Jump to content

DanF

Honorary Members
  • Posts

    25
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Robybel, So far everything seems to be back to normal. Thank you! It was a long road, but it looks like you've done it! -DanF
  2. 18:01:19.0623 2316 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:01:21.0635 2316 ============================================================ 18:01:21.0635 2316 Current date / time: 2013/04/23 18:01:21.0635 18:01:21.0635 2316 SystemInfo: 18:01:21.0635 2316 18:01:21.0635 2316 OS Version: 6.1.7601 ServicePack: 1.0 18:01:21.0635 2316 Product type: Workstation 18:01:21.0635 2316 ComputerName: LAPTOP-PC 18:01:21.0635 2316 UserName: Laptop 18:01:21.0635 2316 Windows directory: C:\Windows 18:01:21.0635 2316 System windows directory: C:\Windows 18:01:21.0635 2316 Running under WOW64 18:01:21.0635 2316 Processor architecture: Intel x64 18:01:21.0635 2316 Number of processors: 2 18:01:21.0635 2316 Page size: 0x1000 18:01:21.0635 2316 Boot type: Normal boot 18:01:21.0635 2316 ============================================================ 18:01:23.0991 2316 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:01:24.0006 2316 ============================================================ 18:01:24.0006 2316 \Device\Harddisk0\DR0: 18:01:24.0006 2316 MBR partitions: 18:01:24.0006 2316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 18:01:24.0006 2316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23875000 18:01:24.0006 2316 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x238D9000, BlocksNum 0x1B21800 18:01:24.0006 2316 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0 18:01:24.0006 2316 ============================================================ 18:01:24.0006 2316 C: <-> \Device\Harddisk0\DR0\Partition2 18:01:24.0069 2316 D: <-> \Device\Harddisk0\DR0\Partition3 18:01:24.0084 2316 E: <-> \Device\Harddisk0\DR0\Partition4 18:01:24.0084 2316 ============================================================ 18:01:24.0084 2316 Initialize success 18:01:24.0084 2316 ============================================================ 18:01:25.0707 5364 ============================================================ 18:01:25.0707 5364 Scan started 18:01:25.0707 5364 Mode: Manual; 18:01:25.0707 5364 ============================================================ 18:01:28.0359 5364 ================ Scan system memory ======================== 18:01:28.0359 5364 System memory - ok 18:01:28.0359 5364 ================ Scan services ============================= 18:01:28.0858 5364 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:01:28.0873 5364 1394ohci - ok 18:01:28.0920 5364 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:01:28.0936 5364 ACPI - ok 18:01:28.0967 5364 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:01:28.0967 5364 AcpiPmi - ok 18:01:29.0029 5364 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:01:29.0029 5364 adp94xx - ok 18:01:29.0076 5364 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:01:29.0076 5364 adpahci - ok 18:01:29.0107 5364 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:01:29.0107 5364 adpu320 - ok 18:01:29.0139 5364 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:01:29.0139 5364 AeLookupSvc - ok 18:01:29.0232 5364 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 18:01:29.0232 5364 AERTFilters - ok 18:01:29.0295 5364 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:01:29.0310 5364 AFD - ok 18:01:29.0341 5364 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:01:29.0341 5364 agp440 - ok 18:01:29.0373 5364 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:01:29.0388 5364 ALG - ok 18:01:29.0404 5364 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:01:29.0404 5364 aliide - ok 18:01:29.0466 5364 [ 0DE7BF2A2E64A841F9ABF9558870D9C4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 18:01:29.0466 5364 AMD External Events Utility - ok 18:01:29.0497 5364 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:01:29.0497 5364 amdide - ok 18:01:29.0544 5364 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:01:29.0544 5364 AmdK8 - ok 18:01:29.0716 5364 [ F284DA3156166B45D02ACC3C228ADE1E ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys 18:01:29.0763 5364 amdkmdag - ok 18:01:29.0825 5364 [ 91E1DAF0193BD2AB90B1B35C987237FE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 18:01:29.0825 5364 amdkmdap - ok 18:01:29.0872 5364 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:01:29.0872 5364 AmdPPM - ok 18:01:29.0903 5364 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys 18:01:29.0903 5364 amdsata - ok 18:01:29.0965 5364 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:01:29.0965 5364 amdsbs - ok 18:01:29.0981 5364 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys 18:01:29.0981 5364 amdxata - ok 18:01:30.0043 5364 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:01:30.0043 5364 AppID - ok 18:01:30.0075 5364 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:01:30.0075 5364 AppIDSvc - ok 18:01:30.0121 5364 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:01:30.0121 5364 Appinfo - ok 18:01:30.0215 5364 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:01:30.0215 5364 Apple Mobile Device - ok 18:01:30.0262 5364 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 18:01:30.0262 5364 arc - ok 18:01:30.0309 5364 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:01:30.0309 5364 arcsas - ok 18:01:30.0340 5364 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:01:30.0340 5364 AsyncMac - ok 18:01:30.0371 5364 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:01:30.0371 5364 atapi - ok 18:01:30.0465 5364 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys 18:01:30.0480 5364 athr - ok 18:01:30.0527 5364 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 18:01:30.0527 5364 AtiPcie - ok 18:01:30.0574 5364 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:01:30.0589 5364 AudioEndpointBuilder - ok 18:01:30.0605 5364 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:01:30.0605 5364 AudioSrv - ok 18:01:30.0652 5364 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:01:30.0652 5364 AxInstSV - ok 18:01:30.0699 5364 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 18:01:30.0699 5364 b06bdrv - ok 18:01:30.0745 5364 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:01:30.0761 5364 b57nd60a - ok 18:01:30.0855 5364 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 18:01:30.0855 5364 BBSvc - ok 18:01:30.0901 5364 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:01:30.0901 5364 BDESVC - ok 18:01:30.0948 5364 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:01:30.0948 5364 Beep - ok 18:01:31.0011 5364 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:01:31.0026 5364 BFE - ok 18:01:31.0073 5364 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 18:01:31.0089 5364 BITS - ok 18:01:31.0120 5364 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:01:31.0120 5364 blbdrive - ok 18:01:31.0198 5364 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 18:01:31.0213 5364 Bonjour Service - ok 18:01:31.0260 5364 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:01:31.0260 5364 bowser - ok 18:01:31.0307 5364 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:01:31.0307 5364 BrFiltLo - ok 18:01:31.0307 5364 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:01:31.0307 5364 BrFiltUp - ok 18:01:31.0338 5364 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 18:01:31.0354 5364 BridgeMP - ok 18:01:31.0385 5364 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll 18:01:31.0385 5364 Browser - ok 18:01:31.0416 5364 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:01:31.0416 5364 Brserid - ok 18:01:31.0432 5364 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:01:31.0432 5364 BrSerWdm - ok 18:01:31.0463 5364 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:01:31.0463 5364 BrUsbMdm - ok 18:01:31.0479 5364 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:01:31.0479 5364 BrUsbSer - ok 18:01:31.0525 5364 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:01:31.0525 5364 BTHMODEM - ok 18:01:31.0572 5364 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:01:31.0588 5364 bthserv - ok 18:01:31.0650 5364 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 18:01:31.0650 5364 ccEvtMgr - ok 18:01:31.0650 5364 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 18:01:31.0650 5364 ccSetMgr - ok 18:01:31.0681 5364 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:01:31.0697 5364 cdfs - ok 18:01:31.0744 5364 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 18:01:31.0744 5364 cdrom - ok 18:01:31.0791 5364 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:01:31.0791 5364 CertPropSvc - ok 18:01:31.0869 5364 [ 2C24DB5F78F0ACA759803001E6B4F320 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe 18:01:31.0884 5364 CinemaNow Service - ok 18:01:31.0915 5364 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:01:31.0915 5364 circlass - ok 18:01:31.0947 5364 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:01:31.0962 5364 CLFS - ok 18:01:32.0040 5364 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:01:32.0040 5364 clr_optimization_v2.0.50727_32 - ok 18:01:32.0087 5364 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:01:32.0087 5364 clr_optimization_v2.0.50727_64 - ok 18:01:32.0165 5364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:01:32.0165 5364 clr_optimization_v4.0.30319_32 - ok 18:01:32.0212 5364 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:01:32.0212 5364 clr_optimization_v4.0.30319_64 - ok 18:01:32.0259 5364 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:01:32.0259 5364 CmBatt - ok 18:01:32.0305 5364 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:01:32.0305 5364 cmdide - ok 18:01:32.0337 5364 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys 18:01:32.0352 5364 CNG - ok 18:01:32.0383 5364 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:01:32.0383 5364 Compbatt - ok 18:01:32.0430 5364 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:01:32.0430 5364 CompositeBus - ok 18:01:32.0446 5364 COMSysApp - ok 18:01:32.0477 5364 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:01:32.0477 5364 crcdisk - ok 18:01:32.0524 5364 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:01:32.0539 5364 CryptSvc - ok 18:01:32.0571 5364 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:01:32.0586 5364 DcomLaunch - ok 18:01:32.0617 5364 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:01:32.0633 5364 defragsvc - ok 18:01:32.0664 5364 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:01:32.0664 5364 DfsC - ok 18:01:32.0727 5364 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:01:32.0727 5364 Dhcp - ok 18:01:32.0773 5364 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:01:32.0773 5364 discache - ok 18:01:32.0805 5364 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:01:32.0820 5364 Disk - ok 18:01:32.0851 5364 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:01:32.0851 5364 Dnscache - ok 18:01:32.0898 5364 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:01:32.0898 5364 dot3svc - ok 18:01:32.0929 5364 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:01:32.0945 5364 DPS - ok 18:01:32.0976 5364 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:01:32.0976 5364 drmkaud - ok 18:01:33.0226 5364 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:01:33.0241 5364 DXGKrnl - ok 18:01:33.0288 5364 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:01:33.0304 5364 EapHost - ok 18:01:33.0429 5364 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 18:01:33.0522 5364 ebdrv - ok 18:01:33.0647 5364 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 18:01:33.0647 5364 eeCtrl - ok 18:01:33.0694 5364 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:01:33.0694 5364 EFS - ok 18:01:33.0803 5364 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:01:33.0803 5364 ehRecvr - ok 18:01:33.0834 5364 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:01:33.0834 5364 ehSched - ok 18:01:33.0881 5364 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:01:33.0881 5364 elxstor - ok 18:01:33.0959 5364 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 18:01:33.0959 5364 EraserUtilRebootDrv - ok 18:01:33.0975 5364 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:01:33.0975 5364 ErrDev - ok 18:01:34.0037 5364 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:01:34.0037 5364 EventSystem - ok 18:01:34.0084 5364 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:01:34.0084 5364 exfat - ok 18:01:34.0099 5364 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:01:34.0115 5364 fastfat - ok 18:01:34.0177 5364 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:01:34.0193 5364 Fax - ok 18:01:34.0224 5364 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:01:34.0224 5364 fdc - ok 18:01:34.0271 5364 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:01:34.0271 5364 fdPHost - ok 18:01:34.0287 5364 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:01:34.0287 5364 FDResPub - ok 18:01:34.0302 5364 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:01:34.0302 5364 FileInfo - ok 18:01:34.0349 5364 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:01:34.0349 5364 Filetrace - ok 18:01:34.0474 5364 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:01:34.0489 5364 flpydisk - ok 18:01:34.0661 5364 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:01:34.0661 5364 FltMgr - ok 18:01:34.0848 5364 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:01:34.0864 5364 FontCache - ok 18:01:34.0942 5364 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:01:34.0942 5364 FontCache3.0.0.0 - ok 18:01:34.0973 5364 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:01:34.0973 5364 FsDepends - ok 18:01:35.0020 5364 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:01:35.0020 5364 Fs_Rec - ok 18:01:35.0067 5364 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:01:35.0067 5364 fvevol - ok 18:01:35.0098 5364 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:01:35.0098 5364 gagp30kx - ok 18:01:35.0191 5364 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 18:01:35.0191 5364 GamesAppService - ok 18:01:35.0238 5364 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:01:35.0238 5364 GEARAspiWDM - ok 18:01:35.0301 5364 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:01:35.0301 5364 gpsvc - ok 18:01:35.0394 5364 [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys 18:01:35.0394 5364 grmnusb - ok 18:01:35.0457 5364 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:01:35.0457 5364 gupdate - ok 18:01:35.0503 5364 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:01:35.0503 5364 gupdatem - ok 18:01:35.0550 5364 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:01:35.0550 5364 hcw85cir - ok 18:01:35.0644 5364 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:01:35.0644 5364 HdAudAddService - ok 18:01:35.0691 5364 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:01:35.0691 5364 HDAudBus - ok 18:01:35.0722 5364 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:01:35.0722 5364 HidBatt - ok 18:01:35.0753 5364 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:01:35.0753 5364 HidBth - ok 18:01:35.0784 5364 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:01:35.0784 5364 HidIr - ok 18:01:35.0815 5364 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 18:01:35.0815 5364 hidserv - ok 18:01:35.0878 5364 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:01:35.0878 5364 HidUsb - ok 18:01:35.0925 5364 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:01:35.0925 5364 hkmsvc - ok 18:01:35.0956 5364 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:01:35.0971 5364 HomeGroupListener - ok 18:01:36.0003 5364 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:01:36.0003 5364 HomeGroupProvider - ok 18:01:36.0143 5364 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 18:01:36.0143 5364 HP Support Assistant Service - ok 18:01:36.0237 5364 [ 9ABD12FCE4A62905731C286BB1D66789 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe 18:01:36.0237 5364 HP Wireless Assistant Service - ok 18:01:36.0283 5364 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 18:01:36.0283 5364 HPDrvMntSvc.exe - ok 18:01:36.0315 5364 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 18:01:36.0330 5364 hpqwmiex - ok 18:01:36.0408 5364 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:01:36.0408 5364 HpSAMD - ok 18:01:36.0471 5364 [ DDD6EB8C32AAF5797D71413F2FC7A00F ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 18:01:36.0471 5364 HPWMISVC - ok 18:01:36.0533 5364 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:01:36.0549 5364 HTTP - ok 18:01:36.0611 5364 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:01:36.0611 5364 hwpolicy - ok 18:01:36.0658 5364 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:01:36.0658 5364 i8042prt - ok 18:01:36.0705 5364 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:01:36.0720 5364 iaStorV - ok 18:01:36.0798 5364 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:01:36.0829 5364 idsvc - ok 18:01:37.0001 5364 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:01:37.0141 5364 igfx - ok 18:01:37.0204 5364 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:01:37.0204 5364 iirsp - ok 18:01:37.0266 5364 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:01:37.0282 5364 IKEEXT - ok 18:01:37.0453 5364 [ D311E2DD59A34079D89C249B2A4D9FDB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:01:37.0469 5364 IntcAzAudAddService - ok 18:01:37.0500 5364 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:01:37.0500 5364 intelide - ok 18:01:37.0563 5364 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:01:37.0563 5364 intelppm - ok 18:01:37.0609 5364 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:01:37.0609 5364 IPBusEnum - ok 18:01:37.0641 5364 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:01:37.0641 5364 IpFilterDriver - ok 18:01:37.0703 5364 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:01:37.0703 5364 iphlpsvc - ok 18:01:37.0734 5364 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:01:37.0734 5364 IPMIDRV - ok 18:01:37.0765 5364 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:01:37.0765 5364 IPNAT - ok 18:01:37.0812 5364 [ F8E8676D1B6B2CC12DF9AA6B1A43D929 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:01:37.0812 5364 iPod Service - ok 18:01:37.0843 5364 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:01:37.0843 5364 IRENUM - ok 18:01:37.0890 5364 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:01:37.0890 5364 isapnp - ok 18:01:37.0937 5364 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:01:37.0937 5364 iScsiPrt - ok 18:01:37.0968 5364 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:01:37.0968 5364 kbdclass - ok 18:01:38.0015 5364 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:01:38.0015 5364 kbdhid - ok 18:01:38.0031 5364 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:01:38.0031 5364 KeyIso - ok 18:01:38.0062 5364 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:01:38.0077 5364 KSecDD - ok 18:01:38.0124 5364 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:01:38.0124 5364 KSecPkg - ok 18:01:38.0171 5364 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:01:38.0171 5364 ksthunk - ok 18:01:38.0202 5364 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:01:38.0218 5364 KtmRm - ok 18:01:38.0296 5364 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 18:01:38.0296 5364 LanmanServer - ok 18:01:38.0358 5364 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:01:38.0358 5364 LanmanWorkstation - ok 18:01:38.0405 5364 [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 18:01:38.0405 5364 LightScribeService - ok 18:01:38.0561 5364 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE 18:01:38.0577 5364 LiveUpdate - ok 18:01:38.0639 5364 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:01:38.0639 5364 lltdio - ok 18:01:38.0670 5364 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:01:38.0686 5364 lltdsvc - ok 18:01:38.0717 5364 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:01:38.0717 5364 lmhosts - ok 18:01:38.0764 5364 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:01:38.0779 5364 LSI_FC - ok 18:01:38.0779 5364 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:01:38.0779 5364 LSI_SAS - ok 18:01:38.0826 5364 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:01:38.0826 5364 LSI_SAS2 - ok 18:01:38.0842 5364 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:01:38.0842 5364 LSI_SCSI - ok 18:01:38.0857 5364 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:01:38.0857 5364 luafv - ok 18:01:38.0904 5364 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:01:38.0904 5364 MBAMProtector - ok 18:01:38.0967 5364 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:01:38.0967 5364 MBAMScheduler - ok 18:01:38.0998 5364 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:01:39.0013 5364 MBAMService - ok 18:01:39.0045 5364 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:01:39.0060 5364 Mcx2Svc - ok 18:01:39.0154 5364 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 18:01:39.0154 5364 MDM - ok 18:01:39.0185 5364 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:01:39.0185 5364 megasas - ok 18:01:39.0201 5364 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:01:39.0216 5364 MegaSR - ok 18:01:39.0247 5364 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:01:39.0247 5364 MMCSS - ok 18:01:39.0279 5364 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:01:39.0279 5364 Modem - ok 18:01:39.0294 5364 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:01:39.0294 5364 monitor - ok 18:01:39.0310 5364 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:01:39.0310 5364 mouclass - ok 18:01:39.0325 5364 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:01:39.0325 5364 mouhid - ok 18:01:39.0357 5364 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:01:39.0357 5364 mountmgr - ok 18:01:39.0388 5364 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:01:39.0388 5364 mpio - ok 18:01:39.0419 5364 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:01:39.0419 5364 mpsdrv - ok 18:01:39.0481 5364 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:01:39.0497 5364 MpsSvc - ok 18:01:39.0559 5364 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:01:39.0559 5364 MRxDAV - ok 18:01:39.0591 5364 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:01:39.0606 5364 mrxsmb - ok 18:01:39.0637 5364 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:01:39.0637 5364 mrxsmb10 - ok 18:01:39.0684 5364 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:01:39.0934 5364 mrxsmb20 - ok 18:01:40.0027 5364 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:01:40.0027 5364 msahci - ok 18:01:40.0137 5364 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:01:40.0168 5364 msdsm - ok 18:01:40.0230 5364 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:01:40.0261 5364 MSDTC - ok 18:01:40.0293 5364 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:01:40.0293 5364 Msfs - ok 18:01:40.0308 5364 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:01:40.0308 5364 mshidkmdf - ok 18:01:40.0355 5364 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:01:40.0355 5364 msisadrv - ok 18:01:40.0386 5364 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:01:40.0386 5364 MSiSCSI - ok 18:01:40.0386 5364 msiserver - ok 18:01:40.0433 5364 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:01:40.0433 5364 MSKSSRV - ok 18:01:40.0480 5364 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:01:40.0480 5364 MSPCLOCK - ok 18:01:40.0480 5364 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:01:40.0480 5364 MSPQM - ok 18:01:40.0527 5364 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:01:40.0527 5364 MsRPC - ok 18:01:40.0589 5364 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:01:40.0589 5364 mssmbios - ok 18:01:40.0620 5364 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:01:40.0620 5364 MSTEE - ok 18:01:40.0698 5364 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:01:40.0698 5364 MTConfig - ok 18:01:40.0729 5364 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:01:40.0729 5364 Mup - ok 18:01:40.0776 5364 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:01:40.0776 5364 napagent - ok 18:01:40.0854 5364 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:01:40.0854 5364 NativeWifiP - ok 18:01:41.0010 5364 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130422.022\ENG64.SYS 18:01:41.0010 5364 NAVENG - ok 18:01:41.0119 5364 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130422.022\EX64.SYS 18:01:41.0166 5364 NAVEX15 - ok 18:01:41.0338 5364 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 18:01:41.0353 5364 NDIS - ok 18:01:41.0416 5364 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:01:41.0416 5364 NdisCap - ok 18:01:41.0478 5364 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:01:41.0478 5364 NdisTapi - ok 18:01:41.0619 5364 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:01:41.0619 5364 Ndisuio - ok 18:01:41.0650 5364 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:01:41.0650 5364 NdisWan - ok 18:01:41.0681 5364 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:01:41.0697 5364 NDProxy - ok 18:01:41.0743 5364 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:01:41.0743 5364 NetBIOS - ok 18:01:41.0790 5364 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:01:41.0790 5364 NetBT - ok 18:01:41.0806 5364 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:01:41.0806 5364 Netlogon - ok 18:01:41.0853 5364 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:01:41.0868 5364 Netman - ok 18:01:41.0884 5364 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:01:41.0899 5364 netprofm - ok 18:01:41.0915 5364 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:01:41.0915 5364 NetTcpPortSharing - ok 18:01:42.0055 5364 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 18:01:42.0149 5364 netw5v64 - ok 18:01:42.0180 5364 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:01:42.0180 5364 nfrd960 - ok 18:01:42.0227 5364 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:01:42.0243 5364 NlaSvc - ok 18:01:42.0258 5364 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:01:42.0258 5364 Npfs - ok 18:01:42.0289 5364 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:01:42.0289 5364 nsi - ok 18:01:42.0305 5364 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:01:42.0305 5364 nsiproxy - ok 18:01:42.0383 5364 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:01:42.0383 5364 Ntfs - ok 18:01:42.0399 5364 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:01:42.0399 5364 Null - ok 18:01:42.0445 5364 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:01:42.0445 5364 nvraid - ok 18:01:42.0508 5364 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:01:42.0508 5364 nvstor - ok 18:01:42.0539 5364 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:01:42.0555 5364 nv_agp - ok 18:01:42.0617 5364 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:01:42.0617 5364 odserv - ok 18:01:42.0648 5364 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:01:42.0648 5364 ohci1394 - ok 18:01:42.0711 5364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:01:42.0711 5364 ose - ok 18:01:42.0757 5364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:01:42.0773 5364 p2pimsvc - ok 18:01:42.0789 5364 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:01:42.0804 5364 p2psvc - ok 18:01:42.0851 5364 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:01:42.0851 5364 Parport - ok 18:01:42.0882 5364 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:01:42.0898 5364 partmgr - ok 18:01:42.0913 5364 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:01:42.0929 5364 PcaSvc - ok 18:01:42.0976 5364 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:01:42.0976 5364 pci - ok 18:01:43.0007 5364 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:01:43.0007 5364 pciide - ok 18:01:43.0054 5364 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:01:43.0054 5364 pcmcia - ok 18:01:43.0085 5364 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:01:43.0085 5364 pcw - ok 18:01:43.0116 5364 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:01:43.0116 5364 PEAUTH - ok 18:01:43.0225 5364 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:01:43.0225 5364 PerfHost - ok 18:01:43.0303 5364 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:01:43.0335 5364 pla - ok 18:01:43.0428 5364 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:01:43.0428 5364 PlugPlay - ok 18:01:43.0475 5364 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:01:43.0475 5364 PNRPAutoReg - ok 18:01:43.0491 5364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:01:43.0506 5364 PNRPsvc - ok 18:01:43.0537 5364 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:01:43.0537 5364 PolicyAgent - ok 18:01:43.0615 5364 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:01:43.0615 5364 Power - ok 18:01:43.0662 5364 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:01:43.0662 5364 PptpMiniport - ok 18:01:43.0693 5364 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 18:01:43.0709 5364 Processor - ok 18:01:43.0740 5364 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 18:01:43.0740 5364 ProfSvc - ok 18:01:43.0771 5364 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:01:43.0771 5364 ProtectedStorage - ok 18:01:43.0803 5364 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:01:43.0803 5364 Psched - ok 18:01:43.0881 5364 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 18:01:43.0912 5364 ql2300 - ok 18:01:43.0943 5364 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 18:01:43.0943 5364 ql40xx - ok 18:01:43.0990 5364 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:01:43.0990 5364 QWAVE - ok 18:01:44.0005 5364 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:01:44.0021 5364 QWAVEdrv - ok 18:01:44.0037 5364 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:01:44.0037 5364 RasAcd - ok 18:01:44.0068 5364 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:01:44.0083 5364 RasAgileVpn - ok 18:01:44.0115 5364 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:01:44.0115 5364 RasAuto - ok 18:01:44.0146 5364 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:01:44.0161 5364 Rasl2tp - ok 18:01:44.0208 5364 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:01:44.0208 5364 RasMan - ok 18:01:44.0239 5364 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:01:44.0239 5364 RasPppoe - ok 18:01:44.0271 5364 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:01:44.0271 5364 RasSstp - ok 18:01:44.0302 5364 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:01:44.0302 5364 rdbss - ok 18:01:44.0349 5364 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:01:44.0349 5364 rdpbus - ok 18:01:44.0364 5364 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:01:44.0364 5364 RDPCDD - ok 18:01:44.0395 5364 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:01:44.0395 5364 RDPENCDD - ok 18:01:44.0411 5364 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:01:44.0411 5364 RDPREFMP - ok 18:01:44.0505 5364 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:01:44.0505 5364 RDPWD - ok 18:01:44.0551 5364 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:01:44.0551 5364 rdyboost - ok 18:01:44.0583 5364 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:01:44.0583 5364 RemoteAccess - ok 18:01:44.0614 5364 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:01:44.0614 5364 RemoteRegistry - ok 18:01:44.0629 5364 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:01:44.0645 5364 RpcEptMapper - ok 18:01:44.0661 5364 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:01:44.0676 5364 RpcLocator - ok 18:01:44.0707 5364 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll 18:01:44.0707 5364 RpcSs - ok 18:01:44.0739 5364 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:01:44.0739 5364 rspndr - ok 18:01:44.0770 5364 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 18:01:44.0770 5364 RSUSBSTOR - ok 18:01:44.0817 5364 [ 4FBDA07EF0A3097CE14C5CABF723B278 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:01:44.0817 5364 RTL8167 - ok 18:01:44.0879 5364 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe 18:01:44.0895 5364 RtVOsdService - ok 18:01:44.0910 5364 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:01:44.0910 5364 SamSs - ok 18:01:44.0957 5364 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:01:44.0957 5364 sbp2port - ok 18:01:44.0988 5364 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:01:44.0988 5364 SCardSvr - ok 18:01:45.0019 5364 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:01:45.0019 5364 scfilter - ok 18:01:45.0082 5364 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:01:45.0097 5364 Schedule - ok 18:01:45.0144 5364 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:01:45.0144 5364 SCPolicySvc - ok 18:01:45.0191 5364 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 18:01:45.0191 5364 sdbus - ok 18:01:45.0238 5364 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:01:45.0238 5364 SDRSVC - ok 18:01:45.0519 5364 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 18:01:45.0519 5364 SeaPort - ok 18:01:45.0565 5364 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:01:45.0565 5364 secdrv - ok 18:01:45.0597 5364 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:01:45.0597 5364 seclogon - ok 18:01:45.0643 5364 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 18:01:45.0643 5364 SENS - ok 18:01:45.0659 5364 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:01:45.0659 5364 SensrSvc - ok 18:01:45.0706 5364 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:01:45.0706 5364 Serenum - ok 18:01:45.0706 5364 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:01:45.0721 5364 Serial - ok 18:01:45.0753 5364 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 18:01:45.0753 5364 sermouse - ok 18:01:45.0799 5364 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:01:45.0799 5364 SessionEnv - ok 18:01:45.0831 5364 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:01:45.0831 5364 sffdisk - ok 18:01:45.0846 5364 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:01:45.0862 5364 sffp_mmc - ok 18:01:45.0862 5364 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:01:45.0862 5364 sffp_sd - ok 18:01:45.0877 5364 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 18:01:45.0877 5364 sfloppy - ok 18:01:45.0924 5364 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:01:45.0924 5364 SharedAccess - ok 18:01:45.0971 5364 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:01:45.0987 5364 ShellHWDetection - ok 18:01:46.0018 5364 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:01:46.0018 5364 SiSRaid2 - ok 18:01:46.0033 5364 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 18:01:46.0033 5364 SiSRaid4 - ok 18:01:46.0065 5364 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:01:46.0065 5364 Smb - ok 18:01:46.0205 5364 [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe 18:01:46.0236 5364 SmcService - ok 18:01:46.0252 5364 [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE 18:01:46.0267 5364 SNAC - ok 18:01:46.0299 5364 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:01:46.0299 5364 SNMPTRAP - ok 18:01:46.0330 5364 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:01:46.0330 5364 spldr - ok 18:01:46.0377 5364 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 18:01:46.0377 5364 Spooler - ok 18:01:46.0533 5364 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:01:46.0626 5364 sppsvc - ok 18:01:46.0657 5364 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:01:46.0657 5364 sppuinotify - ok 18:01:46.0704 5364 [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS 18:01:46.0720 5364 SRTSP - ok 18:01:46.0735 5364 [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS 18:01:46.0751 5364 SRTSPL - ok 18:01:46.0782 5364 [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS 18:01:46.0782 5364 SRTSPX - ok 18:01:46.0829 5364 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:01:46.0829 5364 srv - ok 18:01:46.0876 5364 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:01:46.0876 5364 srv2 - ok 18:01:46.0938 5364 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 18:01:46.0954 5364 SrvHsfHDA - ok 18:01:47.0016 5364 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 18:01:47.0063 5364 SrvHsfV92 - ok 18:01:47.0110 5364 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 18:01:47.0125 5364 SrvHsfWinac - ok 18:01:47.0188 5364 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:01:47.0188 5364 srvnet - ok 18:01:47.0235 5364 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:01:47.0235 5364 SSDPSRV - ok 18:01:47.0250 5364 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:01:47.0250 5364 SstpSvc - ok 18:01:47.0281 5364 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 18:01:47.0281 5364 stexstor - ok 18:01:47.0328 5364 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:01:47.0328 5364 stisvc - ok 18:01:47.0406 5364 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:01:47.0406 5364 swenum - ok 18:01:47.0437 5364 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:01:47.0453 5364 swprv - ok 18:01:47.0562 5364 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe 18:01:47.0578 5364 Symantec AntiVirus - ok 18:01:47.0640 5364 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 18:01:47.0640 5364 SymEvent - ok 18:01:47.0718 5364 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 18:01:47.0734 5364 SynTP - ok 18:01:47.0827 5364 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:01:47.0874 5364 SysMain - ok 18:01:47.0905 5364 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:01:47.0905 5364 TabletInputService - ok 18:01:47.0952 5364 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:01:47.0952 5364 TapiSrv - ok 18:01:47.0983 5364 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:01:47.0983 5364 TBS - ok 18:01:48.0061 5364 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:01:48.0077 5364 Tcpip - ok 18:01:48.0124 5364 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:01:48.0139 5364 TCPIP6 - ok 18:01:48.0186 5364 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:01:48.0186 5364 tcpipreg - ok 18:01:48.0217 5364 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:01:48.0217 5364 TDPIPE - ok 18:01:48.0249 5364 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:01:48.0249 5364 TDTCP - ok 18:01:48.0295 5364 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:01:48.0295 5364 tdx - ok 18:01:48.0327 5364 [ 13657DC475DE564247745BF4DA23207C ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys 18:01:48.0327 5364 Teefer2 - ok 18:01:48.0358 5364 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:01:48.0358 5364 TermDD - ok 18:01:48.0405 5364 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:01:48.0405 5364 TermService - ok 18:01:48.0436 5364 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:01:48.0436 5364 Themes - ok 18:01:48.0483 5364 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:01:48.0483 5364 THREADORDER - ok 18:01:48.0498 5364 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:01:48.0514 5364 TrkWks - ok 18:01:48.0576 5364 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:01:48.0576 5364 TrustedInstaller - ok 18:01:48.0623 5364 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:01:48.0623 5364 tssecsrv - ok 18:01:48.0685 5364 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:01:48.0685 5364 TsUsbFlt - ok 18:01:48.0732 5364 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:01:48.0748 5364 tunnel - ok 18:01:48.0779 5364 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 18:01:48.0779 5364 uagp35 - ok 18:01:48.0810 5364 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:01:48.0810 5364 udfs - ok 18:01:48.0873 5364 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:01:48.0873 5364 UI0Detect - ok 18:01:48.0888 5364 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:01:48.0888 5364 uliagpkx - ok 18:01:48.0935 5364 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 18:01:48.0935 5364 umbus - ok 18:01:48.0966 5364 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 18:01:48.0966 5364 UmPass - ok 18:01:48.0997 5364 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:01:49.0013 5364 upnphost - ok 18:01:49.0060 5364 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 18:01:49.0075 5364 usbaudio - ok 18:01:49.0107 5364 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:01:49.0107 5364 usbccgp - ok 18:01:49.0169 5364 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:01:49.0169 5364 usbcir - ok 18:01:49.0200 5364 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:01:49.0200 5364 usbehci - ok 18:01:49.0263 5364 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 18:01:49.0263 5364 usbfilter - ok 18:01:49.0309 5364 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:01:49.0309 5364 usbhub - ok 18:01:49.0356 5364 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 18:01:49.0356 5364 usbohci - ok 18:01:49.0387 5364 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:01:49.0387 5364 usbprint - ok 18:01:49.0419 5364 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:01:49.0419 5364 USBSTOR - ok 18:01:49.0434 5364 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:01:49.0450 5364 usbuhci - ok 18:01:49.0497 5364 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 18:01:49.0512 5364 usbvideo - ok 18:01:49.0543 5364 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:01:49.0543 5364 UxSms - ok 18:01:49.0559 5364 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:01:49.0559 5364 VaultSvc - ok 18:01:49.0575 5364 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:01:49.0575 5364 vdrvroot - ok 18:01:49.0621 5364 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:01:49.0621 5364 vds - ok 18:01:49.0668 5364 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:01:49.0684 5364 vga - ok 18:01:49.0699 5364 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:01:49.0699 5364 VgaSave - ok 18:01:49.0746 5364 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:01:49.0746 5364 vhdmp - ok 18:01:49.0777 5364 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:01:49.0793 5364 viaide - ok 18:01:49.0840 5364 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:01:49.0840 5364 volmgr - ok 18:01:49.0871 5364 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:01:49.0887 5364 volmgrx - ok 18:01:49.0933 5364 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:01:49.0949 5364 volsnap - ok 18:01:49.0996 5364 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 18:01:49.0996 5364 vsmraid - ok 18:01:50.0074 5364 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:01:50.0105 5364 VSS - ok 18:01:50.0121 5364 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:01:50.0121 5364 vwifibus - ok 18:01:50.0167 5364 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:01:50.0167 5364 vwififlt - ok 18:01:50.0199 5364 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:01:50.0214 5364 W32Time - ok 18:01:50.0261 5364 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 18:01:50.0261 5364 WacomPen - ok 18:01:50.0308 5364 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:01:50.0323 5364 WANARP - ok 18:01:50.0323 5364 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:01:50.0323 5364 Wanarpv6 - ok 18:01:50.0401 5364 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 18:01:50.0433 5364 WatAdminSvc - ok 18:01:50.0823 5364 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:01:50.0885 5364 wbengine - ok 18:01:50.0979 5364 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:01:51.0041 5364 WbioSrvc - ok 18:01:51.0088 5364 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:01:51.0181 5364 wcncsvc - ok 18:01:51.0244 5364 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:01:51.0259 5364 WcsPlugInService - ok 18:01:51.0275 5364 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 18:01:51.0275 5364 Wd - ok 18:01:51.0353 5364 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:01:51.0353 5364 Wdf01000 - ok 18:01:51.0384 5364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:01:51.0400 5364 WdiServiceHost - ok 18:01:51.0400 5364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:01:51.0400 5364 WdiSystemHost - ok 18:01:51.0447 5364 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:01:51.0447 5364 WebClient - ok 18:01:51.0462 5364 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:01:51.0462 5364 Wecsvc - ok 18:01:51.0478 5364 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:01:51.0478 5364 wercplsupport - ok 18:01:51.0509 5364 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:01:51.0509 5364 WerSvc - ok 18:01:51.0556 5364 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:01:51.0556 5364 WfpLwf - ok 18:01:51.0587 5364 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:01:51.0587 5364 WIMMount - ok 18:01:51.0603 5364 WinDefend - ok 18:01:51.0603 5364 WinHttpAutoProxySvc - ok 18:01:51.0649 5364 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:01:51.0665 5364 Winmgmt - ok 18:01:51.0727 5364 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:01:51.0759 5364 WinRM - ok 18:01:51.0821 5364 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:01:51.0852 5364 Wlansvc - ok 18:01:51.0961 5364 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:01:51.0993 5364 wlidsvc - ok 18:01:52.0024 5364 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:01:52.0024 5364 WmiAcpi - ok 18:01:52.0055 5364 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:01:52.0055 5364 wmiApSrv - ok 18:01:52.0102 5364 WMPNetworkSvc - ok 18:01:52.0133 5364 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:01:52.0133 5364 WPCSvc - ok 18:01:52.0164 5364 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:01:52.0180 5364 WPDBusEnum - ok 18:01:52.0195 5364 [ 6CAB753B203F39B4CE05FF10013DE2EF ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys 18:01:52.0195 5364 WPS - ok 18:01:52.0258 5364 [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys 18:01:52.0258 5364 WpsHelper - ok 18:01:52.0289 5364 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:01:52.0289 5364 ws2ifsl - ok 18:01:52.0320 5364 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 18:01:52.0320 5364 wscsvc - ok 18:01:52.0320 5364 WSearch - ok 18:01:52.0414 5364 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll 18:01:52.0461 5364 wuauserv - ok 18:01:52.0523 5364 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:01:52.0523 5364 WudfPf - ok 18:01:52.0585 5364 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:01:52.0585 5364 WUDFRd - ok 18:01:52.0632 5364 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:01:52.0632 5364 wudfsvc - ok 18:01:52.0663 5364 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:01:52.0663 5364 WwanSvc - ok 18:01:52.0710 5364 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 18:01:52.0726 5364 yukonw7 - ok 18:01:52.0773 5364 ================ Scan global =============================== 18:01:52.0788 5364 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:01:52.0835 5364 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 18:01:52.0835 5364 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 18:01:52.0866 5364 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:01:52.0897 5364 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:01:52.0913 5364 [Global] - ok 18:01:52.0913 5364 ================ Scan MBR ================================== 18:01:52.0944 5364 [ 104C8B2E0137C6609A6FD490BE8B9329 ] \Device\Harddisk0\DR0 18:01:53.0272 5364 \Device\Harddisk0\DR0 - ok 18:01:53.0272 5364 ================ Scan VBR ================================== 18:01:53.0272 5364 [ 8A734D89500305DBA215A4C9C1DF4DDB ] \Device\Harddisk0\DR0\Partition1 18:01:53.0287 5364 \Device\Harddisk0\DR0\Partition1 - ok 18:01:53.0334 5364 [ 025B8FFFDCEFB9E53B6AE747A6DF0493 ] \Device\Harddisk0\DR0\Partition2 18:01:53.0334 5364 \Device\Harddisk0\DR0\Partition2 - ok 18:01:53.0381 5364 [ 3C200CEE0440E5E3910F1ACE3B667CC0 ] \Device\Harddisk0\DR0\Partition3 18:01:53.0381 5364 \Device\Harddisk0\DR0\Partition3 - ok 18:01:53.0397 5364 [ C0D67400F5C4818A4026B5AEB0553FB2 ] \Device\Harddisk0\DR0\Partition4 18:01:53.0397 5364 \Device\Harddisk0\DR0\Partition4 - ok 18:01:53.0397 5364 ============================================================ 18:01:53.0397 5364 Scan finished 18:01:53.0397 5364 ============================================================ 18:01:53.0412 3496 Detected object count: 0 18:01:53.0412 3496 Actual detected object count: 0
  3. Hi Robybel, The outgoing traffic to potentially malicious web site seems to have stopped completely. Thanks! I've still got the issue with the browser being redirected to spurious web pages, IExplorer shutting down, bogus search pages etc. -DanF
  4. Robybel, As of yesterday, i wasn't seeing any blocked outgoing traffic. A definite improvement! ComboFix 13-04-17.01 - Laptop 04/20/2013 12:44:46.5.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1475 [GMT -4:00] Running from: c:\users\Laptop\Desktop\ComboFix.exe Command switches used :: c:\users\Laptop\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Laptop\AppData\Roaming\40b170e0-0390-4443-a8dd-2dd1007760b8ad\beaddddbad.exe" . . ((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 ))))))))))))))))))))))))))))))) . . 2013-04-20 16:54 . 2013-04-20 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-20 16:54 . 2013-04-20 16:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-04-13 18:07 . 2013-04-13 18:07 -------- d-----w- C:\_OTL 2013-04-12 17:06 . 2013-04-12 17:24 -------- d-----w- c:\program files (x86)\ShowMyPCService 2013-04-09 20:51 . 2013-04-09 20:51 -------- d-----w- c:\program files (x86)\ESET 2013-04-09 20:50 . 2013-04-09 20:51 -------- d--h--w- c:\windows\AxInstSV 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-----w- c:\programdata\Malwarebytes 2013-04-06 01:25 . 2013-04-10 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-06 01:25 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-----w- c:\users\Laptop\AppData\Local\Programs 2013-04-05 21:06 . 2013-04-05 21:06 -------- d-----w- c:\users\Laptop\AppData\Roaming\40b170e0-0390-4443-a8dd-2dd1007760b8ad 2013-03-31 15:15 . 2013-04-20 12:42 -------- d-----w- c:\users\Laptop\AppData\Local\CrashDumps . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-11 98304] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-11 202752] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968] S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 347680] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-12 09:54 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 12:15] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 12:15] . 2013-04-16 c:\windows\Tasks\HPCeeScheduleForLaptop.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-12 451072] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-16 6489704] "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.intellicast.com/National/Radar/Current.aspx?location=USMI0127&animate=true uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-20 12:58:28 ComboFix-quarantined-files.txt 2013-04-20 16:58 ComboFix2.txt 2013-04-19 15:13 ComboFix3.txt 2013-04-17 16:29 ComboFix4.txt 2013-04-10 20:43 ComboFix5.txt 2013-04-20 16:43 . Pre-Run: 240,136,470,528 bytes free Post-Run: 240,112,775,168 bytes free . - - End Of File - - 140B3142AD5B5A74ECDD29CE95A4CB2E
  5. ComboFix 13-04-17.01 - Laptop 04/19/2013 11:00:53.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1438 [GMT -4:00] Running from: c:\users\Laptop\Desktop\ComboFix.exe Command switches used :: c:\users\Laptop\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-03-19 to 2013-04-19 ))))))))))))))))))))))))))))))) . . 2013-04-19 15:09 . 2013-04-19 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-19 15:09 . 2013-04-19 15:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-04-13 18:07 . 2013-04-13 18:07 -------- d-----w- C:\_OTL 2013-04-12 17:06 . 2013-04-12 17:24 -------- d-----w- c:\program files (x86)\ShowMyPCService 2013-04-09 20:51 . 2013-04-09 20:51 -------- d-----w- c:\program files (x86)\ESET 2013-04-09 20:50 . 2013-04-09 20:51 -------- d--h--w- c:\windows\AxInstSV 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-----w- c:\programdata\Malwarebytes 2013-04-06 01:25 . 2013-04-10 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-06 01:25 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-----w- c:\users\Laptop\AppData\Local\Programs 2013-04-05 21:06 . 2013-04-05 21:06 -------- d-----w- c:\users\Laptop\AppData\Roaming\40b170e0-0390-4443-a8dd-2dd1007760b8ad 2013-03-31 15:15 . 2013-04-19 11:05 -------- d-----w- c:\users\Laptop\AppData\Local\CrashDumps . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392] "Adobe CSx Manager"="c:\users\Laptop\AppData\Roaming\40b170e0-0390-4443-a8dd-2dd1007760b8ad\beaddddbad.exe" [2013-04-05 159744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-11 98304] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-11 202752] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 347680] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-12 09:54 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 12:15] . 2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 12:15] . 2013-04-16 c:\windows\Tasks\HPCeeScheduleForLaptop.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-12 451072] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-16 6489704] "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.intellicast.com/National/Radar/Current.aspx?location=USMI0127&animate=true uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-19 11:13:07 ComboFix-quarantined-files.txt 2013-04-19 15:13 ComboFix2.txt 2013-04-17 16:29 ComboFix3.txt 2013-04-10 20:43 ComboFix4.txt 2013-04-08 21:34 . Pre-Run: 240,453,697,536 bytes free Post-Run: 240,116,023,296 bytes free . - - End Of File - - E1BAFB9E4AC149A88B7D673D3FDBE0AB Yes, I use the laptop via my wireless router. One other laptop and one desktop on the router; no problems with other computers.
  6. Robybel, Let's see, here's yesterday's log: 013/04/18 06:42:15 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 49971, Process: winhlp32.exe) 2013/04/18 06:47:44 -0400 LAPTOP-PC Laptop IP-BLOCK 193.107.17.143 (Type: outgoing, Port: 50717, Process: winhlp32.exe) 2013/04/18 07:26:48 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 50826, Process: winhlp32.exe) 2013/04/18 07:29:37 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 50972, Process: winhlp32.exe) 2013/04/18 08:06:07 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51575, Process: winhlp32.exe) 2013/04/18 08:06:31 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51609, Process: winhlp32.exe) 2013/04/18 08:07:28 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51669, Process: winhlp32.exe) 2013/04/18 08:07:52 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51705, Process: winhlp32.exe) 2013/04/18 08:27:00 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51927, Process: winhlp32.exe) 2013/04/18 08:27:00 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51928, Process: winhlp32.exe) 2013/04/18 08:37:51 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 52985, Process: winhlp32.exe) 2013/04/18 08:38:55 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 53103, Process: winhlp32.exe) 2013/04/18 08:39:11 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 53115, Process: winhlp32.exe) 2013/04/18 08:40:16 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 53258, Process: winhlp32.exe) 2013/04/18 15:01:15 -0400 LAPTOP-PC Laptop IP-BLOCK 46.229.161.231 (Type: outgoing, Port: 50547, Process: winhlp32.exe) 2013/04/18 15:01:16 -0400 LAPTOP-PC Laptop IP-BLOCK 46.229.161.230 (Type: outgoing, Port: 50548, Process: winhlp32.exe) So I tried a google search. Of ten results selected, 6 went to the right sites, 4 went to spurious sites. So I've still got both problems. DanF
  7. Robybel, Yes, winhlp32.exe is a legitimate file. So was twunk_32.exe. What I've got is malware that is disguising itself as a legitimate file such as either of these. ComboFix 13-04-17.01 - Laptop 04/17/2013 12:07:28.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1097 [GMT -4:00] Running from: c:\users\Laptop\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-17 to 2013-04-17 ))))))))))))))))))))))))))))))) . . 2013-04-17 16:24 . 2013-04-17 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-17 16:24 . 2013-04-17 16:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-----w- c:\programdata\Malwarebytes 2013-04-06 01:25 . 2013-04-10 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-06 01:25 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-06 01:25 . 2013-04-06 01:25 -------- d-----w- c:\users\Laptop\AppData\Local\Programs 2013-04-05 21:06 . 2013-04-05 21:06 -------- d-----w- c:\users\Laptop\AppData\Roaming\40b170e0-0390-4443-a8dd-2dd1007760b8ad 2013-03-31 15:15 . 2013-04-17 02:06 -------- d-----w- c:\users\Laptop\AppData\Local\CrashDumps . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392] "Adobe CSx Manager"="c:\users\Laptop\AppData\Roaming\40b170e0-0390-4443-a8dd-2dd1007760b8ad\beaddddbad.exe" [2013-04-05 159744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-11 98304] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-22 239136] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-11 202752] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 347680] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-12 09:54 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 12:15] . 2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-06 12:15] . 2013-04-16 c:\windows\Tasks\HPCeeScheduleForLaptop.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-12 451072] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-16 6489704] "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.intellicast.com/National/Radar/Current.aspx?location=USMI0127&animate=true uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-17 12:29:13 ComboFix-quarantined-files.txt 2013-04-17 16:29 ComboFix2.txt 2013-04-10 20:43 ComboFix3.txt 2013-04-08 21:34 . Pre-Run: 239,750,578,176 bytes free Post-Run: 239,401,758,720 bytes free . - - End Of File - - 119FA89C52A828F7CCFCA9F68256E101
  8. ========== OTL ========== C:\Users\Laptop\Desktop\UtilityChest.exe moved successfully. File C:\Users\Laptop\Desktop\UtilityChest.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Default User: Default User User: Laptop ->Flash cache emptied: 43231 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04162013_102810 SystemLook 30.07.11 by jpshortstuff Log created at 10:47 on 16/04/2013 by Laptop Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "*winhlp32*" C:\Windows\winhlp32.exe --a---- 9728 bytes [00:12 14/07/2009] [01:14 14/07/2009] 1D420D66250BCAAAED05724FB34008CF C:\Windows\en-US\winhlp32.exe.mui --a---- 2560 bytes [05:35 14/07/2009] [02:07 14/07/2009] D496CB43072DCD18D805EAAA6C8CCD09 C:\Windows\Prefetch\WINHLP32.EXE-F523C0DD.pf --a---- 45962 bytes [11:54 15/04/2013] [14:35 16/04/2013] D3A456939472BBB3D36863FE2B465861 C:\Windows\winsxs\x86_microsoft-windows-winhstb.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d2312dc38f31a515\winhlp32.exe.mui --a---- 2560 bytes [05:35 14/07/2009] [02:07 14/07/2009] D496CB43072DCD18D805EAAA6C8CCD09 C:\Windows\winsxs\x86_microsoft-windows-winhstb_31bf3856ad364e35_6.1.7600.16385_none_28dc647c6aba6742\winhlp32.exe --a---- 9728 bytes [00:12 14/07/2009] [01:14 14/07/2009] 1D420D66250BCAAAED05724FB34008CF -= EOF =-
  9. Error: Unable to interpret <:OTL[2013/04/07 20:23:51 | 000,215,096 | ---- | M] () -- C:\Users\Laptop\Desktop\UtilityChest.exe[2013/04/07 20:23:50 | 000,215,096 | ---- | C] () -- C:\Users\Laptop\Desktop\UtilityChest.exeipconfig /flushdns /c:Commands[EMPTYFLASH][REBOOT][RESETHOSTS][CREATERESTOREPOINT]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 04162013_064647
  10. Well, it's back. 2013/04/15 09:18:41 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 54245, Process: winhlp32.exe) 2013/04/15 09:19:05 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 54249, Process: winhlp32.exe) 2013/04/15 09:19:13 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 54251, Process: winhlp32.exe) 2013/04/15 09:20:01 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 54254, Process: winhlp32.exe) 2013/04/15 09:20:25 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 54258, Process: winhlp32.exe) 2013/04/15 09:20:33 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 54260, Process: winhlp32.exe) 2013/04/15 09:21:21 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 54268, Process: winhlp32.exe)
  11. Robybel, Thanks! I was able to change ownership of twunk_32.exe, delete it, & emptied it out of the Recycle Bin. So far have not had any spurious outgoing activity. The browser problem still exists. I did a google search & opened seven results in new windows. Five opened normally, one gave the message that IE could not open ( and the url was not what I had selected) and the seventh went to different site that was not what I had selected. -DanF
  12. Did not find twunk_32.exe running as a task. I did find about 16 instances of it running as processes. Ended all instances of the process. Rebooted in safe mode. Found C:\Windows\twunk_32.exe. Tried to delete it but got a popup telling me that I needed permission form TrustedInstaller.exe to delete it.
  13. OTL logfile created on: 4/14/2013 12:59:14 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.75 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 56.02% Memory free 5.49 Gb Paging File | 3.81 Gb Available in Paging File | 69.36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284.23 Gb Total Space | 223.58 Gb Free Space | 78.66% Space Free | Partition Type: NTFS Drive D: | 13.57 Gb Total Space | 1.94 Gb Free Space | 14.32% Space Free | Partition Type: NTFS Drive E: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32 Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Laptop\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation) PRC - C:\Windows\twunk_32.exe (Twain Working Group) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () ========== Services (SafeList) ========== SRV:64bit: - (RtVOsdService) -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.) SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130413.016\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130413.016\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{81BDFA6B-4031-4578-BCF6-47A99D875DAF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.intellicast.com/National/Radar/Current.aspx?location=USMI0127&animate=true IE - HKCU\..\SearchScopes,DefaultScope = {FF42DDA3-B540-48B6-8202-B43C8203F7CF} IE - HKCU\..\SearchScopes\{81BDFA6B-4031-4578-BCF6-47A99D875DAF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{FF42DDA3-B540-48B6-8202-B43C8203F7CF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/01 11:14:43 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2013/04/14 11:27:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Adobe CSx Manager] C:\Users\Laptop\AppData\Roaming\40b170e0-0390-4443-a8dd-2dd1007760b8ad\beaddddbad.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{218A43C7-C9A3-4C76-B64E-53DA913B4D58}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/13 14:07:58 | 000,000,000 | ---D | C] -- C:\_OTL [2013/04/12 15:34:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe [2013/04/12 13:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShowMyPCService [2013/04/10 20:27:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/04/10 16:43:33 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/04/09 16:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/04/09 16:50:53 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2013/04/08 17:09:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/08 17:09:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/08 17:09:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/08 17:08:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/08 17:08:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/04/08 17:00:07 | 005,048,663 | R--- | C] (Swearware) -- C:\Users\Laptop\Desktop\ComboFix.exe [2013/04/07 20:27:39 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\RK_Quarantine [2013/04/05 21:25:56 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Malwarebytes [2013/04/05 21:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/05 21:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/05 21:25:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/05 21:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/04/05 21:25:29 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Programs [2013/04/05 17:06:55 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\40b170e0-0390-4443-a8dd-2dd1007760b8ad [2013/03/31 11:15:11 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\CrashDumps [2013/03/30 15:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ========== Files - Modified Within 30 Days ========== [2013/04/14 12:55:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/14 12:18:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/14 11:53:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/14 11:53:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/14 11:36:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/14 11:33:23 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013/04/14 11:32:59 | 2210,582,528 | -HS- | M] () -- C:\hiberfil.sys [2013/04/14 11:27:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013/04/12 15:34:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe [2013/04/12 13:32:06 | 000,000,017 | ---- | M] () -- C:\Users\Laptop\AppData\Local\resmon.resmoncfg [2013/04/12 05:55:08 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/10 16:48:35 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/08 17:00:47 | 005,048,663 | R--- | M] (Swearware) -- C:\Users\Laptop\Desktop\ComboFix.exe [2013/04/07 20:24:57 | 000,791,040 | ---- | M] () -- C:\Users\Laptop\Desktop\RogueKillerX64.exe [2013/04/07 20:23:51 | 000,215,096 | ---- | M] () -- C:\Users\Laptop\Desktop\UtilityChest.exe [2013/04/07 19:56:56 | 000,890,815 | ---- | M] () -- C:\Users\Laptop\Desktop\SecurityCheck.exe [2013/04/07 12:09:55 | 000,001,397 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/04/07 11:58:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/07 11:58:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/03 15:54:42 | 000,738,832 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/03 15:54:42 | 000,632,696 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/03 15:54:42 | 000,110,644 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/30 15:27:46 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013/03/29 11:30:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLaptop.job ========== Files Created - No Company Name ========== [2013/04/12 13:32:06 | 000,000,017 | ---- | C] () -- C:\Users\Laptop\AppData\Local\resmon.resmoncfg [2013/04/08 17:09:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/08 17:09:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/08 17:09:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/08 17:09:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/08 17:09:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/04/07 20:24:57 | 000,791,040 | ---- | C] () -- C:\Users\Laptop\Desktop\RogueKillerX64.exe [2013/04/07 20:23:50 | 000,215,096 | ---- | C] () -- C:\Users\Laptop\Desktop\UtilityChest.exe [2013/04/07 19:56:56 | 000,890,815 | ---- | C] () -- C:\Users\Laptop\Desktop\SecurityCheck.exe [2013/04/07 12:09:55 | 000,001,409 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013/04/07 11:58:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/07 11:58:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/05 21:25:50 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/31 18:06:37 | 000,023,290 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\Comma Separated Values (Windows).ADR [2011/02/16 10:55:43 | 000,001,854 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\GhostObjGAFix.xml [2010/10/22 12:01:36 | 000,000,114 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 06:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/04/05 17:06:55 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\40b170e0-0390-4443-a8dd-2dd1007760b8ad [2013/02/03 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\FileZilla [2010/10/11 20:49:38 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\GARMIN [2010/10/22 12:02:07 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Template [2013/02/10 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\WildTangent [2010/10/06 06:46:27 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\WinBatch [2011/02/20 12:34:22 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report >
  14. Web browser is still being redirected to various spurious web sites instead of intended. MBAM is still blocking access to potentially malicious websites: 2013/04/14 11:53:19 -0400 LAPTOP-PC Laptop IP-BLOCK 199.21.148.108 (Type: outgoing, Port: 49433, Process: twunk_32.exe) 2013/04/14 11:53:19 -0400 LAPTOP-PC Laptop IP-BLOCK 199.21.148.108 (Type: outgoing, Port: 49434, Process: twunk_32.exe) 2013/04/14 12:08:45 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51187, Process: twunk_32.exe) 2013/04/14 12:09:17 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51191, Process: twunk_32.exe) 2013/04/14 12:10:06 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51196, Process: twunk_32.exe) 2013/04/14 12:10:30 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51199, Process: twunk_32.exe) 2013/04/14 12:11:58 -0400 LAPTOP-PC Laptop IP-BLOCK 91.205.96.44 (Type: outgoing, Port: 51265, Process: twunk_32.exe)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.