azeng97 Posted February 17, 2012 ID:527578 Share Posted February 17, 2012 Hi there,I recently accidentally downloaded the svchoste.exe (Trojan.agent) virus, and so downloaded MBAM and successfully removed the trojan. I have just scanned, and there are no threats detected. I also used Norton Internet Security, and there was no problem either. However, whenever I am using Google Chrome, there are constant popups (every 10 mins or so) that say they have blocked an outgoing IP as below:IP-BLOCK 222.186.49.240 (Type: outgoing, Port: 49577, Process: chrome.exe)IP-BLOCK 222.186.49.250 (Type: outgoing, Port: 49578, Process: chrome.exe)There have only been 2 IPs blocked, being the two above. For more details, I have attached the protection logs for the past two days, as well as the DDS scan results. Any help is appreciated. Thanks!mbam-log-2012-02-17 (16-45-06).txtprotection-log-2012-02-16.txtprotection-log-2012-02-17.txtDDS.txtAttach.txt Link to post Share on other sites More sharing options...
Elise Posted February 17, 2012 ID:527605 Share Posted February 17, 2012 Hello and Lets do first also a rootkit scan.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply. Link to post Share on other sites More sharing options...
azeng97 Posted February 18, 2012 Author ID:527872 Share Posted February 18, 2012 Hi, thanks for replying. I have completed the scan requested, and no threats were found. Here are the logs.12:29:42.0143 3268 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:1412:29:42.0861 3268 ============================================================12:29:42.0861 3268 Current date / time: 2012/02/18 12:29:42.086112:29:42.0861 3268 SystemInfo:12:29:42.0861 3268 12:29:42.0861 3268 OS Version: 6.1.7601 ServicePack: 1.012:29:42.0861 3268 Product type: Workstation12:29:42.0861 3268 ComputerName: AZ-MACHINE12:29:42.0861 3268 UserName: Avan12:29:42.0861 3268 Windows directory: C:\Windows12:29:42.0861 3268 System windows directory: C:\Windows12:29:42.0861 3268 Running under WOW6412:29:42.0861 3268 Processor architecture: Intel x6412:29:42.0861 3268 Number of processors: 412:29:42.0861 3268 Page size: 0x100012:29:42.0861 3268 Boot type: Normal boot12:29:42.0861 3268 ============================================================12:29:44.0717 3268 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004012:29:44.0795 3268 \Device\Harddisk0\DR0:12:29:44.0795 3268 MBR used12:29:44.0795 3268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200012:29:44.0795 3268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC35395A12:29:44.0811 3268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC386199, BlocksNum 0x1869E55912:29:44.0842 3268 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x24A24731, BlocksNum 0x1E845EBF12:29:44.0904 3268 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x4326A62F, BlocksNum 0xC34F28D12:29:44.0951 3268 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x4F5B98FB, BlocksNum 0x1869E55912:29:45.0060 3268 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x67C57E93, BlocksNum 0x61A792712:29:45.0092 3268 \Device\Harddisk0\DR0\Partition7: MBR, Type 0x7, StartLBA 0x6DDFF7F9, BlocksNum 0x69061C812:29:45.0747 3268 Initialize success12:29:45.0747 3268 ============================================================12:29:55.0044 5980 ============================================================12:29:55.0044 5980 Scan started12:29:55.0044 5980 Mode: Manual;12:29:55.0044 5980 ============================================================12:29:58.0133 5980 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys12:29:58.0180 5980 1394ohci - ok12:29:58.0227 5980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys12:29:58.0227 5980 ACPI - ok12:29:58.0274 5980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys12:29:58.0274 5980 AcpiPmi - ok12:29:58.0305 5980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys12:29:58.0305 5980 adp94xx - ok12:29:58.0305 5980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys12:29:58.0320 5980 adpahci - ok12:29:58.0320 5980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys12:29:58.0320 5980 adpu320 - ok12:29:58.0367 5980 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys12:29:58.0383 5980 AFD - ok12:29:58.0383 5980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys12:29:58.0383 5980 agp440 - ok12:29:58.0398 5980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys12:29:58.0398 5980 aliide - ok12:29:58.0445 5980 ALSysIO - ok12:29:58.0476 5980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys12:29:58.0476 5980 amdide - ok12:29:58.0492 5980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys12:29:58.0492 5980 AmdK8 - ok12:29:58.0648 5980 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys12:29:58.0788 5980 amdkmdag - ok12:29:58.0835 5980 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys12:29:58.0851 5980 amdkmdap - ok12:29:58.0851 5980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys12:29:58.0851 5980 AmdPPM - ok12:29:58.0898 5980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys12:29:58.0898 5980 amdsata - ok12:29:58.0898 5980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys12:29:58.0898 5980 amdsbs - ok12:29:58.0929 5980 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys12:29:58.0929 5980 amdxata - ok12:29:58.0944 5980 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys12:29:58.0944 5980 AppID - ok12:29:58.0960 5980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys12:29:58.0960 5980 arc - ok12:29:58.0960 5980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys12:29:58.0976 5980 arcsas - ok12:29:58.0991 5980 asmthub3 (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys12:29:58.0991 5980 asmthub3 - ok12:29:59.0038 5980 asmtxhci (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys12:29:59.0054 5980 asmtxhci - ok12:29:59.0069 5980 AsrAppCharger (912a215ce180a6e7c923c662d7ec777d) C:\Windows\system32\DRIVERS\AsrAppCharger.sys12:29:59.0085 5980 AsrAppCharger - ok12:29:59.0100 5980 AsrIbDrv - ok12:29:59.0132 5980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys12:29:59.0132 5980 AsyncMac - ok12:29:59.0147 5980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys12:29:59.0147 5980 atapi - ok12:29:59.0194 5980 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys12:29:59.0210 5980 athr - ok12:29:59.0256 5980 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys12:29:59.0256 5980 AtiHDAudioService - ok12:29:59.0288 5980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys12:29:59.0288 5980 b06bdrv - ok12:29:59.0319 5980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys12:29:59.0319 5980 b57nd60a - ok12:29:59.0350 5980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys12:29:59.0350 5980 Beep - ok12:29:59.0444 5980 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx64.sys12:29:59.0459 5980 BHDrvx64 - ok12:29:59.0475 5980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys12:29:59.0490 5980 blbdrive - ok12:29:59.0537 5980 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys12:29:59.0537 5980 bowser - ok12:29:59.0553 5980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys12:29:59.0553 5980 BrFiltLo - ok12:29:59.0553 5980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys12:29:59.0568 5980 BrFiltUp - ok12:29:59.0584 5980 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys12:29:59.0584 5980 BrSerIb - ok12:29:59.0615 5980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys12:29:59.0615 5980 Brserid - ok12:29:59.0662 5980 BrSerIf (34f6c504b150f99dae69d7073d2a4df4) C:\Windows\system32\DRIVERS\BrSerIf.sys12:29:59.0662 5980 BrSerIf - ok12:29:59.0678 5980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys12:29:59.0678 5980 BrSerWdm - ok12:29:59.0693 5980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys12:29:59.0693 5980 BrUsbMdm - ok12:29:59.0693 5980 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys12:29:59.0693 5980 BrUsbSer - ok12:29:59.0724 5980 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys12:29:59.0724 5980 BrUsbSIb - ok12:29:59.0740 5980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys12:29:59.0740 5980 BTHMODEM - ok12:29:59.0756 5980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys12:29:59.0756 5980 cdfs - ok12:29:59.0771 5980 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys12:29:59.0787 5980 cdrom - ok12:29:59.0802 5980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys12:29:59.0802 5980 circlass - ok12:29:59.0818 5980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys12:29:59.0818 5980 CLFS - ok12:29:59.0849 5980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys12:29:59.0849 5980 CmBatt - ok12:29:59.0865 5980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys12:29:59.0865 5980 cmdide - ok12:29:59.0912 5980 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys12:29:59.0912 5980 CNG - ok12:29:59.0943 5980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys12:29:59.0943 5980 Compbatt - ok12:29:59.0974 5980 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys12:29:59.0974 5980 CompositeBus - ok12:30:00.0005 5980 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys12:30:00.0005 5980 cpuz135 - ok12:30:00.0021 5980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys12:30:00.0021 5980 crcdisk - ok12:30:00.0052 5980 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys12:30:00.0052 5980 CSC - ok12:30:00.0083 5980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys12:30:00.0083 5980 DfsC - ok12:30:00.0130 5980 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys12:30:00.0130 5980 dg_ssudbus - ok12:30:00.0161 5980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys12:30:00.0161 5980 discache - ok12:30:00.0177 5980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys12:30:00.0177 5980 Disk - ok12:30:00.0208 5980 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys12:30:00.0208 5980 dmvsc - ok12:30:00.0239 5980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys12:30:00.0239 5980 drmkaud - ok12:30:00.0286 5980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys12:30:00.0286 5980 DXGKrnl - ok12:30:00.0364 5980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys12:30:00.0411 5980 ebdrv - ok12:30:00.0473 5980 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys12:30:00.0473 5980 eeCtrl - ok12:30:00.0520 5980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys12:30:00.0520 5980 elxstor - ok12:30:00.0551 5980 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys12:30:00.0567 5980 epmntdrv - ok12:30:00.0629 5980 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys12:30:00.0629 5980 EraserUtilRebootDrv - ok12:30:00.0676 5980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys12:30:00.0676 5980 ErrDev - ok12:30:00.0692 5980 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys12:30:00.0707 5980 EuGdiDrv - ok12:30:00.0723 5980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys12:30:00.0738 5980 exfat - ok12:30:00.0738 5980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys12:30:00.0738 5980 fastfat - ok12:30:00.0754 5980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys12:30:00.0754 5980 fdc - ok12:30:00.0785 5980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys12:30:00.0785 5980 FileInfo - ok12:30:00.0801 5980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys12:30:00.0816 5980 Filetrace - ok12:30:00.0816 5980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys12:30:00.0816 5980 flpydisk - ok12:30:00.0832 5980 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys12:30:00.0832 5980 FltMgr - ok12:30:00.0879 5980 FNETTBOH_305 (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS12:30:00.0894 5980 FNETTBOH_305 - ok12:30:00.0910 5980 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS12:30:00.0910 5980 FNETURPX - ok12:30:00.0926 5980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys12:30:00.0926 5980 FsDepends - ok12:30:00.0941 5980 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys12:30:00.0941 5980 Fs_Rec - ok12:30:00.0957 5980 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys12:30:00.0957 5980 fvevol - ok12:30:00.0972 5980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys12:30:00.0972 5980 gagp30kx - ok12:30:01.0004 5980 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys12:30:01.0004 5980 GEARAspiWDM - ok12:30:01.0035 5980 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys12:30:01.0035 5980 hcmon - ok12:30:01.0050 5980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys12:30:01.0050 5980 hcw85cir - ok12:30:01.0082 5980 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys12:30:01.0082 5980 HdAudAddService - ok12:30:01.0097 5980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys12:30:01.0097 5980 HDAudBus - ok12:30:01.0113 5980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys12:30:01.0113 5980 HidBatt - ok12:30:01.0128 5980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys12:30:01.0128 5980 HidBth - ok12:30:01.0144 5980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys12:30:01.0144 5980 HidIr - ok12:30:01.0160 5980 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys12:30:01.0160 5980 HidUsb - ok12:30:01.0175 5980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys12:30:01.0175 5980 HpSAMD - ok12:30:01.0206 5980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys12:30:01.0222 5980 HTTP - ok12:30:01.0238 5980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys12:30:01.0238 5980 hwpolicy - ok12:30:01.0253 5980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys12:30:01.0253 5980 i8042prt - ok12:30:01.0284 5980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys12:30:01.0284 5980 iaStorV - ok12:30:01.0440 5980 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120217.003\IDSvia64.sys12:30:01.0440 5980 IDSVia64 - ok12:30:01.0659 5980 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys12:30:01.0815 5980 igfx - ok12:30:01.0830 5980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys12:30:01.0830 5980 iirsp - ok12:30:01.0908 5980 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys12:30:01.0940 5980 IntcAzAudAddService - ok12:30:01.0986 5980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys12:30:02.0002 5980 intelide - ok12:30:02.0002 5980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys12:30:02.0002 5980 intelppm - ok12:30:02.0018 5980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys12:30:02.0018 5980 IpFilterDriver - ok12:30:02.0033 5980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys12:30:02.0049 5980 IPMIDRV - ok12:30:02.0049 5980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys12:30:02.0049 5980 IPNAT - ok12:30:02.0080 5980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys12:30:02.0080 5980 IRENUM - ok12:30:02.0096 5980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys12:30:02.0096 5980 isapnp - ok12:30:02.0111 5980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys12:30:02.0127 5980 iScsiPrt - ok12:30:02.0189 5980 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) B:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys12:30:02.0189 5980 ISODrive - ok12:30:02.0252 5980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys12:30:02.0252 5980 kbdclass - ok12:30:02.0283 5980 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys12:30:02.0283 5980 kbdhid - ok12:30:02.0330 5980 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys12:30:02.0330 5980 KSecDD - ok12:30:02.0532 5980 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys12:30:02.0548 5980 KSecPkg - ok12:30:02.0860 5980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys12:30:02.0860 5980 ksthunk - ok12:30:02.0891 5980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys12:30:02.0891 5980 lltdio - ok12:30:02.0938 5980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys12:30:02.0938 5980 LSI_FC - ok12:30:02.0954 5980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys12:30:02.0954 5980 LSI_SAS - ok12:30:02.0969 5980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys12:30:02.0969 5980 LSI_SAS2 - ok12:30:02.0985 5980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys12:30:02.0985 5980 LSI_SCSI - ok12:30:03.0000 5980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys12:30:03.0000 5980 luafv - ok12:30:03.0063 5980 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys12:30:03.0063 5980 LVRS64 - ok12:30:03.0172 5980 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys12:30:03.0234 5980 LVUVC64 - ok12:30:03.0266 5980 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys12:30:03.0266 5980 MBAMProtector - ok12:30:03.0312 5980 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys12:30:03.0312 5980 MBfilt - ok12:30:03.0359 5980 mbmiodrvr (2e1652d8ab971403eaaddc921800b1fa) C:\Windows\syswow64\mbmiodrvr.sys12:30:03.0375 5980 mbmiodrvr - ok12:30:03.0390 5980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys12:30:03.0390 5980 megasas - ok12:30:03.0422 5980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys12:30:03.0422 5980 MegaSR - ok12:30:03.0453 5980 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys12:30:03.0453 5980 MEIx64 - ok12:30:03.0468 5980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys12:30:03.0468 5980 Modem - ok12:30:03.0484 5980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys12:30:03.0484 5980 monitor - ok12:30:03.0500 5980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys12:30:03.0500 5980 mouclass - ok12:30:03.0515 5980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys12:30:03.0515 5980 mouhid - ok12:30:03.0540 5980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys12:30:03.0541 5980 mountmgr - ok12:30:03.0556 5980 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys12:30:03.0558 5980 mpio - ok12:30:03.0579 5980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys12:30:03.0580 5980 mpsdrv - ok12:30:03.0601 5980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys12:30:03.0602 5980 MRxDAV - ok12:30:03.0636 5980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys12:30:03.0638 5980 mrxsmb - ok12:30:03.0657 5980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys12:30:03.0660 5980 mrxsmb10 - ok12:30:03.0696 5980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys12:30:03.0698 5980 mrxsmb20 - ok12:30:03.0718 5980 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys12:30:03.0719 5980 msahci - ok12:30:03.0738 5980 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys12:30:03.0740 5980 msdsm - ok12:30:03.0766 5980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys12:30:03.0767 5980 Msfs - ok12:30:03.0791 5980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys12:30:03.0792 5980 mshidkmdf - ok12:30:03.0819 5980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys12:30:03.0820 5980 msisadrv - ok12:30:03.0840 5980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys12:30:03.0841 5980 MSKSSRV - ok12:30:03.0848 5980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys12:30:03.0849 5980 MSPCLOCK - ok12:30:03.0856 5980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys12:30:03.0857 5980 MSPQM - ok12:30:03.0887 5980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys12:30:03.0890 5980 MsRPC - ok12:30:03.0901 5980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys12:30:03.0901 5980 mssmbios - ok12:30:03.0918 5980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys12:30:03.0920 5980 MSTEE - ok12:30:03.0938 5980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys12:30:03.0939 5980 MTConfig - ok12:30:03.0956 5980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys12:30:03.0958 5980 Mup - ok12:30:03.0976 5980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys12:30:03.0979 5980 NativeWifiP - ok12:30:04.0090 5980 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120217.004\ENG64.SYS12:30:04.0092 5980 NAVENG - ok12:30:04.0159 5980 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120217.004\EX64.SYS12:30:04.0184 5980 NAVEX15 - ok12:30:04.0217 5980 NBVol (7b2d90bbbbed11c8dfba441d34ae901e) C:\Windows\system32\DRIVERS\NBVol.sys12:30:04.0218 5980 NBVol - ok12:30:04.0234 5980 NBVolUp (4fe7b5757279d82c4d171e9f7fd52a75) C:\Windows\system32\DRIVERS\NBVolUp.sys12:30:04.0235 5980 NBVolUp - ok12:30:04.0262 5980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys12:30:04.0268 5980 NDIS - ok12:30:04.0280 5980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys12:30:04.0281 5980 NdisCap - ok12:30:04.0299 5980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys12:30:04.0300 5980 NdisTapi - ok12:30:04.0308 5980 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys12:30:04.0309 5980 Ndisuio - ok12:30:04.0326 5980 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys12:30:04.0327 5980 NdisWan - ok12:30:04.0343 5980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys12:30:04.0344 5980 NDProxy - ok12:30:04.0355 5980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys12:30:04.0357 5980 NetBIOS - ok12:30:04.0371 5980 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys12:30:04.0373 5980 NetBT - ok12:30:04.0437 5980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys12:30:04.0439 5980 nfrd960 - ok12:30:04.0454 5980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys12:30:04.0455 5980 Npfs - ok12:30:04.0473 5980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys12:30:04.0474 5980 nsiproxy - ok12:30:04.0548 5980 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys12:30:04.0574 5980 Ntfs - ok12:30:04.0582 5980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys12:30:04.0582 5980 Null - ok12:30:04.0615 5980 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys12:30:04.0616 5980 nvraid - ok12:30:04.0625 5980 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys12:30:04.0625 5980 nvstor - ok12:30:04.0656 5980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys12:30:04.0656 5980 nv_agp - ok12:30:04.0687 5980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys12:30:04.0687 5980 ohci1394 - ok12:30:04.0703 5980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys12:30:04.0703 5980 Parport - ok12:30:04.0718 5980 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys12:30:04.0718 5980 partmgr - ok12:30:04.0734 5980 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys12:30:04.0750 5980 pci - ok12:30:04.0750 5980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys12:30:04.0750 5980 pciide - ok12:30:04.0781 5980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys12:30:04.0781 5980 pcmcia - ok12:30:04.0796 5980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys12:30:04.0796 5980 pcw - ok12:30:04.0812 5980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys12:30:04.0828 5980 PEAUTH - ok12:30:04.0906 5980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys12:30:04.0906 5980 PptpMiniport - ok12:30:04.0937 5980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys12:30:04.0937 5980 Processor - ok12:30:04.0952 5980 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys12:30:04.0952 5980 Psched - ok12:30:04.0984 5980 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys12:30:04.0984 5980 PxHlpa64 - ok12:30:05.0030 5980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys12:30:05.0062 5980 ql2300 - ok12:30:05.0077 5980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys12:30:05.0077 5980 ql40xx - ok12:30:05.0124 5980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys12:30:05.0124 5980 QWAVEdrv - ok12:30:05.0140 5980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys12:30:05.0140 5980 RasAcd - ok12:30:05.0155 5980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys12:30:05.0155 5980 RasAgileVpn - ok12:30:05.0171 5980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys12:30:05.0171 5980 Rasl2tp - ok12:30:05.0186 5980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys12:30:05.0186 5980 RasPppoe - ok12:30:05.0202 5980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys12:30:05.0202 5980 RasSstp - ok12:30:05.0233 5980 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys12:30:05.0233 5980 rdbss - ok12:30:05.0249 5980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys12:30:05.0249 5980 rdpbus - ok12:30:05.0249 5980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys12:30:05.0249 5980 RDPCDD - ok12:30:05.0280 5980 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys12:30:05.0280 5980 RDPDR - ok12:30:05.0296 5980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys12:30:05.0296 5980 RDPENCDD - ok12:30:05.0311 5980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys12:30:05.0311 5980 RDPREFMP - ok12:30:05.0327 5980 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys12:30:05.0327 5980 RdpVideoMiniport - ok12:30:05.0342 5980 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys12:30:05.0342 5980 RDPWD - ok12:30:05.0374 5980 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys12:30:05.0374 5980 rdyboost - ok12:30:05.0405 5980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys12:30:05.0420 5980 rspndr - ok12:30:05.0436 5980 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys12:30:05.0436 5980 RTL8167 - ok12:30:05.0452 5980 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys12:30:05.0452 5980 s3cap - ok12:30:05.0467 5980 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys12:30:05.0467 5980 sbp2port - ok12:30:05.0545 5980 SCDEmu (3ac948640421e3891a49aa83c6b77b7a) C:\Windows\system32\drivers\SCDEmu.sys12:30:05.0561 5980 SCDEmu - ok12:30:05.0576 5980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys12:30:05.0576 5980 scfilter - ok12:30:05.0608 5980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys12:30:05.0608 5980 secdrv - ok12:30:05.0732 5980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys12:30:05.0748 5980 Serenum - ok12:30:05.0779 5980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys12:30:05.0779 5980 Serial - ok12:30:05.0810 5980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys12:30:05.0810 5980 sermouse - ok12:30:05.0826 5980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys12:30:05.0842 5980 sffdisk - ok12:30:05.0857 5980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys12:30:05.0857 5980 sffp_mmc - ok12:30:05.0857 5980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys12:30:05.0857 5980 sffp_sd - ok12:30:05.0873 5980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys12:30:05.0873 5980 sfloppy - ok12:30:05.0888 5980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys12:30:05.0888 5980 SiSRaid2 - ok12:30:05.0904 5980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys12:30:05.0904 5980 SiSRaid4 - ok12:30:05.0920 5980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys12:30:05.0920 5980 Smb - ok12:30:05.0935 5980 speedfan - ok12:30:05.0935 5980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys12:30:05.0951 5980 spldr - ok12:30:06.0044 5980 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS12:30:06.0060 5980 SRTSP - ok12:30:06.0076 5980 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS12:30:06.0076 5980 SRTSPX - ok12:30:06.0122 5980 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys12:30:06.0122 5980 srv - ok12:30:06.0122 5980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys12:30:06.0138 5980 srv2 - ok12:30:06.0154 5980 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys12:30:06.0154 5980 srvnet - ok12:30:06.0200 5980 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys12:30:06.0200 5980 ssudmdm - ok12:30:06.0216 5980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys12:30:06.0216 5980 stexstor - ok12:30:06.0247 5980 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys12:30:06.0247 5980 storflt - ok12:30:06.0263 5980 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys12:30:06.0263 5980 storvsc - ok12:30:06.0294 5980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys12:30:06.0294 5980 swenum - ok12:30:06.0372 5980 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS12:30:06.0372 5980 SymDS - ok12:30:06.0403 5980 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS12:30:06.0419 5980 SymEFA - ok12:30:06.0481 5980 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS12:30:06.0481 5980 SymEvent - ok12:30:06.0528 5980 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS12:30:06.0528 5980 SymIRON - ok12:30:06.0590 5980 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS12:30:06.0590 5980 SymNetS - ok12:30:06.0606 5980 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys12:30:06.0606 5980 Synth3dVsc - ok12:30:06.0700 5980 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys12:30:06.0731 5980 Tcpip - ok12:30:06.0762 5980 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys12:30:06.0762 5980 TCPIP6 - ok12:30:06.0778 5980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys12:30:06.0778 5980 tcpipreg - ok12:30:06.0793 5980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys12:30:06.0793 5980 TDPIPE - ok12:30:06.0809 5980 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys12:30:06.0824 5980 TDTCP - ok12:30:06.0840 5980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys12:30:06.0840 5980 tdx - ok12:30:06.0856 5980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys12:30:06.0856 5980 TermDD - ok12:30:06.0871 5980 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys12:30:06.0871 5980 terminpt - ok12:30:06.0887 5980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys12:30:06.0902 5980 tssecsrv - ok12:30:06.0918 5980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys12:30:06.0918 5980 TsUsbFlt - ok12:30:06.0918 5980 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys12:30:06.0918 5980 TsUsbGD - ok12:30:06.0934 5980 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys12:30:06.0949 5980 tsusbhub - ok12:30:06.0949 5980 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys12:30:06.0965 5980 tunnel - ok12:30:06.0980 5980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys12:30:06.0980 5980 uagp35 - ok12:30:06.0996 5980 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys12:30:06.0996 5980 udfs - ok12:30:07.0027 5980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys12:30:07.0027 5980 uliagpkx - ok12:30:07.0043 5980 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys12:30:07.0043 5980 umbus - ok12:30:07.0058 5980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys12:30:07.0058 5980 UmPass - ok12:30:07.0105 5980 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys12:30:07.0105 5980 USBAAPL64 - ok12:30:07.0121 5980 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys12:30:07.0121 5980 usbaudio - ok12:30:07.0183 5980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys12:30:07.0183 5980 usbccgp - ok12:30:07.0214 5980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys12:30:07.0214 5980 usbcir - ok12:30:07.0230 5980 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys12:30:07.0230 5980 usbehci - ok12:30:07.0246 5980 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys12:30:07.0246 5980 usbhub - ok12:30:07.0292 5980 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys12:30:07.0292 5980 usbohci - ok12:30:07.0308 5980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys12:30:07.0308 5980 usbprint - ok12:30:07.0308 5980 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys12:30:07.0324 5980 usbscan - ok12:30:07.0370 5980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS12:30:07.0370 5980 USBSTOR - ok12:30:07.0386 5980 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys12:30:07.0386 5980 usbuhci - ok12:30:07.0558 5980 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys12:30:07.0558 5980 VBoxDrv - ok12:30:07.0604 5980 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys12:30:07.0604 5980 VBoxNetAdp - ok12:30:07.0651 5980 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys12:30:07.0651 5980 VBoxNetFlt - ok12:30:07.0708 5980 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys12:30:07.0710 5980 VBoxUSBMon - ok12:30:07.0719 5980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys12:30:07.0721 5980 vdrvroot - ok12:30:07.0744 5980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys12:30:07.0746 5980 vga - ok12:30:07.0753 5980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys12:30:07.0753 5980 VgaSave - ok12:30:07.0760 5980 VGPU - ok12:30:07.0774 5980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys12:30:07.0776 5980 vhdmp - ok12:30:07.0790 5980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys12:30:07.0791 5980 viaide - ok12:30:07.0829 5980 VirtuWDDM (d7d9e7c0c64350259c355efe37ad9ce6) C:\Windows\system32\DRIVERS\VirtuWDDM.sys12:30:07.0830 5980 VirtuWDDM - ok12:30:07.0861 5980 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys12:30:07.0864 5980 vmbus - ok12:30:07.0892 5980 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys12:30:07.0893 5980 VMBusHID - ok12:30:07.0925 5980 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys12:30:07.0927 5980 vmci - ok12:30:07.0969 5980 vmkbd (3a717d3e29c107351347b478a9d0043f) C:\Windows\system32\drivers\VMkbd.sys12:30:07.0970 5980 vmkbd - ok12:30:08.0011 5980 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys12:30:08.0013 5980 VMnetAdapter - ok12:30:08.0064 5980 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys12:30:08.0065 5980 VMnetBridge - ok12:30:08.0075 5980 VMnetuserif (b6a3766c3e99fb1f6663c6b4b7c3f3a1) C:\Windows\system32\drivers\vmnetuserif.sys12:30:08.0076 5980 VMnetuserif - ok12:30:08.0113 5980 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys12:30:08.0114 5980 vmusb - ok12:30:08.0140 5980 vmx86 (e53cad9b1fa901ca2046501ee88f9cef) C:\Windows\system32\drivers\vmx86.sys12:30:08.0141 5980 vmx86 - ok12:30:08.0158 5980 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys12:30:08.0160 5980 volmgr - ok12:30:08.0174 5980 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys12:30:08.0177 5980 volmgrx - ok12:30:08.0192 5980 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys12:30:08.0195 5980 volsnap - ok12:30:08.0217 5980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys12:30:08.0219 5980 vsmraid - ok12:30:08.0236 5980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys12:30:08.0244 5980 vwifibus - ok12:30:08.0276 5980 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys12:30:08.0297 5980 vwififlt - ok12:30:08.0320 5980 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys12:30:08.0322 5980 vwifimp - ok12:30:08.0341 5980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys12:30:08.0343 5980 WacomPen - ok12:30:08.0360 5980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys12:30:08.0361 5980 WANARP - ok12:30:08.0364 5980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys12:30:08.0365 5980 Wanarpv6 - ok12:30:08.0389 5980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys12:30:08.0390 5980 Wd - ok12:30:08.0422 5980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys12:30:08.0427 5980 Wdf01000 - ok12:30:08.0449 5980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys12:30:08.0450 5980 WfpLwf - ok12:30:08.0465 5980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys12:30:08.0466 5980 WIMMount - ok12:30:08.0541 5980 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys12:30:08.0543 5980 WinUsb - ok12:30:08.0568 5980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys12:30:08.0569 5980 WmiAcpi - ok12:30:08.0587 5980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys12:30:08.0587 5980 ws2ifsl - ok12:30:08.0675 5980 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys12:30:08.0694 5980 WSDPrintDevice - ok12:30:08.0956 5980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys12:30:09.0019 5980 WudfPf - ok12:30:09.0175 5980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys12:30:09.0253 5980 WUDFRd - ok12:30:09.0315 5980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR012:30:09.0409 5980 \Device\Harddisk0\DR0 - ok12:30:09.0409 5980 Boot (0x1200) (25c32f73c0ba485866ec0310a287e06d) \Device\Harddisk0\DR0\Partition012:30:09.0440 5980 \Device\Harddisk0\DR0\Partition0 - ok12:30:09.0455 5980 Boot (0x1200) (c614e7e7142949844278dce3a9d01994) \Device\Harddisk0\DR0\Partition112:30:09.0487 5980 \Device\Harddisk0\DR0\Partition1 - ok12:30:09.0487 5980 Boot (0x1200) (806d6bbbeda36cd0164d77883799db01) \Device\Harddisk0\DR0\Partition212:30:09.0518 5980 \Device\Harddisk0\DR0\Partition2 - ok12:30:09.0549 5980 Boot (0x1200) (c14753721a83526906f819186dfb6199) \Device\Harddisk0\DR0\Partition312:30:09.0596 5980 \Device\Harddisk0\DR0\Partition3 - ok12:30:09.0689 5980 Boot (0x1200) (2ce734e51c0f95a9db19bf404d9b3cd2) \Device\Harddisk0\DR0\Partition412:30:09.0705 5980 \Device\Harddisk0\DR0\Partition4 - ok12:30:09.0736 5980 Boot (0x1200) (d28cf14d334f80303eaef016a4ca3f1f) \Device\Harddisk0\DR0\Partition512:30:09.0767 5980 \Device\Harddisk0\DR0\Partition5 - ok12:30:09.0799 5980 Boot (0x1200) (6df93d877a1a2c5737ff6280c3305c09) \Device\Harddisk0\DR0\Partition612:30:09.0861 5980 \Device\Harddisk0\DR0\Partition6 - ok12:30:09.0892 5980 Boot (0x1200) (2be33588e0179a332960eb3a6d202d97) \Device\Harddisk0\DR0\Partition712:30:09.0908 5980 \Device\Harddisk0\DR0\Partition7 - ok12:30:09.0908 5980 ============================================================12:30:09.0908 5980 Scan finished12:30:09.0908 5980 ============================================================12:30:09.0908 6008 Detected object count: 012:30:09.0908 6008 Actual detected object count: 012:30:46.0424 6168 Deinitialize success Link to post Share on other sites More sharing options...
Elise Posted February 18, 2012 ID:527926 Share Posted February 18, 2012 Hi again,COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
azeng97 Posted February 18, 2012 Author ID:527939 Share Posted February 18, 2012 Here is the log. Thanks.ComboFix 12-02-13.01 - Avan 18/02/2012 20:26:32.1.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8104.5241 [GMT 11:00]Running from: b:\downloads\ComboFix.exeAV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..b:\program files (x86)\Uninstall.exeb:\program files\7z.exeb:\program files\Setup.exeb:\program files\Uninstall.exec:\programdata\ntuser.datc:\users\Avan\AppData\Local\TempDIRc:\users\Avan\AppData\Local\TempDIR\BetterInstaller.exe..((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))..2012-02-18 09:58 . 2012-02-18 09:58 -------- d-----w- c:\users\Ming\AppData\Local\temp2012-02-18 09:58 . 2012-02-18 09:58 -------- d-----w- c:\users\Guest\AppData\Local\temp2012-02-17 09:38 . 2012-02-17 09:38 -------- d-----w- c:\users\Ming\AppData\Roaming\Malwarebytes2012-02-16 11:12 . 2012-02-16 11:12 -------- d-----w- c:\users\Avan\AppData\Roaming\Malwarebytes2012-02-16 11:11 . 2012-02-16 11:11 -------- d-----w- c:\programdata\Malwarebytes2012-02-16 11:11 . 2011-12-10 04:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys2012-02-16 09:31 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll2012-02-16 09:31 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll2012-02-16 09:31 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl2012-02-16 09:31 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl2012-02-16 09:30 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys2012-02-16 09:30 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys2012-02-16 09:30 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll2012-02-16 09:30 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll2012-02-16 06:54 . 2012-02-16 06:54 -------- d-----w- c:\programdata\ATI2012-02-16 06:50 . 2012-02-16 06:50 -------- d-----w- C:\AMD2012-02-15 05:06 . 2012-02-15 05:06 -------- d-----w- c:\users\Avan\AppData\Local\ElevatedDiagnostics2012-02-14 03:22 . 2012-02-14 03:22 -------- d-----w- c:\program files (x86)\Common Files\Spigot2012-02-11 10:42 . 2012-02-18 03:59 -------- d-----w- c:\users\Avan\AppData\Roaming\.minecraft2012-02-11 10:41 . 2012-02-11 10:42 -------- d-----w- c:\users\Avan\AppData\Roaming\1.1Unmod2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\zh-TW2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\zh-CN2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\vi-VN2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\th-TH2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\ru-RU2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\ko-KR2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\it-IT2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\fr-FR2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\es-ES2012-02-11 06:24 . 2012-02-11 06:24 -------- d-----w- b:\program files (x86)\de-DE2012-02-11 06:23 . 2012-02-11 06:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2012-02-11 01:50 . 2012-02-11 01:50 -------- d-----w- c:\users\Avan\AppData\Roaming\4t Niagara Software2012-02-10 08:13 . 2012-02-10 08:13 -------- d-----w- c:\users\Avan\AppData\Roaming\Need for Speed World2012-02-10 07:49 . 2012-02-10 07:49 -------- d-----w- c:\users\Avan\AppData\Local\Electronic_Arts_Inc2012-02-10 07:46 . 2012-02-18 04:14 -------- d-----w- b:\program files (x86)\Need For Speed World2012-02-10 07:46 . 2012-02-10 07:46 -------- d-----w- c:\programdata\Electronic Arts2012-02-09 23:00 . 2012-02-09 23:00 -------- d-----w- b:\program files (x86)\Esl2012-02-05 01:44 . 2012-02-05 01:44 -------- d-----w- c:\windows\Sun2012-02-04 07:42 . 2012-02-04 07:47 -------- d-----w- c:\users\Ming\AppData\Local\ElevatedDiagnostics2012-02-03 05:25 . 2012-02-18 01:38 -------- d-----w- b:\program files\7.00.20C2012-02-03 05:25 . 2012-02-04 23:55 -------- d-----w- b:\program files\new2012-01-31 02:46 . 2012-02-10 05:18 -------- d-----w- c:\windows\system32\drivers\NISx64\1207000.00D2012-01-23 11:22 . 2012-01-23 11:22 -------- d-----w- b:\program files (x86)\Mozilla Plugins2012-01-23 11:22 . 2012-01-23 11:22 -------- d-----w- b:\program files (x86)\iTunesHelper.Resources2012-01-23 11:22 . 2012-01-23 11:22 -------- d-----w- b:\program files (x86)\iTunes.Resources2012-01-23 11:22 . 2012-01-23 11:22 -------- d-----w- b:\program files\iPod2012-01-23 11:22 . 2012-01-23 11:22 -------- d-----w- b:\program files\iTunes2012-01-23 11:22 . 2012-01-23 11:22 -------- d-----w- b:\program files (x86)\CD Configuration2012-01-23 11:22 . 2012-01-23 11:22 -------- d-----w- c:\users\Ming\AppData\Local\Apple Computer2012-01-22 11:01 . 2012-01-22 11:01 -------- d-----w- c:\users\Ming\AppData\Roaming\Avant Downloader2012-01-22 11:01 . 2012-01-22 11:01 -------- d-----w- c:\users\Ming\AppData\Roaming\Avant Profiles2012-01-22 08:19 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll2012-01-22 08:19 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-01-22 08:19 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll2012-01-22 08:19 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll2012-01-22 08:19 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-01-16 06:22 . 2012-01-16 06:22 293736 ----a-w- b:\program files (x86)\iTunesOutlookAddIn.dll2012-01-16 06:22 . 2012-01-16 06:22 421736 ----a-w- b:\program files (x86)\iTunesHelper.exe2012-01-16 06:22 . 2012-01-16 06:22 403304 ----a-w- b:\program files (x86)\iTunesAdmin.dll2012-01-16 06:22 . 2012-01-16 06:22 156520 ----a-w- b:\program files (x86)\iTunesHelper.dll2012-01-16 06:22 . 2012-01-16 06:22 9777000 ----a-w- b:\program files (x86)\iTunes.exe2012-01-16 06:22 . 2012-01-16 06:22 20868968 ----a-w- b:\program files (x86)\iTunes.dll2012-01-16 06:22 . 2012-01-16 06:22 803200 ----a-w- b:\program files (x86)\gnsdk_sdkmanager.dll2012-01-16 06:22 . 2012-01-16 06:22 3035520 ----a-w- b:\program files (x86)\gnsdk_dsp.dll2012-01-16 06:22 . 2012-01-16 06:22 287104 ----a-w- b:\program files (x86)\gnsdk_submit.dll2012-01-16 06:22 . 2012-01-16 06:22 246144 ----a-w- b:\program files (x86)\gnsdk_musicid.dll2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr2011-12-28 10:31 . 2011-12-28 10:31 53248 ----a-r- c:\users\Avan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe2011-12-22 07:10 . 2011-12-22 07:10 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin2011-12-22 02:50 . 2011-12-22 02:50 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll2011-12-22 02:50 . 2011-12-22 02:50 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll2011-12-21 11:47 . 2011-12-21 11:47 8874311 ----a-w- b:\program files (x86)\HMAInterbankDirect_install.exe2011-12-20 11:06 . 2011-12-20 11:06 28252 ----a-w- c:\windows\SysWow64\Rockey9x.vxd2011-12-20 10:17 . 2011-12-20 10:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-12-20 09:58 . 2011-12-08 11:16 222624 ----a-w- b:\program files\AliIM.exe2011-12-20 06:08 . 2011-12-20 02:17 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS2011-12-20 05:53 . 2011-03-28 07:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2011-12-20 05:24 . 2011-12-20 05:24 5088312 ----a-w- c:\windows\system32\GooglePinyin2.ime2011-12-20 05:24 . 2011-12-20 05:24 3396152 ----a-w- c:\windows\SysWow64\GooglePinyin2.ime2011-12-20 05:12 . 2011-12-20 04:44 753387136 ----a-w- b:\program files\ProfessionalPlus.exe2011-12-20 04:50 . 2011-12-20 04:50 735608 ----a-w- b:\program files\uTorrent.exe2011-12-20 03:15 . 2011-12-20 03:15 31808 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS2011-12-20 02:09 . 2011-12-20 02:09 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS2011-12-20 01:47 . 2011-12-20 01:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2011-12-20 01:47 . 2011-12-20 01:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2011-12-20 01:47 . 2011-12-20 01:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll2011-12-20 01:47 . 2011-12-20 01:47 85504 ----a-w- c:\windows\system32\iesetup.dll2011-12-20 01:47 . 2011-12-20 01:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2011-12-20 01:47 . 2011-12-20 01:47 76800 ----a-w- c:\windows\system32\tdc.ocx2011-12-20 01:47 . 2011-12-20 01:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2011-12-20 01:47 . 2011-12-20 01:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll2011-12-20 01:47 . 2011-12-20 01:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx2011-12-20 01:47 . 2011-12-20 01:47 603648 ----a-w- c:\windows\system32\vbscript.dll2011-12-20 01:47 . 2011-12-20 01:47 49664 ----a-w- c:\windows\system32\imgutil.dll2011-12-20 01:47 . 2011-12-20 01:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2011-12-20 01:47 . 2011-12-20 01:47 48640 ----a-w- c:\windows\system32\mshtmler.dll2011-12-20 01:47 . 2011-12-20 01:47 448512 ----a-w- c:\windows\system32\html.iec2011-12-20 01:47 . 2011-12-20 01:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2011-12-20 01:47 . 2011-12-20 01:47 367104 ----a-w- c:\windows\SysWow64\html.iec2011-12-20 01:47 . 2011-12-20 01:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll2011-12-20 01:47 . 2011-12-20 01:47 30720 ----a-w- c:\windows\system32\licmgr10.dll2011-12-20 01:47 . 2011-12-20 01:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll2011-12-20 01:47 . 2011-12-20 01:47 222208 ----a-w- c:\windows\system32\msls31.dll2011-12-20 01:47 . 2011-12-20 01:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe2011-12-20 01:47 . 2011-12-20 01:47 165888 ----a-w- c:\windows\system32\iexpress.exe2011-12-20 01:47 . 2011-12-20 01:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll2011-12-20 01:47 . 2011-12-20 01:47 160256 ----a-w- c:\windows\system32\wextract.exe2011-12-20 01:47 . 2011-12-20 01:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe2011-12-20 01:47 . 2011-12-20 01:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2011-12-20 01:47 . 2011-12-20 01:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2011-12-20 01:47 . 2011-12-20 01:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll2011-12-20 01:47 . 2011-12-20 01:47 12288 ----a-w- c:\windows\system32\mshta.exe2011-12-20 01:47 . 2011-12-20 01:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe2011-12-20 01:47 . 2011-12-20 01:47 114176 ----a-w- c:\windows\system32\admparse.dll2011-12-20 01:47 . 2011-12-20 01:47 111616 ----a-w- c:\windows\system32\iesysprep.dll2011-12-20 01:47 . 2011-12-20 01:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2011-12-20 01:47 . 2011-12-20 01:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll2011-12-19 02:45 . 2011-12-22 09:44 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys2011-12-19 02:45 . 2011-12-22 09:44 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys2011-12-19 02:45 . 2011-12-19 02:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys2011-12-19 02:43 . 2011-12-19 02:43 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll2011-12-19 02:43 . 2011-12-19 02:43 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys2011-12-07 04:30 . 2011-12-07 04:30 1121936 ----a-w- b:\program files (x86)\SeaToolsforWindows.exe2011-12-07 04:29 . 2011-12-07 04:29 29184 ----a-w- b:\program files (x86)\SeagateDriveControls.dll2011-12-07 04:29 . 2011-12-07 04:29 131584 ----a-w- b:\program files (x86)\SpawnCLR.dll2011-12-06 04:14 . 2011-12-06 04:14 3267072 ----a-w- b:\program files (x86)\stxcon.exe2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe2011-12-06 03:17 . 2011-04-19 15:09 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll2011-12-06 03:16 . 2011-11-10 03:15 933888 ----a-w- c:\windows\system32\aticfx64.dll2011-12-06 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll2011-12-06 03:06 . 2011-12-06 03:06 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll2011-12-06 02:51 . 2011-12-06 02:51 7520768 ----a-w- c:\windows\system32\atidxx64.dll2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll2011-12-06 02:39 . 2011-11-10 02:40 4072960 ----a-w- c:\windows\system32\atiumd6a.dll2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll2011-12-06 02:33 . 2011-04-19 14:38 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll2011-12-06 02:28 . 2011-04-19 14:30 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll2011-12-06 02:24 . 2011-11-10 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-01-20 165776]"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}][HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1][HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}][HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook].[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}].[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"E786BC966678F96C8105A6C14C4290E9640DA755._service_run"="c:\users\Avan\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-02-15 1049072]"aliim"="b:\program files\aliim.exe" [2011-12-20 222624]"Akamai NetSession Interface"="c:\users\Avan\AppData\Local\Akamai\netsession_win.exe" [2012-02-01 3329824]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-12-20 4942336]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]"NBAgent"="b:\program files\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"Adobe Acrobat Speed Launcher"="b:\program files (x86)\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]"Acrobat Assistant 8.0"="b:\program files (x86)\Acrobat\Acrotray.exe" [2012-01-03 815512]"PWRISOVM.EXE"="b:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-20 776064]"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]"iTunesHelper"="b:\program files (x86)\iTunesHelper.exe" [2012-01-16 421736]"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872].c:\users\Avan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4t Tray Minimizer.lnk - b:\program files (x86)\4t Tray Minimizer\4t-min.exe [N/A]Logitech . Product Registration.lnk - b:\program files (x86)\Logitech\Ereg\eReg.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ GOOGLEPINYIN2.IME.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804] IME file REG_SZ KIme.ime.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 ALSysIO;ALSysIO;c:\users\Avan\AppData\Local\Temp\ALSysIO64.sys [x]R3 AsrIbDrv;AsrIbDrv;c:\windows\SysWOW64\Drivers\AsrIbDrv.sys [x]R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-12-01 1157240]S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120217.003\IDSvia64.sys [2011-12-15 488568]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-18 450848]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 38798835*Deregistered* - 38798835*Deregistered* - AxtuDrv.Contents of the 'Scheduled Tasks' folder.2012-02-18 c:\windows\Tasks\AliUpdater{68252383-76BF-4AD7-9FDB-CC256ADAB610}.job- b:\program files\AliTask.exe [2011-11-22 01:58].2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247310540-1826721815-3888040812-1000Core.job- c:\users\Avan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 03:38].2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247310540-1826721815-3888040812-1000UA.job- c:\users\Avan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 03:38].2012-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247310540-1826721815-3888040812-1010Core.job- c:\users\Ming\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 11:33].2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247310540-1826721815-3888040812-1010UA.job- c:\users\Ming\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 11:33]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-29 499608].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x1"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:splashtopconnectuDefault_Search_URL = hxxp://www.google.com/iemLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;127.0.0.1:9421uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105IE: Ìí¼ÓΪ°¢Àïíúíú±íÇé - b:\program files\7.00.15C\AddNewEmotion.htmLSP: %SystemRoot%\system32\vsocklib.dllTrusted Zone: alipay.comTrusted Zone: alisoft.comTrusted Zone: taobao.comTrusted Zone: alipay.comTrusted Zone: alisoft.comTrusted Zone: taobao.comTCP: DhcpNameServer = 10.0.0.138FF - ProfilePath - c:\users\Avan\AppData\Roaming\Mozilla\Firefox\Profiles\okf4jk7u.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-ASRockXTU - (no file)Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)Wow6432Node-HKCU-Run-DriverMax - (no file)Wow6432Node-HKCU-Run-DriverMax_RESTART - (no file)Wow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exeWebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)AddRemove-AlipaySecControl - c:\windows\system32\aliedit\2.5.0.3\uninst.exeAddRemove-{1BC4AAF4-9FC2-4AC6-B0E5-4576279FE25D} - b:\program files (x86)\uninstall.exeAddRemove-°¢Àïíúíú2011Õýʽ°æSP2 - b:\program files\Uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-4247310540-1826721815-3888040812-1000\Software\Kingsoft\FastAIT2009\NetTrans\Ñ‘q\ë_Ñ‹*NºNHr1*.*0*\Appearance]"UISound"=dword:00000001"SmallWndTransparent"=dword:00000001.[HKEY_USERS\S-1-5-21-4247310540-1826721815-3888040812-1000\Software\Kingsoft\FastAIT2009\NetTrans\Ñ‘q\ë_Ñ‹*NºNHr1*.*0*\HotKey]"Switch"=dword:0003004f"SeniorTrans"=dword:00020070"BatchTrans"=dword:00020071"Permanence"=dword:00020072"CodeCoverter"=dword:00020073"SpellAssistant"=dword:00030053.[HKEY_USERS\S-1-5-21-4247310540-1826721815-3888040812-1000\Software\Kingsoft\FastAIT2009\NetTrans\Ñ‘q\ë_Ñ‹*NºNHr1*.*0*\Regular]"SmallWnd"=dword:00000000"Exit"=dword:00000001.[HKEY_USERS\S-1-5-21-4247310540-1826721815-3888040812-1000\Software\Kingsoft\FastAIT2009\NetTrans\Ñ‘q\ë_Ñ‹*NºNHr1*.*0*\Update]"AutoUpdate"=dword:00000001"UseProxy"=dword:00000000"UserCheck"=dword:00000000"ProxyTypeSel"=dword:00000000"PortNum"=dword:00000000"PorxyAddr"="""UserName"="""PassWord"="".[HKEY_USERS\S-1-5-21-4247310540-1826721815-3888040812-1000_Classes\.*?–Ì‘úeúe¥c6e„vïS‘u‡eöN]@Allowed: (Read) (RestrictedCode)@="AliFileCheck.File".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]"Version"=hex:ee,98,11,bc,46,b5,eb,97,7b,de,90,5c,3e,2f,55,2e,ef,11,dd,08,0d, 3c,e1,d1,cb,10,50,e3,e1,01,b2,a5,3e,25,05,f9,06,41,fb,f5,e2,5e,cf,01,c3,09,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]"Version"=hex:ee,98,11,bc,46,b5,eb,97,7b,de,90,5c,3e,2f,55,2e,ef,11,dd,08,0d, 3c,e1,d1,cb,10,50,e3,e1,01,b2,a5,3e,25,05,f9,06,41,fb,f5,e2,5e,cf,01,c3,09,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-02-18 21:00:32ComboFix-quarantined-files.txt 2012-02-18 10:00.Pre-Run: 42,736,050,176 bytes freePost-Run: 42,916,167,680 bytes free.- - End Of File - - 0D2F187958E56F34FAEBBF473881F5E4 Link to post Share on other sites More sharing options...
Elise Posted February 18, 2012 ID:527944 Share Posted February 18, 2012 How are things running at this point? Do you still get the IP blocks?I see no more active malware, but still some unnecessary/potentially unwanted toolbars and such. Before cleaning those out I'd like to know however if you still experience the IP blocks. Link to post Share on other sites More sharing options...
azeng97 Posted February 18, 2012 Author ID:527947 Share Posted February 18, 2012 I haven't been seeing the blocks since I posted this yesterday. The IPs blocked were from China, and I think it is because I had a chinese shopping website open. After I closed it, there have been no more of these. If that was the problem, thanks for your generous help anyway. I really appreciate it Link to post Share on other sites More sharing options...
Elise Posted February 18, 2012 ID:527949 Share Posted February 18, 2012 Glad to hear they didn't come back. P2P WARNING-------------------Going over your logs I noticed that you have uTorrent installed. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.It is pretty much certain that if you continue to use P2P programs, you will get infected again.I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use it until your computer is cleaned.Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:Download the latest version of Adobe Reader Version X. and save it to your desktop.Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offeredClick the download button at the bottom. If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat. If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your ComputerThen from your desktop double-click on Adobe Reader to install the newest version. If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.When the "Adobe Setup - Welcome" window opens, click the Install > button.If offered to install a Toolbar, just uncheck the box before continuing unless you want it.Your Adobe Reader is now up to date!Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Download the latest version of Java Runtime Environment (JRE) Version 7u3.Look for "JDK 7u3 (JDK or JRE).Click the "Download JRE" button at the right.Read the License Agreement, and then check the box that says: "Accept License Agreement".Select "Windows x86 Offline" and click on jre-7-windows-i586.exe [*]Save it to your desktop[*]Close any programs you may have running - especially your web browser.[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).[*]Reboot your computer once all Java components are removed.[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, click List Threats[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Click the Back button.[*]Click the Finish button. Link to post Share on other sites More sharing options...
Staff screen317 Posted April 10, 2012 Staff ID:541556 Share Posted April 10, 2012 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 24, 2012 ID:554327 Share Posted May 24, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts