Jump to content

Successfully blocked access to a potentially malicious website...


Recommended Posts

I have just installed Malwarebytes and his message pops up every minute or so, but it is not detecteing it to remove when I did a full scan, here's what the blolcking saids:

Successfully blocked access to a potentially malicious website: 178.238.233.156

Type: Outgoing

Port (changes everytime), Process: svchost.exe

and here's the dds log, please help, thanks

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Daniel at 20:52:12 on 2012-02-05

Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.8183.5108 [GMT -8:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\nisvcloc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe

C:\Windows\SysWOW64\nipalsm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe

-netsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Daniel\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [p9pl8489892903131879765] \\?\globalroot\Device\HarddiskVolume2\Users\Daniel\AppData\Local\Temp\p9pl8489892903131879765.tmp

uRun: [p9pl7700648770387744580] \\?\globalroot\Device\HarddiskVolume2\Users\Daniel\AppData\Local\Temp\p9pl7700648770387744580.tmp

mRun: [NPSStartup]

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: &U?????????

IE: &Ue1o??×e?????2e?2?

IE: &UE1OAA×EEIAOO2EO2O

IE: &Uê1ó??×è?????2ê?2?

IE: &Uê1ó??×è?????2ê?2? - C:\Program Files (x86)\NamiRobot\Data\du.html

IE: &U使用米人下?并收藏

IE: &U使用米人下载并收藏 - C:\Program Files (x86)\NamiRobot\Data\du.html

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{651194EA-BA77-429A-841E-2BBAA960EE60} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{651194EA-BA77-429A-841E-2BBAA960EE60}\25F626F64702D4163747562737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{651194EA-BA77-429A-841E-2BBAA960EE60}\358494C4F4 : DhcpNameServer = 205.171.3.65

TCP: Interfaces\{651194EA-BA77-429A-841E-2BBAA960EE60}\45561686F6573756 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{651194EA-BA77-429A-841E-2BBAA960EE60}\845786F3F3F3 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{651194EA-BA77-429A-841E-2BBAA960EE60}\968414455497F657 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EA489ACB-0C5E-40A3-ADFC-66044A07158B} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO-X64: HelloWorldBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO-X64: MegaIEMn - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: PandoraTV Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB-X64: PandoraTV Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [NPSStartup]

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=QCeZc6W7&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58788

FF - prefs.js: network.proxy.type - 0

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\Users\Daniel\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV80Win32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV82Win32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv85win32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll

FF - plugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

FF - plugin: C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

.

FF - user.js: browser.search.selectedEngine - Search

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=QCeZc6W7&q=

.

============= SERVICES / DRIVERS ===============

.

R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\system32\drivers\nipbcfk.sys --> C:\Windows\system32\drivers\nipbcfk.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-24 1157240]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSviA64.sys [2012-2-3 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-6-8 89600]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-5 652360]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-10-9 130008]

R2 niLXIDiscovery;National Instruments LXI Discovery Service;C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-3-5 131704]

R2 nimDNSResponder;National Instruments mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-6-4 193648]

R2 nipxirmk;NI PXI Resource Manager;\??\C:\Windows\system32\drivers\nipxirmkl.sys --> C:\Windows\system32\drivers\nipxirmkl.sys [?]

R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\system32\drivers\NiViPxiKl.sys --> C:\Windows\system32\drivers\NiViPxiKl.sys [?]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-16 227896]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 KMS;KMS;C:\Windows\srvany.exe [2010-4-22 8192]

S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-2-5 8192]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-3-19 83240]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-22 1436424]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 iscFlash;iscFlash;C:\SwSetup\sp46749\iscflashx64.sys [2009-12-9 27128]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 ni1006k;NI PXI-1006 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1006k.sys --> C:\Windows\system32\drivers\ni1006k.sys [?]

S3 ni1045k;NI PXI-1045 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1045kl.sys --> C:\Windows\system32\drivers\ni1045kl.sys [?]

S3 ni1065k;NI PXIe-1065 Chassis Pilot;\??\C:\Windows\system32\drivers\ni1065k.sys --> C:\Windows\system32\drivers\ni1065k.sys [?]

S3 nidimk;nidimk;\??\C:\Windows\system32\drivers\nidimkl.sys --> C:\Windows\system32\drivers\nidimkl.sys [?]

S3 nipalfwedl;nipalfwedl;C:\Windows\system32\drivers\nipalfwedl.sys --> C:\Windows\system32\drivers\nipalfwedl.sys [?]

S3 nipalusbedl;nipalusbedl;C:\Windows\system32\drivers\nipalusbedl.sys --> C:\Windows\system32\drivers\nipalusbedl.sys [?]

S3 nipxigpk;NI PXI Generic Chassis Pilot;\??\C:\Windows\system32\drivers\nipxigpk.sys --> C:\Windows\system32\drivers\nipxigpk.sys [?]

S3 NiViFWK;NI-VISA FireWire Driver;C:\Windows\system32\drivers\NiViFWKl.sys --> C:\Windows\system32\drivers\NiViFWKl.sys [?]

S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\system32\drivers\NiViPciKl.sys --> C:\Windows\system32\drivers\NiViPciKl.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys --> C:\Windows\system32\DRIVERS\ss_bbus.sys [?]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys --> C:\Windows\system32\DRIVERS\ss_bmdfl.sys [?]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys --> C:\Windows\system32\DRIVERS\ss_bmdm.sys [?]

S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\Windows\system32\DRIVERS\ss_bserd.sys --> C:\Windows\system32\DRIVERS\ss_bserd.sys [?]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-4-17 16448]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-02-06 03:36:15 20480 ------w- C:\Windows\svchost.exe

2012-02-05 23:32:51 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes

2012-02-05 23:32:45 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-05 23:32:43 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-05 23:32:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-29 19:13:50 -------- d-----w- C:\Program Files (x86)\Unlocker

2012-01-29 19:11:08 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6D3.tmp

2012-01-23 07:08:13 -------- d-----w- C:\Users\Daniel\AppData\Local\QuickPar

2012-01-23 07:07:31 -------- d-----w- C:\Program Files (x86)\QuickPar

2012-01-15 10:18:38 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-15 10:18:38 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-15 10:18:38 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-15 10:18:38 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2012-01-14 20:30:18 -------- d-----w- C:\Windows\SysWow64\Falcom

2012-01-14 20:30:18 -------- d-----w- C:\Program Files (x86)\Falcom

2012-01-14 12:24:07 -------- d-----w- C:\8568fc41f1dcdcaa7e948c0dae50

2012-01-14 10:57:05 -------- d-----w- C:\Program Files (x86)\ED6SC

2012-01-12 07:59:50 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2012-01-12 07:59:50 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-01-12 07:59:32 112832 ----a-w- C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2012-01-12 07:57:38 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0

2012-01-12 07:56:48 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0

2012-01-12 07:56:47 -------- d-----w- C:\Program Files\Microsoft Help Viewer

2012-01-11 09:39:10 -------- d-----w- C:\Users\Daniel\AppData\Local\Skyrim

2012-01-11 04:42:35 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 04:42:35 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 04:42:35 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 04:42:35 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 04:42:34 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 04:42:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-11 04:36:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 04:36:18 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-08 19:43:24 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim

.

==================== Find3M ====================

.

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-18 04:43:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 20:53:03.01 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/30/2009 7:00:42 PM

System Uptime: 2/5/2012 7:34:15 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 363E

Processor: Intel® Core i7 CPU Q 720 @ 1.60GHz | CPU | 1600/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 285 GiB total, 8.262 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 2.142 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Photosmart Prem C310 series

Device ID: ROOT\IMAGE\0001

Manufacturer: HP

Name: Photosmart Prem C310 series

PNP Device ID: ROOT\IMAGE\0001

Service: StillCam

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: Intel® Turbo Boost Technology Driver

Device ID: PCI\VEN_8086&DEV_3B32&SUBSYS_0000103C&REV_05\3&11583659&0&FE

Manufacturer: Intel

Name: Intel® Turbo Boost Technology Driver

PNP Device ID: PCI\VEN_8086&DEV_3B32&SUBSYS_0000103C&REV_05\3&11583659&0&FE

Service: Impcd

.

Class GUID:

Description: Photosmart Prem C310 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer:

Name: Photosmart Prem C310 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Prem C310 series

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Photosmart Prem C310 series

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

==== System Restore Points ===================

.

RP366: 2/4/2012 10:42:43 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Leawo AVI Converter version 3.0.0.1

Acrobat.com

Activate Norton Online Backup

Active@ ISO Burner

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.1)

AdvancedDefrag 4.5

Akamai NetSession Interface

Akamai NetSession Interface Service

Apple Application Support

Apple Software Update

Ask Toolbar

Assassin's Creed Brotherhood

Autodesk Material Library 2011 Base Image library

AviSynth 2.5

Bing Bar

BufferChm

C310

CCleaner

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

CyberLink DVD Suite

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Driver San Francisco

eMule

erLT

FARO LS 1.1.406.58

Foxit PDF Editor

Gold Fish Animated Wallpaper version 1.0

Google Chrome

Google Talk Plugin

GPBaseService2

Gridlines 1.11.3

Hewlett-Packard ACLM.NET v1.1.1.0

Homepage Protection

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Internet TV

HP MediaSmart Live TV

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP MediaSmart SlingPlayer

HP MediaSmart Webcam

HP Product Detection

HP Quick Launch Buttons

HP Setup

HP Support Assistant

HP Update

HP User Guides 0154

HP Wireless Assistant

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

IDT Audio

Intel® Turbo Boost Technology Driver

Internet Download Manager

Internet TV for Windows Media Center

IVI Shared Components

Java Auto Updater

Java 6 Update 16

Java 6 Update 22

JDownloader

JMicron Flash Media Controller Driver

K-Lite Mega Codec Pack 7.9.0

LabelPrint

Lavalon Dragonica

LightScribe System Software

Little Fighter 2 version 2.0a

Logitech SetPoint

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

McAfee Security Scan Plus

Mega Manager

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft Choice Guard

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Live Search Toolbar

Microsoft Office 2003 Web Components

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 Express - ENU

Microsoft Visual C++ Run Time Lib Setup

Microsoft Visual Studio 2005 Tools for Applications - ENU

Microsoft Works

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

National Instruments Software

NI-APAL Error Files 1.5.0f0

NI-BROADCOM57XX for Phar Lap ETS

NI-DAQmx - LabVIEW shared documentation

NI-DIM 1.9.0f0

NI-DIM 1.9.0f0 for Phar Lap ETS

NI-IMAQ Camera Files

NI-Intel8254x for LabVIEW Real-Time

NI-Intel8255x for LabVIEW Real-Time

NI-MDBG 1.9.0f0

NI-MDBG 1.9.0f0 for Phar Lap ETS

NI-MXDF 1.10.0f0

NI-MXDF 1.10.0f0 for Phar Lap ETS

NI-NVIDIA Gigabit Ethernet Driver for LabVIEW Real-Time

NI-ORB 1.9.2f0 for Phar Lap ETS

NI-ORB 1.9.3f0

NI-ORB 1.9.3f0 for Phar Lap ETS

NI-PAL 2.4.0f0 for Phar Lap ETS

NI-PAL 2.4.1f0

NI-PAL 2.4.1f0 for Phar Lap ETS

NI-RPC 4.1.0f0 for Phar Lap ETS

NI-RPC 4.1.1f0

NI-RPC 4.1.1f0 for Phar Lap ETS

NI-Serial 3.3.4 for LabVIEW Real-Time

NI-Serial 3.4

NI-Serial 3.4 Help

NI-Serial 3.4 MAX Provider

NI-SMC9 1.2.0f0 for Phar Lap ETS

NI-STE10/100A for Phar Lap ETS

NI-TNF 1.4.4f0 for Phar Lap ETS

NI-VISA 4.5.1

NI-VISA 4.5.1 for LabVIEW Real-Time

NI-VISA 4.5.1 MAX Provider

NI-VISA Runtime 4.5.1

NI 2009 Control Design Assistant

NI AFW Channel Configuration Tool

NI AFW Custom UI

NI Assistant Framework

NI Assistant Framework LabVIEW 2009 Support

NI Assistant Framework LabVIEW Code Generator 2009

NI Assistant Framework LabVIEW Code Generator 8.6

NI BIOS Updater

NI Certificates Deployment Support

NI CodeSignAPI

NI DataSocket 4.7.0

NI Datasocket for LabVIEW Real-Time

NI Distributed System Manager 2009

NI DN 2.0 installer

NI DN 2.0 Language Pack installer

NI Enhanced DSC Deployment Support 8.5

NI EPICS Base Real-Time Support

NI EPICSIOServer Base

NI EPICSIOServer Configuration VIs

NI EPICSIOServer Real-Time Support

NI EULA Depot

NI Example Finder 9.0

NI Help Assistant

NI IMAQ Vision for Measurement Studio Upgrade Manager

NI Installer for Xilinx Tools 1

NI Installer for Xilinx Tools 10

NI Installer for Xilinx Tools 11

NI Installer for Xilinx Tools 12

NI Installer for Xilinx Tools 2

NI Installer for Xilinx Tools 3

NI Installer for Xilinx Tools 4

NI Installer for Xilinx Tools 5

NI Installer for Xilinx Tools 6

NI Installer for Xilinx Tools 7

NI Installer for Xilinx Tools 8

NI Installer for Xilinx Tools 9

NI Instrument IO Assistant for LabVIEW 9.0 32

NI IO Server Provider

NI IVI Class Driver LabVIEW 2009 Support

NI IVI Class Drivers

NI IVI Class Simulation Drivers

NI IVI Compliance Package 4.0

NI IVI Engine

NI IVI Online Help

NI IVI Provider for MAX

NI LabVIEW 2009

NI LabVIEW 2009 Applibs

NI LabVIEW 2009 CINtools

NI LabVIEW 2009 Control Design and Simulation Module

NI LabVIEW 2009 Control Design Shared VIs

NI LabVIEW 2009 Deployment Framework

NI LabVIEW 2009 Digital Filter Design Toolkit

NI LabVIEW 2009 Digital Filter Design Toolkit License

NI LabVIEW 2009 Digital Filter Design Toolkit RT Support

NI LabVIEW 2009 Examples

NI LabVIEW 2009 FPGA Analysis

NI LabVIEW 2009 FPGA Compile Server

NI LabVIEW 2009 FPGA Digital Designs

NI LabVIEW 2009 FPGA Documentation

NI LabVIEW 2009 FPGA Elemental IO Common

NI LabVIEW 2009 FPGA Fixed-Point Math Support

NI LabVIEW 2009 FPGA Licensing

NI LabVIEW 2009 FPGA Module

NI LabVIEW 2009 FPGA Support for Host Communication

NI LabVIEW 2009 gMath

NI LabVIEW 2009 Help

NI LabVIEW 2009 Help File

NI LabVIEW 2009 Instr.lib

NI LabVIEW 2009 Integer Math and Analysis

NI LabVIEW 2009 License

NI LabVIEW 2009 Manuals

NI LabVIEW 2009 MathScript RT Module

NI LabVIEW 2009 MathScript RT Module License

NI LabVIEW 2009 MeasAppChm File

NI LabVIEW 2009 Menus

NI LabVIEW 2009 Modbus IO Server for Windows

NI LabVIEW 2009 PID and Fuzzy Logic Toolkit

NI LabVIEW 2009 PID and Fuzzy Logic Toolkit License

NI LabVIEW 2009 PID and Fuzzy Logic Toolkit RT Support

NI LabVIEW 2009 Project

NI LabVIEW 2009 Real-Time Basic Function Block Set

NI LabVIEW 2009 Real-Time Deployment Framework

NI LabVIEW 2009 Real-Time LabVIEW

NI LabVIEW 2009 Real-Time Module

NI LabVIEW 2009 Real-Time MSVS71 Support

NI LabVIEW 2009 Real-Time MSVS90 Support

NI LabVIEW 2009 Real-Time Pharlap LabVIEW

NI LabVIEW 2009 Real-Time Providers

NI LabVIEW 2009 Real-Time Scan Engine

NI LabVIEW 2009 Real-Time Support for cRIO

NI LabVIEW 2009 Real-Time Support for Desktop

NI LabVIEW 2009 Real-Time Support for FieldPoint

NI LabVIEW 2009 Real-Time Support for Hypervisor

NI LabVIEW 2009 Real-Time Support for IMAQ

NI LabVIEW 2009 Real-Time Support for Industrial Controllers

NI LabVIEW 2009 Real-Time Support for PXI

NI LabVIEW 2009 Real-Time Support for Smart Cameras

NI LabVIEW 2009 Real-Time VxWorks Base

NI LabVIEW 2009 Real-Time VxWorks LabVIEW

NI LabVIEW 2009 Resource

NI LabVIEW 2009 Simulation

NI LabVIEW 2009 System Identification Assistant

NI LabVIEW 2009 System Identification Toolkit

NI LabVIEW 2009 System Identification Toolkit License

NI LabVIEW 2009 System Identification Toolkit VIs

NI LabVIEW 2009 Templates

NI LabVIEW 2009 User.lib

NI LabVIEW 2009 VI.lib

NI LabVIEW 2009 Web Server

NI LabVIEW 2009 WWW

NI LabVIEW 9.0 Real-Time Pharlap Base

NI LabVIEW Analog Modulation Toolkit 4.1

NI LabVIEW Broker

NI LabVIEW C Interface

NI LabVIEW Compare Utility 9.0.0

NI LabVIEW Deployable License 2009

NI LabVIEW EWB DeviceHandler 2009

NI LabVIEW MAX XML

NI LabVIEW Merge Utility 9.0.0

NI LabVIEW Modulation Toolkit 4.1

NI LabVIEW Real-Time FIFO for Runtime

NI LabVIEW Real-Time FTP

NI LabVIEW Real-Time NBFifo

NI LabVIEW Run-Time Engine 2009

NI LabVIEW Run-Time Engine 7.1.1

NI LabVIEW Run-Time Engine 8.0

NI LabVIEW Run-Time Engine 8.2.1

NI LabVIEW Run-Time Engine 8.5.1

NI LabVIEW Run-Time Engine 8.6.1

NI LabVIEW Run-Time Engine Interop 2009

NI LabVIEW Run-Time Engine Web Services

NI LabVIEW SignalExpress 2009

NI LabVIEW SignalExpress 2009 Core

NI LabVIEW SignalExpress 2009 Core LabVIEW Support

NI LabVIEW SignalExpress 2009 Core LabVIEW90 Support

NI LabVIEW SignalExpress 2009 Datatypes

NI LabVIEW SignalExpress 2009 Datatypes LabVIEW 2009 Support

NI LabVIEW SignalExpress 2009 LabVIEW 2009 Support

NI LabVIEW SignalExpress 2009 LabVIEW Support

NI LabVIEW SignalExpress 2009 Licenses

NI LabVIEW SignalExpress 2009 Steps

NI LabVIEW SignalExpress 2009 Tools

NI LabVIEW Web Server for Run-Time Engine

NI LabVIEW Web Services Runtime

NI LabWindows/CVI 9.0 Run-Time Engine

NI LabWindows/CVI Code Generator

NI LabWindows/CVI DLL Builder for LabVIEW

NI LibiConv

NI License Manager

NI Logos 5.1

NI Logos LabVIEW 2009 Support

NI Logos Support for LabVIEW Real-Time

NI Logos XT Support

NI Logos XT Support for LabVIEW Real-Time

NI LVBrokerAux 8.2.1

NI LVBrokerAux 8.5.0

NI LVBrokerAux71

NI LVBrokerAux8.0

NI LVRT_Error_Dialog

NI Math Kernel Libraries

NI MAX LabVIEW Support 4.6.0

NI MAX Remote Configuration Installer 4.6

NI MDF Support

NI mDNS Responder 1.1.0

NI Measurement & Automation Explorer 4.6.0

NI Measurement Studio 8.1 Enterprise RunTime for VS2005

NI Measurement Studio Common .NET Assemblies for the .NET 3.5

NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0

NI Measurement Studio Recipe Processor

NI Modbus IO Server for LabVIEW Real-Time

NI Multi-Variable Dialog

NI MXS 4.6.0

NI MXS 4.6.0f0 for LabVIEW Real-Time

NI Network Variable Engine for LabVIEW Real-Time

NI NVIORef 2009

NI NVIORef LabVIEW Support 2009

NI NVIORef RT Support 2009

NI OCR Upgrade Manager

NI OPC Support

NI Portable Configuration 4.6.0

NI PXI Platform Framework 1.1.3

NI PXI Platform Framework 1.1.3 for Phar Lap ETS

NI PXI Platform Services 2.5.1

NI PXI Platform Services 2.5.1 Configuration Support

NI PXI Platform Services 2.5.1 Expert

NI PXI Platform Services 2.5.1 Expert for LabVIEW Real-Time

NI PXI Platform Services 2.5.1 for LabVIEW Real-Time

NI Real-Time Execution Trace Toolkit 2.0.1

NI Real-Time Execution Trace Toolkit 2.0.1 License

NI Real-Time Execution Trace Toolkit LabVIEW 2009 Support

NI Registration Wizard

NI Remote Provider for MAX 4.6.0

NI Remote PXI Provider for MAX 4.6.0

NI Service Locator

NI Software Provider for MAX 4.6.0

NI Sound and Vibration Frequency Analysis 2009

NI Sound and Vibration Frequency Analysis LabVIEW 2009 Support

NI Spy 2.6.0

NI SSL LabVIEW 2009 Real-Time Support

NI SSL LabVIEW 2009 Support

NI SSL Support

NI System API RT

NI System API Windows 32-bit

NI System Identification Assistant LabVIEW Support

NI System State Publisher

NI System State Publisher Support for LabVIEW Real-Time

NI TDM Excel Add-In 2.1

NI TDMS

NI TDMS RT_20

NI Trace Engine

NI TraceEngine Support for LabVIEW Real-Time

NI Uninstaller

NI USI 1.7.0

NI Variable Client for LabVIEW Real-Time

NI Variable Engine 2.3.0

NI Variable Engine LabVIEW 2009 Support

NI Variable Engine Serial Support

NI Variable Engine Serial Support RT

NI VC2005MSMs x86

NI VC2008MSMs x86

NI Vision .NET 2009

NI Vision .NET Run-Time Engine 2009

NI Vision 2009

NI Vision Assistant 2009

NI Vision Assistant 2009 .NET

NI Vision Builder AI 3.6.1

NI Vision Run-Time Engine 2009

NI Web Pipeline 2.0.1

NI WebServer Support for LabVIEW Real-Time

NI WebServices Runtime Support for LabVIEW Real-Time

NI Windows EPICSIOServer

NI Windows Modbus IO Server

NI Xalan Delay Load 1.10.1

NI Xerces Delay Load 2.7.1

Norton Security Suite

Notepad++

NVIDIA PhysX

OpenOffice.org 3.1

Pando Media Booster

Portal

Power2Go

PowerDirector

PowerRecover

PrimoPDF -- by Nitro PDF Software

PS_AIO_07_C310_SW_Min

PunkBuster Services

QLBCASL

QuickPar 0.9

QuickTime

QuickTransfer

RaySource 2.1.10.8366

Realtek Ethernet Controller Driver For Windows Vista and Later

Root Locus and Frequency Response

Samsung Kies

Samsung New PC Studio

Samsung New PC Studio USB Driver Installer

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)

SmartWebPrinting

SolidWorks 2009 x64 Edition SP03

SolutionCenter

SSH Secure Shell

Status

TKS3

Toolbox

TrayApp

TreeSize Free V2.4

Ubisoft Game Launcher

Unity Web Player

Unlocker 1.9.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VISA Shared Components 64-Bit

WBFS Manager 3.0

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Upload Tool

Windows Media Center Add-in for Flash

Windows Media Player Firefox Plugin

璣动肚弧ぇ瓂格3rd

英雄传说6空之轨迹SC 繁体中文 完美破解版

鲁大师

.

==== Event Viewer Messages From Past Week ========

.

2/5/2012 9:44:06 AM, Error: Disk [11] - The driver detected a controller error on

\Device\Harddisk2\DR3.

2/5/2012 7:35:30 PM, Error: Service Control Manager [7000] - The cvintdrv service

failed to start due to the following error: This driver has been blocked from

loading

2/5/2012 7:35:30 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers

\cvintdrv.SYS has been blocked from loading due to incompatibility with this system.

Please contact your software vendor for a compatible version of the driver.

2/4/2012 10:18:33 AM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the eventlog

service.

2/3/2012 12:23:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got

error "1053" attempting to start the service WSearch with arguments "" in order to

run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/3/2012 12:23:00 AM, Error: Service Control Manager [7000] - The Windows Search

service failed to start due to the following error: The service did not respond to

the start or control request in a timely fashion.

2/3/2012 12:22:59 AM, Error: Service Control Manager [7009] - A timeout was reached

(30000 milliseconds) while waiting for the Windows Search service to connect.

2/3/2012 10:46:09 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not

be registered on the interface with IP address 192.168.1.101. The computer with the

IP address 192.168.1.10 did not allow the name to be claimed by this computer.

2/1/2012 9:53:49 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the N360

service.

2/1/2012 9:51:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The

computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a

(0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003712ab5). A

dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020112-53414-01.

2/1/2012 9:49:41 PM, Error: Service Control Manager [7009] - A timeout was reached

(30000 milliseconds) while waiting for the Windows Error Reporting Service service to

connect.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello and :welcome:

Lets see if we can clean that up.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

swanriver please don't hijack other people's threads.

Elise, I have just ran the scan from your first comment, and the problem seem to have gone away after the scan! thanks!

And here's the log of the scan.

21:18:15.0364 1780 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

21:18:16.0888 1780 ============================================================

21:18:16.0888 1780 Current date / time: 2012/02/06 21:18:16.0888

21:18:16.0888 1780 SystemInfo:

21:18:16.0888 1780

21:18:16.0888 1780 OS Version: 6.1.7601 ServicePack: 1.0

21:18:16.0888 1780 Product type: Workstation

21:18:16.0888 1780 ComputerName: DANIEL-PC

21:18:16.0889 1780 UserName: Daniel

21:18:16.0889 1780 Windows directory: C:\Windows

21:18:16.0889 1780 System windows directory: C:\Windows

21:18:16.0889 1780 Running under WOW64

21:18:16.0889 1780 Processor architecture: Intel x64

21:18:16.0889 1780 Number of processors: 8

21:18:16.0889 1780 Page size: 0x1000

21:18:16.0889 1780 Boot type: Normal boot

21:18:16.0889 1780 ============================================================

21:18:17.0319 1780 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:18:17.0338 1780 \Device\Harddisk0\DR0:

21:18:17.0338 1780 MBR used

21:18:17.0338 1780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

21:18:17.0338 1780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x239F6800

21:18:17.0338 1780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23A5A800, BlocksNum 0x19A0000

21:18:17.0338 1780 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

21:18:17.0400 1780 Initialize success

21:18:17.0400 1780 ============================================================

21:18:31.0235 1332 ============================================================

21:18:31.0235 1332 Scan started

21:18:31.0235 1332 Mode: Manual;

21:18:31.0235 1332 ============================================================

21:18:32.0063 1332 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

21:18:32.0067 1332 1394ohci - ok

21:18:32.0128 1332 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys

21:18:32.0128 1332 Accelerometer - ok

21:18:32.0205 1332 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

21:18:32.0209 1332 ACPI - ok

21:18:32.0288 1332 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

21:18:32.0290 1332 AcpiPmi - ok

21:18:32.0390 1332 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

21:18:32.0398 1332 adp94xx - ok

21:18:32.0516 1332 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

21:18:32.0521 1332 adpahci - ok

21:18:32.0744 1332 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

21:18:32.0748 1332 adpu320 - ok

21:18:32.0869 1332 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

21:18:32.0876 1332 AFD - ok

21:18:32.0939 1332 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

21:18:32.0959 1332 AgereSoftModem - ok

21:18:33.0042 1332 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:18:33.0044 1332 agp440 - ok

21:18:33.0111 1332 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:18:33.0113 1332 aliide - ok

21:18:33.0124 1332 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:18:33.0126 1332 amdide - ok

21:18:33.0156 1332 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

21:18:33.0158 1332 AmdK8 - ok

21:18:33.0195 1332 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

21:18:33.0197 1332 AmdPPM - ok

21:18:33.0266 1332 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

21:18:33.0269 1332 amdsata - ok

21:18:33.0312 1332 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

21:18:33.0316 1332 amdsbs - ok

21:18:33.0360 1332 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

21:18:33.0361 1332 amdxata - ok

21:18:33.0461 1332 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

21:18:33.0463 1332 AppID - ok

21:18:33.0550 1332 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

21:18:33.0552 1332 arc - ok

21:18:33.0612 1332 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

21:18:33.0615 1332 arcsas - ok

21:18:33.0677 1332 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:18:33.0679 1332 AsyncMac - ok

21:18:33.0729 1332 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:18:33.0730 1332 atapi - ok

21:18:33.0789 1332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

21:18:33.0797 1332 b06bdrv - ok

21:18:33.0872 1332 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:18:33.0877 1332 b57nd60a - ok

21:18:34.0010 1332 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys

21:18:34.0024 1332 BCM43XX - ok

21:18:34.0056 1332 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:18:34.0057 1332 Beep - ok

21:18:34.0334 1332 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys

21:18:34.0339 1332 BHDrvx64 - ok

21:18:34.0425 1332 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

21:18:34.0426 1332 blbdrive - ok

21:18:34.0477 1332 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

21:18:34.0479 1332 bowser - ok

21:18:34.0514 1332 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:18:34.0516 1332 BrFiltLo - ok

21:18:34.0532 1332 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:18:34.0533 1332 BrFiltUp - ok

21:18:34.0605 1332 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:18:34.0610 1332 Brserid - ok

21:18:34.0635 1332 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:18:34.0637 1332 BrSerWdm - ok

21:18:34.0654 1332 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:18:34.0656 1332 BrUsbMdm - ok

21:18:34.0678 1332 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:18:34.0679 1332 BrUsbSer - ok

21:18:34.0752 1332 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

21:18:34.0754 1332 BthEnum - ok

21:18:34.0768 1332 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

21:18:34.0770 1332 BTHMODEM - ok

21:18:34.0854 1332 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

21:18:34.0856 1332 BthPan - ok

21:18:34.0926 1332 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

21:18:34.0935 1332 BTHPORT - ok

21:18:34.0974 1332 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

21:18:34.0976 1332 BTHUSB - ok

21:18:35.0030 1332 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys

21:18:35.0031 1332 btusbflt - ok

21:18:35.0089 1332 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys

21:18:35.0090 1332 btwaudio - ok

21:18:35.0175 1332 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys

21:18:35.0176 1332 btwavdt - ok

21:18:35.0219 1332 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

21:18:35.0220 1332 btwl2cap - ok

21:18:35.0254 1332 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys

21:18:35.0254 1332 btwrchid - ok

21:18:35.0291 1332 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:18:35.0293 1332 cdfs - ok

21:18:35.0352 1332 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

21:18:35.0355 1332 cdrom - ok

21:18:35.0399 1332 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

21:18:35.0400 1332 circlass - ok

21:18:35.0483 1332 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:18:35.0488 1332 CLFS - ok

21:18:35.0548 1332 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

21:18:35.0549 1332 CmBatt - ok

21:18:35.0623 1332 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:18:35.0625 1332 cmdide - ok

21:18:35.0689 1332 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

21:18:35.0698 1332 CNG - ok

21:18:35.0764 1332 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

21:18:35.0766 1332 Compbatt - ok

21:18:35.0880 1332 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

21:18:35.0882 1332 CompositeBus - ok

21:18:35.0944 1332 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

21:18:35.0946 1332 crcdisk - ok

21:18:35.0975 1332 cvintdrv - ok

21:18:36.0039 1332 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

21:18:36.0041 1332 DfsC - ok

21:18:36.0071 1332 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:18:36.0071 1332 discache - ok

21:18:36.0108 1332 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

21:18:36.0110 1332 Disk - ok

21:18:36.0226 1332 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

21:18:36.0230 1332 Dot4 - ok

21:18:36.0272 1332 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

21:18:36.0274 1332 Dot4Print - ok

21:18:36.0296 1332 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

21:18:36.0298 1332 dot4usb - ok

21:18:36.0335 1332 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:18:36.0336 1332 drmkaud - ok

21:18:36.0349 1332 dump_wmimmc - ok

21:18:36.0424 1332 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

21:18:36.0428 1332 DXGKrnl - ok

21:18:36.0541 1332 EagleX64 - ok

21:18:36.0669 1332 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

21:18:36.0714 1332 ebdrv - ok

21:18:36.0813 1332 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

21:18:36.0816 1332 eeCtrl - ok

21:18:36.0930 1332 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

21:18:36.0939 1332 elxstor - ok

21:18:36.0985 1332 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys

21:18:36.0987 1332 enecir - ok

21:18:37.0115 1332 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

21:18:37.0116 1332 EraserUtilRebootDrv - ok

21:18:37.0171 1332 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:18:37.0172 1332 ErrDev - ok

21:18:37.0266 1332 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:18:37.0270 1332 exfat - ok

21:18:37.0307 1332 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:18:37.0310 1332 fastfat - ok

21:18:37.0357 1332 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

21:18:37.0359 1332 fdc - ok

21:18:37.0385 1332 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:18:37.0387 1332 FileInfo - ok

21:18:37.0432 1332 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:18:37.0434 1332 Filetrace - ok

21:18:37.0515 1332 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

21:18:37.0517 1332 flpydisk - ok

21:18:37.0795 1332 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

21:18:37.0799 1332 FltMgr - ok

21:18:37.0836 1332 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:18:37.0838 1332 FsDepends - ok

21:18:37.0866 1332 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:18:37.0867 1332 Fs_Rec - ok

21:18:38.0036 1332 FTDIBUS (7442bca60ed46cc31c2f39728bbdd9ad) C:\Windows\system32\drivers\ftdibus.sys

21:18:38.0038 1332 FTDIBUS - ok

21:18:38.0077 1332 FTSER2K (121af3148cdda212cffbc4f6240699c2) C:\Windows\system32\drivers\ftser2k.sys

21:18:38.0080 1332 FTSER2K - ok

21:18:38.0150 1332 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:18:38.0154 1332 fvevol - ok

21:18:38.0191 1332 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

21:18:38.0193 1332 gagp30kx - ok

21:18:38.0286 1332 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:18:38.0287 1332 GEARAspiWDM - ok

21:18:38.0317 1332 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:18:38.0318 1332 hcw85cir - ok

21:18:38.0373 1332 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

21:18:38.0379 1332 HdAudAddService - ok

21:18:38.0505 1332 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

21:18:38.0507 1332 HDAudBus - ok

21:18:38.0518 1332 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

21:18:38.0520 1332 HidBatt - ok

21:18:38.0557 1332 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

21:18:38.0567 1332 HidBth - ok

21:18:38.0642 1332 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

21:18:38.0644 1332 HidIr - ok

21:18:38.0696 1332 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

21:18:38.0697 1332 HidUsb - ok

21:18:38.0778 1332 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys

21:18:38.0779 1332 hpdskflt - ok

21:18:38.0858 1332 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

21:18:38.0859 1332 HpqKbFiltr - ok

21:18:38.0955 1332 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

21:18:38.0958 1332 HpSAMD - ok

21:18:39.0053 1332 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

21:18:39.0063 1332 HTTP - ok

21:18:39.0120 1332 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

21:18:39.0120 1332 hwpolicy - ok

21:18:39.0208 1332 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

21:18:39.0209 1332 i8042prt - ok

21:18:39.0308 1332 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys

21:18:39.0310 1332 iaStor - ok

21:18:39.0388 1332 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

21:18:39.0395 1332 iaStorV - ok

21:18:39.0476 1332 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys

21:18:39.0477 1332 IDMWFP - ok

21:18:39.0783 1332 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSvia64.sys

21:18:39.0785 1332 IDSVia64 - ok

21:18:40.0011 1332 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

21:18:40.0085 1332 igfx - ok

21:18:40.0167 1332 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

21:18:40.0168 1332 iirsp - ok

21:18:40.0245 1332 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys

21:18:40.0248 1332 Impcd - ok

21:18:40.0294 1332 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:18:40.0296 1332 intelide - ok

21:18:40.0338 1332 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:18:40.0338 1332 intelppm - ok

21:18:40.0397 1332 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:18:40.0400 1332 IpFilterDriver - ok

21:18:40.0468 1332 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

21:18:40.0470 1332 IPMIDRV - ok

21:18:40.0507 1332 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:18:40.0510 1332 IPNAT - ok

21:18:40.0624 1332 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:18:40.0626 1332 IRENUM - ok

21:18:40.0657 1332 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:18:40.0659 1332 isapnp - ok

21:18:40.0747 1332 iscFlash (d7c5850c9b8be04f0ffe4c8172d5e3e1) C:\SwSetup\sp46749\iscflashx64.sys

21:18:40.0760 1332 iscFlash - ok

21:18:40.0789 1332 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

21:18:40.0794 1332 iScsiPrt - ok

21:18:40.0839 1332 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys

21:18:40.0840 1332 JMCR - ok

21:18:40.0900 1332 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

21:18:40.0900 1332 kbdclass - ok

21:18:40.0938 1332 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

21:18:40.0939 1332 kbdhid - ok

21:18:41.0118 1332 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

21:18:41.0121 1332 KSecDD - ok

21:18:41.0150 1332 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

21:18:41.0152 1332 KSecPkg - ok

21:18:41.0210 1332 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:18:41.0211 1332 ksthunk - ok

21:18:41.0312 1332 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys

21:18:41.0312 1332 LEqdUsb - ok

21:18:41.0372 1332 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys

21:18:41.0372 1332 LHidEqd - ok

21:18:41.0404 1332 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys

21:18:41.0405 1332 LHidFilt - ok

21:18:41.0458 1332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:18:41.0459 1332 lltdio - ok

21:18:41.0526 1332 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys

21:18:41.0527 1332 LMouFilt - ok

21:18:41.0566 1332 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

21:18:41.0576 1332 LSI_FC - ok

21:18:41.0619 1332 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

21:18:41.0622 1332 LSI_SAS - ok

21:18:41.0637 1332 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:18:41.0638 1332 LSI_SAS2 - ok

21:18:41.0675 1332 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:18:41.0677 1332 LSI_SCSI - ok

21:18:41.0711 1332 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:18:41.0713 1332 luafv - ok

21:18:41.0756 1332 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys

21:18:41.0758 1332 LUsbFilt - ok

21:18:41.0828 1332 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

21:18:41.0829 1332 MBAMProtector - ok

21:18:42.0005 1332 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

21:18:42.0006 1332 megasas - ok

21:18:42.0057 1332 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

21:18:42.0061 1332 MegaSR - ok

21:18:42.0115 1332 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:18:42.0116 1332 Modem - ok

21:18:42.0180 1332 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:18:42.0180 1332 monitor - ok

21:18:42.0241 1332 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

21:18:42.0242 1332 mouclass - ok

21:18:42.0271 1332 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:18:42.0272 1332 mouhid - ok

21:18:42.0374 1332 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

21:18:42.0376 1332 mountmgr - ok

21:18:42.0429 1332 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

21:18:42.0432 1332 mpio - ok

21:18:42.0451 1332 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:18:42.0453 1332 mpsdrv - ok

21:18:42.0506 1332 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

21:18:42.0510 1332 MRxDAV - ok

21:18:42.0571 1332 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:18:42.0573 1332 mrxsmb - ok

21:18:42.0634 1332 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:18:42.0638 1332 mrxsmb10 - ok

21:18:42.0660 1332 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:18:42.0663 1332 mrxsmb20 - ok

21:18:42.0678 1332 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

21:18:42.0680 1332 msahci - ok

21:18:42.0703 1332 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

21:18:42.0707 1332 msdsm - ok

21:18:42.0742 1332 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:18:42.0743 1332 Msfs - ok

21:18:42.0787 1332 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:18:42.0788 1332 mshidkmdf - ok

21:18:42.0868 1332 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:18:42.0870 1332 msisadrv - ok

21:18:42.0907 1332 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:18:42.0909 1332 MSKSSRV - ok

21:18:42.0932 1332 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:18:42.0933 1332 MSPCLOCK - ok

21:18:42.0957 1332 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:18:42.0960 1332 MSPQM - ok

21:18:43.0047 1332 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

21:18:43.0053 1332 MsRPC - ok

21:18:43.0083 1332 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

21:18:43.0084 1332 mssmbios - ok

21:18:43.0121 1332 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:18:43.0123 1332 MSTEE - ok

21:18:43.0178 1332 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

21:18:43.0180 1332 MTConfig - ok

21:18:43.0215 1332 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:18:43.0217 1332 Mup - ok

21:18:43.0351 1332 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:18:43.0355 1332 NativeWifiP - ok

21:18:43.0669 1332 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120206.020\ENG64.SYS

21:18:43.0670 1332 NAVENG - ok

21:18:43.0762 1332 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120206.020\EX64.SYS

21:18:43.0771 1332 NAVEX15 - ok

21:18:43.0910 1332 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

21:18:43.0923 1332 NDIS - ok

21:18:43.0965 1332 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:18:43.0967 1332 NdisCap - ok

21:18:44.0004 1332 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:18:44.0012 1332 NdisTapi - ok

21:18:44.0077 1332 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

21:18:44.0079 1332 Ndisuio - ok

21:18:44.0132 1332 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

21:18:44.0135 1332 NdisWan - ok

21:18:44.0204 1332 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

21:18:44.0205 1332 NDProxy - ok

21:18:44.0307 1332 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:18:44.0308 1332 NetBIOS - ok

21:18:44.0363 1332 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

21:18:44.0367 1332 NetBT - ok

21:18:44.0512 1332 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

21:18:44.0578 1332 netw5v64 - ok

21:18:44.0672 1332 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

21:18:44.0674 1332 nfrd960 - ok

21:18:44.0754 1332 ni1006k (51845465fa15703ca34ea48e3d288809) C:\Windows\system32\drivers\ni1006k.sys

21:18:44.0775 1332 ni1006k - ok

21:18:44.0792 1332 ni1045k (672b25e5c3db5dd356749a0386747155) C:\Windows\system32\drivers\ni1045kl.sys

21:18:44.0799 1332 ni1045k - ok

21:18:44.0818 1332 ni1065k (a7a0621af90d1bff14f46e1e1e378097) C:\Windows\system32\drivers\ni1065k.sys

21:18:44.0839 1332 ni1065k - ok

21:18:44.0902 1332 nidimk (c2a493c8eecf09cb8f30ce0704ea367f) C:\Windows\system32\drivers\nidimkl.sys

21:18:44.0909 1332 nidimk - ok

21:18:44.0955 1332 nimdbgk (6203ab84b0b9d604f8f94e2c9e752ae5) C:\Windows\system32\drivers\nimdbgkl.sys

21:18:44.0956 1332 nimdbgk - ok

21:18:45.0012 1332 nimxdfk (029a01307f7720d70b2049de39a7726b) C:\Windows\system32\drivers\nimxdfkl.sys

21:18:45.0012 1332 nimxdfk - ok

21:18:45.0031 1332 niorbk (ca6882d4a8fbd313d2b4694154f1182b) C:\Windows\system32\drivers\niorbkl.sys

21:18:45.0038 1332 niorbk - ok

21:18:45.0096 1332 nipalfwedl (7dd219978f0f981a16a088fae1f21f29) C:\Windows\system32\drivers\nipalfwedl.sys

21:18:45.0116 1332 nipalfwedl - ok

21:18:45.0232 1332 NIPALK (b418de3b430ac5ccfe518228829fbb44) C:\Windows\system32\drivers\nipalk.sys

21:18:45.0235 1332 NIPALK - ok

21:18:45.0260 1332 nipalusbedl (f6dcfa9e0e20d21680e4a4638078aa6f) C:\Windows\system32\drivers\nipalusbedl.sys

21:18:45.0280 1332 nipalusbedl - ok

21:18:45.0301 1332 nipbcfk (a2cc7e62a620361cf0b7d953ebe83c62) C:\Windows\system32\drivers\nipbcfk.sys

21:18:45.0301 1332 nipbcfk - ok

21:18:45.0325 1332 nipxigpk (9b4669e0113c2cd0a09ebb999b5a0068) C:\Windows\system32\drivers\nipxigpk.sys

21:18:45.0346 1332 nipxigpk - ok

21:18:45.0369 1332 nipxirmk (0838d54ed6683a45826f9228a0670b7b) C:\Windows\system32\drivers\nipxirmkl.sys

21:18:45.0370 1332 nipxirmk - ok

21:18:45.0448 1332 NiViFWK (3f53966676f2b542286d0a1803d6215a) C:\Windows\system32\drivers\NiViFWKl.sys

21:18:45.0455 1332 NiViFWK - ok

21:18:45.0519 1332 NiViPciK (8cc607d58c517437e05183d000aa0841) C:\Windows\system32\drivers\NiViPciKl.sys

21:18:45.0526 1332 NiViPciK - ok

21:18:45.0650 1332 NiViPxiK (58277050d1141becd10f27ffc7438108) C:\Windows\system32\drivers\NiViPxiKl.sys

21:18:45.0650 1332 NiViPxiK - ok

21:18:45.0693 1332 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:18:45.0695 1332 Npfs - ok

21:18:45.0705 1332 NPPTNT2 - ok

21:18:45.0722 1332 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:18:45.0723 1332 nsiproxy - ok

21:18:45.0795 1332 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

21:18:45.0819 1332 Ntfs - ok

21:18:45.0839 1332 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:18:45.0840 1332 Null - ok

21:18:45.0904 1332 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys

21:18:45.0905 1332 NVHDA - ok

21:18:46.0347 1332 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:18:46.0402 1332 nvlddmkm - ok

21:18:46.0515 1332 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

21:18:46.0518 1332 nvraid - ok

21:18:46.0535 1332 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

21:18:46.0538 1332 nvstor - ok

21:18:46.0662 1332 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

21:18:46.0665 1332 nv_agp - ok

21:18:46.0706 1332 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

21:18:46.0708 1332 ohci1394 - ok

21:18:46.0776 1332 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

21:18:46.0779 1332 Parport - ok

21:18:46.0825 1332 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

21:18:46.0827 1332 partmgr - ok

21:18:46.0847 1332 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

21:18:46.0851 1332 pci - ok

21:18:46.0867 1332 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

21:18:46.0869 1332 pciide - ok

21:18:46.0940 1332 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

21:18:46.0945 1332 pcmcia - ok

21:18:46.0977 1332 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:18:46.0979 1332 pcw - ok

21:18:47.0013 1332 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:18:47.0021 1332 PEAUTH - ok

21:18:47.0190 1332 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

21:18:47.0192 1332 PptpMiniport - ok

21:18:47.0269 1332 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

21:18:47.0271 1332 Processor - ok

21:18:47.0351 1332 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

21:18:47.0353 1332 Psched - ok

21:18:47.0415 1332 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

21:18:47.0437 1332 ql2300 - ok

21:18:47.0483 1332 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

21:18:47.0485 1332 ql40xx - ok

21:18:47.0526 1332 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:18:47.0526 1332 QWAVEdrv - ok

21:18:47.0564 1332 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:18:47.0573 1332 RasAcd - ok

21:18:47.0700 1332 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:18:47.0702 1332 RasAgileVpn - ok

21:18:47.0750 1332 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:18:47.0752 1332 Rasl2tp - ok

21:18:47.0775 1332 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:18:47.0777 1332 RasPppoe - ok

21:18:47.0799 1332 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:18:47.0801 1332 RasSstp - ok

21:18:47.0853 1332 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

21:18:47.0857 1332 rdbss - ok

21:18:47.0887 1332 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

21:18:47.0889 1332 rdpbus - ok

21:18:47.0914 1332 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:18:47.0914 1332 RDPCDD - ok

21:18:47.0944 1332 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:18:47.0945 1332 RDPENCDD - ok

21:18:47.0977 1332 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:18:47.0977 1332 RDPREFMP - ok

21:18:48.0031 1332 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

21:18:48.0035 1332 RDPWD - ok

21:18:48.0108 1332 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

21:18:48.0111 1332 rdyboost - ok

21:18:48.0200 1332 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

21:18:48.0202 1332 RFCOMM - ok

21:18:48.0241 1332 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:18:48.0243 1332 rspndr - ok

21:18:48.0272 1332 RTCore64 - ok

21:18:48.0319 1332 RTL8167 (fe61b0b4aa58c3bd3dfa6279131f7f53) C:\Windows\system32\DRIVERS\Rt64win7.sys

21:18:48.0323 1332 RTL8167 - ok

21:18:48.0379 1332 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

21:18:48.0382 1332 sbp2port - ok

21:18:48.0433 1332 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

21:18:48.0435 1332 scfilter - ok

21:18:48.0498 1332 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

21:18:48.0501 1332 sdbus - ok

21:18:48.0635 1332 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:18:48.0637 1332 secdrv - ok

21:18:48.0702 1332 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

21:18:48.0704 1332 Serenum - ok

21:18:48.0730 1332 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

21:18:48.0732 1332 Serial - ok

21:18:48.0790 1332 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

21:18:48.0792 1332 sermouse - ok

21:18:48.0846 1332 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

21:18:48.0847 1332 sffdisk - ok

21:18:48.0860 1332 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

21:18:48.0861 1332 sffp_mmc - ok

21:18:48.0872 1332 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

21:18:48.0874 1332 sffp_sd - ok

21:18:48.0892 1332 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

21:18:48.0894 1332 sfloppy - ok

21:18:48.0937 1332 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:18:48.0939 1332 SiSRaid2 - ok

21:18:48.0964 1332 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

21:18:48.0967 1332 SiSRaid4 - ok

21:18:49.0004 1332 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:18:49.0006 1332 Smb - ok

21:18:49.0126 1332 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:18:49.0128 1332 spldr - ok

21:18:49.0221 1332 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

21:18:49.0221 1332 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

21:18:49.0222 1332 sptd ( LockedFile.Multi.Generic ) - warning

21:18:49.0222 1332 sptd - detected LockedFile.Multi.Generic (1)

21:18:49.0313 1332 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS

21:18:49.0316 1332 SRTSP - ok

21:18:49.0403 1332 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS

21:18:49.0403 1332 SRTSPX - ok

21:18:49.0465 1332 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

21:18:49.0471 1332 srv - ok

21:18:49.0498 1332 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

21:18:49.0504 1332 srv2 - ok

21:18:49.0548 1332 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

21:18:49.0554 1332 SrvHsfHDA - ok

21:18:49.0630 1332 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

21:18:49.0652 1332 SrvHsfV92 - ok

21:18:49.0745 1332 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

21:18:49.0756 1332 SrvHsfWinac - ok

21:18:49.0812 1332 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

21:18:49.0815 1332 srvnet - ok

21:18:49.0897 1332 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys

21:18:49.0900 1332 ss_bbus - ok

21:18:49.0954 1332 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys

21:18:49.0955 1332 ss_bmdfl - ok

21:18:49.0974 1332 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys

21:18:49.0978 1332 ss_bmdm - ok

21:18:50.0042 1332 ss_bserd (677cdc98f8363accaae783fde1599c2a) C:\Windows\system32\DRIVERS\ss_bserd.sys

21:18:50.0045 1332 ss_bserd - ok

21:18:50.0155 1332 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

21:18:50.0156 1332 stexstor - ok

21:18:50.0212 1332 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys

21:18:50.0220 1332 STHDA - ok

21:18:50.0278 1332 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

21:18:50.0279 1332 StillCam - ok

21:18:50.0344 1332 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

21:18:50.0344 1332 swenum - ok

21:18:50.0465 1332 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS

21:18:50.0471 1332 SymDS - ok

21:18:50.0607 1332 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS

21:18:50.0620 1332 SymEFA - ok

21:18:50.0664 1332 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

21:18:50.0665 1332 SymEvent - ok

21:18:50.0726 1332 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS

21:18:50.0728 1332 SymIRON - ok

21:18:50.0789 1332 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS

21:18:50.0791 1332 SymNetS - ok

21:18:50.0852 1332 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys

21:18:50.0854 1332 SynTP - ok

21:18:50.0970 1332 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

21:18:50.0997 1332 Tcpip - ok

21:18:51.0066 1332 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

21:18:51.0074 1332 TCPIP6 - ok

21:18:51.0133 1332 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

21:18:51.0134 1332 tcpipreg - ok

21:18:51.0167 1332 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:18:51.0168 1332 TDPIPE - ok

21:18:51.0196 1332 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

21:18:51.0197 1332 TDTCP - ok

21:18:51.0292 1332 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

21:18:51.0295 1332 tdx - ok

21:18:51.0348 1332 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

21:18:51.0349 1332 TermDD - ok

21:18:51.0422 1332 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys

21:18:51.0435 1332 TFsExDisk - ok

21:18:51.0515 1332 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:18:51.0517 1332 tssecsrv - ok

21:18:51.0617 1332 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

21:18:51.0619 1332 TsUsbFlt - ok

21:18:51.0691 1332 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

21:18:51.0693 1332 tunnel - ok

21:18:51.0727 1332 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

21:18:51.0729 1332 uagp35 - ok

21:18:51.0813 1332 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

21:18:51.0818 1332 udfs - ok

21:18:51.0889 1332 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

21:18:51.0892 1332 uliagpkx - ok

21:18:51.0958 1332 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

21:18:51.0960 1332 umbus - ok

21:18:52.0006 1332 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

21:18:52.0008 1332 UmPass - ok

21:18:52.0087 1332 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys

21:18:52.0088 1332 UnlockerDriver5 - ok

21:18:52.0144 1332 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

21:18:52.0154 1332 usbccgp - ok

21:18:52.0245 1332 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

21:18:52.0248 1332 usbcir - ok

21:18:52.0299 1332 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

21:18:52.0301 1332 usbehci - ok

21:18:52.0328 1332 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

21:18:52.0332 1332 usbhub - ok

21:18:52.0352 1332 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

21:18:52.0354 1332 usbohci - ok

21:18:52.0419 1332 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

21:18:52.0420 1332 usbprint - ok

21:18:52.0458 1332 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

21:18:52.0460 1332 usbscan - ok

21:18:52.0508 1332 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:18:52.0511 1332 USBSTOR - ok

21:18:52.0536 1332 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

21:18:52.0537 1332 usbuhci - ok

21:18:52.0636 1332 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

21:18:52.0640 1332 usbvideo - ok

21:18:52.0730 1332 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

21:18:52.0732 1332 vdrvroot - ok

21:18:52.0776 1332 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:18:52.0778 1332 vga - ok

21:18:52.0803 1332 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:18:52.0804 1332 VgaSave - ok

21:18:52.0854 1332 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

21:18:52.0859 1332 vhdmp - ok

21:18:52.0883 1332 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

21:18:52.0884 1332 viaide - ok

21:18:52.0900 1332 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

21:18:52.0902 1332 volmgr - ok

21:18:52.0956 1332 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

21:18:52.0960 1332 volmgrx - ok

21:18:53.0017 1332 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

21:18:53.0022 1332 volsnap - ok

21:18:53.0094 1332 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

21:18:53.0097 1332 vsmraid - ok

21:18:53.0143 1332 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

21:18:53.0144 1332 vwifibus - ok

21:18:53.0191 1332 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

21:18:53.0193 1332 vwififlt - ok

21:18:53.0235 1332 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

21:18:53.0237 1332 WacomPen - ok

21:18:53.0280 1332 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:18:53.0282 1332 WANARP - ok

21:18:53.0306 1332 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:18:53.0307 1332 Wanarpv6 - ok

21:18:53.0365 1332 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

21:18:53.0366 1332 Wd - ok

21:18:53.0430 1332 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

21:18:53.0432 1332 WDC_SAM - ok

21:18:53.0487 1332 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:18:53.0496 1332 Wdf01000 - ok

21:18:53.0612 1332 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:18:53.0613 1332 WfpLwf - ok

21:18:53.0638 1332 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:18:53.0640 1332 WIMMount - ok

21:18:53.0748 1332 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

21:18:53.0750 1332 WinUsb - ok

21:18:53.0858 1332 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

21:18:53.0858 1332 WmiAcpi - ok

21:18:53.0899 1332 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:18:53.0901 1332 ws2ifsl - ok

21:18:53.0962 1332 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

21:18:53.0965 1332 WudfPf - ok

21:18:54.0032 1332 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:18:54.0036 1332 WUDFRd - ok

21:18:54.0157 1332 X6va002 - ok

21:18:54.0431 1332 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

21:18:54.0437 1332 yukonw7 - ok

21:18:54.0446 1332 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0

21:18:54.0466 1332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

21:18:54.0466 1332 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

21:18:54.0490 1332 Boot (0x1200) (d1d069f766cb50395917fc19deed84c8) \Device\Harddisk0\DR0\Partition0

21:18:54.0491 1332 \Device\Harddisk0\DR0\Partition0 - ok

21:18:54.0505 1332 Boot (0x1200) (2f8289878cf991fd6de05c13438b81fc) \Device\Harddisk0\DR0\Partition1

21:18:54.0506 1332 \Device\Harddisk0\DR0\Partition1 - ok

21:18:54.0531 1332 Boot (0x1200) (8b7c8d08dc9b2cd9b8fc83dec1fbf57f) \Device\Harddisk0\DR0\Partition2

21:18:54.0532 1332 \Device\Harddisk0\DR0\Partition2 - ok

21:18:54.0545 1332 Boot (0x1200) (a51871995702e0eb6c469f5f49fa47c7) \Device\Harddisk0\DR0\Partition3

21:18:54.0545 1332 \Device\Harddisk0\DR0\Partition3 - ok

21:18:54.0546 1332 ============================================================

21:18:54.0546 1332 Scan finished

21:18:54.0546 1332 ============================================================

21:18:54.0555 2308 Detected object count: 2

21:18:54.0555 2308 Actual detected object count: 2

21:19:31.0075 2308 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

21:19:31.0076 2308 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

21:19:31.0145 2308 \Device\Harddisk0\DR0\# - copied to quarantine

21:19:31.0146 2308 \Device\Harddisk0\DR0 - copied to quarantine

21:19:31.0216 2308 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

21:19:31.0221 2308 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

21:19:31.0227 2308 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine

21:19:31.0247 2308 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

21:19:31.0263 2308 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

21:19:31.0266 2308 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

21:19:31.0268 2308 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

21:19:31.0272 2308 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

21:19:31.0276 2308 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

21:19:31.0281 2308 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

21:19:31.0283 2308 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

21:19:31.0330 2308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

21:19:31.0330 2308 \Device\Harddisk0\DR0 - ok

21:19:31.0332 2308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

21:19:37.0229 5364 Deinitialize success

Link to post
Share on other sites

@ swanriver, I requested your posts to be split off to a separate topic.

====================================

@ cybersaruboi1, my apologies for the confusion!

You had a nasty rootkit infection, please read the following information first:

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

If you want to continue the cleanup, lets see what else the rootkit has been hiding.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

I am going to try cleaning up my computer. I ran ComboFix but it did not ask me to install recovery console, but it ran anyways. and attached is the log that it returned.

ComboFix 12-02-06.02 - Daniel 6/2012 Mon 23:14:49.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.8183.5514 [GMT -8:00]

执行位置: c:\users\Daniel\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

Error: Cfiles.dat

.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\NamiRobot\DuTOol.exe

c:\programdata\ntuser.dat

c:\users\Daniel\AppData\Roaming\501C.40E

c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\extensions\{62951d9f-a1a7-4870-9b30-df62e6f11b4d}

c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\extensions\{62951d9f-a1a7-4870-9b30-df62e6f11b4d}\chrome.manifest

c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\extensions\{62951d9f-a1a7-4870-9b30-df62e6f11b4d}\chrome\xulcache.jar

c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\extensions\{62951d9f-a1a7-4870-9b30-df62e6f11b4d}\defaults\preferences\xulcache.js

c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\extensions\{62951d9f-a1a7-4870-9b30-df62e6f11b4d}\install.rdf

c:\users\Public\videos\HP MediaSmart Demo.exe

c:\windows\SysWow64\system32

c:\windows\SysWow64\system32\3DAudio.ax

c:\windows\SysWow64\system32\avrt.dll

c:\windows\SysWow64\system32\cis-2.4.dll

c:\windows\SysWow64\system32\issacapi_bs-2.3.dll

c:\windows\SysWow64\system32\issacapi_pe-2.3.dll

c:\windows\SysWow64\system32\issacapi_se-2.3.dll

c:\windows\SysWow64\system32\MACXMLProto.dll

c:\windows\SysWow64\system32\MaDRM.dll

c:\windows\SysWow64\system32\MaJGUILib.dll

c:\windows\SysWow64\system32\MAMACExtract.dll

c:\windows\SysWow64\system32\MASetupCleaner.exe

c:\windows\SysWow64\system32\MaXMLProto.dll

c:\windows\SysWow64\system32\mfplat.dll

c:\windows\SysWow64\system32\MK_Lyric.dll

c:\windows\SysWow64\system32\MSCLib.dll

c:\windows\SysWow64\system32\MSFLib.dll

c:\windows\SysWow64\system32\MSLUR71.dll

c:\windows\SysWow64\system32\msvcp60.dll

c:\windows\SysWow64\system32\MTTELECHIP.dll

c:\windows\SysWow64\system32\MTXSYNCICON.dll

c:\windows\SysWow64\system32\muzaf1.dll

c:\windows\SysWow64\system32\muzapp.dll

c:\windows\SysWow64\system32\muzapp.exe

c:\windows\SysWow64\system32\muzdecode.ax

c:\windows\SysWow64\system32\muzeffect.ax

c:\windows\SysWow64\system32\muzmp4sp.ax

c:\windows\SysWow64\system32\muzmpgsp.ax

c:\windows\SysWow64\system32\muzoggsp.ax

c:\windows\SysWow64\system32\muzwmts.dll

c:\windows\SysWow64\system32\psapi.dll

.

.

((((((((((((((((((((((((( 2012-01-07 至 2012-02-07 的新的档案 )))))))))))))))))))))))))))))))

.

.

2012-02-07 07:24 . 2012-02-07 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-07 05:19 . 2012-02-07 05:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-05 23:32 . 2012-02-05 23:32 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes

2012-02-05 23:32 . 2012-02-05 23:32 -------- d-----w- c:\programdata\Malwarebytes

2012-02-05 23:32 . 2012-02-05 23:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-05 23:32 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-29 19:13 . 2012-01-29 19:13 -------- d-----w- c:\program files (x86)\Unlocker

2012-01-29 19:11 . 2012-01-29 19:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6D3.tmp

2012-01-23 07:08 . 2012-01-23 07:12 -------- d-----w- c:\users\Daniel\AppData\Local\QuickPar

2012-01-23 07:07 . 2012-01-23 07:07 -------- d-----w- c:\program files (x86)\QuickPar

2012-01-15 10:18 . 2012-01-15 10:18 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-15 10:18 . 2012-01-15 10:18 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-15 10:18 . 2012-01-15 10:18 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-15 10:18 . 2012-01-15 10:18 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-01-14 20:30 . 2012-01-14 20:30 -------- d-----w- c:\windows\SysWow64\Falcom

2012-01-14 20:30 . 2012-01-14 20:30 -------- d-----w- c:\program files (x86)\Falcom

2012-01-14 12:24 . 2012-01-14 12:32 -------- d-----w- C:\8568fc41f1dcdcaa7e948c0dae50

2012-01-14 10:57 . 2012-01-14 11:08 -------- d-----w- c:\program files (x86)\ED6SC

2012-01-12 07:59 . 2012-01-12 07:59 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-01-12 07:59 . 2012-01-12 07:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-01-12 07:59 . 2012-01-13 11:15 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2012-01-12 07:57 . 2012-01-12 07:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\windows\symbols

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\program files\Microsoft Help Viewer

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\program files (x86)\Microsoft SDKs

2012-01-11 09:39 . 2012-01-11 09:39 -------- d-----w- c:\users\Daniel\AppData\Local\Skyrim

2012-01-11 04:42 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 04:42 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 04:42 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 04:42 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 04:42 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 04:42 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 04:36 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 04:36 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-08 19:43 . 2012-01-08 19:55 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-07 06:32 . 2011-12-07 06:32 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

2011-11-24 04:52 . 2011-12-14 05:56 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 04:43 . 2011-05-17 02:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-05 00:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"p9pl8489892903131879765"="\\?\globalroot\Device\HarddiskVolume2\Users\Daniel\AppData\Local\Temp\p9pl8489892903131879765.tmp" [?]

"p9pl7700648770387744580"="\\?\globalroot\Device\HarddiskVolume2\Users\Daniel\AppData\Local\Temp\p9pl7700648770387744580.tmp" [?]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-30 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMS;KMS;c:\windows\srvany.exe [2010-04-22 8192]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]

R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-03-19 83240]

R3 dump_wmimmc;dump_wmimmc;c:\funmily\PriusOnLine\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-23 1436424]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 iscFlash;iscFlash;c:\swsetup\sp46749\iscflashx64.sys [2009-12-09 27128]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [x]

R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [x]

R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [x]

R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [x]

R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [x]

R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [x]

R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [x]

R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [x]

R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]

R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-02-16 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 X6va002;X6va002;c:\users\Daniel\AppData\Local\Temp\002D05E.tmp [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSvia64.sys [2011-12-15 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-06-08 89600]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]

S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]

S2 nipxirmk;NI PXI Resource Manager;c:\windows\system32\drivers\nipxirmkl.sys [x]

S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 78656860

*Deregistered* - 78656860

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

‘计划任务’ 文件夹 里的内容

.

2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985498061-3233397994-3397652253-1001Core.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 02:15]

.

2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985498061-3233397994-3397652253-1001UA.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 02:15]

.

2012-01-26 c:\windows\Tasks\HPCeeScheduleForDaniel.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-08 487424]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- 而外的扫描 -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &U?????????

IE: &Ue1o??×e?????2¢e?2?

IE: &UE1OAA×EEIAOO2¢EO2O

IE: &Uê1ó??×è?????2¢ê?2?

IE: &Uê1ó??×è?????2¢ê?2? - c:\program files (x86)\NamiRobot\Data\du.html

IE: &U使用米人下?并收藏

IE: &U使用米人下载并收藏 - c:\program files (x86)\NamiRobot\Data\du.html

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=QCeZc6W7&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 58788

FF - prefs.js: network.proxy.type - 0

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=QCeZc6W7&q=

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-NPSStartup - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-TTIME_TKS3_EN - c:\program files\T-Time\TKS3\uninstall.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]

"ImagePath"="\??\c:\users\Daniel\AppData\Local\Temp\002D05E.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2985498061-3233397994-3397652253-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):1b,22,ad,96,ca,7a,42,53,ea,dd,6f,c4,57,17,da,d1,44,2b,84,3c,18,

9f,bc,70,3e,01,af,48,58,b8,ad,4e,5e,a0,d2,14,5e,c0,4f,64,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2985498061-3233397994-3397652253-1001_Classes\Wow6432Node\CLSID\{d4b31fc7-8756-4c8f-930e-80b0546bef16}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000003d

"Therad"=dword:00000016

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

完成时间: 2012-02-06 23:27:41

ComboFix-quarantined-files.txt 2012-02-07 07:27

.

Pre-Run: 10,892,759,040 bytes free

Post-Run: 10,825,437,184 bytes free

.

- - End Of File - - 12104DA8B0660EEEF4B96E8431643595

Link to post
Share on other sites

Hi, that looks better. How are things running now?

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Firefox::
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58788

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u2.
  • Look for "JDK 7u2 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log together with a description of any remaining problem.

Link to post
Share on other sites

Hi Elise,

The popup for blocking ip access has stopped, but it seems like after all the scans my computer is starting up alot slower for some reason.

Another Question is why is norton treating combofix as a trojan?

but anyways, here's the logs form combofix and mbam.

ComboFix 12-02-07.01 - Daniel 7/2012 Tue 22:07:25.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.8183.5969 [GMT -8:00]

执行位置: c:\users\Daniel\Downloads\Downloads\Programs\ComboFix.exe

Command switches used :: c:\users\Daniel\Desktop\CFscript.txt

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* 成功创造新还原点

.

Error: Cfiles.dat

.

((((((((((((((((((((((((( 2012-01-08 至 2012-02-08 的新的档案 )))))))))))))))))))))))))))))))

.

.

2012-02-08 06:17 . 2012-02-08 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-08 05:54 . 2012-02-08 05:54 -------- d-----w- c:\windows\system32\drivers\N360x64\0502000.00D

2012-02-07 05:19 . 2012-02-07 05:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-05 23:32 . 2012-02-05 23:32 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes

2012-02-05 23:32 . 2012-02-05 23:32 -------- d-----w- c:\programdata\Malwarebytes

2012-02-05 23:32 . 2012-02-05 23:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-05 23:32 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-29 19:13 . 2012-01-29 19:13 -------- d-----w- c:\program files (x86)\Unlocker

2012-01-29 19:11 . 2012-01-29 19:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6D3.tmp

2012-01-23 07:08 . 2012-01-23 07:12 -------- d-----w- c:\users\Daniel\AppData\Local\QuickPar

2012-01-23 07:07 . 2012-01-23 07:07 -------- d-----w- c:\program files (x86)\QuickPar

2012-01-15 10:18 . 2012-01-15 10:18 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-15 10:18 . 2012-01-15 10:18 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-15 10:18 . 2012-01-15 10:18 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-15 10:18 . 2012-01-15 10:18 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-01-14 20:30 . 2012-01-14 20:30 -------- d-----w- c:\windows\SysWow64\Falcom

2012-01-14 20:30 . 2012-01-14 20:30 -------- d-----w- c:\program files (x86)\Falcom

2012-01-14 12:24 . 2012-01-14 12:32 -------- d-----w- C:\8568fc41f1dcdcaa7e948c0dae50

2012-01-14 10:57 . 2012-01-14 11:08 -------- d-----w- c:\program files (x86)\ED6SC

2012-01-12 07:59 . 2012-01-12 07:59 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-01-12 07:59 . 2012-01-12 07:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-01-12 07:59 . 2012-01-13 11:15 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2012-01-12 07:57 . 2012-01-12 07:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\windows\symbols

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\program files\Microsoft Help Viewer

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\program files (x86)\Microsoft SDKs

2012-01-11 09:39 . 2012-01-11 09:39 -------- d-----w- c:\users\Daniel\AppData\Local\Skyrim

2012-01-11 04:42 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 04:42 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 04:42 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 04:42 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 04:42 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 04:42 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 04:36 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 04:36 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-07 06:32 . 2011-12-07 06:32 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

2011-11-24 04:52 . 2011-12-14 05:56 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 04:43 . 2011-05-17 02:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-07_07.24.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-17 03:20 . 2012-02-08 05:45 95676 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-08 05:45 55806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-10-31 02:02 . 2012-02-08 05:45 24266 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2985498061-3233397994-3397652253-1001_UserData.bin

- 2009-10-31 02:02 . 2012-02-07 05:32 24266 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2985498061-3233397994-3397652253-1001_UserData.bin

+ 2012-02-08 05:54 . 2011-03-31 03:00 40568 c:\windows\system32\drivers\N360x64\0502000.00D\srtspx64.sys

+ 2009-10-21 08:31 . 2012-02-08 05:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-10-21 08:31 . 2012-02-05 22:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-10-21 08:31 . 2012-02-08 05:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-10-21 08:31 . 2012-01-25 04:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-08 05:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-25 04:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-10-21 08:24 . 2012-02-07 05:29 7585 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2009-10-21 08:24 . 2012-02-07 10:39 7585 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-02-07 05:30 . 2012-02-07 05:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-08 05:42 . 2012-02-08 05:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-07 05:30 . 2012-02-07 05:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-08 05:42 . 2012-02-08 05:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-08 05:54 . 2011-04-21 01:37 386168 c:\windows\system32\drivers\N360x64\0502000.00D\symnets.sys

+ 2012-02-08 05:54 . 2011-03-15 02:31 912504 c:\windows\system32\drivers\N360x64\0502000.00D\symefa64.sys

+ 2012-02-08 05:54 . 2011-01-27 06:47 450680 c:\windows\system32\drivers\N360x64\0502000.00D\symds64.sys

+ 2012-02-08 05:54 . 2011-03-31 03:00 744568 c:\windows\system32\drivers\N360x64\0502000.00D\srtsp64.sys

+ 2012-02-08 05:54 . 2010-11-16 01:45 171128 c:\windows\system32\drivers\N360x64\0502000.00D\ironx64.sys

+ 2009-07-14 05:01 . 2012-02-07 10:39 449276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-02-07 05:29 449276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-10-31 10:54 . 2012-02-07 10:39 6983096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2985498061-3233397994-3397652253-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-05 00:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"p9pl8489892903131879765"="\\?\globalroot\Device\HarddiskVolume2\Users\Daniel\AppData\Local\Temp\p9pl8489892903131879765.tmp" [?]

"p9pl7700648770387744580"="\\?\globalroot\Device\HarddiskVolume2\Users\Daniel\AppData\Local\Temp\p9pl7700648770387744580.tmp" [?]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-30 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMS;KMS;c:\windows\srvany.exe [2010-04-22 8192]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]

R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-03-19 83240]

R3 dump_wmimmc;dump_wmimmc;c:\funmily\PriusOnLine\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-23 1436424]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 iscFlash;iscFlash;c:\swsetup\sp46749\iscflashx64.sys [2009-12-09 27128]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [x]

R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [x]

R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [x]

R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [x]

R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [x]

R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [x]

R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [x]

R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [x]

R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]

R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-02-16 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 X6va002;X6va002;c:\users\Daniel\AppData\Local\Temp\002D05E.tmp [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120207.005\IDSvia64.sys [2011-12-15 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-06-08 89600]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]

S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]

S2 nipxirmk;NI PXI Resource Manager;c:\windows\system32\drivers\nipxirmkl.sys [x]

S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

‘计划任务’ 文件夹 里的内容

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985498061-3233397994-3397652253-1001Core.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 02:15]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985498061-3233397994-3397652253-1001UA.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 02:15]

.

2012-02-08 c:\windows\Tasks\HPCeeScheduleForDaniel.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-08 487424]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

.

------- 而外的扫描 -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &U?????????

IE: &Ue1o??×e?????2¢e?2?

IE: &UE1OAA×EEIAOO2¢EO2O

IE: &Uê1ó??×è?????2¢ê?2?

IE: &Uê1ó??×è?????2¢ê?2? - c:\program files (x86)\NamiRobot\Data\du.html

IE: &U使用米人下?并收藏

IE: &U使用米人下载并收藏 - c:\program files (x86)\NamiRobot\Data\du.html

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=QCeZc6W7&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=QCeZc6W7&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]

"ImagePath"="\??\c:\users\Daniel\AppData\Local\Temp\002D05E.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2985498061-3233397994-3397652253-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):1b,22,ad,96,ca,7a,42,53,ea,dd,6f,c4,57,17,da,d1,44,2b,84,3c,18,

9f,bc,70,3e,01,af,48,58,b8,ad,4e,5e,a0,d2,14,5e,c0,4f,64,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2985498061-3233397994-3397652253-1001_Classes\Wow6432Node\CLSID\{d4b31fc7-8756-4c8f-930e-80b0546bef16}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000003d

"Therad"=dword:00000016

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

完成时间: 2012-02-07 22:19:57

ComboFix-quarantined-files.txt 2012-02-08 06:19

ComboFix2.txt 2012-02-07 07:27

.

Pre-Run: 8,265,494,528 bytes free

Post-Run: 7,823,790,080 bytes free

.

- - End Of File - - B0563F9C3AD7DBA60498E53294F403F7

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.08.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Daniel :: DANIEL-PC [administrator]

Protection: Enabled

2/7/2012 10:55:30 PM

mbam-log-2012-02-07 (22-55-30).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 772240

Time elapsed: 2 hour(s), 58 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Daniel\Desktop\KMS_20582394523.exe (PUP.Hacktool.Office) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Symantec detects combofix as being a powerful tool, it does not "know" what it is used for, hence it flags it as malware (usually you'll see something like heuristic, risktool, generic in the detection name).

Please let me know if startup has improved after the following steps.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"p9pl8489892903131879765"=-
"p9pl7700648770387744580"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

it seems to have helped a bit, Thanks!

Here's the log from combofix...are there any other issues you see?

ComboFix 12-02-10.01 - Daniel 0/2012 Fri 2:09.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.8183.5887 [GMT -8:00]

执行位置: c:\users\Daniel\Desktop\ComboFix.exe

Command switches used :: c:\users\Daniel\Desktop\CFscript.txt

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* 成功创造新还原点

.

Error: Cfiles.dat

.

((((((((((((((((((((((((( 2012-01-10 至 2012-02-10 的新的档案 )))))))))))))))))))))))))))))))

.

.

2012-02-10 10:19 . 2012-02-10 10:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-08 06:28 . 2012-02-08 06:28 -------- d-----w- c:\program files\Oracle

2012-02-08 06:27 . 2011-11-09 03:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-02-08 06:27 . 2011-11-09 03:40 660368 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-08 06:25 . 2012-02-08 06:27 -------- d-----w- c:\program files\Java

2012-02-08 05:54 . 2012-02-08 06:37 -------- d-----w- c:\windows\system32\drivers\N360x64\0502000.00D

2012-02-07 05:19 . 2012-02-07 05:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-05 23:32 . 2012-02-05 23:32 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes

2012-02-05 23:32 . 2012-02-05 23:32 -------- d-----w- c:\programdata\Malwarebytes

2012-02-05 23:32 . 2012-02-05 23:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-05 23:32 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-29 19:13 . 2012-01-29 19:13 -------- d-----w- c:\program files (x86)\Unlocker

2012-01-29 19:11 . 2012-01-29 19:11 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6D3.tmp

2012-01-23 07:08 . 2012-01-23 07:12 -------- d-----w- c:\users\Daniel\AppData\Local\QuickPar

2012-01-23 07:07 . 2012-01-23 07:07 -------- d-----w- c:\program files (x86)\QuickPar

2012-01-15 10:18 . 2012-01-15 10:18 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-15 10:18 . 2012-01-15 10:18 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-15 10:18 . 2012-01-15 10:18 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-15 10:18 . 2012-01-15 10:18 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-01-14 20:30 . 2012-01-14 20:30 -------- d-----w- c:\windows\SysWow64\Falcom

2012-01-14 20:30 . 2012-01-14 20:30 -------- d-----w- c:\program files (x86)\Falcom

2012-01-14 12:24 . 2012-01-14 12:32 -------- d-----w- C:\8568fc41f1dcdcaa7e948c0dae50

2012-01-14 10:57 . 2012-01-14 11:08 -------- d-----w- c:\program files (x86)\ED6SC

2012-01-12 07:59 . 2012-01-12 07:59 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-01-12 07:59 . 2012-01-12 07:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-01-12 07:59 . 2012-01-13 11:15 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2012-01-12 07:57 . 2012-01-12 07:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\windows\symbols

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\program files\Microsoft Help Viewer

2012-01-12 07:56 . 2012-01-12 07:56 -------- d-----w- c:\program files (x86)\Microsoft SDKs

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-07 06:32 . 2011-12-07 06:32 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

2011-11-24 04:52 . 2011-12-14 05:56 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-19 14:58 . 2012-01-11 04:42 77312 ----a-w- c:\windows\system32\packager.dll

2011-11-19 14:01 . 2012-01-11 04:42 67072 ----a-w- c:\windows\SysWow64\packager.dll

2011-11-18 04:43 . 2011-05-17 02:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-17 06:49 . 2012-01-11 05:38 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2011-11-17 06:49 . 2012-01-11 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2011-11-17 06:44 . 2012-01-11 05:38 459232 ----a-w- c:\windows\system32\drivers\cng.sys

2011-11-17 06:41 . 2012-01-11 04:36 1731920 ----a-w- c:\windows\system32\ntdll.dll

2011-11-17 06:35 . 2012-01-11 05:38 395776 ----a-w- c:\windows\system32\webio.dll

2011-11-17 06:35 . 2012-01-11 05:38 136192 ----a-w- c:\windows\system32\sspicli.dll

2011-11-17 06:35 . 2012-01-11 05:38 29184 ----a-w- c:\windows\system32\sspisrv.dll

2011-11-17 06:35 . 2012-01-11 05:38 340992 ----a-w- c:\windows\system32\schannel.dll

2011-11-17 06:35 . 2012-01-11 05:38 28160 ----a-w- c:\windows\system32\secur32.dll

2011-11-17 06:35 . 2012-01-11 05:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2011-11-17 06:33 . 2012-01-11 05:38 31232 ----a-w- c:\windows\system32\lsass.exe

2011-11-17 05:38 . 2012-01-11 04:36 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-11-17 05:35 . 2012-01-11 05:38 314880 ----a-w- c:\windows\SysWow64\webio.dll

2011-11-17 05:34 . 2012-01-11 05:38 224768 ----a-w- c:\windows\SysWow64\schannel.dll

2011-11-17 05:34 . 2012-01-11 05:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2011-11-17 05:28 . 2012-01-11 05:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-07_07.24.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-17 03:20 . 2012-02-10 05:15 96034 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-10 05:15 55854 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-10-31 02:02 . 2012-02-10 05:15 24616 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2985498061-3233397994-3397652253-1001_UserData.bin

+ 2012-02-08 05:54 . 2011-03-31 03:00 40568 c:\windows\system32\drivers\N360x64\0502000.00D\srtspx64.sys

- 2009-10-21 08:31 . 2012-02-05 22:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-10-21 08:31 . 2012-02-09 04:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-10-21 08:31 . 2012-02-09 04:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-10-21 08:31 . 2012-01-25 04:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-25 04:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-09 04:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-10-21 08:24 . 2012-02-07 05:29 7585 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2009-10-21 08:24 . 2012-02-09 10:41 7585 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2012-02-10 05:12 . 2012-02-10 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-07 05:30 . 2012-02-07 05:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-07 05:30 . 2012-02-07 05:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-10 05:12 . 2012-02-10 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-08 06:27 . 2011-11-09 03:40 263560 c:\windows\system32\javaws.exe

+ 2012-02-08 06:27 . 2012-02-08 06:27 188808 c:\windows\system32\javaw.exe

+ 2012-02-08 06:27 . 2012-02-08 06:27 188808 c:\windows\system32\java.exe

+ 2012-02-08 05:54 . 2011-04-21 01:37 386168 c:\windows\system32\drivers\N360x64\0502000.00D\symnets.sys

+ 2012-02-08 05:54 . 2011-03-15 02:31 912504 c:\windows\system32\drivers\N360x64\0502000.00D\symefa64.sys

+ 2012-02-08 05:54 . 2011-01-27 06:47 450680 c:\windows\system32\drivers\N360x64\0502000.00D\symds64.sys

+ 2012-02-08 05:54 . 2011-03-31 03:00 744568 c:\windows\system32\drivers\N360x64\0502000.00D\srtsp64.sys

+ 2012-02-08 05:54 . 2010-11-16 01:45 171128 c:\windows\system32\drivers\N360x64\0502000.00D\ironx64.sys

+ 2009-07-14 05:01 . 2012-02-09 10:41 449276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-02-07 05:29 449276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-02-08 06:28 . 2012-02-08 06:28 103424 c:\windows\Installer\23fec5.msi

+ 2012-02-08 06:27 . 2012-02-08 06:27 375808 c:\windows\Installer\23fec1.msi

+ 2012-02-08 06:25 . 2012-02-08 06:25 559104 c:\windows\Installer\23feb9.msi

+ 2011-05-03 07:04 . 2012-02-08 06:36 1890256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-05-03 07:04 . 2012-01-25 10:11 1890256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-05-04 08:24 . 2011-12-19 09:01 3578584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2985498061-3233397994-3397652253-1001-12288.dat

+ 2011-05-04 08:24 . 2012-02-08 06:36 3578584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2985498061-3233397994-3397652253-1001-12288.dat

+ 2009-10-31 10:54 . 2012-02-09 10:41 21272196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2985498061-3233397994-3397652253-1001-8192.dat

+ 2011-11-17 22:47 . 2011-11-17 22:47 19533312 c:\windows\Installer\23febd.msi

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-05 00:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-30 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMS;KMS;c:\windows\srvany.exe [2010-04-22 8192]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]

R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-03-19 83240]

R3 dump_wmimmc;dump_wmimmc;c:\funmily\PriusOnLine\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-23 1436424]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 iscFlash;iscFlash;c:\swsetup\sp46749\iscflashx64.sys [2009-12-09 27128]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [x]

R3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [x]

R3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [x]

R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [x]

R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [x]

R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [x]

R3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [x]

R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [x]

R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]

R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-02-16 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 X6va002;X6va002;c:\users\Daniel\AppData\Local\Temp\002D05E.tmp [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2011-12-01 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120209.002\IDSvia64.sys [2011-12-15 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-06-08 89600]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]

S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]

S2 nipxirmk;NI PXI Resource Manager;c:\windows\system32\drivers\nipxirmkl.sys [x]

S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

‘计划任务’ 文件夹 里的内容

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985498061-3233397994-3397652253-1001Core.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 02:15]

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2985498061-3233397994-3397652253-1001UA.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11 02:15]

.

2012-02-08 c:\windows\Tasks\HPCeeScheduleForDaniel.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-08 487424]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

.

------- 而外的扫描 -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &U?????????

IE: &Ue1o??×e?????2¢e?2?

IE: &UE1OAA×EEIAOO2¢EO2O

IE: &Uê1ó??×è?????2¢ê?2?

IE: &Uê1ó??×è?????2¢ê?2? - c:\program files (x86)\NamiRobot\Data\du.html

IE: &U使用米人下?并收藏

IE: &U使用米人下载并收藏 - c:\program files (x86)\NamiRobot\Data\du.html

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download Link Using Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vxbv0itx.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=QCeZc6W7&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=QCeZc6W7&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]

"ImagePath"="\??\c:\users\Daniel\AppData\Local\Temp\002D05E.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2985498061-3233397994-3397652253-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):1b,22,ad,96,ca,7a,42,53,ea,dd,6f,c4,57,17,da,d1,44,2b,84,3c,18,

9f,bc,70,3e,01,af,48,58,b8,ad,4e,5e,a0,d2,14,5e,c0,4f,64,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2985498061-3233397994-3397652253-1001_Classes\Wow6432Node\CLSID\{d4b31fc7-8756-4c8f-930e-80b0546bef16}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000003d

"Therad"=dword:00000016

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

完成时间: 2012-02-10 02:22:27

ComboFix-quarantined-files.txt 2012-02-10 10:22

ComboFix2.txt 2012-02-08 06:19

ComboFix3.txt 2012-02-07 07:27

.

Pre-Run: 6,015,590,400 bytes free

Post-Run: 5,952,712,704 bytes free

.

- - End Of File - - 14D38AE36C280E9AF655C9A17A1CE500

Link to post
Share on other sites

Good to hear that! :)

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u2.
  • Look for "JDK 7u2 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

  • 2 months later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.