:05.0286 5280 DeviceHarddisk0DR0Partition2 - ok

11:56:05.0286 5280 Boot (0x1200) (48452d09a6dd4930747245efdfa1dffe) DeviceHarddisk0DR0Partition3

11:56:05.0301 5280 DeviceHarddisk0DR0Partition3 - ok

11:56:05.0301 5280 ============================================================

11:56:05.0301 5280 Scan finished

11:56:05.0301 5280 ============================================================

11:56:05.0301 7872 Detected object count: 1

11:56:05.0301 7872 Actual detected object count: 1

11:57:18.0793 7872 DeviceHarddisk0DR0# - copied to quarantine

11:57:18.0824 7872 DeviceHarddisk0DR0 - copied to quarantine

11:57:19.0230 7872 DeviceHarddisk0DR0TDLFSph.dll - copied to quarantine

11:57:19.0261 7872 DeviceHarddisk0DR0TDLFSphx.dll - copied to quarantine

11:57:19.0292 7872 DeviceHarddisk0DR0TDLFSphd - copied to quarantine

11:57:21.0336 7872 DeviceHarddisk0DR0TDLFSphdx - copied to quarantine

11:57:21.0336 7872 DeviceHarddisk0DR0TDLFSphs - copied to quarantine

11:57:21.0351 7872 DeviceHarddisk0DR0TDLFSphdata - copied to quarantine

11:57:21.0351 7872 DeviceHarddisk0DR0TDLFSphld - copied to quarantine

11:57:21.0601 7872 DeviceHarddisk0DR0TDLFSphln - copied to quarantine

11:57:21.0679 7872 DeviceHarddisk0DR0TDLFSphlx - copied to quarantine

11:57:21.0679 7872 DeviceHarddisk0DR0TDLFSphm - copied to quarantine

11:57:21.0788 7872 DeviceHarddisk0DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

11:57:21.0788 7872 DeviceHarddisk0DR0 - ok

11:57:21.0788 7872 DeviceHarddisk0DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

11:58:15.0203 7296 Deinitialize success

 

 

 

12:02:52.0210 5996 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

12:02:54.0223 5996 ============================================================

12:02:54.0223 5996 Current date / time: 2012/02/05 12:02:54.0223

12:02:54.0223 5996 SystemInfo:

12:02:54.0223 5996

12:02:54.0223 5996 OS Version: 6.1.7601 ServicePack: 1.0

12:02:54.0223 5996 Product type: Workstation

12:02:54.0223 5996 ComputerName: OZZIE

12:02:54.0223 5996 UserName: David

12:02:54.0223 5996 Windows directory: C:Windows

12:02:54.0223 5996 System windows directory: C:Windows

12:02:54.0223 5996 Running under WOW64

12:02:54.0223 5996 Processor architecture: Intel x64

12:02:54.0223 5996 Number of processors: 4

12:02:54.0223 5996 Page size: 0x1000

12:02:54.0223 5996 Boot type: Normal boot

12:02:54.0223 5996 ============================================================

12:02:54.0831 5996 Drive DeviceHarddisk0DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:02:54.0831 5996 DeviceHarddisk0DR0:

12:02:54.0831 5996 MBR used

12:02:54.0831 5996 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

12:02:54.0831 5996 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385CF000

12:02:54.0831 5996 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x38633000, BlocksNum 0x1D1F000

12:02:54.0831 5996 DeviceHarddisk0DR0Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830

12:02:54.0940 5996 Initialize success

12:02:54.0940 5996 ============================================================

12:02:58.0949 1360 ============================================================

12:02:58.0949 1360 Scan started

12:02:58.0949 1360 Mode: Manual;

12:02:58.0949 1360 ============================================================

12:02:59.0355 1360 1394ohci (a87d604aea360176311474c87a63bb88) C:Windowssystem32drivers1394ohci.sys

12:02:59.0355 1360 1394ohci - ok

12:02:59.0480 1360 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:Windowssystem32driversACPI.sys

12:02:59.0480 1360 ACPI - ok

12:02:59.0589 1360 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:Windowssystem32driversacpipmi.sys

12:02:59.0605 1360 AcpiPmi - ok

12:02:59.0729 1360 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:Windowssystem32DRIVERSadp94xx.sys

12:02:59.0745 1360 adp94xx - ok

12:02:59.0854 1360 adpahci (597f78224ee9224ea1a13d6350ced962) C:Windowssystem32DRIVERSadpahci.sys

12:02:59.0854 1360 adpahci - ok

12:02:59.0963 1360 adpu320 (e109549c90f62fb570b9540c4b148e54) C:Windowssystem32DRIVERSadpu320.sys

12:02:59.0979 1360 adpu320 - ok

12:03:00.0119 1360 AFD (d5b031c308a409a0a576bff4cf083d30) C:Windowssystem32driversafd.sys

12:03:00.0119 1360 AFD - ok

12:03:00.0244 1360 agp440 (608c14dba7299d8cb6ed035a68a15799) C:Windowssystem32driversagp440.sys

12:03:00.0244 1360 agp440 - ok

12:03:00.0587 1360 aliide (5812713a477a3ad7363c7438ca2ee038) C:Windowssystem32driversaliide.sys

12:03:00.0587 1360 aliide - ok

12:03:00.0681 1360 amdide (1ff8b4431c353ce385c875f194924c0c) C:Windowssystem32driversamdide.sys

12:03:00.0681 1360 amdide - ok

12:03:00.0790 1360 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:Windowssystem32DRIVERSamdk8.sys

12:03:00.0790 1360 AmdK8 - ok

12:03:00.0915 1360 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:Windowssystem32DRIVERSamdppm.sys

12:03:00.0915 1360 AmdPPM - ok

12:03:01.0024 1360 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:Windowssystem32driversamdsata.sys

12:03:01.0024 1360 amdsata - ok

12:03:01.0133 1360 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:Windowssystem32DRIVERSamdsbs.sys

12:03:01.0149 1360 amdsbs - ok

12:03:01.0258 1360 amdxata (540daf1cea6094886d72126fd7c33048) C:Windowssystem32driversamdxata.sys

12:03:01.0274 1360 amdxata - ok

12:03:01.0383 1360 AppID (89a69c3f2f319b43379399547526d952) C:Windowssystem32driversappid.sys

12:03:01.0383 1360 AppID - ok

12:03:01.0508 1360 arc (c484f8ceb1717c540242531db7845c4e) C:Windowssystem32DRIVERSarc.sys

12:03:01.0508 1360 arc - ok

12:03:01.0601 1360 arcsas (019af6924aefe7839f61c830227fe79c) C:Windowssystem32DRIVERSarcsas.sys

12:03:01.0601 1360 arcsas - ok

12:03:01.0695 1360 AsyncMac (769765ce2cc62867468cea93969b2242) C:Windowssystem32DRIVERSasyncmac.sys

12:03:01.0695 1360 AsyncMac - ok

12:03:01.0820 1360 atapi (02062c0b390b7729edc9e69c680a6f3c) C:Windowssystem32driversatapi.sys

12:03:01.0820 1360 atapi - ok

12:03:01.0976 1360 b06bdrv (3e5b191307609f7514148c6832bb0842) C:Windowssystem32DRIVERSbxvbda.sys

12:03:01.0976 1360 b06bdrv - ok

12:03:02.0116 1360 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:Windowssystem32DRIVERSb57nd60a.sys

12:03:02.0116 1360 b57nd60a - ok

12:03:02.0350 1360 BCM43XX (461e574d7967e895640109a371a912a5) C:Windowssystem32DRIVERSbcmwl664.sys

12:03:02.0381 1360 BCM43XX - ok

12:03:02.0506 1360 Beep (16a47ce2decc9b099349a5f840654746) C:Windowssystem32driversBeep.sys

12:03:02.0506 1360 Beep - ok

12:03:02.0693 1360 BHDrvx64 (95da658498248d5832aa240850706150) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsBASHDefs20100810.004BHDrvx64.sys

12:03:02.0709 1360 BHDrvx64 - ok

12:03:02.0818 1360 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:Windowssystem32DRIVERSblbdrive.sys

12:03:02.0818 1360 blbdrive - ok

12:03:02.0927 1360 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:Windowssystem32DRIVERSbowser.sys

12:03:02.0943 1360 bowser - ok

12:03:03.0021 1360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:Windowssystem32DRIVERSBrFiltLo.sys

12:03:03.0021 1360 BrFiltLo - ok

12:03:03.0052 1360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:Windowssystem32DRIVERSBrFiltUp.sys

12:03:03.0052 1360 BrFiltUp - ok

12:03:03.0161 1360 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:WindowsSystem32DriversBrserid.sys

12:03:03.0177 1360 Brserid - ok

12:03:03.0239 1360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:WindowsSystem32DriversBrSerWdm.sys

12:03:03.0239 1360 BrSerWdm - ok

12:03:03.0333 1360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:WindowsSystem32DriversBrUsbMdm.sys

12:03:03.0333 1360 BrUsbMdm - ok

12:03:03.0442 1360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:WindowsSystem32DriversBrUsbSer.sys

12:03:03.0442 1360 BrUsbSer - ok

12:03:03.0583 1360 BthEnum (cf98190a94f62e405c8cb255018b2315) C:Windowssystem32driversBthEnum.sys

12:03:03.0583 1360 BthEnum - ok

12:03:03.0645 1360 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:Windowssystem32DRIVERSbthmodem.sys

12:03:03.0645 1360 BTHMODEM - ok

12:03:03.0739 1360 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:Windowssystem32DRIVERSbthpan.sys

12:03:03.0739 1360 BthPan - ok

12:03:03.0801 1360 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:WindowsSystem32DriversBTHport.sys

12:03:03.0817 1360 BTHPORT - ok

12:03:03.0941 1360 BTHUSB (f188b7394d81010767b6df3178519a37) C:WindowsSystem32DriversBTHUSB.sys

12:03:03.0941 1360 BTHUSB - ok

12:03:04.0004 1360 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:Windowssystem32driversbtwampfl.sys

12:03:04.0004 1360 btwampfl - ok

12:03:04.0097 1360 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:Windowssystem32driversbtwaudio.sys

12:03:04.0097 1360 btwaudio - ok

12:03:04.0222 1360 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:Windowssystem32driversbtwavdt.sys

12:03:04.0222 1360 btwavdt - ok

12:03:04.0238 1360 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:Windowssystem32DRIVERSbtwl2cap.sys

12:03:04.0238 1360 btwl2cap - ok

12:03:04.0347 1360 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:Windowssystem32DRIVERSbtwrchid.sys

12:03:04.0347 1360 btwrchid - ok

12:03:04.0472 1360 cdfs (b8bd2bb284668c84865658c77574381a) C:Windowssystem32DRIVERScdfs.sys

12:03:04.0472 1360 cdfs - ok

12:03:04.0565 1360 cdrom (f036ce71586e93d94dab220d7bdf4416) C:Windowssystem32DRIVERScdrom.sys

12:03:04.0581 1360 cdrom - ok

12:03:04.0643 1360 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:Windowssystem32DRIVERScirclass.sys

12:03:04.0643 1360 circlass - ok

12:03:04.0721 1360 CLFS (fe1ec06f2253f691fe36217c592a0206) C:Windowssystem32CLFS.sys

12:03:04.0737 1360 CLFS - ok

12:03:04.0877 1360 clwvd (50f92c943f18b070f166d019dfab3d9a) C:Windowssystem32DRIVERSclwvd.sys

12:03:04.0877 1360 clwvd - ok

12:03:04.0987 1360 CmBatt (0840155d0bddf1190f84a663c284bd33) C:Windowssystem32DRIVERSCmBatt.sys

12:03:04.0987 1360 CmBatt - ok

12:03:05.0033 1360 cmdide (e19d3f095812725d88f9001985b94edd) C:Windowssystem32driverscmdide.sys

12:03:05.0033 1360 cmdide - ok

12:03:05.0189 1360 CNG (c4943b6c962e4b82197542447ad599f4) C:Windowssystem32Driverscng.sys

12:03:05.0189 1360 CNG - ok

12:03:05.0330 1360 Compbatt (102de219c3f61415f964c88e9085ad14) C:Windowssystem32DRIVERScompbatt.sys

12:03:05.0330 1360 Compbatt - ok

12:03:05.0455 1360 CompositeBus (03edb043586cceba243d689bdda370a8) C:Windowssystem32driversCompositeBus.sys

12:03:05.0470 1360 CompositeBus - ok

12:03:05.0517 1360 crcdisk (1c827878a998c18847245fe1f34ee597) C:Windowssystem32DRIVERScrcdisk.sys

12:03:05.0517 1360 crcdisk - ok

12:03:05.0673 1360 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:Windowssystem32Driversdfsc.sys

12:03:05.0673 1360 DfsC - ok

12:03:05.0767 1360 discache (13096b05847ec78f0977f2c0f79e9ab3) C:Windowssystem32driversdiscache.sys

12:03:05.0767 1360 discache - ok

12:03:05.0891 1360 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:Windowssystem32DRIVERSdisk.sys

12:03:05.0891 1360 Disk - ok

12:03:06.0032 1360 drmkaud (9b19f34400d24df84c858a421c205754) C:Windowssystem32driversdrmkaud.sys

12:03:06.0032 1360 drmkaud - ok

12:03:06.0188 1360 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:WindowsSystem32driversdxgkrnl.sys

12:03:06.0203 1360 DXGKrnl - ok

12:03:06.0874 1360 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:Windowssystem32DRIVERSevbda.sys

12:03:06.0983 1360 ebdrv - ok

12:03:07.0124 1360 elxstor (0e5da5369a0fcaea12456dd852545184) C:Windowssystem32DRIVERSelxstor.sys

12:03:07.0124 1360 elxstor - ok

12:03:07.0233 1360 ErrDev (34a3c54752046e79a126e15c51db409b) C:Windowssystem32driverserrdev.sys

12:03:07.0233 1360 ErrDev - ok

12:03:07.0295 1360 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:Windowssystem32driversexfat.sys

12:03:07.0311 1360 exfat - ok

12:03:07.0373 1360 fastfat (0adc83218b66a6db380c330836f3e36d) C:Windowssystem32driversfastfat.sys

12:03:07.0373 1360 fastfat - ok

12:03:07.0436 1360 fdc (d765d19cd8ef61f650c384f62fac00ab) C:Windowssystem32DRIVERSfdc.sys

12:03:07.0436 1360 fdc - ok

12:03:07.0545 1360 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:Windowssystem32driversfileinfo.sys

12:03:07.0545 1360 FileInfo - ok

12:03:07.0561 1360 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:Windowssystem32driversfiletrace.sys

12:03:07.0561 1360 Filetrace - ok

12:03:07.0592 1360 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:Windowssystem32DRIVERSflpydisk.sys

12:03:07.0592 1360 flpydisk - ok

12:03:07.0623 1360 FltMgr (da6b67270fd9db3697b20fce94950741) C:Windowssystem32driversfltmgr.sys

12:03:07.0639 1360 FltMgr - ok

12:03:07.0748 1360 FsDepends (d43703496149971890703b4b1b723eac) C:Windowssystem32driversFsDepends.sys

12:03:07.0748 1360 FsDepends - ok

12:03:07.0841 1360 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:Windowssystem32driversFs_Rec.sys

12:03:07.0841 1360 Fs_Rec - ok

12:03:07.0982 1360 fvevol (1f7b25b858fa27015169fe95e54108ed) C:Windowssystem32DRIVERSfvevol.sys

12:03:07.0997 1360 fvevol - ok

12:03:08.0044 1360 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:Windowssystem32DRIVERSgagp30kx.sys

12:03:08.0044 1360 gagp30kx - ok

12:03:08.0185 1360 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:Windowssystem32drivershcw85cir.sys

12:03:08.0185 1360 hcw85cir - ok

12:03:08.0294 1360 HdAudAddService (975761c778e33cd22498059b91e7373a) C:Windowssystem32driversHdAudio.sys

12:03:08.0309 1360 HdAudAddService - ok

12:03:08.0325 1360 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:Windowssystem32driversHDAudBus.sys

12:03:08.0341 1360 HDAudBus - ok

12:03:08.0372 1360 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:Windowssystem32DRIVERSHECIx64.sys

12:03:08.0372 1360 HECIx64 - ok

12:03:08.0465 1360 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:Windowssystem32DRIVERSHidBatt.sys

12:03:08.0465 1360 HidBatt - ok

12:03:08.0497 1360 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:Windowssystem32DRIVERShidbth.sys

12:03:08.0512 1360 HidBth - ok

12:03:08.0621 1360 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:Windowssystem32DRIVERShidir.sys

12:03:08.0621 1360 HidIr - ok

12:03:08.0746 1360 HidUsb (9592090a7e2b61cd582b612b6df70536) C:Windowssystem32DRIVERShidusb.sys

12:03:08.0746 1360 HidUsb - ok

12:03:08.0949 1360 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:Windowssystem32driversHpSAMD.sys

12:03:08.0965 1360 HpSAMD - ok

12:03:09.0089 1360 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:Windowssystem32driversHTTP.sys

12:03:09.0089 1360 HTTP - ok

12:03:09.0167 1360 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:Windowssystem32drivershwpolicy.sys

12:03:09.0167 1360 hwpolicy - ok

12:03:09.0277 1360 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:Windowssystem32DRIVERSi8042prt.sys

12:03:09.0277 1360 i8042prt - ok

12:03:09.0401 1360 iaStor (d469b77687e12fe43e344806740b624d) C:Windowssystem32DRIVERSiaStor.sys

12:03:09.0401 1360 iaStor - ok

12:03:09.0557 1360 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:Windowssystem32driversiaStorV.sys

12:03:09.0573 1360 iaStorV - ok

12:03:09.0745 1360 IDSVia64 (c3292140bf458b46cf8abbfd7e177bbe) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsIPSDefs20100706.002IDSVia64.sys

12:03:09.0745 1360 IDSVia64 - ok

12:03:10.0072 1360 igfx (33faa40b288002c89529dbd14f3ab72c) C:Windowssystem32DRIVERSigdkmd64.sys

12:03:10.0337 1360 igfx - ok

12:03:10.0493 1360 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:Windowssystem32DRIVERSiirsp.sys

12:03:10.0493 1360 iirsp - ok

12:03:10.0556 1360 Impcd (dd587a55390ed2295bce6d36ad567da9) C:Windowssystem32DRIVERSImpcd.sys

12:03:10.0571 1360 Impcd - ok

12:03:10.0712 1360 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:Windowssystem32DRIVERSIntcDAud.sys

12:03:10.0712 1360 IntcDAud - ok

12:03:10.0821 1360 intelide (f00f20e70c6ec3aa366910083a0518aa) C:Windowssystem32driversintelide.sys

12:03:10.0821 1360 intelide - ok

12:03:10.0899 1360 intelppm (ada036632c664caa754079041cf1f8c1) C:Windowssystem32DRIVERSintelppm.sys

12:03:10.0899 1360 intelppm - ok

12:03:11.0024 1360 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:Windowssystem32DRIVERSipfltdrv.sys

12:03:11.0039 1360 IpFilterDriver - ok

12:03:11.0071 1360 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:Windowssystem32driversIPMIDrv.sys

12:03:11.0071 1360 IPMIDRV - ok

12:03:11.0195 1360 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:Windowssystem32driversipnat.sys

12:03:11.0195 1360 IPNAT - ok

12:03:11.0289 1360 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:Windowssystem32driversirenum.sys

12:03:11.0289 1360 IRENUM - ok

12:

Link to comment
Share on other sites

Thanks for the feedback.

 

Please read through these instructions to familarize yourself with what to expect when this tool runs

 

Refer to the ComboFix User's Guide

 

 

Download ComboFix from one of these locations:

Link 1

Link 2

 

 

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

 

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

 

 

====================================================

 

 

Double click on combofix.exe & follow the prompts.

 

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply for further review.

Link to comment
Share on other sites

Any idea how much time I need to set aside to run combofix and do I need to memorize the 14 pages of instructions? It will not be now as it is time for sleep. I may attempt in the morning if I have enough time.

Thanks.........

Link to comment
Share on other sites

Hi Conspire,

 

I tried this morning but couldn't access pcpitstop forums. Kept getting warning and fatal error message. Was it the pitstop site or the trojan screwing with me? I may try this evening if I get home from work early enough. Thanks for bearing with me.

Link to comment
Share on other sites

Just ran combofix for 1 hour and never got past stage 4 in scan after it created system restore point. It got to that point quite quickly but seemed to stall there. I disabled antivrus programs but forgot about windows firewall which was still on. I disabled it during scan. I have to leave so I stopped combofix scan. Will check back later this evening.

Link to comment
Share on other sites

Good morning, tried running combofix again after ensuring that no security programs were running and made sure firewall was off. Same results as posted above. Tried from safe mode and it worked as you said it would. I'm assuming that "Recovery Console" was already installed as I did not see any messages stating combofix was attempting to install it. This Hp notebook came with win7 already installed. Comobfix results below..........

 

ComboFix 12-02-07.01 - David 02/08/2012 7:03.3.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2659 [GMT -5:00]

Running from: c:usersDavidDesktopComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:usersDavidGoogleEarthSetup.exe

c:usersDavidSystem

c:usersDavidSystemwin_qs7.jqx

c:usersDavidWINDOWS

c:usersDefaultAppDataRoamingDPInst.exe

c:usersDefaultAppDataRoaminggacutil.exe

c:usersDefaultAppDataRoamingPnPutil.exe

c:windowssvchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))

.

.

2012-02-08 12:10 . 2012-02-08 12:10 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-02-08 12:10 . 2012-02-08 12:10 -------- d-----w- c:usersAdministratorAppDataLocaltemp

2012-02-08 11:59 . 2012-02-08 11:59 69000 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{D85009B4-BD2B-44CA-B9E8-7D4B96CC5FA1}offreg.dll

2012-02-08 00:36 . 2012-01-06 02:15 8602168 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{D85009B4-BD2B-44CA-B9E8-7D4B96CC5FA1}mpengine.dll

2012-02-07 11:24 . 2012-02-08 11:45 -------- d-----w- c:programdataPCPitstop

2012-02-07 11:24 . 2012-02-07 11:24 -------- d-----w- c:program files (x86)PCPitstop

2012-02-05 21:27 . 2012-01-06 02:15 8602168 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-02-05 16:57 . 2012-02-05 16:57 -------- d-----w- C:TDSSKiller_Quarantine

2012-02-05 12:44 . 2012-02-05 12:44 -------- d-----w- c:usersDavidAppDataRoamingMalwarebytes

2012-02-05 12:44 . 2012-02-05 12:44 -------- d-----w- c:programdataMalwarebytes

2012-02-05 12:44 . 2012-02-05 12:44 -------- d-----w- c:program files (x86)Malwarebytes' Anti-Malware

2012-02-05 12:44 . 2011-12-10 20:24 23152 ----a-w- c:windowssystem32driversmbam.sys

2012-02-04 22:44 . 2012-02-04 23:45 -------- d-----w- c:programdataPC Tools

2012-02-04 20:19 . 2012-02-04 20:18 917840 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{77C727A1-18EE-436A-8783-58386F473BB5}gapaengine.dll

2012-02-04 19:16 . 2012-02-04 19:16 -------- d-----w- c:program files (x86)Microsoft Security Client

2012-02-04 19:16 . 2012-02-04 19:16 -------- d-----w- c:program filesMicrosoft Security Client

2012-02-04 19:02 . 2011-10-26 05:25 1572864 ----a-w- c:windowssystem32quartz.dll

2012-02-04 19:02 . 2011-10-26 05:25 366592 ----a-w- c:windowssystem32qdvd.dll

2012-02-04 19:02 . 2011-10-26 04:32 514560 ----a-w- c:windowsSysWow64qdvd.dll

2012-02-04 19:02 . 2011-10-26 04:32 1328128 ----a-w- c:windowsSysWow64quartz.dll

2012-02-04 18:59 . 2011-11-17 06:41 1731920 ----a-w- c:windowssystem32ntdll.dll

2012-02-04 18:59 . 2011-11-17 05:38 1292080 ----a-w- c:windowsSysWow64ntdll.dll

2012-02-04 18:59 . 2011-11-19 14:58 77312 ----a-w- c:windowssystem32packager.dll

2012-02-04 18:59 . 2011-11-19 14:01 67072 ----a-w- c:windowsSysWow64packager.dll

2012-02-04 18:59 . 2012-02-04 18:59 -------- d-----w- c:windowssystem32driversNISx641207000.00D

2012-02-04 18:33 . 2011-11-21 11:40 8822856 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{8F407FDD-1FD7-4FD3-A0AE-2FAEB7DD729D}mpengine.dll

2012-02-04 18:01 . 2012-02-04 18:01 -------- d-----w- C:_Exception1

2012-02-04 00:42 . 2012-02-04 00:42 6656 ----a-w- c:programdataMicrosoftWindowsDRM25C7.tmp

2012-02-04 00:42 . 2012-02-04 00:42 6656 ----a-w- c:programdataMicrosoftWindowsDRM25C6.tmp

2012-02-03 12:19 . 2012-02-03 12:19 -------- d-----w- c:program files (x86)Common FilesIntel Corporation

2012-01-22 14:09 . 2012-01-22 14:09 -------- d-----w- c:usersDavidAppDataRoamingPrinter Info Cache

2012-01-18 11:58 . 2012-01-18 11:58 -------- d-----w- c:program files (x86)Sling Media

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2011-06-03 01:17 279656 ------w- c:windowssystem32MpSigStub.exe

2011-12-10 15:22 . 2011-12-10 15:22 1058304 ----a-w- c:windowssystem32EKAiO2MON.dll

2011-12-10 15:22 . 2011-12-10 15:22 177664 ----a-w- c:windowssystem32EKAiO2COI07.dll

2011-12-10 15:21 . 2011-12-10 15:21 122368 ----a-w- c:windowssystem32EKaio2WiaCoInst.dll

2011-12-10 15:21 . 2011-12-10 15:21 10240 ----a-w- c:windowssystem32EKaio2WiaCoInstRes.dll

2011-12-04 16:15 . 2011-06-10 21:31 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2011-11-29 22:28 . 2011-11-29 22:29 535040 ----a-w- c:windowssystem32driversstwrt64.sys

2011-11-29 22:28 . 2011-11-29 22:29 446464 ----a-w- c:windowssystem32stcplx64.dll

2011-11-29 22:28 . 2011-11-29 22:29 655872 ------w- c:windowssystem32stapi64.dll

2011-11-29 22:28 . 2011-11-29 22:29 1966080 ----a-w- c:windowssystem32stapo64.dll

2011-11-29 22:28 . 2011-03-12 08:59 4113408 ----a-w- c:windowssystem32stlang64.dll

2011-11-29 22:28 . 2011-03-12 08:59 1424896 ----a-w- c:windowssttray64.exe

2011-11-29 22:28 . 2011-03-12 08:58 251392 ----a-w- c:windowssystem32staco64.dll

2011-11-29 22:28 . 2011-03-12 08:59 5077504 ----a-w- c:windowssystem32IDTNHP.dll

2011-11-29 22:28 . 2011-03-12 08:59 233472 ----a-w- c:windowssystem32IDTNJ.exe

2011-11-29 22:28 . 2011-03-12 08:59 1041920 ----a-w- c:windowssystem32IDTNX.dll

2011-11-29 22:28 . 2011-03-12 08:59 6012416 ----a-w- c:windowssystem32IDTNGUI.exe

2011-11-29 22:28 . 2011-03-12 08:59 564224 ----a-w- c:windowssystem32idt64mp1.exe

2011-11-29 22:28 . 2011-03-12 08:59 1819136 ----a-w- c:windowssystem32IDTNC64.cpl

2011-11-28 18:01 . 2011-06-07 18:09 256960 ----a-w- c:windowssystem32aswBoot.exe

2011-11-24 13:55 . 2011-11-24 13:55 90112 ----a-w- c:windowssystem32igfxCoIn_v2476.dll

2011-11-24 13:55 . 2011-11-24 13:55 98304 ----a-w- c:windowsSysWow64iglhcp32.dll

2011-11-24 13:55 . 2011-11-24 13:55 98304 ----a-w- c:windowssystem32iglhcp64.dll

2011-11-24 13:55 . 2011-11-24 13:55 376832 ----a-w- c:windowsSysWow64iglhsip32.dll

2011-11-24 13:55 . 2011-11-24 13:55 376832 ----a-w- c:windowssystem32iglhsip64.dll

2011-11-24 13:55 . 2011-11-24 13:55 867020 ----a-w- c:windowssystem32igkrng575.bin

2011-11-24 13:55 . 2011-11-24 13:55 510232 ----a-w- c:windowssystem32igfxsrvc.exe

2011-11-24 13:55 . 2011-11-24 13:55 378368 ----a-w- c:windowssystem32igfxTMM.dll

2011-11-24 13:55 . 2011-11-24 13:55 287232 ----a-w- c:windowssystem32igfxrfra.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrsky.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrrus.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrrom.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrptg.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrplk.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrnld.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrita.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrhrv.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrtrk.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrsve.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrslv.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrptb.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrnor.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrhun.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrfin.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285696 ----a-w- c:windowssystem32igfxrtha.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285184 ----a-w- c:windowssystem32igfxrheb.lrc

2011-11-24 13:55 . 2011-11-24 13:55 283648 ----a-w- c:windowssystem32igfxrjpn.lrc

2011-11-24 13:55 . 2011-11-24 13:55 283136 ----a-w- c:windowssystem32igfxrkor.lrc

2011-11-24 13:55 . 2011-11-24 13:55 167704 ----a-w- c:windowssystem32igfxtray.exe

2011-11-24 13:55 . 2010-12-08 18:55 9014784 ----a-w- c:windowssystem32igfxress.dll

2011-11-24 13:55 . 2010-12-08 18:55 62464 ----a-w- c:windowssystem32igfxsrvc.dll

2011-11-24 13:55 . 2011-11-24 13:55 416024 ----a-w- c:windowssystem32igfxpers.exe

2011-11-24 13:55 . 2011-11-24 13:55 4096 ----a-w- c:windowssystem32IGFXDEVLib.dll

2011-11-24 13:55 . 2011-11-24 13:55 390144 ----a-w- c:windowssystem32igfxdev.dll

2011-11-24 13:55 . 2011-11-24 13:55 375808 ----a-w- c:windowssystem32igfxpph.dll

2011-11-24 13:55 . 2011-11-24 13:55 294400 ----a-w- c:windowsSysWow64igfxdv32.dll

2011-11-24 13:55 . 2011-11-24 13:55 287232 ----a-w- c:windowssystem32igfxresn.lrc

2011-11-24 13:55 . 2011-11-24 13:55 287232 ----a-w- c:windowssystem32igfxrell.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrdeu.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrcsy.lrc

2011-11-24 13:55 . 2011-11-24 13:55 28672 ----a-w- c:windowssystem32igfxexps.dll

2011-11-24 13:55 . 2011-11-24 13:55 285696 ----a-w- c:windowssystem32igfxrenu.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285696 ----a-w- c:windowssystem32igfxrdan.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285184 ----a-w- c:windowssystem32igfxrara.lrc

2011-11-24 13:55 . 2011-11-24 13:55 282624 ----a-w- c:windowssystem32igfxrcht.lrc

2011-11-24 13:55 . 2011-11-24 13:55 282624 ----a-w- c:windowssystem32igfxrchs.lrc

2011-11-24 13:55 . 2011-11-24 13:55 24576 ----a-w- c:windowsSysWow64igfxexps32.dll

2011-11-24 13:55 . 2011-11-24 13:55 239896 ----a-w- c:windowssystem32igfxext.exe

2011-11-24 13:55 . 2011-11-24 13:55 162816 ----a-w- c:windowsSysWow64igfxcmrt32.dll

2011-11-24 13:55 . 2011-11-24 13:55 142336 ----a-w- c:windowssystem32igfxdo.dll

2011-11-24 13:55 . 2011-11-24 13:55 140288 ----a-w- c:windowssystem32igfxcmrt64.dll

2011-11-24 13:55 . 2011-11-24 13:55 126976 ----a-w- c:windowssystem32igfxcpl.cpl

2011-11-24 13:55 . 2011-11-24 13:55 12289472 ----a-w- c:windowssystem32driversigdkmd64.sys

2011-11-24 13:55 . 2011-11-24 13:55 105608 ----a-w- c:windowssystem32igfcg575m.bin

2011-11-24 13:55 . 2010-12-08 18:55 8311808 ----a-w- c:windowssystem32igdumd64.dll

2011-11-24 13:55 . 2010-12-08 18:55 6322688 ----a-w- c:windowsSysWow64igdumd32.dll

2011-11-24 13:55 . 2010-12-08 18:55 581120 ----a-w- c:windowsSysWow64igdumdx32.dll

2011-11-24 13:55 . 2010-12-08 18:55 14598144 ----a-w- c:windowssystem32igd10umd64.dll

2011-11-24 13:55 . 2011-11-24 13:55 12339712 ----a-w- c:windowsSysWow64igd10umd32.dll

2011-11-24 13:55 . 2011-11-24 13:55 18640384 ----a-w- c:windowssystem32ig4icd64.dll

2011-11-24 13:55 . 2011-11-24 13:55 4378392 ----a-w- c:windowssystem32GfxUI.exe

2011-11-24 13:55 . 2011-11-24 13:55 392472 ----a-w- c:windowssystem32hkcmd.exe

2011-11-24 13:55 . 2011-11-24 13:55 13903872 ----a-w- c:windowsSysWow64ig4icd32.dll

2011-11-24 13:55 . 2011-11-24 13:55 179992 ----a-w- c:windowssystem32difx64.exe

2011-11-24 13:55 . 2011-11-24 13:55 146432 ----a-w- c:windowssystem32gfxSrvc.dll

2011-11-24 13:55 . 2010-12-08 18:55 110080 ----a-w- c:windowssystem32hccutils.dll

2011-11-24 13:53 . 2011-11-24 13:54 74272 ----a-w- c:windowssystem32RtNicProp64.dll

2011-11-24 13:53 . 2011-11-24 13:54 565352 ----a-w- c:windowssystem32driversRt64win7.sys

2011-11-24 13:53 . 2011-03-12 08:59 107552 ----a-w- c:windowssystem32RTNUninst64.dll

2011-11-24 04:52 . 2011-12-15 02:14 3145216 ----a-w- c:windowssystem32win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"LightScribe Control Panel"="c:program files (x86)Common FilesLightScribeLightScribeControlPanel.exe" [2010-11-22 2736128]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"IAStorIcon"="c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2011-01-12 283160]

"IMSS"="c:program files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe" [2010-07-23 111640]

"Microsoft Default Manager"="c:program files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" [2010-05-10 439568]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-01-04 37296]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2011-04-08 254696]

"HPOSD"="c:program files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe" [2011-06-13 336440]

"HP Quick Launch"="c:program files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe" [2011-06-14 587320]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2009-05-26 413696]

"Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2012-01-31 26264]

"PC Pitstop PC Matic Reminder"="c:program files (x86)PCPitstopPC MaticReminder-PCMatic.exe" [2012-01-31 325280]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]

"KodakHomeCenter"="c:program files (x86)KodakAiOCenterAiOHomeCenter.exe" [2011-12-12 2234288]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Bluetooth.lnk - c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2010-7-29 1132320]

Event Planner Reminder.lnk - c:windowsInstaller{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2011-11-10 1718]

Snapfish PictureMover.lnk - c:program files (x86)PictureMoverBinPictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USERsoftwaremicrosoftinternet explorerdesktopcomponents1]

FriendlyName= Warning homepage

Source= c:windowswarnhp.html

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R1 BHDrvx64;BHDrvx64;c:programdataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsBASHDefs20100810.004BHDrvx64.sys [2010-08-09 945200]

R1 IDSVia64;IDSVia64;c:programdataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsIPSDefs20100706.002IDSVia64.sys [2010-06-27 463408]

R1 SymIRON;Symantec Iron Driver;c:windowssystem32driversNISx641206000.01DIronx64.SYS [x]

R1 SymNetS;Symantec Network Security WFP Driver;c:windowsSystem32DriversNISx641206000.01DSYMNETS.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2010-10-20 821664]

R2 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2011-06-21 85560]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:program filesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-07-21 103992]

R2 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-08-06 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:program files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-09-01 227896]

R2 HPWMISVC;HPWMISVC;c:program files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2011-06-14 26680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-01-12 13336]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:program files (x86)KodakAiOCenterEKAiOHostService.exe [2011-12-19 394672]

R2 NIS;Norton Internet Security;c:program files (x86)Norton Internet SecurityEngine18.6.0.29ccSvcHst.exe [2011-04-17 130008]

R2 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-09-11 399344]

R2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]

R2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2010-09-14 508264]

R2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-07-23 2320920]

R3 btwampfl;Bluetooth AMP USB Filter;c:windowssystem32driversbtwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:windowssystem32DRIVERSbtwl2cap.sys [x]

R3 clwvd;CyberLink WebCam Virtual Driver;c:windowssystem32DRIVERSclwvd.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 136176]

R3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [x]

R3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:windowssystem32DRIVERSnetw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-01-10 4925184]

R3 PCPitstop Scheduling;PCPitstop Scheduling;c:program files (x86)PCPitstopPCPitstopScheduleService.exe [2012-01-31 91816]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:windowssystem32DRIVERSRtsPStor.sys [x]

R3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [x]

R3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [x]

R3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [x]

R3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [x]

R3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2010-09-14 219496]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:windowssystem32driversNISx641206000.01DSYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversNISx641206000.01DSYMEFA64.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 22:18 451872 ----a-w- c:program files (x86)Common FilesLightScribeLSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-07 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 18:09]

.

2012-02-08 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 18:09]

.

2012-02-07 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-267233986-1459018133-127167734-1000Core.job

- c:usersDavidAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-02-05 18:41]

.

2012-02-08 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-267233986-1459018133-127167734-1000UA.job

- c:usersDavidAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-02-05 18:41]

.

2012-02-05 c:windowsTasksHPCeeScheduleForDavid.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 06:15]

.

2012-02-05 c:windowsTasksHPCeeScheduleForOZZIE$.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOTCLSID{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOTCLSID{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOTCLSID{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOTCLSID{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOTCLSID{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"HPWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe" [2010-07-21 8192]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-11-24 167704]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-11-24 392472]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-11-24 416024]

"SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2011-11-29 1424896]

"EKAIO2StatusMonitor"="c:windowssystem32spoolDRIVERSx643EKAiO2MUI.exe" [2011-12-10 3240448]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.msn.com

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1;<local>

uInternet Settings,ProxyServer = http=<local>

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~2MICROS~1Office14ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie.htm

Trusted Zone: myfairpoint.net

TCP: DhcpNameServer = 64.222.165.243 64.222.84.243

DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-Conime - c:windowssystem32conime.exe

HKLM-Run-SynTPEnh - c:program files (x86)SynapticsSynTPSynTPEnh.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:program files (x86)InstallShield Installation Information{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}setup.exe

.

.

.

[HKEY_LOCAL_MACHINEsystemControlSet001servicesNIS]

"ImagePath"=""c:program files (x86)Norton Internet SecurityEngine18.6.0.29ccSvcHst.exe" /s "NIS" /m "c:program files (x86)Norton Internet SecurityEngine18.6.0.29diMaster.dll" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-08 07:13:15

ComboFix-quarantined-files.txt 2012-02-08 12:13

.

Pre-Run: 411,079,553,024 bytes free

Post-Run: 410,720,694,272 bytes free

.

- - End Of File - - 0F4A27D7D6D9E5EF4F1407797250C92E

Link to comment
Share on other sites

Hi,

 

When you said "same results as posted above", are you referring to the fatal error in your web browser?

 

 

Please follow all previous instructions regarding security programs.

 

Open a new Notepad session

  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.

  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

File::
c:windowswarnhp.html

Registry::
[-HKEY_CURRENT_USERsoftwaremicrosoftinternet explorerdesktopcomponents1]

 

In the notepad

  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

 

This will start ComboFix again.Close all browser/windows first.

 

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

 

Posted Image

 

===================================================

 

On your next reply please post :

Combofix log

Are you still getting fatal error?

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

No, I was referring to combofix stalling. Anyway, did as you directed and combofix ran fine except I noticed on log that norton was enabled. I have have never used norton on this notebook, I was using avast and have since switched to MSE after getting this virus.

 

Here's the log, if you want me to run it again with norton disabled just say so. THANKS so far!

 

ComboFix 12-02-07.01 - David 02/08/2012 16:57:52.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2247 [GMT -5:00]

Running from: c:usersDavidDesktopComboFix.exe

Command switches used :: c:usersDavidDesktopCFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton Internet Security *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:windowswarnhp.html"

.

.

((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))

.

.

2012-02-08 22:07 . 2012-02-08 22:07 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-02-08 22:07 . 2012-02-08 22:07 -------- d-----w- c:usersAdministratorAppDataLocaltemp

2012-02-08 21:48 . 2012-02-08 21:48 69000 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{B143F300-71DE-4A85-BD65-7A0E7C923842}offreg.dll

2012-02-08 12:20 . 2012-01-06 02:15 8602168 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{B143F300-71DE-4A85-BD65-7A0E7C923842}mpengine.dll

2012-02-07 11:24 . 2012-02-08 12:18 -------- d-----w- c:programdataPCPitstop

2012-02-07 11:24 . 2012-02-07 11:24 -------- d-----w- c:program files (x86)PCPitstop

2012-02-05 21:27 . 2012-01-06 02:15 8602168 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-02-05 16:57 . 2012-02-05 16:57 -------- d-----w- C:TDSSKiller_Quarantine

2012-02-05 12:44 . 2012-02-05 12:44 -------- d-----w- c:usersDavidAppDataRoamingMalwarebytes

2012-02-05 12:44 . 2012-02-05 12:44 -------- d-----w- c:programdataMalwarebytes

2012-02-05 12:44 . 2012-02-05 12:44 -------- d-----w- c:program files (x86)Malwarebytes' Anti-Malware

2012-02-05 12:44 . 2011-12-10 20:24 23152 ----a-w- c:windowssystem32driversmbam.sys

2012-02-04 22:44 . 2012-02-04 23:45 -------- d-----w- c:programdataPC Tools

2012-02-04 20:19 . 2012-02-04 20:18 917840 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{77C727A1-18EE-436A-8783-58386F473BB5}gapaengine.dll

2012-02-04 19:16 . 2012-02-04 19:16 -------- d-----w- c:program files (x86)Microsoft Security Client

2012-02-04 19:16 . 2012-02-04 19:16 -------- d-----w- c:program filesMicrosoft Security Client

2012-02-04 19:02 . 2011-10-26 05:25 1572864 ----a-w- c:windowssystem32quartz.dll

2012-02-04 19:02 . 2011-10-26 05:25 366592 ----a-w- c:windowssystem32qdvd.dll

2012-02-04 19:02 . 2011-10-26 04:32 514560 ----a-w- c:windowsSysWow64qdvd.dll

2012-02-04 19:02 . 2011-10-26 04:32 1328128 ----a-w- c:windowsSysWow64quartz.dll

2012-02-04 18:59 . 2011-11-17 06:41 1731920 ----a-w- c:windowssystem32ntdll.dll

2012-02-04 18:59 . 2011-11-17 05:38 1292080 ----a-w- c:windowsSysWow64ntdll.dll

2012-02-04 18:59 . 2011-11-19 14:58 77312 ----a-w- c:windowssystem32packager.dll

2012-02-04 18:59 . 2011-11-19 14:01 67072 ----a-w- c:windowsSysWow64packager.dll

2012-02-04 18:59 . 2012-02-04 18:59 -------- d-----w- c:windowssystem32driversNISx641207000.00D

2012-02-04 18:33 . 2011-11-21 11:40 8822856 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{8F407FDD-1FD7-4FD3-A0AE-2FAEB7DD729D}mpengine.dll

2012-02-04 18:01 . 2012-02-04 18:01 -------- d-----w- C:_Exception1

2012-02-04 00:42 . 2012-02-04 00:42 6656 ----a-w- c:programdataMicrosoftWindowsDRM25C7.tmp

2012-02-04 00:42 . 2012-02-04 00:42 6656 ----a-w- c:programdataMicrosoftWindowsDRM25C6.tmp

2012-02-03 12:19 . 2012-02-03 12:19 -------- d-----w- c:program files (x86)Common FilesIntel Corporation

2012-01-22 14:09 . 2012-01-22 14:09 -------- d-----w- c:usersDavidAppDataRoamingPrinter Info Cache

2012-01-18 11:58 . 2012-01-18 11:58 -------- d-----w- c:program files (x86)Sling Media

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2011-06-03 01:17 279656 ------w- c:windowssystem32MpSigStub.exe

2011-12-10 15:22 . 2011-12-10 15:22 1058304 ----a-w- c:windowssystem32EKAiO2MON.dll

2011-12-10 15:22 . 2011-12-10 15:22 177664 ----a-w- c:windowssystem32EKAiO2COI07.dll

2011-12-10 15:21 . 2011-12-10 15:21 122368 ----a-w- c:windowssystem32EKaio2WiaCoInst.dll

2011-12-10 15:21 . 2011-12-10 15:21 10240 ----a-w- c:windowssystem32EKaio2WiaCoInstRes.dll

2011-12-04 16:15 . 2011-06-10 21:31 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2011-11-29 22:28 . 2011-11-29 22:29 535040 ----a-w- c:windowssystem32driversstwrt64.sys

2011-11-29 22:28 . 2011-11-29 22:29 446464 ----a-w- c:windowssystem32stcplx64.dll

2011-11-29 22:28 . 2011-11-29 22:29 655872 ------w- c:windowssystem32stapi64.dll

2011-11-29 22:28 . 2011-11-29 22:29 1966080 ----a-w- c:windowssystem32stapo64.dll

2011-11-29 22:28 . 2011-03-12 08:59 4113408 ----a-w- c:windowssystem32stlang64.dll

2011-11-29 22:28 . 2011-03-12 08:59 1424896 ----a-w- c:windowssttray64.exe

2011-11-29 22:28 . 2011-03-12 08:58 251392 ----a-w- c:windowssystem32staco64.dll

2011-11-29 22:28 . 2011-03-12 08:59 5077504 ----a-w- c:windowssystem32IDTNHP.dll

2011-11-29 22:28 . 2011-03-12 08:59 233472 ----a-w- c:windowssystem32IDTNJ.exe

2011-11-29 22:28 . 2011-03-12 08:59 1041920 ----a-w- c:windowssystem32IDTNX.dll

2011-11-29 22:28 . 2011-03-12 08:59 6012416 ----a-w- c:windowssystem32IDTNGUI.exe

2011-11-29 22:28 . 2011-03-12 08:59 564224 ----a-w- c:windowssystem32idt64mp1.exe

2011-11-29 22:28 . 2011-03-12 08:59 1819136 ----a-w- c:windowssystem32IDTNC64.cpl

2011-11-28 18:01 . 2011-06-07 18:09 256960 ----a-w- c:windowssystem32aswBoot.exe

2011-11-24 13:55 . 2011-11-24 13:55 90112 ----a-w- c:windowssystem32igfxCoIn_v2476.dll

2011-11-24 13:55 . 2011-11-24 13:55 98304 ----a-w- c:windowsSysWow64iglhcp32.dll

2011-11-24 13:55 . 2011-11-24 13:55 98304 ----a-w- c:windowssystem32iglhcp64.dll

2011-11-24 13:55 . 2011-11-24 13:55 376832 ----a-w- c:windowsSysWow64iglhsip32.dll

2011-11-24 13:55 . 2011-11-24 13:55 376832 ----a-w- c:windowssystem32iglhsip64.dll

2011-11-24 13:55 . 2011-11-24 13:55 867020 ----a-w- c:windowssystem32igkrng575.bin

2011-11-24 13:55 . 2011-11-24 13:55 510232 ----a-w- c:windowssystem32igfxsrvc.exe

2011-11-24 13:55 . 2011-11-24 13:55 378368 ----a-w- c:windowssystem32igfxTMM.dll

2011-11-24 13:55 . 2011-11-24 13:55 287232 ----a-w- c:windowssystem32igfxrfra.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrsky.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrrus.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrrom.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrptg.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrplk.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrnld.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrita.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrhrv.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrtrk.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrsve.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrslv.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrptb.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrnor.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrhun.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrfin.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285696 ----a-w- c:windowssystem32igfxrtha.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285184 ----a-w- c:windowssystem32igfxrheb.lrc

2011-11-24 13:55 . 2011-11-24 13:55 283648 ----a-w- c:windowssystem32igfxrjpn.lrc

2011-11-24 13:55 . 2011-11-24 13:55 283136 ----a-w- c:windowssystem32igfxrkor.lrc

2011-11-24 13:55 . 2011-11-24 13:55 167704 ----a-w- c:windowssystem32igfxtray.exe

2011-11-24 13:55 . 2010-12-08 18:55 9014784 ----a-w- c:windowssystem32igfxress.dll

2011-11-24 13:55 . 2010-12-08 18:55 62464 ----a-w- c:windowssystem32igfxsrvc.dll

2011-11-24 13:55 . 2011-11-24 13:55 416024 ----a-w- c:windowssystem32igfxpers.exe

2011-11-24 13:55 . 2011-11-24 13:55 4096 ----a-w- c:windowssystem32IGFXDEVLib.dll

2011-11-24 13:55 . 2011-11-24 13:55 390144 ----a-w- c:windowssystem32igfxdev.dll

2011-11-24 13:55 . 2011-11-24 13:55 375808 ----a-w- c:windowssystem32igfxpph.dll

2011-11-24 13:55 . 2011-11-24 13:55 294400 ----a-w- c:windowsSysWow64igfxdv32.dll

2011-11-24 13:55 . 2011-11-24 13:55 287232 ----a-w- c:windowssystem32igfxresn.lrc

2011-11-24 13:55 . 2011-11-24 13:55 287232 ----a-w- c:windowssystem32igfxrell.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrdeu.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrcsy.lrc

2011-11-24 13:55 . 2011-11-24 13:55 28672 ----a-w- c:windowssystem32igfxexps.dll

2011-11-24 13:55 . 2011-11-24 13:55 285696 ----a-w- c:windowssystem32igfxrenu.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285696 ----a-w- c:windowssystem32igfxrdan.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285184 ----a-w- c:windowssystem32igfxrara.lrc

2011-11-24 13:55 . 2011-11-24 13:55 282624 ----a-w- c:windowssystem32igfxrcht.lrc

2011-11-24 13:55 . 2011-11-24 13:55 282624 ----a-w- c:windowssystem32igfxrchs.lrc

2011-11-24 13:55 . 2011-11-24 13:55 24576 ----a-w- c:windowsSysWow64igfxexps32.dll

2011-11-24 13:55 . 2011-11-24 13:55 239896 ----a-w- c:windowssystem32igfxext.exe

2011-11-24 13:55 . 2011-11-24 13:55 162816 ----a-w- c:windowsSysWow64igfxcmrt32.dll

2011-11-24 13:55 . 2011-11-24 13:55 142336 ----a-w- c:windowssystem32igfxdo.dll

2011-11-24 13:55 . 2011-11-24 13:55 140288 ----a-w- c:windowssystem32igfxcmrt64.dll

2011-11-24 13:55 . 2011-11-24 13:55 126976 ----a-w- c:windowssystem32igfxcpl.cpl

2011-11-24 13:55 . 2011-11-24 13:55 12289472 ----a-w- c:windowssystem32driversigdkmd64.sys

2011-11-24 13:55 . 2011-11-24 13:55 105608 ----a-w- c:windowssystem32igfcg575m.bin

2011-11-24 13:55 . 2010-12-08 18:55 8311808 ----a-w- c:windowssystem32igdumd64.dll

2011-11-24 13:55 . 2010-12-08 18:55 6322688 ----a-w- c:windowsSysWow64igdumd32.dll

2011-11-24 13:55 . 2010-12-08 18:55 581120 ----a-w- c:windowsSysWow64igdumdx32.dll

2011-11-24 13:55 . 2010-12-08 18:55 14598144 ----a-w- c:windowssystem32igd10umd64.dll

2011-11-24 13:55 . 2011-11-24 13:55 12339712 ----a-w- c:windowsSysWow64igd10umd32.dll

2011-11-24 13:55 . 2011-11-24 13:55 18640384 ----a-w- c:windowssystem32ig4icd64.dll

2011-11-24 13:55 . 2011-11-24 13:55 4378392 ----a-w- c:windowssystem32GfxUI.exe

2011-11-24 13:55 . 2011-11-24 13:55 392472 ----a-w- c:windowssystem32hkcmd.exe

2011-11-24 13:55 . 2011-11-24 13:55 13903872 ----a-w- c:windowsSysWow64ig4icd32.dll

2011-11-24 13:55 . 2011-11-24 13:55 179992 ----a-w- c:windowssystem32difx64.exe

2011-11-24 13:55 . 2011-11-24 13:55 146432 ----a-w- c:windowssystem32gfxSrvc.dll

2011-11-24 13:55 . 2010-12-08 18:55 110080 ----a-w- c:windowssystem32hccutils.dll

2011-11-24 13:53 . 2011-11-24 13:54 74272 ----a-w- c:windowssystem32RtNicProp64.dll

2011-11-24 13:53 . 2011-11-24 13:54 565352 ----a-w- c:windowssystem32driversRt64win7.sys

2011-11-24 13:53 . 2011-03-12 08:59 107552 ----a-w- c:windowssystem32RTNUninst64.dll

2011-11-24 04:52 . 2011-12-15 02:14 3145216 ----a-w- c:windowssystem32win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-08_12.10.42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-11 11:23 . 2012-02-08 21:48 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

- 2011-09-11 11:23 . 2012-02-07 23:25 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2011-01-09 09:44 . 2012-02-08 21:51 46708 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-08 21:51 39714 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

+ 2011-06-02 22:57 . 2012-02-08 21:51 13842 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-267233986-1459018133-127167734-1000_UserData.bin

- 2011-06-03 06:44 . 2012-02-07 23:26 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-06-03 06:44 . 2012-02-08 21:50 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-06-03 06:44 . 2012-02-07 23:26 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2011-06-03 06:44 . 2012-02-08 21:50 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2012-02-08 21:50 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2009-07-14 04:54 . 2012-02-07 23:26 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-06-03 06:49 . 2012-02-08 22:03 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-06-03 06:49 . 2012-02-08 11:04 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-06-03 06:49 . 2012-02-08 11:04 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-06-03 06:49 . 2012-02-08 22:03 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2012-02-08 17:35 . 2012-02-08 17:35 1844 c:windowsSysWOW64configsystemprofileAppDataRoamingSoftGrid ClientIcon Cacheicon_ex.dat

- 2012-02-08 11:58 . 2012-02-08 11:58 1844 c:windowsSysWOW64configsystemprofileAppDataRoamingSoftGrid ClientIcon Cacheicon_ex.dat

- 2012-02-08 11:58 . 2012-02-08 11:58 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-02-08 21:48 . 2012-02-08 21:48 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-02-08 21:48 . 2012-02-08 21:48 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2012-02-08 11:58 . 2012-02-08 11:58 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2009-07-14 04:54 . 2012-02-07 23:26 245760 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2012-02-08 21:48 245760 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2009-07-14 05:12 . 2012-02-07 23:26 262144 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2009-07-14 05:12 . 2012-02-08 21:49 262144 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

- 2009-07-14 05:01 . 2012-02-08 11:58 446032 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-08 17:35 446032 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 04:54 . 2012-02-07 23:26 3588096 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2012-02-08 21:48 3588096 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-02-07 23:26 1130496 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-02-08 21:48 1130496 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"LightScribe Control Panel"="c:program files (x86)Common FilesLightScribeLightScribeControlPanel.exe" [2010-11-22 2736128]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"IAStorIcon"="c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2011-01-12 283160]

"IMSS"="c:program files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe" [2010-07-23 111640]

"Microsoft Default Manager"="c:program files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" [2010-05-10 439568]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-01-04 37296]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2011-04-08 254696]

"HPOSD"="c:program files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe" [2011-06-13 336440]

"HP Quick Launch"="c:program files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe" [2011-06-14 587320]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2009-05-26 413696]

"Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2012-01-31 26264]

"PC Pitstop PC Matic Reminder"="c:program files (x86)PCPitstopPC MaticReminder-PCMatic.exe" [2012-01-31 325280]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]

"KodakHomeCenter"="c:program files (x86)KodakAiOCenterAiOHomeCenter.exe" [2011-12-12 2234288]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Bluetooth.lnk - c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2010-7-29 1132320]

Event Planner Reminder.lnk - c:windowsInstaller{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2011-11-10 1718]

Snapfish PictureMover.lnk - c:program files (x86)PictureMoverBinPictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 136176]

R3 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 136176]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:windowssystem32DRIVERSnetw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-01-10 4925184]

R3 PCPitstop Scheduling;PCPitstop Scheduling;c:program files (x86)PCPitstopPCPitstopScheduleService.exe [2012-01-31 91816]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:windowssystem32DRIVERSRtsPStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:windowssystem32driversNISx641206000.01DSYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversNISx641206000.01DSYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:programdataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsBASHDefs20100810.004BHDrvx64.sys [2010-08-09 945200]

S1 IDSVia64;IDSVia64;c:programdataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsIPSDefs20100706.002IDSVia64.sys [2010-06-27 463408]

S1 SymIRON;Symantec Iron Driver;c:windowssystem32driversNISx641206000.01DIronx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:windowsSystem32DriversNISx641206000.01DSYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2010-10-20 821664]

S2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2011-06-21 85560]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:program filesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-07-21 103992]

S2 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:program files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-09-01 227896]

S2 HPWMISVC;HPWMISVC;c:program files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2011-06-14 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-01-12 13336]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:program files (x86)KodakAiOCenterEKAiOHostService.exe [2011-12-19 394672]

S2 NIS;Norton Internet Security;c:program files (x86)Norton Internet SecurityEngine18.6.0.29ccSvcHst.exe [2011-04-17 130008]

S2 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-09-11 399344]

S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2010-09-14 508264]

S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-07-23 2320920]

S3 btwampfl;Bluetooth AMP USB Filter;c:windowssystem32driversbtwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:windowssystem32DRIVERSbtwl2cap.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:windowssystem32DRIVERSclwvd.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [x]

S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [x]

S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [x]

S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [x]

S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [x]

S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2010-09-14 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [x]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 22:18 451872 ----a-w- c:program files (x86)Common FilesLightScribeLSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-08 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 18:09]

.

2012-02-08 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 18:09]

.

2012-02-07 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-267233986-1459018133-127167734-1000Core.job

- c:usersDavidAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-02-05 18:41]

.

2012-02-08 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-267233986-1459018133-127167734-1000UA.job

- c:usersDavidAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-02-05 18:41]

.

2012-02-05 c:windowsTasksHPCeeScheduleForDavid.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 06:15]

.

2012-02-05 c:windowsTasksHPCeeScheduleForOZZIE$.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOTCLSID{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOTCLSID{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOTCLSID{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOTCLSID{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOTCLSID{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SynTPEnh"="c:program files (x86)SynapticsSynTPSynTPEnh.exe" [bU]

"HPWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe" [2010-07-21 8192]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-11-24 167704]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-11-24 392472]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-11-24 416024]

"SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2011-11-29 1424896]

"EKAIO2StatusMonitor"="c:windowssystem32spoolDRIVERSx643EKAiO2MUI.exe" [2011-12-10 3240448]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.msn.com

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1;<local>

uInternet Settings,ProxyServer = http=<local>

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~2MICROS~1Office14ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie.htm

Trusted Zone: myfairpoint.net

TCP: DhcpNameServer = 64.222.165.243 64.222.84.243

DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab

.

.

[HKEY_LOCAL_MACHINEsystemControlSet001servicesNIS]

"ImagePath"=""c:program files (x86)Norton Internet SecurityEngine18.6.0.29ccSvcHst.exe" /s "NIS" /m "c:program files (x86)Norton Internet SecurityEngine18.6.0.29diMaster.dll" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-08 17:28:27

ComboFix-quarantined-files.txt 2012-02-08 22:28

ComboFix2.txt 2012-02-08 12:13

.

Pre-Run: 410,835,980,288 bytes free

Post-Run: 410,546,384,896 bytes free

.

- - End Of File - - 97D420BE1BB84BCC77FAAADE78B29B37

Link to comment
Share on other sites

All seems fine. Starup and shut down are fast, we never used to shut down at nght just close the cover and let it hibernate with the internet still on. Now we shut down at night or when we're going to be gone for the day. Surfing the net seems faster as does loading programs frequently used. I'd say this notebook was clean but knowing what I've learned about this dangerous virus over the past 6 days I'm guessing not. Will we ever be 100% sure?

Link to comment
Share on other sites

The answer is we can never be sure 100% if it's gone. We can do only as much as what the log presented to us, but usually when the PC is behaving normally then it should be fine.

 

So now we will do a final followup scan just to be safe.

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:Program FilesESETESET Online Scannerlog.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push Posted Image
===================================================

 

Re-run Malwarebytes' Anti-Malware

  • Double-click MalwareBytes' (Note to Vista users, please right-click and select Run as Administrator.)

    • Go to Update tab to update Malwarebytes' Anti-Malware
  • Then click Check for Updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:

    C:Documents and SettingsUsernameApplication DataMalwarebytesMalwarebytes' Anti-MalwareLogsmbam-log-date (time).txt

  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

 

===================================================

 

On your next reply please post :

ESET log

MBAM log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Edited by Conspire
Link to comment
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.02.10.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

David :: OZZIE [administrator]

 

2/10/2012 7:37:52 PM

mbam-log-2012-02-10 (19-37-52).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209167

Time elapsed: 4 minute(s), 7 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

C:ProgramDataMicrosoftWindowsDRM25C6.tmp Win64/Olmarik.AD trojan

C:ProgramDataMicrosoftWindowsDRM25C7.tmp Win64/Olmarik.AD trojan

C:ProgramDataSpybot - Search & DestroyRecoverySmitfraudCgeneric.zip Win32/Bagle.gen.zip worm

C:TDSSKiller_Quarantine05.02.2012_11.55.15mbr0000tdlfs0000tsk0001.dta Win64/Olmarik.AD trojan

C:UsersAll UsersMicrosoftWindowsDRM25C6.tmp Win64/Olmarik.AD trojan

C:UsersAll UsersMicrosoftWindowsDRM25C7.tmp Win64/Olmarik.AD trojan

C:UsersAll UsersSpybot - Search & DestroyRecoverySmitfraudCgeneric.zip Win32/Bagle.gen.zip worm

C:UsersDavidAppDataLocalGoogleChromeUser DataDefaultCachef_000111 HTML/ScrInject.B.Gen virus

Link to comment
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download

 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :dir
    C:UsersAll UsersMicrosoftWindowsDRM /s /md5
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Link to comment
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 06:12 on 11/02/2012 by David

Administrator - Elevation successful

 

========== dir ==========

 

C:UsersAll UsersMicrosoftWindowsDRM - Parameters: "/s /md5"

 

---Files---

25C6.tmp --a---- 6656 bytes [00:42 04/02/2012] [00:42 04/02/2012] 4495502D0C6F8325498F14BD1FD8E0C4

25C7.tmp --a---- 6656 bytes [00:42 04/02/2012] [00:42 04/02/2012] 8B6662144CB6D036B3BA9089F42E8DF3

blackbox.bin --ahs-- 20 bytes [01:10 03/06/2011] [01:10 03/06/2011] D0EBC7074C821A31B8F24C60A5E95C31

drmstore.hds --ahs-- 167936 bytes [01:10 03/06/2011] [11:00 11/02/2012] 0F8A9008B53300F7A58DCC349D4C1335

IndivBox.key --ahs-- 1408304 bytes [00:02 22/08/2011] [00:02 22/08/2011] 3F9E6263C968AABC85BC910A8EF829F5

IndivBox_64.key --ahs-- 1654504 bytes [00:02 22/08/2011] [00:02 22/08/2011] 4C59139964F823FE2E377DBD1F062ED7

v2ksndv.bla --ahs-- 11550 bytes [00:02 22/08/2011] [00:02 22/08/2011] 4A0EFB7C7A75EBC3E9D1A2312662AFCB

v3ks.bla --ahs-- 9506 bytes [01:10 03/06/2011] [01:10 03/06/2011] 065157D6CBE853C7E725932D6DAD5C65

v3ks.sec --ahs-- 740 bytes [01:10 03/06/2011] [01:10 03/06/2011] 93FE77EC8794067C89EB5E23669A542C

 

C:UsersAll UsersMicrosoftWindowsDRMCache d--hs-- [05:32 14/07/2009]

Indiv01.bla --ahs-- 11550 bytes [00:02 22/08/2011] [00:02 22/08/2011] 4A0EFB7C7A75EBC3E9D1A2312662AFCB

Indiv01.key --ahs-- 1408304 bytes [00:02 22/08/2011] [00:02 22/08/2011] 3F9E6263C968AABC85BC910A8EF829F5

Indiv01.tmp --ahs-- 0 bytes [00:02 22/08/2011] [00:02 22/08/2011] D41D8CD98F00B204E9800998ECF8427E

Indiv01_64.key --ahs-- 1654504 bytes [00:02 22/08/2011] [00:02 22/08/2011] 4C59139964F823FE2E377DBD1F062ED7

 

C:UsersAll UsersMicrosoftWindowsDRMCacheIndiv_SID_S-1-5-20 d------ [01:45 22/08/2011]

Indiv01_64.key --ahs-- 1654504 bytes [01:45 22/08/2011] [00:02 22/08/2011] 4C59139964F823FE2E377DBD1F062ED7

 

C:UsersAll UsersMicrosoftWindowsDRMCacheIndiv_SID_S-1-5-21-267233986-1459018133-127167734-1000 d------ [00:02 22/08/2011]

Indiv01_64.key --ahs-- 1654504 bytes [00:02 22/08/2011] [00:02 22/08/2011] 4C59139964F823FE2E377DBD1F062ED7

 

-= EOF =-

Link to comment
Share on other sites

Make sure you clear your cache on Chrome by clicking the wrench tool icon and go to Under the Hood then click Clear browsing data.

 

Please follow all previous instructions regarding security programs.

 

Open a new Notepad session

  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.

  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

ClearJavaCache::

File::
C:ProgramDataMicrosoftWindowsDRM25C6.tmp
C:ProgramDataMicrosoftWindowsDRM25C7.tmp
C:UsersAll UsersMicrosoftWindowsDRM25C6.tmp
C:UsersAll UsersMicrosoftWindowsDRM25C7.tmp

DDS::
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=<local>
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1;<local>

 

In the notepad

  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

 

This will start ComboFix again.Close all browser/windows first.

 

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

 

Posted Image

Link to comment
Share on other sites

ComboFix 12-02-07.01 - David 02/11/2012 10:33:28.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2027 [GMT -5:00]

Running from: c:usersDavidDesktopComboFix.exe

Command switches used :: c:usersDavidDesktopCFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:programdataMicrosoftWindowsDRM25C6.tmp"

"c:programdataMicrosoftWindowsDRM25C7.tmp"

"c:usersAll UsersMicrosoftWindowsDRM25C6.tmp"

"c:usersAll UsersMicrosoftWindowsDRM25C7.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:programdataMicrosoftWindowsDRM25C6.tmp

c:programdataMicrosoftWindowsDRM25C7.tmp

c:usersAll UsersMicrosoftWindowsDRM25C6.tmp

c:usersAll UsersMicrosoftWindowsDRM25C7.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))

.

.

2012-02-11 15:44 . 2012-02-11 15:44 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-02-11 15:44 . 2012-02-11 15:44 -------- d-----w- c:usersAdministratorAppDataLocaltemp

2012-02-11 11:15 . 2012-01-06 02:15 8602168 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{064826EF-C77A-4467-A0BD-BC010381EC32}mpengine.dll

2012-02-11 11:12 . 2012-02-04 20:18 917840 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesNISBackupgapaengine.dll

2012-02-11 11:12 . 2012-02-11 11:11 927800 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{02E165AA-1DC3-4717-9C20-07E1751865A8}gapaengine.dll

2012-02-09 00:47 . 2012-02-09 00:47 -------- d-----w- c:program files (x86)Common FilesSymantec Shared

2012-02-07 11:24 . 2012-02-11 11:00 -------- d-----w- c:programdataPCPitstop

2012-02-07 11:24 . 2012-02-10 20:57 -------- d-----w- c:program files (x86)PCPitstop

2012-02-05 21:27 . 2012-01-06 02:15 8602168 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-02-05 16:57 . 2012-02-05 16:57 -------- d-----w- C:TDSSKiller_Quarantine

2012-02-05 12:44 . 2012-02-05 12:44 -------- d-----w- c:usersDavidAppDataRoamingMalwarebytes

2012-02-05 12:44 . 2012-02-05 12:44 -------- d-----w- c:programdataMalwarebytes

2012-02-05 12:44 . 2012-02-05 12:44 -------- d-----w- c:program files (x86)Malwarebytes' Anti-Malware

2012-02-05 12:44 . 2011-12-10 20:24 23152 ----a-w- c:windowssystem32driversmbam.sys

2012-02-04 22:44 . 2012-02-04 23:45 -------- d-----w- c:programdataPC Tools

2012-02-04 20:19 . 2012-02-04 20:18 917840 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{77C727A1-18EE-436A-8783-58386F473BB5}gapaengine.dll

2012-02-04 19:16 . 2012-02-04 19:16 -------- d-----w- c:program files (x86)Microsoft Security Client

2012-02-04 19:16 . 2012-02-04 19:16 -------- d-----w- c:program filesMicrosoft Security Client

2012-02-04 19:02 . 2011-10-26 05:25 1572864 ----a-w- c:windowssystem32quartz.dll

2012-02-04 19:02 . 2011-10-26 05:25 366592 ----a-w- c:windowssystem32qdvd.dll

2012-02-04 19:02 . 2011-10-26 04:32 514560 ----a-w- c:windowsSysWow64qdvd.dll

2012-02-04 19:02 . 2011-10-26 04:32 1328128 ----a-w- c:windowsSysWow64quartz.dll

2012-02-04 18:59 . 2011-11-17 06:41 1731920 ----a-w- c:windowssystem32ntdll.dll

2012-02-04 18:59 . 2011-11-17 05:38 1292080 ----a-w- c:windowsSysWow64ntdll.dll

2012-02-04 18:59 . 2011-11-19 14:58 77312 ----a-w- c:windowssystem32packager.dll

2012-02-04 18:59 . 2011-11-19 14:01 67072 ----a-w- c:windowsSysWow64packager.dll

2012-02-04 18:59 . 2012-02-10 22:17 -------- d-----w- c:windowssystem32driversNISx641207000.00D

2012-02-04 18:33 . 2011-11-21 11:40 8822856 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{8F407FDD-1FD7-4FD3-A0AE-2FAEB7DD729D}mpengine.dll

2012-02-04 18:01 . 2012-02-04 18:01 -------- d-----w- C:_Exception1

2012-02-03 12:19 . 2012-02-03 12:19 -------- d-----w- c:program files (x86)Common FilesIntel Corporation

2012-01-22 14:09 . 2012-01-22 14:09 -------- d-----w- c:usersDavidAppDataRoamingPrinter Info Cache

2012-01-18 11:58 . 2012-01-18 11:58 -------- d-----w- c:program files (x86)Sling Media

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2011-06-03 01:17 279656 ------w- c:windowssystem32MpSigStub.exe

2011-12-10 15:22 . 2011-12-10 15:22 1058304 ----a-w- c:windowssystem32EKAiO2MON.dll

2011-12-10 15:22 . 2011-12-10 15:22 177664 ----a-w- c:windowssystem32EKAiO2COI07.dll

2011-12-10 15:21 . 2011-12-10 15:21 122368 ----a-w- c:windowssystem32EKaio2WiaCoInst.dll

2011-12-10 15:21 . 2011-12-10 15:21 10240 ----a-w- c:windowssystem32EKaio2WiaCoInstRes.dll

2011-12-04 16:15 . 2011-06-10 21:31 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2011-11-29 22:28 . 2011-11-29 22:29 535040 ----a-w- c:windowssystem32driversstwrt64.sys

2011-11-29 22:28 . 2011-11-29 22:29 446464 ----a-w- c:windowssystem32stcplx64.dll

2011-11-29 22:28 . 2011-11-29 22:29 655872 ------w- c:windowssystem32stapi64.dll

2011-11-29 22:28 . 2011-11-29 22:29 1966080 ----a-w- c:windowssystem32stapo64.dll

2011-11-29 22:28 . 2011-03-12 08:59 4113408 ----a-w- c:windowssystem32stlang64.dll

2011-11-29 22:28 . 2011-03-12 08:59 1424896 ----a-w- c:windowssttray64.exe

2011-11-29 22:28 . 2011-03-12 08:58 251392 ----a-w- c:windowssystem32staco64.dll

2011-11-29 22:28 . 2011-03-12 08:59 5077504 ----a-w- c:windowssystem32IDTNHP.dll

2011-11-29 22:28 . 2011-03-12 08:59 233472 ----a-w- c:windowssystem32IDTNJ.exe

2011-11-29 22:28 . 2011-03-12 08:59 1041920 ----a-w- c:windowssystem32IDTNX.dll

2011-11-29 22:28 . 2011-03-12 08:59 6012416 ----a-w- c:windowssystem32IDTNGUI.exe

2011-11-29 22:28 . 2011-03-12 08:59 564224 ----a-w- c:windowssystem32idt64mp1.exe

2011-11-29 22:28 . 2011-03-12 08:59 1819136 ----a-w- c:windowssystem32IDTNC64.cpl

2011-11-28 18:01 . 2011-06-07 18:09 256960 ----a-w- c:windowssystem32aswBoot.exe

2011-11-24 13:55 . 2011-11-24 13:55 90112 ----a-w- c:windowssystem32igfxCoIn_v2476.dll

2011-11-24 13:55 . 2011-11-24 13:55 98304 ----a-w- c:windowsSysWow64iglhcp32.dll

2011-11-24 13:55 . 2011-11-24 13:55 98304 ----a-w- c:windowssystem32iglhcp64.dll

2011-11-24 13:55 . 2011-11-24 13:55 376832 ----a-w- c:windowsSysWow64iglhsip32.dll

2011-11-24 13:55 . 2011-11-24 13:55 376832 ----a-w- c:windowssystem32iglhsip64.dll

2011-11-24 13:55 . 2011-11-24 13:55 867020 ----a-w- c:windowssystem32igkrng575.bin

2011-11-24 13:55 . 2011-11-24 13:55 510232 ----a-w- c:windowssystem32igfxsrvc.exe

2011-11-24 13:55 . 2011-11-24 13:55 378368 ----a-w- c:windowssystem32igfxTMM.dll

2011-11-24 13:55 . 2011-11-24 13:55 287232 ----a-w- c:windowssystem32igfxrfra.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrsky.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrrus.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrrom.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrptg.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrplk.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrnld.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrita.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrhrv.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrtrk.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrsve.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrslv.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrptb.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrnor.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrhun.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286208 ----a-w- c:windowssystem32igfxrfin.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285696 ----a-w- c:windowssystem32igfxrtha.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285184 ----a-w- c:windowssystem32igfxrheb.lrc

2011-11-24 13:55 . 2011-11-24 13:55 283648 ----a-w- c:windowssystem32igfxrjpn.lrc

2011-11-24 13:55 . 2011-11-24 13:55 283136 ----a-w- c:windowssystem32igfxrkor.lrc

2011-11-24 13:55 . 2011-11-24 13:55 167704 ----a-w- c:windowssystem32igfxtray.exe

2011-11-24 13:55 . 2010-12-08 18:55 9014784 ----a-w- c:windowssystem32igfxress.dll

2011-11-24 13:55 . 2010-12-08 18:55 62464 ----a-w- c:windowssystem32igfxsrvc.dll

2011-11-24 13:55 . 2011-11-24 13:55 416024 ----a-w- c:windowssystem32igfxpers.exe

2011-11-24 13:55 . 2011-11-24 13:55 4096 ----a-w- c:windowssystem32IGFXDEVLib.dll

2011-11-24 13:55 . 2011-11-24 13:55 390144 ----a-w- c:windowssystem32igfxdev.dll

2011-11-24 13:55 . 2011-11-24 13:55 375808 ----a-w- c:windowssystem32igfxpph.dll

2011-11-24 13:55 . 2011-11-24 13:55 294400 ----a-w- c:windowsSysWow64igfxdv32.dll

2011-11-24 13:55 . 2011-11-24 13:55 287232 ----a-w- c:windowssystem32igfxresn.lrc

2011-11-24 13:55 . 2011-11-24 13:55 287232 ----a-w- c:windowssystem32igfxrell.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrdeu.lrc

2011-11-24 13:55 . 2011-11-24 13:55 286720 ----a-w- c:windowssystem32igfxrcsy.lrc

2011-11-24 13:55 . 2011-11-24 13:55 28672 ----a-w- c:windowssystem32igfxexps.dll

2011-11-24 13:55 . 2011-11-24 13:55 285696 ----a-w- c:windowssystem32igfxrenu.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285696 ----a-w- c:windowssystem32igfxrdan.lrc

2011-11-24 13:55 . 2011-11-24 13:55 285184 ----a-w- c:windowssystem32igfxrara.lrc

2011-11-24 13:55 . 2011-11-24 13:55 282624 ----a-w- c:windowssystem32igfxrcht.lrc

2011-11-24 13:55 . 2011-11-24 13:55 282624 ----a-w- c:windowssystem32igfxrchs.lrc

2011-11-24 13:55 . 2011-11-24 13:55 24576 ----a-w- c:windowsSysWow64igfxexps32.dll

2011-11-24 13:55 . 2011-11-24 13:55 239896 ----a-w- c:windowssystem32igfxext.exe

2011-11-24 13:55 . 2011-11-24 13:55 162816 ----a-w- c:windowsSysWow64igfxcmrt32.dll

2011-11-24 13:55 . 2011-11-24 13:55 142336 ----a-w- c:windowssystem32igfxdo.dll

2011-11-24 13:55 . 2011-11-24 13:55 140288 ----a-w- c:windowssystem32igfxcmrt64.dll

2011-11-24 13:55 . 2011-11-24 13:55 126976 ----a-w- c:windowssystem32igfxcpl.cpl

2011-11-24 13:55 . 2011-11-24 13:55 12289472 ----a-w- c:windowssystem32driversigdkmd64.sys

2011-11-24 13:55 . 2011-11-24 13:55 105608 ----a-w- c:windowssystem32igfcg575m.bin

2011-11-24 13:55 . 2010-12-08 18:55 8311808 ----a-w- c:windowssystem32igdumd64.dll

2011-11-24 13:55 . 2010-12-08 18:55 6322688 ----a-w- c:windowsSysWow64igdumd32.dll

2011-11-24 13:55 . 2010-12-08 18:55 581120 ----a-w- c:windowsSysWow64igdumdx32.dll

2011-11-24 13:55 . 2010-12-08 18:55 14598144 ----a-w- c:windowssystem32igd10umd64.dll

2011-11-24 13:55 . 2011-11-24 13:55 12339712 ----a-w- c:windowsSysWow64igd10umd32.dll

2011-11-24 13:55 . 2011-11-24 13:55 18640384 ----a-w- c:windowssystem32ig4icd64.dll

2011-11-24 13:55 . 2011-11-24 13:55 4378392 ----a-w- c:windowssystem32GfxUI.exe

2011-11-24 13:55 . 2011-11-24 13:55 392472 ----a-w- c:windowssystem32hkcmd.exe

2011-11-24 13:55 . 2011-11-24 13:55 13903872 ----a-w- c:windowsSysWow64ig4icd32.dll

2011-11-24 13:55 . 2011-11-24 13:55 179992 ----a-w- c:windowssystem32difx64.exe

2011-11-24 13:55 . 2011-11-24 13:55 146432 ----a-w- c:windowssystem32gfxSrvc.dll

2011-11-24 13:55 . 2010-12-08 18:55 110080 ----a-w- c:windowssystem32hccutils.dll

2011-11-24 13:53 . 2011-11-24 13:54 74272 ----a-w- c:windowssystem32RtNicProp64.dll

2011-11-24 13:53 . 2011-11-24 13:54 565352 ----a-w- c:windowssystem32driversRt64win7.sys

2011-11-24 13:53 . 2011-03-12 08:59 107552 ----a-w- c:windowssystem32RTNUninst64.dll

2011-11-24 04:52 . 2011-12-15 02:14 3145216 ----a-w- c:windowssystem32win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-08_12.10.42 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-11 11:23 . 2012-02-11 10:59 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

- 2011-09-11 11:23 . 2012-02-07 23:25 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2011-01-09 09:44 . 2012-02-09 22:29 47052 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-11 11:01 40056 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

+ 2011-06-02 22:57 . 2012-02-11 11:01 14318 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-267233986-1459018133-127167734-1000_UserData.bin

+ 2011-06-03 06:44 . 2012-02-11 10:59 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-06-03 06:44 . 2012-02-07 23:26 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-06-03 06:44 . 2012-02-11 10:59 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-06-03 06:44 . 2012-02-07 23:26 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2012-02-11 10:59 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2009-07-14 04:54 . 2012-02-07 23:26 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:46 . 2012-02-10 21:06 93832 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat

+ 2011-06-03 06:49 . 2012-02-11 15:20 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-06-03 06:49 . 2012-02-08 11:04 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-06-03 06:49 . 2012-02-08 11:04 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-06-03 06:49 . 2012-02-11 15:20 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2012-02-11 03:48 . 2012-02-11 03:48 1844 c:windowsSysWOW64configsystemprofileAppDataRoamingSoftGrid ClientIcon Cacheicon_ex.dat

- 2012-02-08 11:58 . 2012-02-08 11:58 1844 c:windowsSysWOW64configsystemprofileAppDataRoamingSoftGrid ClientIcon Cacheicon_ex.dat

+ 2012-02-11 10:59 . 2012-02-11 10:59 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

- 2012-02-08 11:58 . 2012-02-08 11:58 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-02-11 10:59 . 2012-02-11 10:59 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2012-02-08 11:58 . 2012-02-08 11:58 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2009-07-14 04:54 . 2012-02-07 23:26 245760 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2012-02-11 10:59 245760 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-06-03 02:20 . 2012-02-11 15:17 268848 c:windowssystem32wdiSuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-02-11 15:19 630914 c:windowssystem32perfh009.dat

- 2009-07-14 02:36 . 2012-02-08 11:31 630914 c:windowssystem32perfh009.dat

+ 2009-07-14 02:36 . 2012-02-11 15:19 109702 c:windowssystem32perfc009.dat

- 2009-07-14 02:36 . 2012-02-08 11:31 109702 c:windowssystem32perfc009.dat

- 2009-07-14 05:12 . 2012-02-07 23:26 262144 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2009-07-14 05:12 . 2012-02-11 10:59 262144 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2009-07-14 05:01 . 2012-02-11 03:48 446032 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 05:01 . 2012-02-08 11:58 446032 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2009-07-14 04:54 . 2012-02-11 10:59 3588096 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-02-07 23:26 3588096 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-02-07 23:26 1130496 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-02-11 10:59 1130496 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"LightScribe Control Panel"="c:program files (x86)Common FilesLightScribeLightScribeControlPanel.exe" [2010-11-22 2736128]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"IAStorIcon"="c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2011-01-12 283160]

"IMSS"="c:program files (x86)IntelIntel® Management Engine ComponentsIMSSPIconStartup.exe" [2010-07-23 111640]

"Microsoft Default Manager"="c:program files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" [2010-05-10 439568]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-01-04 37296]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2011-04-08 254696]

"HPOSD"="c:program files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe" [2011-06-13 336440]

"HP Quick Launch"="c:program files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe" [2011-06-14 587320]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2009-05-26 413696]

"Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2012-01-31 26264]

"Conime"="c:windowssystem32conime.exe" [bU]

.

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]

"KodakHomeCenter"="c:program files (x86)KodakAiOCenterAiOHomeCenter.exe" [2011-12-12 2234288]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Bluetooth.lnk - c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2010-7-29 1132320]

Event Planner Reminder.lnk - c:windowsInstaller{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2011-11-10 1718]

Snapfish PictureMover.lnk - c:program files (x86)PictureMoverBinPictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 136176]

R3 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 136176]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:windowssystem32DRIVERSnetw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-01-10 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:windowssystem32DRIVERSRtsPStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32DRIVERSyk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:windowssystem32driversNISx641207000.00DSYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversNISx641207000.00DSYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:programdataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsBASHDefs20100810.004BHDrvx64.sys [2010-08-09 945200]

S1 IDSVia64;IDSVia64;c:programdataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_18.1.0.37DefinitionsIPSDefs20100706.002IDSVia64.sys [2010-06-27 463408]

S1 SymIRON;Symantec Iron Driver;c:windowssystem32driversNISx641207000.00DIronx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:windowsSystem32DriversNISx641207000.00DSYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2010-10-20 821664]

S2 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2011-06-21 85560]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:program filesHewlett-PackardHP Wireless AssistantHPWA_Service.exe [2010-07-21 103992]

S2 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:program files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-09-01 227896]

S2 HPWMISVC;HPWMISVC;c:program files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2011-06-14 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-01-12 13336]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:program files (x86)KodakAiOCenterEKAiOHostService.exe [2011-12-19 394672]

S2 NIS;Norton Internet Security;c:program files (x86)Norton Internet SecurityEngine18.7.0.13ccSvcHst.exe [2011-04-17 130008]

S2 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-09-11 399344]

S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2010-09-14 508264]

S2 UNS;Intel® Management & Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-07-23 2320920]

S3 btwampfl;Bluetooth AMP USB Filter;c:windowssystem32driversbtwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:windowssystem32DRIVERSbtwl2cap.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:windowssystem32DRIVERSclwvd.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [2010-08-13 132656]

S3 HECIx64;Intel® Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys [x]

S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [x]

S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [x]

S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [x]

S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [x]

S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2010-09-14 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [x]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 22:18 451872 ----a-w- c:program files (x86)Common FilesLightScribeLSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-11 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 18:09]

.

2012-02-11 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-06-07 18:09]

.

2012-02-10 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-267233986-1459018133-127167734-1000Core.job

- c:usersDavidAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-02-05 18:41]

.

2012-02-11 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-267233986-1459018133-127167734-1000UA.job

- c:usersDavidAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-02-05 18:41]

.

2012-02-05 c:windowsTasksHPCeeScheduleForDavid.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 06:15]

.

2012-02-05 c:windowsTasksHPCeeScheduleForOZZIE$.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOTCLSID{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOTCLSID{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOTCLSID{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOTCLSID{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOTCLSID{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-11-09 22:16 2238976 ----a-w- c:program files (x86)Hewlett-PackardHP CloudDriveShellExt64.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SynTPEnh"="c:program files (x86)SynapticsSynTPSynTPEnh.exe" [bU]

"HPWirelessAssistant"="c:program filesHewlett-PackardHP Wireless AssistantDelayedAppStarter.exe" [2010-07-21 8192]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-11-24 167704]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-11-24 392472]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-11-24 416024]

"SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2011-11-29 1424896]

"EKAIO2StatusMonitor"="c:windowssystem32spoolDRIVERSx643EKAiO2MUI.exe" [2011-12-10 3240448]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.msn.com

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1;<local>

uInternet Settings,ProxyServer = http=<local>

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~2MICROS~1Office14ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie.htm

Trusted Zone: myfairpoint.net

TCP: DhcpNameServer = 64.222.165.243 64.222.84.243

DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab

.

.

[HKEY_LOCAL_MACHINEsystemControlSet001servicesNIS]

"ImagePath"=""c:program files (x86)Norton Internet SecurityEngine18.7.0.13ccSvcHst.exe" /s "NIS" /m "c:program files (x86)Norton Internet SecurityEngine18.7.0.13diMaster.dll" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-11 11:04:22

ComboFix-quarantined-files.txt 2012-02-11 16:04

ComboFix2.txt 2012-02-08 22:28

ComboFix3.txt 2012-02-08 12:13

.

Pre-Run: 410,456,625,152 bytes free

Post-Run: 410,474,541,056 bytes free

.

- - End Of File - - CA88F732ECF5D4CF1D6F396184341848

Link to comment
Share on other sites

Hi,

 

You're good to go. :)

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

 

===================================================

 

I'm pleased to let you know that your log is clean!

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...