Possible redirect infection

needhelp1 · April 18, 2012

Merged Post

We look for post with 0 replies

Hi,

Similar issue to others here. When I type in a URL wrong, instead of "can't find address" as before, now the page is redirected to a bogus site and an ad popup appears. Also, now when running Internet Explorer, two instances of IE appear in the task manager (previously just one, however, none appear when I don't run IE). And finally just this evening, when doing a Google search on multiple instances of IE in the task manager, the results were redirected to a bogus page. Malwarebytes, Norton 360, and TDSSKiller show nothing. Norton firewall does have double entries of "Internet Explorer is trying to access the internet" which it did not have before. Thanks for any help you can provide.

Updated with DDS and Attach logs.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by PWS at 10:35:25 on 2012-04-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12199.10674 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\AsHookDevice.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{B572E52D-654C-4037-A505-6BF565430247} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120417.001\IDSviA64.sys [2012-4-17 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-5-31 918144]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [2011-5-31 915072]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2011-5-31 586880]

R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2011-5-31 203392]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-8 130008]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-31 2656280]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 mv91xx;mv91xx;C:\Windows\system32\drivers\mv91xx.sys --> C:\Windows\system32\drivers\mv91xx.sys [?]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-14 19:03:32 -------- d-----w- C:\Program Files (x86)\TD3

2012-04-14 17:05:08 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-12 04:17:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 04:17:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 04:17:27 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 04:17:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 04:17:26 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 04:17:26 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 04:17:26 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-04-02 04:15:47 -------- d-----w- C:\Program Files\iTunes

2012-04-02 04:15:47 -------- d-----w- C:\Program Files\iPod

2012-04-02 04:15:47 -------- d-----w- C:\Program Files (x86)\iTunes

2012-03-30 14:15:36 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-03-26 03:14:30 -------- d-----w- C:\TDSSKiller_Quarantine

.

==================== Find3M ====================

.

2012-04-14 17:06:05 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-16 03:57:32 116016 ----a-w- C:\Windows\System32\drivers\21858290.sys

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 10:36:38.13 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/18/2011 12:24:35 PM

System Uptime: 4/18/2012 10:33:56 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CM6850

Processor: Intel® Core i5-2320 CPU @ 3.00GHz | LGA1155 | 3001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 745 GiB total, 678.965 GiB free.

D: is FIXED (NTFS) - 1104 GiB total, 1089.266 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP44: 3/12/2012 1:50:10 PM - Scheduled Checkpoint

RP45: 3/13/2012 8:24:10 PM - Windows Update

RP46: 3/13/2012 11:30:28 PM - Windows Update

RP47: 3/21/2012 9:48:22 PM - Scheduled Checkpoint

RP48: 3/30/2012 6:34:57 PM - Scheduled Checkpoint

RP49: 4/7/2012 10:49:13 PM - Scheduled Checkpoint

RP50: 4/11/2012 11:17:10 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Reader X (10.1.3) MUI

AI Manager

AI Suite II

Apple Application Support

Apple Software Update

ASUS Backup Wizard

AsusVibe2.0

Bing Bar

Citrix XenApp Web Plugin

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

D3DX10

DVD Shrink 3.2

Free M4a to MP3 Converter 7.0

Galerie de photos Windows Live

Galería fotográfica de Windows Live

HP Officejet Pro 8500 A910 Help

HP Update

I.R.I.S. OCR

Intel® Management Engine Components

Junk Mail filter update

LightScribe System Software 1.10.13.1

Malwarebytes Anti-Malware version 1.61.0.1400

Marketsplash Shortcuts

Mesh Runtime

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Standard Edition 2003

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Train Simulator

Microsoft Visual C++ 2005 Redistributable

MLT Greater Toronto Area

MSTS Patch 1.8.0521 EN

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

Nero 7 Essentials

neroxml

Norton Security Suite

QuickTime

RailDriver for MSTS

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek Ethernet Diagnostic Utility

Realtek High Definition Audio Driver

RealUpgrade 1.1

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

TC

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalerie

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

4/16/2012 12:53:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

.

==== End Of File ===========================

CatByte · April 20, 2012

Hi,

Please do the following:

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
When asked if you want to download Avast's virus definitions please select Yes.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

NEXT

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
- As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
- Then click Continue > Reboot now
[*]Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

needhelp1 · April 20, 2012

Thanks for the reply, logs posted/attached below:

Run date: 2012-04-20 16:45:49

-----------------------------

16:45:49.204 OS Version: Windows x64 6.1.7601 Service Pack 1

16:45:49.204 Number of processors: 4 586 0x2A07

16:45:49.204 ComputerName: SD70 UserName: PWS

16:45:50.359 Initialize success

16:46:25.772 AVAST engine defs: 12042001

16:46:41.872 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

16:46:41.887 Disk 0 Vendor: WDC_WD20EARX-22PASB0 51.0AB51 Size: 1907729MB BusType: 3

16:46:41.903 Disk 0 MBR read successfully

16:46:41.918 Disk 0 MBR scan

16:46:41.918 Disk 0 unknown MBR code

16:46:41.918 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 14524 MB offset 2048

16:46:41.934 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 763090 MB offset 29747200

16:46:41.965 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1130113 MB offset 1592555520

16:46:42.012 Disk 0 scanning C:\Windows\system32\drivers

16:46:48.533 Service scanning

16:47:02.448 Modules scanning

16:47:02.448 Disk 0 trace - called modules:

16:47:02.464 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

16:47:02.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ae38790]

16:47:02.978 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800ab28520]

16:47:02.978 5 ACPI.sys[fffff88000f157a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ab2d060]

16:47:04.086 AVAST engine scan C:\Windows

16:47:06.223 AVAST engine scan C:\Windows\system32

16:49:09.011 AVAST engine scan C:\Windows\system32\drivers

16:49:33.534 AVAST engine scan C:\Users\PWS

16:52:35.883 AVAST engine scan C:\ProgramData

16:53:26.521 Scan finished successfully

16:53:58.641 Disk 0 MBR has been saved successfully to "C:\Users\PWS\Desktop\MBR.dat"

16:53:58.641 The log file has been saved successfully to "C:\Users\PWS\Desktop\aswMBR.txt"

-----------------------------------------------------------

And the TDSSKiller log below:

16:59:23.0007 1556 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47

16:59:23.0787 1556 ============================================================

16:59:23.0787 1556 Current date / time: 2012/04/20 16:59:23.0787

16:59:23.0787 1556 SystemInfo:

16:59:23.0787 1556

16:59:23.0787 1556 OS Version: 6.1.7601 ServicePack: 1.0

16:59:23.0787 1556 Product type: Workstation

16:59:23.0787 1556 ComputerName: SD70

16:59:23.0787 1556 UserName: PWS

16:59:23.0787 1556 Windows directory: C:\Windows

16:59:23.0787 1556 System windows directory: C:\Windows

16:59:23.0787 1556 Running under WOW64

16:59:23.0787 1556 Processor architecture: Intel x64

16:59:23.0787 1556 Number of processors: 4

16:59:23.0787 1556 Page size: 0x1000

16:59:23.0787 1556 Boot type: Normal boot

16:59:23.0787 1556 ============================================================

16:59:25.0004 1556 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:59:25.0020 1556 Drive \Device\Harddisk6\DR6 - Size: 0x3DF80000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:59:25.0020 1556 \Device\Harddisk0\DR0:

16:59:25.0020 1556 MBR partitions:

16:59:25.0020 1556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x5D269000

16:59:25.0020 1556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5EEC7800, BlocksNum 0x89F40800

16:59:25.0020 1556 \Device\Harddisk6\DR6:

16:59:25.0020 1556 MBR partitions:

16:59:25.0020 1556 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x4, StartLBA 0x3F, BlocksNum 0x1EFBC1

16:59:25.0066 1556 C: <-> \Device\Harddisk0\DR0\Partition0

16:59:25.0144 1556 D: <-> \Device\Harddisk0\DR0\Partition1

16:59:25.0144 1556 Initialize success

16:59:25.0144 1556 ============================================================

16:59:37.0406 4880 ============================================================

16:59:37.0406 4880 Scan started

16:59:37.0406 4880 Mode: Manual; TDLFS;

16:59:37.0406 4880 ============================================================

16:59:38.0217 4880 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

16:59:38.0248 4880 1394ohci - ok

16:59:38.0389 4880 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

16:59:38.0389 4880 ACPI - ok

16:59:38.0404 4880 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

16:59:38.0404 4880 AcpiPmi - ok

16:59:38.0514 4880 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:59:38.0514 4880 AdobeARMservice - ok

16:59:38.0592 4880 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:59:38.0592 4880 AdobeFlashPlayerUpdateSvc - ok

16:59:38.0638 4880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

16:59:38.0638 4880 adp94xx - ok

16:59:38.0670 4880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

16:59:38.0670 4880 adpahci - ok

16:59:38.0701 4880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

16:59:38.0701 4880 adpu320 - ok

16:59:38.0732 4880 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

16:59:38.0732 4880 AeLookupSvc - ok

16:59:38.0779 4880 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

16:59:38.0779 4880 AFD - ok

16:59:38.0794 4880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

16:59:38.0794 4880 agp440 - ok

16:59:38.0826 4880 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

16:59:38.0826 4880 ALG - ok

16:59:38.0841 4880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

16:59:38.0841 4880 aliide - ok

16:59:38.0841 4880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

16:59:38.0857 4880 amdide - ok

16:59:38.0872 4880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

16:59:38.0872 4880 AmdK8 - ok

16:59:38.0888 4880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

16:59:38.0888 4880 AmdPPM - ok

16:59:38.0919 4880 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

16:59:38.0919 4880 amdsata - ok

16:59:38.0935 4880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

16:59:38.0935 4880 amdsbs - ok

16:59:38.0950 4880 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

16:59:38.0950 4880 amdxata - ok

16:59:38.0982 4880 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

16:59:38.0982 4880 AppID - ok

16:59:38.0997 4880 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

16:59:38.0997 4880 AppIDSvc - ok

16:59:38.0997 4880 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

16:59:39.0013 4880 Appinfo - ok

16:59:39.0044 4880 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:59:39.0044 4880 Apple Mobile Device - ok

16:59:39.0060 4880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

16:59:39.0075 4880 arc - ok

16:59:39.0075 4880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

16:59:39.0075 4880 arcsas - ok

16:59:39.0153 4880 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

16:59:39.0153 4880 asComSvc - ok

16:59:39.0184 4880 asHmComSvc (705249a820cc541ee54bd2d091381adf) C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe

16:59:39.0200 4880 asHmComSvc - ok

16:59:39.0262 4880 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys

16:59:39.0262 4880 ASInsHelp - ok

16:59:39.0278 4880 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys

16:59:39.0278 4880 AsIO - ok

16:59:39.0325 4880 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys

16:59:39.0325 4880 asmthub3 - ok

16:59:39.0340 4880 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys

16:59:39.0340 4880 asmtxhci - ok

16:59:39.0372 4880 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe

16:59:39.0387 4880 AsSysCtrlService - ok

16:59:39.0387 4880 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys

16:59:39.0403 4880 AsUpIO - ok

16:59:39.0418 4880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:59:39.0418 4880 AsyncMac - ok

16:59:39.0434 4880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

16:59:39.0434 4880 atapi - ok

16:59:39.0450 4880 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

16:59:39.0465 4880 AudioEndpointBuilder - ok

16:59:39.0481 4880 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

16:59:39.0481 4880 AudioSrv - ok

16:59:39.0512 4880 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

16:59:39.0512 4880 AxInstSV - ok

16:59:39.0543 4880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

16:59:39.0559 4880 b06bdrv - ok

16:59:39.0574 4880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:59:39.0590 4880 b57nd60a - ok

16:59:39.0637 4880 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

16:59:39.0637 4880 BBSvc - ok

16:59:39.0668 4880 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

16:59:39.0668 4880 BDESVC - ok

16:59:39.0684 4880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:59:39.0684 4880 Beep - ok

16:59:39.0715 4880 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

16:59:39.0730 4880 BFE - ok

16:59:39.0824 4880 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys

16:59:39.0840 4880 BHDrvx64 - ok

16:59:39.0871 4880 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

16:59:39.0886 4880 BITS - ok

16:59:39.0886 4880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

16:59:39.0886 4880 blbdrive - ok

16:59:39.0949 4880 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

16:59:39.0949 4880 Bonjour Service - ok

16:59:39.0964 4880 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

16:59:39.0964 4880 bowser - ok

16:59:39.0996 4880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

16:59:39.0996 4880 BrFiltLo - ok

16:59:40.0011 4880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

16:59:40.0011 4880 BrFiltUp - ok

16:59:40.0027 4880 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

16:59:40.0027 4880 Browser - ok

16:59:40.0042 4880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:59:40.0058 4880 Brserid - ok

16:59:40.0074 4880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:59:40.0074 4880 BrSerWdm - ok

16:59:40.0089 4880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:59:40.0089 4880 BrUsbMdm - ok

16:59:40.0120 4880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:59:40.0120 4880 BrUsbSer - ok

16:59:40.0136 4880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

16:59:40.0136 4880 BTHMODEM - ok

16:59:40.0152 4880 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

16:59:40.0152 4880 bthserv - ok

16:59:40.0167 4880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:59:40.0167 4880 cdfs - ok

16:59:40.0198 4880 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

16:59:40.0198 4880 cdrom - ok

16:59:40.0214 4880 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

16:59:40.0214 4880 CertPropSvc - ok

16:59:40.0230 4880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

16:59:40.0230 4880 circlass - ok

16:59:40.0245 4880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:59:40.0245 4880 CLFS - ok

16:59:40.0308 4880 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:59:40.0308 4880 clr_optimization_v2.0.50727_32 - ok

16:59:40.0339 4880 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:59:40.0339 4880 clr_optimization_v2.0.50727_64 - ok

16:59:40.0401 4880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:59:40.0401 4880 clr_optimization_v4.0.30319_32 - ok

16:59:40.0432 4880 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:59:40.0432 4880 clr_optimization_v4.0.30319_64 - ok

16:59:40.0448 4880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

16:59:40.0448 4880 CmBatt - ok

16:59:40.0464 4880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

16:59:40.0464 4880 cmdide - ok

16:59:40.0495 4880 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

16:59:40.0495 4880 CNG - ok

16:59:40.0510 4880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

16:59:40.0510 4880 Compbatt - ok

16:59:40.0526 4880 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

16:59:40.0526 4880 CompositeBus - ok

16:59:40.0542 4880 COMSysApp - ok

16:59:40.0573 4880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

16:59:40.0573 4880 crcdisk - ok

16:59:40.0604 4880 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

16:59:40.0604 4880 CryptSvc - ok

16:59:40.0651 4880 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

16:59:40.0651 4880 DcomLaunch - ok

16:59:40.0682 4880 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

16:59:40.0698 4880 defragsvc - ok

16:59:40.0744 4880 Device Handle Service (0a403702cb00432ac818523cd416bf67) C:\Windows\SysWOW64\AsHookDevice.exe

16:59:40.0744 4880 Device Handle Service - ok

16:59:40.0744 4880 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

16:59:40.0760 4880 DfsC - ok

16:59:40.0776 4880 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

16:59:40.0776 4880 Dhcp - ok

16:59:40.0791 4880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:59:40.0791 4880 discache - ok

16:59:40.0807 4880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

16:59:40.0807 4880 Disk - ok

16:59:40.0822 4880 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

16:59:40.0838 4880 Dnscache - ok

16:59:40.0854 4880 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

16:59:40.0854 4880 dot3svc - ok

16:59:40.0869 4880 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

16:59:40.0869 4880 DPS - ok

16:59:40.0900 4880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:59:40.0900 4880 drmkaud - ok

16:59:40.0932 4880 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

16:59:40.0947 4880 DXGKrnl - ok

16:59:40.0947 4880 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

16:59:40.0963 4880 EapHost - ok

16:59:41.0025 4880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

16:59:41.0088 4880 ebdrv - ok

16:59:41.0150 4880 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

16:59:41.0150 4880 eeCtrl - ok

16:59:41.0181 4880 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

16:59:41.0181 4880 EFS - ok

16:59:41.0244 4880 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

16:59:41.0259 4880 ehRecvr - ok

16:59:41.0275 4880 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

16:59:41.0275 4880 ehSched - ok

16:59:41.0290 4880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

16:59:41.0306 4880 elxstor - ok

16:59:41.0337 4880 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:59:41.0337 4880 EraserUtilRebootDrv - ok

16:59:41.0353 4880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

16:59:41.0353 4880 ErrDev - ok

16:59:41.0384 4880 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

16:59:41.0400 4880 EventSystem - ok

16:59:41.0431 4880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:59:41.0431 4880 exfat - ok

16:59:41.0446 4880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:59:41.0446 4880 fastfat - ok

16:59:41.0478 4880 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

16:59:41.0493 4880 Fax - ok

16:59:41.0509 4880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

16:59:41.0509 4880 fdc - ok

16:59:41.0524 4880 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

16:59:41.0524 4880 fdPHost - ok

16:59:41.0540 4880 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

16:59:41.0540 4880 FDResPub - ok

16:59:41.0556 4880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:59:41.0556 4880 FileInfo - ok

16:59:41.0571 4880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:59:41.0571 4880 Filetrace - ok

16:59:41.0587 4880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

16:59:41.0587 4880 flpydisk - ok

16:59:41.0618 4880 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

16:59:41.0618 4880 FltMgr - ok

16:59:41.0649 4880 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

16:59:41.0665 4880 FontCache - ok

16:59:41.0696 4880 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:59:41.0712 4880 FontCache3.0.0.0 - ok

16:59:41.0727 4880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:59:41.0727 4880 FsDepends - ok

16:59:41.0774 4880 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

16:59:41.0774 4880 fssfltr - ok

16:59:41.0836 4880 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

16:59:41.0883 4880 fsssvc - ok

16:59:41.0899 4880 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

16:59:41.0899 4880 Fs_Rec - ok

16:59:41.0930 4880 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

16:59:41.0930 4880 fvevol - ok

16:59:41.0946 4880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

16:59:41.0946 4880 gagp30kx - ok

16:59:41.0961 4880 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:59:41.0961 4880 GEARAspiWDM - ok

16:59:41.0977 4880 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

16:59:42.0039 4880 gpsvc - ok

16:59:42.0148 4880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:59:42.0148 4880 hcw85cir - ok

16:59:42.0273 4880 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

16:59:42.0273 4880 HdAudAddService - ok

16:59:42.0304 4880 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:59:42.0320 4880 HDAudBus - ok

16:59:42.0351 4880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

16:59:42.0351 4880 HidBatt - ok

16:59:42.0460 4880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

16:59:42.0460 4880 HidBth - ok

16:59:42.0585 4880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

16:59:42.0585 4880 HidIr - ok

16:59:42.0601 4880 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

16:59:42.0601 4880 hidserv - ok

16:59:42.0632 4880 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

16:59:42.0632 4880 HidUsb - ok

16:59:42.0648 4880 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

16:59:42.0663 4880 hkmsvc - ok

16:59:42.0679 4880 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

16:59:42.0679 4880 HomeGroupListener - ok

16:59:42.0710 4880 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

16:59:42.0710 4880 HomeGroupProvider - ok

16:59:42.0741 4880 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

16:59:42.0741 4880 HpSAMD - ok

16:59:42.0772 4880 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

16:59:42.0772 4880 HTTP - ok

16:59:42.0788 4880 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

16:59:42.0788 4880 hwpolicy - ok

16:59:42.0804 4880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

16:59:42.0804 4880 i8042prt - ok

16:59:42.0835 4880 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys

16:59:42.0835 4880 iaStor - ok

16:59:42.0866 4880 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

16:59:42.0866 4880 iaStorV - ok

16:59:42.0944 4880 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:59:42.0960 4880 idsvc - ok

16:59:43.0100 4880 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120417.001\IDSvia64.sys

16:59:43.0100 4880 IDSVia64 - ok

16:59:43.0287 4880 igfx (bc610abb825504272364efe4c831e672) C:\Windows\system32\DRIVERS\igdkmd64.sys

16:59:43.0474 4880 igfx - ok

16:59:43.0490 4880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

16:59:43.0490 4880 iirsp - ok

16:59:43.0521 4880 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

16:59:43.0537 4880 IKEEXT - ok

16:59:43.0552 4880 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

16:59:43.0552 4880 Impcd - ok

16:59:43.0630 4880 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys

16:59:43.0662 4880 IntcAzAudAddService - ok

16:59:43.0677 4880 IntcDAud (4429b91b0fe91f9be8e24e93cc960368) C:\Windows\system32\DRIVERS\IntcDAud.sys

16:59:43.0677 4880 IntcDAud - ok

16:59:43.0693 4880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

16:59:43.0693 4880 intelide - ok

16:59:43.0724 4880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:59:43.0724 4880 intelppm - ok

16:59:43.0740 4880 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

16:59:43.0740 4880 IPBusEnum - ok

16:59:43.0771 4880 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:59:43.0771 4880 IpFilterDriver - ok

16:59:43.0786 4880 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

16:59:43.0786 4880 iphlpsvc - ok

16:59:43.0802 4880 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

16:59:43.0802 4880 IPMIDRV - ok

16:59:43.0818 4880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:59:43.0818 4880 IPNAT - ok

16:59:43.0880 4880 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

16:59:43.0880 4880 iPod Service - ok

16:59:43.0896 4880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:59:43.0896 4880 IRENUM - ok

16:59:43.0911 4880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

16:59:43.0911 4880 isapnp - ok

16:59:43.0927 4880 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

16:59:43.0927 4880 iScsiPrt - ok

16:59:43.0958 4880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

16:59:43.0958 4880 kbdclass - ok

16:59:43.0974 4880 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

16:59:43.0974 4880 kbdhid - ok

16:59:44.0020 4880 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:59:44.0020 4880 KeyIso - ok

16:59:44.0098 4880 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

16:59:44.0098 4880 KSecDD - ok

16:59:44.0114 4880 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

16:59:44.0114 4880 KSecPkg - ok

16:59:44.0130 4880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:59:44.0130 4880 ksthunk - ok

16:59:44.0145 4880 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

16:59:44.0161 4880 KtmRm - ok

16:59:44.0192 4880 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

16:59:44.0192 4880 LanmanServer - ok

16:59:44.0208 4880 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

16:59:44.0208 4880 LanmanWorkstation - ok

16:59:44.0286 4880 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

16:59:44.0286 4880 LightScribeService - ok

16:59:44.0317 4880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:59:44.0317 4880 lltdio - ok

16:59:44.0348 4880 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

16:59:44.0364 4880 lltdsvc - ok

16:59:44.0379 4880 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

16:59:44.0379 4880 lmhosts - ok

16:59:44.0426 4880 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

16:59:44.0426 4880 LMS - ok

16:59:44.0442 4880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

16:59:44.0442 4880 LSI_FC - ok

16:59:44.0473 4880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

16:59:44.0473 4880 LSI_SAS - ok

16:59:44.0504 4880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

16:59:44.0504 4880 LSI_SAS2 - ok

16:59:44.0504 4880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

16:59:44.0520 4880 LSI_SCSI - ok

16:59:44.0535 4880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:59:44.0535 4880 luafv - ok

16:59:44.0551 4880 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

16:59:44.0551 4880 Mcx2Svc - ok

16:59:44.0566 4880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

16:59:44.0566 4880 megasas - ok

16:59:44.0598 4880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

16:59:44.0598 4880 MegaSR - ok

16:59:44.0613 4880 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys

16:59:44.0613 4880 MEIx64 - ok

16:59:44.0644 4880 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:59:44.0644 4880 MMCSS - ok

16:59:44.0660 4880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:59:44.0660 4880 Modem - ok

16:59:44.0676 4880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:59:44.0676 4880 monitor - ok

16:59:44.0691 4880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

16:59:44.0691 4880 mouclass - ok

16:59:44.0691 4880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:59:44.0691 4880 mouhid - ok

16:59:44.0707 4880 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

16:59:44.0707 4880 mountmgr - ok

16:59:44.0722 4880 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

16:59:44.0738 4880 mpio - ok

16:59:44.0738 4880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:59:44.0738 4880 mpsdrv - ok

16:59:44.0769 4880 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

16:59:44.0785 4880 MpsSvc - ok

16:59:44.0800 4880 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

16:59:44.0800 4880 MRxDAV - ok

16:59:44.0832 4880 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:59:44.0832 4880 mrxsmb - ok

16:59:44.0863 4880 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:59:44.0863 4880 mrxsmb10 - ok

16:59:44.0878 4880 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:59:44.0878 4880 mrxsmb20 - ok

16:59:44.0894 4880 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

16:59:44.0894 4880 msahci - ok

16:59:44.0910 4880 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

16:59:44.0925 4880 msdsm - ok

16:59:44.0941 4880 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

16:59:44.0941 4880 MSDTC - ok

16:59:44.0956 4880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:59:44.0956 4880 Msfs - ok

16:59:44.0972 4880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:59:44.0972 4880 mshidkmdf - ok

16:59:44.0988 4880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

16:59:44.0988 4880 msisadrv - ok

16:59:45.0003 4880 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

16:59:45.0003 4880 MSiSCSI - ok

16:59:45.0003 4880 msiserver - ok

16:59:45.0034 4880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:59:45.0034 4880 MSKSSRV - ok

16:59:45.0050 4880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:59:45.0050 4880 MSPCLOCK - ok

16:59:45.0066 4880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:59:45.0066 4880 MSPQM - ok

16:59:45.0081 4880 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

16:59:45.0097 4880 MsRPC - ok

16:59:45.0112 4880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

16:59:45.0112 4880 mssmbios - ok

16:59:45.0112 4880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:59:45.0112 4880 MSTEE - ok

16:59:45.0128 4880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

16:59:45.0144 4880 MTConfig - ok

16:59:45.0159 4880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:59:45.0159 4880 Mup - ok

16:59:45.0222 4880 mv91xx (c752ab67a50f921622fe65725d1f6856) C:\Windows\system32\drivers\mv91xx.sys

16:59:45.0222 4880 mv91xx - ok

16:59:45.0346 4880 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

16:59:45.0362 4880 N360 - ok

16:59:45.0378 4880 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

16:59:45.0378 4880 napagent - ok

16:59:45.0424 4880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:59:45.0424 4880 NativeWifiP - ok

16:59:45.0487 4880 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120417.019\ENG64.SYS

16:59:45.0502 4880 NAVENG - ok

16:59:45.0549 4880 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120417.019\EX64.SYS

16:59:45.0565 4880 NAVEX15 - ok

16:59:45.0658 4880 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

16:59:45.0674 4880 NBService - ok

16:59:45.0721 4880 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

16:59:45.0736 4880 NDIS - ok

16:59:45.0752 4880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:59:45.0752 4880 NdisCap - ok

16:59:45.0768 4880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:59:45.0768 4880 NdisTapi - ok

16:59:45.0783 4880 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

16:59:45.0783 4880 Ndisuio - ok

16:59:45.0799 4880 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

16:59:45.0814 4880 NdisWan - ok

16:59:45.0814 4880 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

16:59:45.0830 4880 NDProxy - ok

16:59:45.0846 4880 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll

16:59:45.0846 4880 Net Driver HPZ12 - ok

16:59:45.0861 4880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:59:45.0861 4880 NetBIOS - ok

16:59:45.0892 4880 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

16:59:45.0892 4880 NetBT - ok

16:59:45.0908 4880 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:59:45.0924 4880 Netlogon - ok

16:59:45.0970 4880 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

16:59:45.0970 4880 Netman - ok

16:59:45.0986 4880 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

16:59:46.0002 4880 netprofm - ok

16:59:46.0064 4880 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:59:46.0064 4880 NetTcpPortSharing - ok

16:59:46.0095 4880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

16:59:46.0095 4880 nfrd960 - ok

16:59:46.0126 4880 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

16:59:46.0126 4880 NlaSvc - ok

16:59:46.0173 4880 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

16:59:46.0173 4880 NMIndexingService - ok

16:59:46.0189 4880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:59:46.0189 4880 Npfs - ok

16:59:46.0189 4880 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

16:59:46.0189 4880 nsi - ok

16:59:46.0204 4880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:59:46.0204 4880 nsiproxy - ok

16:59:46.0251 4880 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

16:59:46.0267 4880 Ntfs - ok

16:59:46.0282 4880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:59:46.0282 4880 Null - ok

16:59:46.0314 4880 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\drivers\nusb3hub.sys

16:59:46.0314 4880 nusb3hub - ok

16:59:46.0329 4880 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\drivers\nusb3xhc.sys

16:59:46.0329 4880 nusb3xhc - ok

16:59:46.0360 4880 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

16:59:46.0360 4880 nvraid - ok

16:59:46.0376 4880 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

16:59:46.0376 4880 nvstor - ok

16:59:46.0407 4880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

16:59:46.0407 4880 nv_agp - ok

16:59:46.0407 4880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

16:59:46.0407 4880 ohci1394 - ok

16:59:46.0454 4880 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:59:46.0470 4880 ose - ok

16:59:46.0501 4880 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:59:46.0516 4880 p2pimsvc - ok

16:59:46.0532 4880 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

16:59:46.0532 4880 p2psvc - ok

16:59:46.0563 4880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

16:59:46.0563 4880 Parport - ok

16:59:46.0579 4880 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

16:59:46.0579 4880 partmgr - ok

16:59:46.0594 4880 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

16:59:46.0594 4880 PcaSvc - ok

16:59:46.0610 4880 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

16:59:46.0610 4880 pci - ok

16:59:46.0610 4880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

16:59:46.0610 4880 pciide - ok

16:59:46.0626 4880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

16:59:46.0641 4880 pcmcia - ok

16:59:46.0641 4880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:59:46.0641 4880 pcw - ok

16:59:46.0672 4880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:59:46.0672 4880 PEAUTH - ok

16:59:46.0719 4880 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

16:59:46.0719 4880 PerfHost - ok

16:59:46.0766 4880 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

16:59:46.0782 4880 pla - ok

16:59:46.0844 4880 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

16:59:46.0844 4880 PlugPlay - ok

16:59:46.0891 4880 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll

16:59:46.0891 4880 Pml Driver HPZ12 - ok

16:59:46.0922 4880 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

16:59:46.0922 4880 PNRPAutoReg - ok

16:59:46.0922 4880 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:59:46.0922 4880 PNRPsvc - ok

16:59:46.0953 4880 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

16:59:46.0953 4880 PolicyAgent - ok

16:59:46.0984 4880 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

16:59:46.0984 4880 Power - ok

16:59:47.0016 4880 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

16:59:47.0016 4880 PptpMiniport - ok

16:59:47.0031 4880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

16:59:47.0031 4880 Processor - ok

16:59:47.0047 4880 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

16:59:47.0062 4880 ProfSvc - ok

16:59:47.0078 4880 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:59:47.0078 4880 ProtectedStorage - ok

16:59:47.0094 4880 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

16:59:47.0094 4880 Psched - ok

16:59:47.0140 4880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

16:59:47.0172 4880 ql2300 - ok

16:59:47.0187 4880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

16:59:47.0187 4880 ql40xx - ok

16:59:47.0218 4880 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

16:59:47.0218 4880 QWAVE - ok

16:59:47.0234 4880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:59:47.0234 4880 QWAVEdrv - ok

16:59:47.0250 4880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:59:47.0250 4880 RasAcd - ok

16:59:47.0265 4880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:59:47.0265 4880 RasAgileVpn - ok

16:59:47.0281 4880 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

16:59:47.0281 4880 RasAuto - ok

16:59:47.0312 4880 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:59:47.0312 4880 Rasl2tp - ok

16:59:47.0343 4880 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

16:59:47.0343 4880 RasMan - ok

16:59:47.0374 4880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:59:47.0374 4880 RasPppoe - ok

16:59:47.0374 4880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:59:47.0374 4880 RasSstp - ok

16:59:47.0406 4880 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

16:59:47.0406 4880 rdbss - ok

16:59:47.0421 4880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

16:59:47.0437 4880 rdpbus - ok

16:59:47.0452 4880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:59:47.0452 4880 RDPCDD - ok

16:59:47.0484 4880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:59:47.0484 4880 RDPENCDD - ok

16:59:47.0499 4880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:59:47.0499 4880 RDPREFMP - ok

16:59:47.0530 4880 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

16:59:47.0546 4880 RDPWD - ok

16:59:47.0562 4880 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

16:59:47.0562 4880 rdyboost - ok

16:59:47.0593 4880 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

16:59:47.0593 4880 RemoteAccess - ok

16:59:47.0608 4880 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

16:59:47.0608 4880 RemoteRegistry - ok

16:59:47.0624 4880 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

16:59:47.0624 4880 RpcEptMapper - ok

16:59:47.0640 4880 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

16:59:47.0640 4880 RpcLocator - ok

16:59:47.0671 4880 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

16:59:47.0671 4880 RpcSs - ok

16:59:47.0671 4880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:59:47.0671 4880 rspndr - ok

16:59:47.0702 4880 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys

16:59:47.0702 4880 RTL8167 - ok

16:59:47.0718 4880 RtNdPt60 (e16b7c030a05ef649b18fab0a93d871f) C:\Windows\system32\DRIVERS\RtNdPt60.sys

16:59:47.0718 4880 RtNdPt60 - ok

16:59:47.0733 4880 RTTEAMPT (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys

16:59:47.0733 4880 RTTEAMPT - ok

16:59:47.0749 4880 RTVLANPT (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVlan60.sys

16:59:47.0749 4880 RTVLANPT - ok

16:59:47.0764 4880 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:59:47.0764 4880 SamSs - ok

16:59:47.0827 4880 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

16:59:47.0842 4880 sbp2port - ok

16:59:47.0858 4880 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

16:59:47.0858 4880 SCardSvr - ok

16:59:47.0874 4880 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

16:59:47.0874 4880 scfilter - ok

16:59:47.0905 4880 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

16:59:47.0920 4880 Schedule - ok

16:59:47.0952 4880 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

16:59:47.0952 4880 SCPolicySvc - ok

16:59:47.0967 4880 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

16:59:47.0983 4880 SDRSVC - ok

16:59:48.0030 4880 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

16:59:48.0030 4880 SeaPort - ok

16:59:48.0061 4880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:59:48.0061 4880 secdrv - ok

16:59:48.0076 4880 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

16:59:48.0076 4880 seclogon - ok

16:59:48.0108 4880 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

16:59:48.0108 4880 SENS - ok

16:59:48.0139 4880 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

16:59:48.0139 4880 SensrSvc - ok

16:59:48.0154 4880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

16:59:48.0154 4880 Serenum - ok

16:59:48.0186 4880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

16:59:48.0186 4880 Serial - ok

16:59:48.0201 4880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

16:59:48.0201 4880 sermouse - ok

16:59:48.0232 4880 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

16:59:48.0232 4880 SessionEnv - ok

16:59:48.0264 4880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

16:59:48.0264 4880 sffdisk - ok

16:59:48.0279 4880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

16:59:48.0279 4880 sffp_mmc - ok

16:59:48.0295 4880 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

16:59:48.0295 4880 sffp_sd - ok

16:59:48.0310 4880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

16:59:48.0310 4880 sfloppy - ok

16:59:48.0326 4880 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

16:59:48.0342 4880 SharedAccess - ok

16:59:48.0388 4880 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

16:59:48.0404 4880 ShellHWDetection - ok

16:59:48.0420 4880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

16:59:48.0513 4880 SiSRaid2 - ok

16:59:48.0591 4880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

16:59:48.0591 4880 SiSRaid4 - ok

16:59:48.0747 4880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:59:48.0747 4880 Smb - ok

16:59:48.0794 4880 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

16:59:48.0794 4880 SNMPTRAP - ok

16:59:48.0810 4880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:59:48.0810 4880 spldr - ok

16:59:48.0841 4880 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

16:59:48.0841 4880 Spooler - ok

16:59:48.0919 4880 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

16:59:48.0981 4880 sppsvc - ok

16:59:48.0981 4880 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

16:59:48.0981 4880 sppuinotify - ok

16:59:49.0075 4880 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS

16:59:49.0075 4880 SRTSP - ok

16:59:49.0090 4880 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS

16:59:49.0090 4880 SRTSPX - ok

16:59:49.0122 4880 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

16:59:49.0122 4880 srv - ok

16:59:49.0153 4880 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

16:59:49.0153 4880 srv2 - ok

16:59:49.0168 4880 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

16:59:49.0184 4880 srvnet - ok

16:59:49.0215 4880 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

16:59:49.0215 4880 SSDPSRV - ok

16:59:49.0231 4880 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

16:59:49.0231 4880 SstpSvc - ok

16:59:49.0262 4880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

16:59:49.0262 4880 stexstor - ok

16:59:49.0309 4880 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

16:59:49.0309 4880 stisvc - ok

16:59:49.0324 4880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

16:59:49.0324 4880 swenum - ok

16:59:49.0356 4880 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

16:59:49.0371 4880 swprv - ok

16:59:49.0387 4880 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS

16:59:49.0387 4880 SymDS - ok

16:59:49.0434 4880 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS

16:59:49.0449 4880 SymEFA - ok

16:59:49.0480 4880 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

16:59:49.0480 4880 SymEvent - ok

16:59:49.0496 4880 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS

16:59:49.0496 4880 SymIRON - ok

16:59:49.0527 4880 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS

16:59:49.0527 4880 SymNetS - ok

16:59:49.0574 4880 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

16:59:49.0621 4880 SysMain - ok

16:59:49.0621 4880 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

16:59:49.0621 4880 TabletInputService - ok

16:59:49.0652 4880 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

16:59:49.0652 4880 TapiSrv - ok

16:59:49.0683 4880 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

16:59:49.0683 4880 TBS - ok

16:59:49.0746 4880 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

16:59:49.0777 4880 Tcpip - ok

16:59:49.0824 4880 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

16:59:49.0839 4880 TCPIP6 - ok

16:59:49.0870 4880 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

16:59:49.0870 4880 tcpipreg - ok

16:59:49.0886 4880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:59:49.0886 4880 TDPIPE - ok

16:59:49.0917 4880 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

16:59:49.0917 4880 TDTCP - ok

16:59:49.0933 4880 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

16:59:49.0933 4880 tdx - ok

16:59:49.0948 4880 TEAM (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys

16:59:49.0948 4880 TEAM - ok

16:59:49.0964 4880 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

16:59:49.0964 4880 TermDD - ok

16:59:49.0995 4880 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

16:59:49.0995 4880 TermService - ok

16:59:50.0026 4880 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

16:59:50.0026 4880 Themes - ok

16:59:50.0042 4880 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:59:50.0058 4880 THREADORDER - ok

16:59:50.0073 4880 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

16:59:50.0073 4880 TrkWks - ok

16:59:50.0104 4880 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

16:59:50.0120 4880 TrustedInstaller - ok

16:59:50.0136 4880 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:59:50.0136 4880 tssecsrv - ok

16:59:50.0136 4880 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

16:59:50.0136 4880 TsUsbFlt - ok

16:59:50.0151 4880 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

16:59:50.0151 4880 TsUsbGD - ok

16:59:50.0182 4880 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

16:59:50.0182 4880 tunnel - ok

16:59:50.0198 4880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

16:59:50.0198 4880 uagp35 - ok

16:59:50.0229 4880 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

16:59:50.0229 4880 udfs - ok

16:59:50.0260 4880 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

16:59:50.0260 4880 UI0Detect - ok

16:59:50.0276 4880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

16:59:50.0276 4880 uliagpkx - ok

16:59:50.0307 4880 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

16:59:50.0307 4880 umbus - ok

16:59:50.0307 4880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

16:59:50.0307 4880 UmPass - ok

16:59:50.0416 4880 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

16:59:50.0448 4880 UNS - ok

16:59:50.0479 4880 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

16:59:50.0479 4880 upnphost - ok

16:59:50.0526 4880 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

16:59:50.0526 4880 USBAAPL64 - ok

16:59:50.0541 4880 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

16:59:50.0541 4880 usbccgp - ok

16:59:50.0557 4880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

16:59:50.0557 4880 usbcir - ok

16:59:50.0572 4880 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

16:59:50.0572 4880 usbehci - ok

16:59:50.0588 4880 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

16:59:50.0604 4880 usbhub - ok

16:59:50.0619 4880 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

16:59:50.0619 4880 usbohci - ok

16:59:50.0650 4880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:59:50.0666 4880 usbprint - ok

16:59:50.0697 4880 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

16:59:50.0697 4880 usbscan - ok

16:59:50.0713 4880 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:59:50.0713 4880 USBSTOR - ok

16:59:50.0728 4880 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

16:59:50.0728 4880 usbuhci - ok

16:59:50.0760 4880 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

16:59:50.0760 4880 UxSms - ok

16:59:50.0838 4880 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:59:50.0838 4880 VaultSvc - ok

16:59:50.0853 4880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

16:59:50.0853 4880 vdrvroot - ok

16:59:50.0869 4880 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

16:59:50.0884 4880 vds - ok

16:59:50.0884 4880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:59:50.0884 4880 vga - ok

16:59:50.0900 4880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:59:50.0900 4880 VgaSave - ok

16:59:50.0931 4880 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

16:59:50.0931 4880 vhdmp - ok

16:59:50.0947 4880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

16:59:50.0947 4880 viaide - ok

16:59:50.0962 4880 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

16:59:50.0962 4880 volmgr - ok

16:59:50.0978 4880 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

16:59:50.0994 4880 volmgrx - ok

16:59:51.0009 4880 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

16:59:51.0009 4880 volsnap - ok

16:59:51.0040 4880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

16:59:51.0040 4880 vsmraid - ok

16:59:51.0087 4880 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

16:59:51.0118 4880 VSS - ok

16:59:51.0134 4880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

16:59:51.0134 4880 vwifibus - ok

16:59:51.0165 4880 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

16:59:51.0165 4880 W32Time - ok

16:59:51.0181 4880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

16:59:51.0181 4880 WacomPen - ok

16:59:51.0196 4880 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:59:51.0196 4880 WANARP - ok

16:59:51.0212 4880 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:59:51.0212 4880 Wanarpv6 - ok

16:59:51.0274 4880 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

16:59:51.0290 4880 WatAdminSvc - ok

16:59:51.0337 4880 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

16:59:51.0352 4880 wbengine - ok

16:59:51.0368 4880 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

16:59:51.0368 4880 WbioSrvc - ok

16:59:51.0399 4880 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

16:59:51.0399 4880 wcncsvc - ok

16:59:51.0430 4880 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

16:59:51.0430 4880 WcsPlugInService - ok

16:59:51.0446 4880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

16:59:51.0446 4880 Wd - ok

16:59:51.0477 4880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:59:51.0477 4880 Wdf01000 - ok

16:59:51.0493 4880 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:59:51.0493 4880 WdiServiceHost - ok

16:59:51.0508 4880 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:59:51.0508 4880 WdiSystemHost - ok

16:59:51.0524 4880 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

16:59:51.0524 4880 WebClient - ok

16:59:51.0555 4880 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

16:59:51.0555 4880 Wecsvc - ok

16:59:51.0571 4880 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

16:59:51.0571 4880 wercplsupport - ok

16:59:51.0602 4880 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

16:59:51.0602 4880 WerSvc - ok

16:59:51.0602 4880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:59:51.0618 4880 WfpLwf - ok

16:59:51.0618 4880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:59:51.0618 4880 WIMMount - ok

16:59:51.0664 4880 WinDefend - ok

16:59:51.0664 4880 WinHttpAutoProxySvc - ok

16:59:51.0711 4880 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

16:59:51.0711 4880 Winmgmt - ok

16:59:51.0758 4880 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

16:59:51.0789 4880 WinRM - ok

16:59:51.0836 4880 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

16:59:51.0852 4880 Wlansvc - ok

16:59:51.0914 4880 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:59:51.0930 4880 wlcrasvc - ok

16:59:52.0008 4880 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:59:52.0039 4880 wlidsvc - ok

16:59:52.0070 4880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

16:59:52.0070 4880 WmiAcpi - ok

16:59:52.0086 4880 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

16:59:52.0086 4880 wmiApSrv - ok

16:59:52.0117 4880 WMPNetworkSvc - ok

16:59:52.0132 4880 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

16:59:52.0132 4880 WPCSvc - ok

16:59:52.0148 4880 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

16:59:52.0148 4880 WPDBusEnum - ok

16:59:52.0164 4880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:59:52.0164 4880 ws2ifsl - ok

16:59:52.0195 4880 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

16:59:52.0195 4880 wscsvc - ok

16:59:52.0195 4880 WSearch - ok

16:59:52.0257 4880 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

16:59:52.0288 4880 wuauserv - ok

16:59:52.0304 4880 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

16:59:52.0304 4880 WudfPf - ok

16:59:52.0320 4880 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:59:52.0335 4880 WUDFRd - ok

16:59:52.0351 4880 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

16:59:52.0351 4880 wudfsvc - ok

16:59:52.0366 4880 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

16:59:52.0382 4880 WwanSvc - ok

16:59:52.0413 4880 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0

16:59:52.0585 4880 \Device\Harddisk0\DR0 - ok

16:59:52.0585 4880 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6

16:59:52.0725 4880 \Device\Harddisk6\DR6 - ok

16:59:52.0725 4880 Boot (0x1200) (bc5662fd06f3d074ba82d0e44227d208) \Device\Harddisk0\DR0\Partition0

16:59:52.0725 4880 \Device\Harddisk0\DR0\Partition0 - ok

16:59:52.0756 4880 Boot (0x1200) (97c6cbad2dca2c145d5ba6741f5aa2bf) \Device\Harddisk0\DR0\Partition1

16:59:52.0756 4880 \Device\Harddisk0\DR0\Partition1 - ok

16:59:52.0756 4880 Boot (0x1200) (4866b4354000fc713aeb6ba5c935354f) \Device\Harddisk6\DR6\Partition0

16:59:52.0756 4880 \Device\Harddisk6\DR6\Partition0 - ok

16:59:52.0756 4880 ============================================================

16:59:52.0756 4880 Scan finished

16:59:52.0756 4880 ============================================================

16:59:52.0772 2192 Detected object count: 0

16:59:52.0772 2192 Actual detected object count: 0

MBR.zip

CatByte · April 20, 2012

Hi,

Please do the following

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

needhelp1 · April 21, 2012

I disabled Norton AV and firewall but Combofix still found something within Norton on and stalled at stage 4 for a little over an hour. So I went in and disabled everything I could in Norton, then downloaded a fresh copy of Combofix. No conflicts with Norton this time, but Combofix is still hanging up at stage 4. Any suggestions?

CatByte · April 21, 2012

Please try running ComboFix in safe mode

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY repeatedly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard
go into your usual account

needhelp1 · April 21, 2012

Finally was able to Disable Norton and go into safe mode. I tried Combofix and it started, ran for about 10 seconds, then abruptly shut off almost as if it hit a tripwire. I tried a Malwarebytes quickscan and it didn't find anything to trip it. Combofix issue?

CatByte · April 21, 2012

likely a malware issue, let's try a different tactic

please run the following:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

needhelp1 · April 21, 2012

I just tried Combofix again in normal mode for the heck of it one more time and it worked all of the sudden. Do I need to follow the further steps you just posted?

Combofix log below:

ComboFix 12-04-20.03 - PWS 04/20/2012 22:24:18.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12199.10838 [GMT -5:00]

Running from: c:\users\PWS\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))

.

2012-04-21 03:29 . 2012-04-21 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-14 19:03 . 2012-04-14 19:05 -------- d-----w- c:\program files (x86)\TD3

2012-04-14 17:05 . 2012-04-14 17:05 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-12 04:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 04:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 04:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 04:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 04:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 04:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 04:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-04-02 04:15 . 2012-04-02 04:15 -------- d-----w- c:\program files\iTunes

2012-04-02 04:15 . 2012-04-02 04:15 -------- d-----w- c:\program files (x86)\iTunes

2012-04-02 04:15 . 2012-04-02 04:15 -------- d-----w- c:\program files\iPod

2012-03-30 14:15 . 2012-04-14 17:06 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-26 03:14 . 2012-03-28 01:05 -------- d-----w- C:\TDSSKiller_Quarantine

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-14 17:06 . 2011-12-26 06:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 20:56 . 2011-12-18 19:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-16 03:57 . 2012-03-16 03:57 116016 ----a-w- c:\windows\system32\drivers\21858290.sys

2012-02-17 06:38 . 2012-03-13 22:56 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 22:56 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 22:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 22:56 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-10 06:36 . 2012-03-14 02:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 02:36 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 02:37 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-01 03:36 . 2012-02-01 03:36 73728 ----a-r- c:\users\PWS\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe

2012-02-01 03:36 . 2012-02-01 03:36 73728 ----a-r- c:\users\PWS\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe

2012-01-25 06:38 . 2012-03-13 22:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-13 22:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-13 22:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-12-18 296056]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-31 548528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [x]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120417.001\IDSvia64.sys [2012-03-06 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [2010-11-19 915072]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2010-10-21 586880]

S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 23:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:06]

.

2012-04-15 c:\windows\Tasks\hpwebreg_CN18IDM234.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-17 03:29]

.

2012-04-08 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job

- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-17 03:29]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-06 166936]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-06 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-06 416792]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe

c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-04-20 22:34:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-21 03:34

.

Pre-Run: 732,505,481,216 bytes free

Post-Run: 732,472,172,544 bytes free

.

- - End Of File - - 047FCD97E1034AC5D6015CBB2D8400C0

CatByte · April 21, 2012

are you still being redirected?

needhelp1 · April 21, 2012

Hard to say. Definitly not like before. I tested by typing a URL wrong and there is no being directed to ad sites with popups like before, and no outright redirects from google searches. But what it does do is go to is a page with a totally unrelated URL. For example if I type in Malwarebytes' address with a typo, the resulting URL is completly different. It might be normal but somehow I don't remember that happening before.

CatByte · April 21, 2012

ok,

let's reset the router and flush the DNS, if that doesn't resolve the outstanding issues, then we'll have a look with FRST to see what might be going on outside of Windows.

Please do the following:

Reset your Router:

This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
If you don’t know the router's default password, you can look it up. HERE
You also need to reconfigure any security settings you had in place prior to the reset.
You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

NEXT

Please do the following:

Click the Microsoft Start logo in the bottom left corner of the screen
Click All Programs
Click Accessories
RIGHT-click on Command Prompt
Select Run As Administrator
In the command window type the following and then hit enter:
ipconfig /flushdns
You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

needhelp1 · April 21, 2012

Okay I'll give that a try. One other note if its worth anything. I tried Google and doing a search for Malwarebytes. On the results page, the URL on the affected computer is much different than the one on this good computer (hopefully good ha). Its much longer and much different content after google.com on the affected computer.

needhelp1 · April 21, 2012

Just reset router and flushdns. Same results as I just mentioned (and like I said, maybe thats okay as is, I'm just not positive if that happened before the infection).

CatByte · April 21, 2012

well, let's get a scan with FRST64.exe just incase there is something going on still that isn't showing in the logs

needhelp1 · April 21, 2012

Scan result of Farbar Recovery Scan Tool Version: 19-04-2012

Ran by SYSTEM at 21-04-2012 00:04:45

Running from J:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [166936 2010-10-06] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2010-10-06] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416792 2010-10-06] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2011-12-18] (RealNetworks, Inc.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKU\PWS\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [455968 2007-08-23] (Hewlett-Packard Company)

HKU\PWS\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2007-06-27] (Nero AG)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-14] (Adobe Systems Incorporated)

2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()

2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] ()

2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] ()

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)

2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [203392 2009-12-23] (ASUSTeK Computer Inc.)

2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)

3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2007-06-29] (Nero AG)

3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)

2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation)

========================== Drivers (Whitelisted) =============

2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-08-23] ()

3 asmthub3; C:\Windows\System32\Drivers\asmthub3.sys [126952 2011-02-23] (ASMedia Technology Inc)

3 asmtxhci; C:\Windows\System32\Drivers\asmtxhci.sys [389608 2011-02-23] (ASMedia Technology Inc)

1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2010-08-02] ()

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120420.001\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)

3 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [293416 2010-07-02] (Marvell Semiconductor, Inc.)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120420.019\ENG64.SYS [117880 2012-04-20] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120420.019\EX64.SYS [2048632 2012-04-20] (Symantec Corporation)

2 RtNdPt60; C:\Windows\System32\Drivers\RtNdPt60.sys [32544 2010-01-14] (Realtek )

3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [48416 2010-01-14] (Realtek Corporation)

3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [29472 2010-01-14] (Windows ® Codename Longhorn DDK provider)

3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)

1 SRTSPX; C:\Windows\System32\drivers\N360x64\0502000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-18] (Symantec Corporation)

1 SymIRON; C:\Windows\System32\drivers\N360x64\0502000.00D\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [48416 2010-01-14] (Realtek Corporation)

3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-20 19:55 - - 0000000 __SHD C:\$RECYCLE.BIN

2012-04-20 19:34 - 2011-03-15 13:24 - 0016348 ____A C:\ComboFix.txt

2012-04-20 18:18 - 2009-07-13 17:39 - 0486646 ____A C:\Windows\ntbtlog.txt

2012-04-20 18:06 - 2012-02-26 09:25 - 4470025 ____R (Swearware) C:\Users\PWS\Desktop\ComboFix.exe

2012-04-20 16:50 - 2012-04-16 18:17 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\PWS\Desktop\TDSSKiller.exe

2012-04-20 15:07 - 2012-01-06 16:54 - 0000000 ____D C:\Windows\ERDNT

2012-04-20 15:07 - 2011-12-20 21:41 - 0208896 ____A C:\Windows\MBR.exe

2012-04-20 15:07 - 2011-05-31 13:00 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-04-20 15:07 - 2010-11-20 23:19 - 0080412 ____A C:\Windows\grep.exe

2012-04-20 15:07 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe

2012-04-20 15:07 - 2009-07-13 19:20 - 0098816 ____A C:\Windows\sed.exe

2012-04-20 15:07 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe

2012-04-20 15:07 - 2009-06-10 12:31 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-04-20 15:07 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-04-20 14:58 - 2011-12-30 20:12 - 0000000 ____D C:\Qoobox

2012-04-20 13:59 - 2012-04-17 19:41 - 0129632 ____A C:\TDSSKiller.2.7.31.0_20.04.2012_16.59.23_log.txt

2012-04-20 13:58 - 2012-04-20 13:59 - 2053340 ____A C:\Users\PWS\Desktop\tdsskiller.zip

2012-04-20 13:56 - 2012-04-20 13:53 - 0000564 ____A C:\Users\PWS\Desktop\MBR.zip

2012-04-20 13:53 - 2012-04-20 13:45 - 0002032 ____A C:\Users\PWS\Desktop\aswMBR.txt

2012-04-20 13:53 - 2012-04-16 18:46 - 0000512 ____A C:\Users\PWS\Desktop\MBR.dat

2012-04-20 13:45 - 2012-04-07 10:58 - 4731392 ____A (AVAST Software) C:\Users\PWS\Desktop\aswMBR.exe

2012-04-18 10:52 - 2012-04-18 10:46 - 0421079 ____A C:\Users\PWS\Documents\Scan0017.pdf

2012-04-18 10:46 - 2012-04-18 10:39 - 0109939 ____A C:\Users\PWS\Documents\Scan0016.pdf

2012-04-18 10:39 - 2012-04-18 10:36 - 0494444 ____A C:\Users\PWS\Documents\Scan0015.pdf

2012-04-18 10:36 - 2012-04-18 10:20 - 0420858 ____A C:\Users\PWS\Documents\Scan0014.pdf

2012-04-18 10:20 - 2012-04-18 10:08 - 0498262 ____A C:\Users\PWS\Documents\Scan0013.pdf

2012-04-18 10:08 - 2012-01-30 22:27 - 0421285 ____A C:\Users\PWS\Documents\Scan0012.pdf

2012-04-17 20:42 - 2012-01-31 19:54 - 0001302 ____A C:\Users\PWS\Desktop\RKreport[1].txt

2012-04-17 20:41 - 2012-04-17 20:42 - 0000000 ____D C:\Users\PWS\Desktop\RK_Quarantine

2012-04-17 19:41 - 2012-04-17 19:40 - 0105318 ____A C:\TDSSKiller.2.7.28.0_17.04.2012_22.41.09_log.txt

2012-04-17 19:39 - 2012-04-16 18:17 - 0129276 ____A C:\TDSSKiller.2.7.28.0_17.04.2012_22.39.46_log.txt

2012-04-17 14:16 - 2012-04-17 14:14 - 5950368 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-KB934181-FullFile-ENU.exe

2012-04-17 14:15 - 2012-04-17 14:16 - 5928848 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-KB956357-FullFile-ENU.exe

2012-04-17 14:14 - 2011-12-22 23:17 - 5929016 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-kb887979-fullfile-enu.exe

2012-04-16 19:22 - 2011-12-31 09:46 - 0025600 ____A C:\Users\PWS\Documents\KP.doc

2012-04-16 19:01 - 2011-12-30 19:35 - 0020978 ____A C:\Users\PWS\Desktop\1682614.jpg

2012-04-16 18:46 - 2012-03-21 22:36 - 0873095 ____A C:\Users\PWS\Desktop\FM.jpg

2012-04-16 18:17 - 2012-04-05 14:17 - 0129276 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_21.17.14_log.txt

2012-04-16 18:16 - 2012-03-15 19:57 - 0000348 ____A C:\TDSSKiller.2.7.20.0_16.04.2012_21.16.50_log.txt

2012-04-14 11:03 - 2012-01-22 20:32 - 0000000 ____D C:\Program Files (x86)\TD3

2012-04-14 09:05 - 2012-04-14 09:06 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2012-04-11 20:18 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-04-11 20:18 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-04-11 20:18 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-04-11 20:18 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-04-11 20:18 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-04-11 20:18 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-04-11 20:18 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-04-11 20:18 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-04-11 20:18 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-04-11 20:18 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-04-11 20:18 - 2011-05-31 12:31 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-04-11 20:18 - 2011-05-31 12:31 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-04-11 20:18 - 2011-05-31 12:31 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-04-11 20:18 - 2011-05-31 12:31 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-04-11 20:18 - 2011-05-31 12:31 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-04-11 20:18 - 2011-05-31 12:31 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-04-11 20:18 - 2011-05-31 12:31 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-04-11 20:18 - 2011-05-31 12:31 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-04-11 20:18 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-04-11 20:18 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-04-11 20:18 - 2010-11-20 19:24 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-04-11 20:18 - 2010-11-20 19:23 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-04-11 20:18 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-04-11 20:18 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-04-11 20:18 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-04-11 20:18 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-04-11 20:18 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-04-11 20:18 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-04-11 20:18 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-04-11 20:17 - 2010-09-23 00:36 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys

2012-04-11 20:17 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-04-11 20:17 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

2012-04-11 20:17 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll

2012-04-11 20:17 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-04-11 20:17 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2012-04-11 20:17 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2012-04-07 10:58 - 2012-04-16 18:58 - 0041918 ____A C:\Users\PWS\Desktop\640.jpg

2012-04-05 14:17 - 2012-03-27 17:06 - 0129276 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_17.17.02_log.txt

2012-04-05 14:16 - 2012-03-25 19:15 - 0000348 ____A C:\TDSSKiller.2.7.23.0_05.04.2012_17.16.51_log.txt

2012-04-05 14:16 - 2012-03-06 20:44 - 0000348 ____A C:\TDSSKiller.2.7.20.0_05.04.2012_17.16.34_log.txt

2012-04-03 21:18 - 2012-01-30 22:55 - 0019968 ____A C:\Users\PWS\Documents\RB 4-2012.doc

2012-04-01 20:15 - 2012-04-11 20:23 - 0000000 ____D C:\Program Files\iPod

2012-04-01 20:15 - 2012-04-11 20:23 - 0000000 ____D C:\Program Files (x86)\iTunes

2012-04-01 20:15 - 2012-04-01 20:15 - 0000000 ____D C:\Program Files\iTunes

2012-04-01 20:15 - 2011-12-29 11:44 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-03-30 06:15 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-03-30 06:15 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-03-27 18:06 - 2012-04-17 20:42 - 0000000 ____D C:\Users\PWS\Desktop\RW pics

2012-03-27 17:04 - 2012-03-26 06:46 - 0254722 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_20.04.42_log.txt

2012-03-26 06:45 - 2012-04-05 14:16 - 0128884 ____A C:\TDSSKiller.2.7.23.0_26.03.2012_09.45.19_log.txt

2012-03-25 19:14 - 2012-04-20 14:01 - 0000000 ____D C:\TDSSKiller_Quarantine

2012-03-25 19:06 - 2012-03-23 13:15 - 0254722 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_22.06.58_log.txt

2012-03-25 19:06 - 2012-03-17 23:12 - 0000348 ____A C:\TDSSKiller.2.7.18.0_25.03.2012_22.06.48_log.txt

2012-03-23 13:13 - 2012-03-23 12:56 - 0128884 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_16.13.33_log.txt

2012-03-23 13:13 - 2012-03-23 12:49 - 0000348 ____A C:\TDSSKiller.2.7.20.0_23.03.2012_16.13.22_log.txt

2012-03-23 12:49 - 2012-03-23 13:13 - 0128884 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_15.49.15_log.txt

2012-03-23 12:49 - 2012-03-17 23:13 - 0000348 ____A C:\TDSSKiller.2.7.20.0_23.03.2012_15.49.03_log.txt

============ 3 Months Modified Files and Folders =============

2012-04-21 00:04 - 2012-04-21 00:03 - 0000000 ____D C:\FRST

2012-04-20 21:00 - 2011-12-18 11:17 - 1003929600 __ASH C:\hiberfil.sys

2012-04-20 21:00 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT

2012-04-20 21:00 - 2009-07-13 20:51 - 0068210 ____A C:\Windows\setupact.log

2012-04-20 20:52 - 2011-12-18 10:16 - 1575607 ____A C:\Windows\WindowsUpdate.log

2012-04-20 20:50 - 2009-07-13 21:13 - 0741696 ____A C:\Windows\System32\PerfStringBackup.INI

2012-04-20 20:05 - 2012-03-30 06:15 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-04-20 20:02 - 2009-07-13 20:45 - 0016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-04-20 20:02 - 2009-07-13 20:45 - 0016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-04-20 19:55 - 2012-04-20 19:55 - 0000000 __SHD C:\$RECYCLE.BIN

2012-04-20 19:34 - 2012-04-20 19:34 - 0016348 ____A C:\ComboFix.txt

2012-04-20 19:34 - 2012-04-20 15:07 - 0000000 ____D C:\Windows\ERDNT

2012-04-20 19:34 - 2012-04-20 14:58 - 0000000 ____D C:\Qoobox

2012-04-20 19:34 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default

2012-04-20 19:34 - 2009-07-13 19:20 - 0000000 ___AD C:\users\Public

2012-04-20 19:31 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini

2012-04-20 19:31 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts

2012-04-20 19:29 - 2010-11-20 19:47 - 0134346 ____A C:\Windows\PFRO.log

2012-04-20 19:20 - 2012-04-20 18:18 - 0486646 ____A C:\Windows\ntbtlog.txt

2012-04-20 18:06 - 2012-04-20 18:06 - 4470025 ____R (Swearware) C:\Users\PWS\Desktop\ComboFix.exe

2012-04-20 14:01 - 2012-04-20 13:59 - 0129632 ____A C:\TDSSKiller.2.7.31.0_20.04.2012_16.59.23_log.txt

2012-04-20 13:59 - 2012-04-20 16:50 - 2072624 ____A (Kaspersky Lab ZAO) C:\Users\PWS\Desktop\TDSSKiller.exe

2012-04-20 13:59 - 2010-12-31 22:14 - 0002254 ____A C:\Users\PWS\Desktop\eula.txt

2012-04-20 13:58 - 2012-04-20 13:58 - 2053340 ____A C:\Users\PWS\Desktop\tdsskiller.zip

2012-04-20 13:56 - 2012-04-20 13:56 - 0000564 ____A C:\Users\PWS\Desktop\MBR.zip

2012-04-20 13:53 - 2012-04-20 13:53 - 0002032 ____A C:\Users\PWS\Desktop\aswMBR.txt

2012-04-20 13:53 - 2012-04-20 13:53 - 0000512 ____A C:\Users\PWS\Desktop\MBR.dat

2012-04-20 13:45 - 2012-04-20 13:45 - 4731392 ____A (AVAST Software) C:\Users\PWS\Desktop\aswMBR.exe

2012-04-18 10:52 - 2012-04-18 10:52 - 0421079 ____A C:\Users\PWS\Documents\Scan0017.pdf

2012-04-18 10:46 - 2012-04-18 10:46 - 0109939 ____A C:\Users\PWS\Documents\Scan0016.pdf

2012-04-18 10:39 - 2012-04-18 10:39 - 0494444 ____A C:\Users\PWS\Documents\Scan0015.pdf

2012-04-18 10:36 - 2012-04-18 10:36 - 0420858 ____A C:\Users\PWS\Documents\Scan0014.pdf

2012-04-18 10:20 - 2012-04-18 10:20 - 0498262 ____A C:\Users\PWS\Documents\Scan0013.pdf

2012-04-18 10:08 - 2012-04-18 10:08 - 0421285 ____A C:\Users\PWS\Documents\Scan0012.pdf

2012-04-17 20:42 - 2012-04-17 20:42 - 0001302 ____A C:\Users\PWS\Desktop\RKreport[1].txt

2012-04-17 20:42 - 2012-04-17 20:41 - 0000000 ____D C:\Users\PWS\Desktop\RK_Quarantine

2012-04-17 19:41 - 2012-04-17 19:41 - 0105318 ____A C:\TDSSKiller.2.7.28.0_17.04.2012_22.41.09_log.txt

2012-04-17 19:40 - 2012-04-17 19:39 - 0129276 ____A C:\TDSSKiller.2.7.28.0_17.04.2012_22.39.46_log.txt

2012-04-17 14:16 - 2012-04-17 14:16 - 5950368 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-KB934181-FullFile-ENU.exe

2012-04-17 14:15 - 2012-04-17 14:15 - 5928848 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-KB956357-FullFile-ENU.exe

2012-04-17 14:14 - 2012-04-17 14:14 - 5929016 ____A (Microsoft Corporation) C:\Users\PWS\Downloads\office2003-kb887979-fullfile-enu.exe

2012-04-16 19:22 - 2012-04-16 19:22 - 0025600 ____A C:\Users\PWS\Documents\KP.doc

2012-04-16 18:58 - 2012-04-16 19:01 - 0020978 ____A C:\Users\PWS\Desktop\1682614.jpg

2012-04-16 18:46 - 2012-04-16 18:46 - 0873095 ____A C:\Users\PWS\Desktop\FM1.jpg

2012-04-16 18:17 - 2012-04-16 18:17 - 0129276 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_21.17.14_log.txt

2012-04-16 18:17 - 2012-03-17 23:12 - 0000000 ____D C:\Users\PWS\Desktop\tdsskiller

2012-04-16 18:16 - 2012-04-16 18:16 - 0000348 ____A C:\TDSSKiller.2.7.20.0_16.04.2012_21.16.50_log.txt

2012-04-15 13:14 - 2011-12-29 12:19 - 0002206 ____A C:\Windows\Tasks\hpwebreg_CN18IDM234.job

2012-04-14 11:08 - 2011-12-18 10:26 - 0000000 ____D C:\Users\PWS\AppData\Local\VirtualStore

2012-04-14 11:05 - 2012-04-14 11:03 - 0000000 ____D C:\Program Files (x86)\TD3

2012-04-14 09:06 - 2012-03-30 06:15 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-04-14 09:06 - 2011-12-25 22:11 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-04-14 09:05 - 2012-04-14 09:05 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2012-04-12 05:29 - 2009-07-13 21:08 - 0032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-04-11 20:17 - 2011-12-20 10:23 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-04-11 20:07 - 2011-05-31 12:49 - 0002023 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-04-10 14:12 - 2011-12-29 11:24 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-04-10 14:12 - 2011-12-18 11:53 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-08 12:20 - 2011-12-29 11:47 - 0002408 ____A C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job

2012-04-07 18:21 - 2011-12-18 11:33 - 0000000 ____D C:\Users\All Users\DVD Shrink

2012-04-07 18:21 - 2011-12-18 11:33 - 0000000 ____D C:\ProgramData\DVD Shrink

2012-04-07 10:58 - 2012-04-07 10:58 - 0041918 ____A C:\Users\PWS\Desktop\640.jpg

2012-04-05 14:17 - 2012-04-05 14:17 - 0129276 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_17.17.02_log.txt

2012-04-05 14:16 - 2012-04-05 14:16 - 0000348 ____A C:\TDSSKiller.2.7.23.0_05.04.2012_17.16.51_log.txt

2012-04-05 14:16 - 2012-04-05 14:16 - 0000348 ____A C:\TDSSKiller.2.7.20.0_05.04.2012_17.16.34_log.txt

2012-04-04 12:56 - 2011-12-18 11:53 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-04-04 11:34 - 2012-04-03 21:18 - 0019968 ____A C:\Users\PWS\Documents\RAB 4-2012.doc

2012-04-01 20:15 - 2012-04-01 20:15 - 0001787 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-04-01 20:15 - 2012-04-01 20:15 - 0000000 ____D C:\Program Files\iTunes

2012-04-01 20:15 - 2012-04-01 20:15 - 0000000 ____D C:\Program Files\iPod

2012-04-01 20:15 - 2012-04-01 20:15 - 0000000 ____D C:\Program Files (x86)\iTunes

2012-03-27 18:09 - 2012-03-27 18:06 - 0000000 ____D C:\Users\PWS\Desktop\RW pics

2012-03-27 17:06 - 2012-03-27 17:04 - 0254722 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_20.04.42_log.txt

2012-03-27 17:05 - 2012-03-25 19:14 - 0000000 ____D C:\TDSSKiller_Quarantine

2012-03-26 06:46 - 2012-03-26 06:45 - 0128884 ____A C:\TDSSKiller.2.7.23.0_26.03.2012_09.45.19_log.txt

2012-03-25 19:15 - 2012-03-25 19:06 - 0254722 ____A C:\TDSSKiller.2.7.22.0_25.03.2012_22.06.58_log.txt

2012-03-25 19:06 - 2012-03-25 19:06 - 0000348 ____A C:\TDSSKiller.2.7.18.0_25.03.2012_22.06.48_log.txt

2012-03-23 13:15 - 2012-03-23 13:13 - 0128884 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_16.13.33_log.txt

2012-03-23 13:13 - 2012-03-23 13:13 - 0000348 ____A C:\TDSSKiller.2.7.20.0_23.03.2012_16.13.22_log.txt

2012-03-23 12:56 - 2012-03-23 12:49 - 0128884 ____A C:\TDSSKiller.2.7.22.0_23.03.2012_15.49.15_log.txt

2012-03-23 12:49 - 2012-03-23 12:49 - 0000348 ____A C:\TDSSKiller.2.7.20.0_23.03.2012_15.49.03_log.txt

2012-03-21 22:36 - 2012-03-19 10:50 - 0900608 ____A C:\Users\PWS\Desktop\OK.doc

2012-03-21 21:28 - 2012-03-21 21:28 - 0340695 ____A C:\Users\PWS\Documents\Scan0011.pdf

2012-03-21 21:25 - 2012-03-21 21:25 - 0353804 ____A C:\Users\PWS\Documents\Scan0010.pdf

2012-03-21 21:24 - 2012-03-21 21:24 - 0493049 ____A C:\Users\PWS\Documents\Scan0009.pdf

2012-03-19 10:17 - 2012-03-19 10:17 - 0095138 ____A C:\Users\PWS\Documents\Scan0008.pdf

2012-03-19 10:14 - 2012-03-19 10:14 - 0086073 ____A C:\Users\PWS\Documents\Scan0007.pdf

2012-03-19 10:08 - 2012-03-19 10:08 - 0423011 ____A C:\Users\PWS\Documents\Scan0006.pdf

2012-03-19 10:05 - 2012-03-19 10:05 - 0487078 ____A C:\Users\PWS\Documents\Scan0005.pdf

2012-03-19 10:04 - 2012-03-19 10:04 - 0318095 ____A C:\Users\PWS\Documents\Scan0004.pdf

2012-03-19 10:02 - 2012-03-19 10:02 - 0489536 ____A C:\Users\PWS\Documents\Scan0003.pdf

2012-03-19 09:44 - 2012-03-19 09:44 - 0486648 ____A C:\Users\PWS\Documents\Scan0002.pdf

2012-03-19 08:57 - 2012-03-19 08:57 - 0200687 ____A C:\Users\PWS\Documents\Scan0001.pdf

2012-03-19 08:31 - 2011-12-22 22:03 - 0000000 ____D C:\Users\PWS\Desktop\MA

2012-03-17 23:13 - 2012-03-17 23:13 - 0092944 ____A C:\TDSSKiller.2.7.20.0_18.03.2012_02.13.01_log.txt

2012-03-17 23:12 - 2012-03-17 23:12 - 0000348 ____A C:\TDSSKiller.2.7.18.0_18.03.2012_02.12.24_log.txt

2012-03-17 12:43 - 2011-12-18 15:16 - 0000000 ____A C:\Users\PWS\AppData\Roaming\FileOut.cns

2012-03-17 12:43 - 2011-12-18 15:16 - 0000000 ____A C:\Users\PWS\AppData\Roaming\FileIn.cns

2012-03-15 19:57 - 2012-03-15 19:57 - 0116016 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\21858290.sys

2012-03-15 19:57 - 2012-03-15 19:57 - 0081012 ____A C:\TDSSKiller.2.7.20.0_15.03.2012_22.57.31_log.txt

2012-03-15 19:57 - 2012-03-15 19:57 - 0000348 ____A C:\TDSSKiller.2.7.18.0_15.03.2012_22.57.07_log.txt

2012-03-14 21:33 - 2012-03-14 21:33 - 0081012 ____A C:\TDSSKiller.2.7.20.0_15.03.2012_00.33.28_log.txt

2012-03-14 21:33 - 2012-03-14 21:33 - 0000348 ____A C:\TDSSKiller.2.7.18.0_15.03.2012_00.33.16_log.txt

2012-03-13 20:45 - 2009-07-13 20:45 - 0288152 ____A C:\Windows\System32\FNTCACHE.DAT

2012-03-10 08:35 - 2012-03-10 08:35 - 0027648 ____A C:\Users\PWS\Documents\MTP.doc

2012-03-06 20:44 - 2012-03-06 20:44 - 0081012 ____A C:\TDSSKiller.2.7.19.0_06.03.2012_22.44.16_log.txt

2012-03-06 20:44 - 2012-03-06 20:44 - 0000348 ____A C:\TDSSKiller.2.7.18.0_06.03.2012_22.44.03_log.txt

2012-03-06 20:37 - 2012-03-06 20:37 - 0026624 ____A C:\Users\PWS\Documents\Now we must speak.doc

2012-03-05 22:53 - 2012-04-11 20:18 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-03-05 21:59 - 2012-04-11 20:18 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-03-05 21:59 - 2012-04-11 20:18 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-03-03 23:28 - 2012-03-03 23:27 - 0081012 ____A C:\TDSSKiller.2.7.18.0_04.03.2012_01.27.57_log.txt

2012-03-03 23:27 - 2012-03-03 23:27 - 0000348 ____A C:\TDSSKiller.2.7.13.0_04.03.2012_01.27.19_log.txt

2012-03-03 23:26 - 2012-03-03 23:26 - 0000348 ____A C:\TDSSKiller.2.7.13.0_04.03.2012_01.26.54_log.txt

2012-02-29 22:46 - 2012-04-11 20:17 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys

2012-02-29 22:38 - 2012-04-11 20:17 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-02-29 22:33 - 2012-04-11 20:17 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

2012-02-29 22:28 - 2012-04-11 20:17 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll

2012-02-29 21:37 - 2012-04-11 20:17 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-02-29 21:33 - 2012-04-11 20:17 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2012-02-29 21:29 - 2012-04-11 20:17 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2012-02-29 20:11 - 2012-02-29 20:11 - 0000000 ____D C:\Samsung

2012-02-29 07:17 - 2012-02-29 07:17 - 0000000 ____D C:\Windows\System32\Macromed

2012-02-27 23:34 - 2012-04-11 20:18 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-02-27 23:02 - 2012-04-11 20:18 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-02-27 22:56 - 2012-04-11 20:18 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-02-27 22:50 - 2012-04-11 20:18 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-02-27 22:49 - 2012-04-11 20:18 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-02-27 22:48 - 2012-04-11 20:18 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-02-27 22:48 - 2012-04-11 20:18 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-02-27 22:47 - 2012-04-11 20:18 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-02-27 22:45 - 2012-04-11 20:18 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-02-27 22:43 - 2012-04-11 20:18 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-02-27 22:43 - 2012-04-11 20:18 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-02-27 22:42 - 2012-04-11 20:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-02-27 22:39 - 2012-04-11 20:18 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-02-27 17:52 - 2012-04-11 20:18 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-02-27 17:27 - 2012-04-11 20:18 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-02-27 17:18 - 2012-04-11 20:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-02-27 17:12 - 2012-04-11 20:18 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-02-27 17:11 - 2012-04-11 20:18 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-02-27 17:11 - 2012-04-11 20:18 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-02-27 17:09 - 2012-04-11 20:18 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-02-27 17:08 - 2012-04-11 20:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-02-27 17:06 - 2012-04-11 20:18 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-02-27 17:04 - 2012-04-11 20:18 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-02-27 17:03 - 2012-04-11 20:18 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-02-27 17:03 - 2012-04-11 20:18 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-02-27 16:59 - 2012-04-11 20:18 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-02-26 10:01 - 2012-02-26 10:01 - 0030720 ____A C:\Users\PWS\Documents\BN logo.doc

2012-02-26 09:25 - 2012-02-26 09:25 - 0010062 ____A C:\Users\PWS\Desktop\bn logo.jpg

2012-02-26 09:21 - 2012-02-26 09:21 - 0000000 ____D C:\TSSDKiller

2012-02-22 14:21 - 2012-02-22 14:21 - 0020480 ____A C:\Users\PWS\Documents\TCS inquiry.doc

2012-02-22 12:06 - 2012-02-22 12:06 - 0956344 ____A (Microsoft Corporation) C:\Users\PWS\Desktop\SaveAsPDFandXPS.exe

2012-02-22 12:06 - 2012-02-22 12:06 - 0000000 ____D C:\Program Files (x86)\MSECache

2012-02-19 10:38 - 2011-12-22 13:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Games

2012-02-18 23:41 - 2012-02-18 23:41 - 1857786 ____A C:\Users\PWS\Desktop\ProcessExplorer.zip

2012-02-17 19:59 - 2011-12-18 10:26 - 0000174 ___SH C:\Users\PWS\Start Menu\Programs\Startup\desktop.ini

2012-02-17 19:59 - 2011-12-18 10:26 - 0000174 ___SH C:\Users\PWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

2012-02-16 22:38 - 2012-03-13 14:56 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll

2012-02-16 21:34 - 2012-03-13 14:56 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2012-02-16 20:58 - 2012-03-13 14:56 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-02-16 20:57 - 2012-03-13 14:56 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

2012-02-15 08:01 - 2012-02-15 08:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll

2012-02-15 08:01 - 2012-02-15 08:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys

2012-02-11 22:49 - 2011-12-22 22:12 - 0000127 ____A C:\Users\PWS\AppData\default.pls

2012-02-09 22:36 - 2012-03-13 18:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-02-09 22:29 - 2012-02-09 22:32 - 9153364 ____A C:\Users\PWS\Desktop\07 HKM.m4a

2012-02-09 22:22 - 2012-02-09 22:23 - 8576232 ____A C:\Users\PWS\Desktop\1-02 Ay.m4a

2012-02-09 22:11 - 2011-12-22 16:35 - 0000000 ____D C:\Users\PWS\AppData\Local\Ahead

2012-02-09 22:07 - 2012-02-09 21:43 - 0000000 ____D C:\Users\PWS\Desktop\New folder

2012-02-09 21:38 - 2012-03-13 18:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-02-09 07:17 - 2011-12-18 11:47 - 0002513 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk

2012-02-09 07:17 - 2011-12-18 11:46 - 0000000 ____D C:\Windows\System32\Drivers\N360x64

2012-02-02 20:34 - 2012-03-13 18:37 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-01-31 19:54 - 2012-01-31 19:54 - 1107576 ____A C:\Users\PWS\Desktop\Re OK.zip

2012-01-31 19:41 - 2012-01-31 19:38 - 0000000 ____D C:\Users\PWS\AppData\Roaming\ICAClient

2012-01-31 19:36 - 2012-01-31 19:36 - 0000000 ____D C:\Users\PWS\AppData\Roaming\Mozilla

2012-01-31 19:36 - 2012-01-31 19:36 - 0000000 ____D C:\Users\PWS\AppData\Local\Citrix

2012-01-30 22:55 - 2012-01-30 22:55 - 0019968 ____A C:\Users\PWS\Documents\OK.doc

2012-01-30 22:27 - 2012-01-30 22:27 - 0137796 ____A C:\Users\PWS\Documents\Scan0012.jpg

2012-01-30 22:25 - 2012-01-30 20:41 - 0030720 ____A C:\Users\PWS\Documents\504.doc

2012-01-28 10:53 - 2012-01-28 10:53 - 0102104 ____A C:\Users\PWS\Desktop\bell.wav

2012-01-24 22:38 - 2012-03-13 14:56 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-01-24 22:38 - 2012-03-13 14:56 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-01-24 22:33 - 2012-03-13 14:56 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 7%

Total physical RAM: 12199.23 MB

Available physical RAM: 11278.63 MB

Total Pagefile: 12197.43 MB

Available Pagefile: 11265.08 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:682.34 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]

2 Drive d: (DATA) (Fixed) (Total:1103.63 GB) (Free:1089.26 GB) NTFS

8 Drive j: (LEXAR) (Removable) (Total:0.97 GB) (Free:0.52 GB) FAT

10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 1863 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 Online 991 MB 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 1024 KB

Partition 2 Primary 745 GB 14 GB

Partition 3 Primary 1103 GB 759 GB

======================================================================================================

Disk: 0

Partition 1

Type : 1B

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C WIN7 NTFS Partition 745 GB Healthy

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D DATA NTFS Partition 1103 GB Healthy

======================================================================================================

Partitions of Disk 5:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 991 MB 31 KB

======================================================================================================

Disk: 5

Partition 1

Type : 04

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 7 J LEXAR FAT Removable 991 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-20 17:30

======================= End Of Log ==========================

CatByte · April 21, 2012

well, there is nothing in the log there, that shouldn't be there, which is good news, but that doesn't answer why you are still having issues, perhaps we are looking at an incompatible browser add-on? Do you have any installed?

Try cleaning out the temp files, then resetting the browser back to default, then we will do another diagnostic scan with a different tool and see if anything shows up.

Please run the following:

Temp File Cleaner

Download TFC to your desktop

Mirror

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

NEXT

Reset IE

Start Internet Explorer
Click on the Tools button, and then Internet Options.
Click the Advanced tab, and then click Reset.
When IE finishes applying default settings, click Close,
click OK.

NEXT

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs

NEXT

Please advise how the computer is behaving now

needhelp1 · April 21, 2012

Went to run OTL, Norton tagged it and its installation file as a backdoor and quarantined it, want me to override that?

CatByte · April 21, 2012

Yes please,

Please disable Norton while you run the tool

needhelp1 · April 21, 2012

Logs below. I tested how its behaving and I didn't see any redirects anymore when typing in correct URL's or doing Google searches. When testing a typo in the URL, it isn't going to the pages with popups and all that so that's good (a few went to Bing with the message "did you mean this page instead?" which is similar to what I got before - seems okay). If I type in say Malwarebytes' address with a typo, it goes to an unrelated site, I don't know if that's really an issue since the address is wrong anyway.

OTL:

OTL logfile created on: 4/21/2012 11:45:58 AM - Run 1

OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\PWS\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.91 Gb Total Physical Memory | 9.71 Gb Available Physical Memory | 81.47% Memory free

23.82 Gb Paging File | 21.70 Gb Available in Paging File | 91.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 745.21 Gb Total Space | 682.24 Gb Free Space | 91.55% Space Free | Partition Type: NTFS

Drive D: | 1103.63 Gb Total Space | 1089.26 Gb Free Space | 98.70% Space Free | Partition Type: NTFS

Computer Name: SD70 | User Name: PWS | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 11:39:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\PWS\Desktop\OTL.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/18 15:32:55 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe

PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/02/01 16:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 16:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/27 00:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

PRC - [2010/11/19 03:56:56 | 000,915,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe

PRC - [2010/11/10 14:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

PRC - [2010/11/03 04:30:14 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

PRC - [2010/10/21 04:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe

PRC - [2009/12/23 16:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

PRC - [2009/12/23 16:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe

PRC - [2007/06/27 20:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007/06/27 20:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2007/08/14 16:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/14 12:06:05 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360)

SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (EraserSvc11122)

SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011/02/01 16:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2011/02/01 16:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/11/19 03:56:56 | 000,915,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe -- (asHmComSvc)

SRV - [2010/11/03 04:30:14 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)

SRV - [2010/10/21 04:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/23 16:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/12/18 14:48:22 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/07/06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2011/05/31 15:29:49 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/05/31 15:29:49 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)

DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/02/23 21:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2011/02/23 21:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)

DRV:64bit: - [2010/12/10 00:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/12/10 00:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/25 22:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/01 16:14:34 | 012,157,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/08/31 08:07:05 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/07/02 05:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)

DRV:64bit: - [2010/02/26 18:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/01/14 07:27:46 | 000,032,544 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)

DRV:64bit: - [2010/01/14 07:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2)

DRV:64bit: - [2010/01/14 07:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2)

DRV:64bit: - [2010/01/14 07:27:18 | 000,029,472 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/04/21 11:08:42 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120420.032\ex64.sys -- (NAVEX15)

DRV - [2012/04/21 11:08:42 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120420.032\eng64.sys -- (NAVENG)

DRV - [2012/04/02 18:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/03/06 17:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120420.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/02/04 01:59:31 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/02/04 01:59:31 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/01/04 16:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-809943335-2564626158-2276789416-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-809943335-2564626158-2276789416-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/

IE - HKU\S-1-5-21-809943335-2564626158-2276789416-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/09 10:17:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_6_3 [2012/04/21 11:20:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/18 15:32:59 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/20 22:31:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-809943335-2564626158-2276789416-1000..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-809943335-2564626158-2276789416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B572E52D-654C-4037-A505-6BF565430247}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 11:39:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\PWS\Desktop\OTL.exe

[2012/04/21 11:08:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\PWS\Desktop\TFC.exe

[2012/04/21 03:03:52 | 000,000,000 | ---D | C] -- C:\FRST

[2012/04/20 22:55:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/04/20 22:34:54 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/04/20 21:06:55 | 004,470,025 | R--- | C] (Swearware) -- C:\Users\PWS\Desktop\ComboFix.exe

[2012/04/20 19:50:44 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\PWS\Desktop\TDSSKiller.exe

[2012/04/20 18:07:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/04/20 18:07:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/04/20 18:07:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/04/20 18:07:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/20 17:58:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/20 16:45:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\PWS\Desktop\aswMBR.exe

[2012/04/17 23:41:48 | 000,000,000 | ---D | C] -- C:\Users\PWS\Desktop\RK_Quarantine

[2012/04/14 14:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TD3

[2012/04/01 23:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/04/01 23:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/04/01 23:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/04/01 23:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/03/27 21:06:25 | 000,000,000 | ---D | C] -- C:\Users\PWS\Desktop\RW pics

[2012/03/25 22:14:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

========== Files - Modified Within 30 Days ==========

[2012/04/21 11:39:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\PWS\Desktop\OTL.exe

[2012/04/21 11:26:47 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/21 11:26:47 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/21 11:24:33 | 000,741,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/21 11:24:33 | 000,635,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/21 11:24:33 | 000,110,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/21 11:19:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/21 11:18:51 | 1003,929,598 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/21 11:08:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\PWS\Desktop\TFC.exe

[2012/04/21 11:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/20 22:31:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/04/20 21:06:55 | 004,470,025 | R--- | M] (Swearware) -- C:\Users\PWS\Desktop\ComboFix.exe

[2012/04/20 16:59:05 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\PWS\Desktop\TDSSKiller.exe

[2012/04/20 16:58:25 | 002,053,340 | ---- | M] () -- C:\Users\PWS\Desktop\tdsskiller.zip

[2012/04/20 16:56:12 | 000,000,564 | ---- | M] () -- C:\Users\PWS\Desktop\MBR.zip

[2012/04/20 16:53:58 | 000,000,512 | ---- | M] () -- C:\Users\PWS\Desktop\MBR.dat

[2012/04/20 16:45:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\PWS\Desktop\aswMBR.exe

[2012/04/18 13:52:35 | 000,421,079 | ---- | M] () -- C:\Users\PWS\Documents\Scan0017.pdf

[2012/04/18 13:46:18 | 000,109,939 | ---- | M] () -- C:\Users\PWS\Documents\Scan0016.pdf

[2012/04/18 13:39:45 | 000,494,444 | ---- | M] () -- C:\Users\PWS\Documents\Scan0015.pdf

[2012/04/18 13:36:36 | 000,420,858 | ---- | M] () -- C:\Users\PWS\Documents\Scan0014.pdf

[2012/04/18 13:20:52 | 000,498,262 | ---- | M] () -- C:\Users\PWS\Documents\Scan0013.pdf

[2012/04/18 13:08:17 | 000,421,285 | ---- | M] () -- C:\Users\PWS\Documents\Scan0012.pdf

[2012/04/16 21:58:25 | 000,020,978 | ---- | M] () -- C:\Users\PWS\Desktop\1682614.jpg

[2012/04/16 21:46:33 | 000,873,095 | ---- | M] () -- C:\Users\PWS\Desktop\OK.jpg

[2012/04/15 16:14:32 | 000,002,206 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN18IDM234.job

[2012/04/11 23:07:45 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012/04/10 17:12:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/08 15:20:56 | 000,002,408 | ---- | M] () -- C:\Windows\tasks\hpwebreg_xxxxxxxxxx.job

[2012/04/07 13:58:28 | 000,041,918 | ---- | M] () -- C:\Users\PWS\Desktop\640.jpg

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/01 23:15:57 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/04/20 18:07:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/20 18:07:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/20 18:07:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/20 18:07:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/20 18:07:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/20 16:58:25 | 002,053,340 | ---- | C] () -- C:\Users\PWS\Desktop\tdsskiller.zip

[2012/04/20 16:56:12 | 000,000,564 | ---- | C] () -- C:\Users\PWS\Desktop\MBR.zip

[2012/04/20 16:53:58 | 000,000,512 | ---- | C] () -- C:\Users\PWS\Desktop\MBR.dat

[2012/04/18 13:52:35 | 000,421,079 | ---- | C] () -- C:\Users\PWS\Documents\Scan0017.pdf

[2012/04/18 13:46:18 | 000,109,939 | ---- | C] () -- C:\Users\PWS\Documents\Scan0016.pdf

[2012/04/18 13:39:45 | 000,494,444 | ---- | C] () -- C:\Users\PWS\Documents\Scan0015.pdf

[2012/04/18 13:36:36 | 000,420,858 | ---- | C] () -- C:\Users\PWS\Documents\Scan0014.pdf

[2012/04/18 13:20:52 | 000,498,262 | ---- | C] () -- C:\Users\PWS\Documents\Scan0013.pdf

[2012/04/18 13:08:16 | 000,421,285 | ---- | C] () -- C:\Users\PWS\Documents\Scan0012.pdf

[2012/04/16 22:01:04 | 000,020,978 | ---- | C] () -- C:\Users\PWS\Desktop\1682614.jpg

[2012/04/16 21:46:33 | 000,873,095 | ---- | C] () -- C:\Users\PWS\Desktop\OK.jpg

[2012/04/07 13:58:36 | 000,041,918 | ---- | C] () -- C:\Users\PWS\Desktop\640.jpg

[2012/04/01 23:15:57 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/03/30 09:15:37 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2011/12/18 18:16:28 | 000,000,000 | ---- | C] () -- C:\Users\PWS\AppData\Roaming\FileOut.cns

[2011/12/18 18:16:28 | 000,000,000 | ---- | C] () -- C:\Users\PWS\AppData\Roaming\FileIn.cns

[2011/12/18 14:28:51 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/05/31 15:54:38 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys

[2011/05/31 15:53:58 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011/05/31 15:53:53 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll

[2011/05/31 15:53:53 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2011/05/31 15:53:53 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2011/05/31 15:43:13 | 000,002,237 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011/05/31 15:43:07 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/05/31 15:43:06 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[2011/05/31 15:43:06 | 000,002,180 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011/05/31 15:25:13 | 000,798,716 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/05/31 15:25:10 | 000,201,920 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/05/31 15:25:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/01/31 22:41:56 | 000,000,000 | ---D | M] -- C:\Users\PWS\AppData\Roaming\ICAClient

[2012/01/08 03:24:20 | 000,000,000 | ---D | M] -- C:\Users\PWS\AppData\Roaming\Tific

[2012/04/12 08:29:24 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2011/05/31 15:29:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2011/05/31 15:29:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe

[2011/05/31 15:29:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/05/31 15:29:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/05/31 15:29:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011/05/31 15:29:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/05/31 15:29:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >

[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe

[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe

[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives

---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: WDC WD20EARX-22PASB0 ATA Device

Partitions: 3

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -

Interface type: USB

Media Type:

Model: Generic- SD/MMC USB Device

Partitions: 0

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -

Interface type: USB

Media Type:

Model: Generic- Compact Flash USB Device

Partitions: 0

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -

Interface type: USB

Media Type:

Model: Generic- SM/xD Picture USB Device

Partitions: 0

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -

Interface type: USB

Media Type:

Model: Generic- MS/MS-Pro USB Device

Partitions: 0

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -

Interface type: USB

Media Type:

Model: HP Officejet Pro 85 USB Device

Partitions: 0

Status: OK

Status Info: 0

Partitions

---------------

DeviceID: Disk #0, Partition #0

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 14.00GB

Starting Offset: 1048576

Hidden sectors: 0

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 745.00GB

Starting Offset: 15230566400

Hidden sectors: 0

DeviceID: Disk #0, Partition #2

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 1,104.00GB

Starting Offset: 815388426240

Hidden sectors: 0

< End of report >

Extras:

OTL Extras logfile created on: 4/21/2012 11:45:58 AM - Run 1

OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\PWS\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.91 Gb Total Physical Memory | 9.71 Gb Available Physical Memory | 81.47% Memory free

23.82 Gb Paging File | 21.70 Gb Available in Paging File | 91.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 745.21 Gb Total Space | 682.24 Gb Free Space | 91.55% Space Free | Partition Type: NTFS

Drive D: | 1103.63 Gb Total Space | 1089.26 Gb Free Space | 98.70% Space Free | Partition Type: NTFS

Computer Name: SD70 | User Name: PWS | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety

"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{32C47C66-6393-413B-92D6-295E8A1D65DC}" = RailDriver for MSTS

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.8.0521 EN

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9D244037-7E69-4D6E-9729-0797D9294831}" = TC

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Asus Vibe2.0" = AsusVibe2.0

"DVD Shrink_is1" = DVD Shrink 3.2

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"N360" = Norton Security Suite

"RealPlayer 15.0" = RealPlayer

"Train Simulator 1.0" = Microsoft Train Simulator

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"MLT Greater Toronto Area" = MLT Greater Toronto Area

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/15/2012 4:38:59 PM | Computer Name = SD70 | Source = WinMgmt | ID = 10

Description =

Error - 4/15/2012 10:05:43 PM | Computer Name = SD70 | Source = WinMgmt | ID = 10

Description =

Error - 4/16/2012 10:19:59 AM | Computer Name = SD70 | Source = WinMgmt | ID = 10

Description =

Error - 4/16/2012 2:49:55 PM | Computer Name = SD70 | Source = VSS | ID = 8194

Description =

Error - 4/16/2012 10:12:22 PM | Computer Name = SD70 | Source = WinMgmt | ID = 10

Description =

Error - 4/17/2012 5:53:38 PM | Computer Name = SD70 | Source = WinMgmt | ID = 10

Description =

Error - 4/17/2012 6:13:15 PM | Computer Name = SD70 | Source = MsiInstaller | ID = 1023

Description =

Error - 4/17/2012 6:15:32 PM | Computer Name = SD70 | Source = MsiInstaller | ID = 1023

Description =

Error - 4/17/2012 6:16:11 PM | Computer Name = SD70 | Source = MsiInstaller | ID = 1023

Description =

Error - 4/17/2012 11:24:43 PM | Computer Name = SD70 | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 4/20/2012 11:11:26 PM | Computer Name = SD70 | Source = Service Control Manager | ID = 7023

Description = The Windows Defender service terminated with the following error:

%%126

Error - 4/20/2012 11:19:18 PM | Computer Name = SD70 | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291

Description = SAM failed to start the TCP/IP or SPX/IPX listening thread

Error - 4/20/2012 11:20:11 PM | Computer Name = SD70 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AsIO AsUpIO BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

Error - 4/20/2012 11:20:17 PM | Computer Name = SD70 | Source = DCOM | ID = 10005

Description =

Error - 4/20/2012 11:20:24 PM | Computer Name = SD70 | Source = DCOM | ID = 10005

Description =

Error - 4/20/2012 11:20:28 PM | Computer Name = SD70 | Source = DCOM | ID = 10005

Description =

Error - 4/20/2012 11:20:28 PM | Computer Name = SD70 | Source = DCOM | ID = 10005

Description =

Error - 4/20/2012 11:22:30 PM | Computer Name = SD70 | Source = Service Control Manager | ID = 7023

Description = The Windows Defender service terminated with the following error:

%%126

Error - 4/20/2012 11:27:58 PM | Computer Name = SD70 | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 4/20/2012 11:29:18 PM | Computer Name = SD70 | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

< End of report >

CatByte · April 21, 2012

If I type in say Malwarebytes' address with a typo, it goes to an unrelated site, I don't know if that's really an issue since the address is wrong anyway.

No, I really wouldn't consider that a problem.

please do the following:

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL log

Nave you never installed Java on this machine?

needhelp1 · April 22, 2012

Sorry just a quick question, copy the entire OTL text there or just the four commands in brackets at the bottom? As far as Java, I don't think I did.

CatByte · April 22, 2012

Hi,

yes, the entire contents of the code box

thanks

needhelp1 · April 22, 2012

All processes killed

Error: Unable to interpret <:OTLO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.:Filesipconfig /flushdns /c:Commands[resethosts][purity][emptytemp][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.40.0 log created on 04212012_202649

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

CatByte · April 22, 2012

hi

the script didn't execute properly,

make sure you start with the colon in front of the :OTL directive

copy/paste the fix into the custom scan box then press the Run Fix button


:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[purity]
[emptytemp]
[Reboot]

Possible redirect infection

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information