Viruses being detected but not removed

[Azzz090]

Hello.

My laptop has recently been giving obvious signs of infection, including opening websites unasked.

Running Malewarebytes shows six objects, and says that it has removed and deleted them, but a rescan after relogging still shows them.

I've tried in safemode and in chameleon with no joy.

This is what the log detects.

Files Detected: 6

C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

Any help would be fantastic. From what i've read, this ain't good.

[Azzz090]

apologies, this is the DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Pan at 18:13:42 on 2012-08-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1790.486 [GMT 1:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\lxbccoms.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\HP\HP Deskjet 3050 J610 series\bin\HPNetworkCommunicator.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

"C:\Windows\System32\svchost.exe" -k LocalServiceDns

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = <local>;*.local

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{ADC6FCD1-4C03-4A32-BC03-B13D92DD62DE} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BEC2AB5C-2F1E-4BA4-B5AA-888E30B510B1} : DhcpNameServer = 192.168.137.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

IFEO: image file execution options - svchost.exe

Hosts: 67.212.189.114 google.com

Hosts: 67.212.189.114 google.com.au

Hosts: 67.212.189.114 www.google.com.au

Hosts: 67.212.189.114 google.be

Hosts: 67.212.189.114 www.google.be

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\pan\appdata\roaming\mozilla\firefox\profiles\ptp5irss.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_UK&apn_uid=82C573F3-9864-4582-88E4-89E11D130D1C&apn_ptnrs=GG&apn_sauid=&apn_dtid=YYYYYYB3GB&&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-11 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-11 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-11 467592]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100415.001\IDSvix86.sys [2010-4-17 343088]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]

R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-28 365952]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-28 193840]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-29 1153368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250056]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-8-18 31560]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]

.

=============== Created Last 30 ================

.

2012-08-18 16:57:08 54016 ----a-w- c:\windows\system32\drivers\eblsbvyn.sys

2012-08-18 15:42:07 -------- d-----w- c:\users\pan\appdata\local\{7EF2CA78-90D9-4ECB-8746-C007020E1095}

2012-08-18 14:45:13 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-18 14:18:41 -------- d-----w- c:\users\pan\appdata\local\{B5B9D7F7-19D8-42DC-B258-7C998E990F90}

2012-08-17 16:39:36 -------- d-----w- c:\program files\Oracle

2012-08-17 16:17:35 -------- d-----w- c:\users\pan\appdata\local\{053928AA-88E7-429D-8CA3-5739830A6A52}

2012-08-17 16:17:10 -------- d-----w- c:\users\pan\appdata\local\{6AD4C5B9-EE33-4405-8E98-101EDA6C1A0D}

2012-08-16 16:01:19 -------- d-----w- c:\users\pan\appdata\local\{17FAA6B0-9946-407A-A3F0-E6BC6F07F6E0}

2012-08-16 16:00:40 -------- d-----w- c:\users\pan\appdata\local\{807056E7-8E71-4BF3-9923-629900A1D74A}

2012-08-15 16:48:22 -------- d-----w- c:\users\pan\appdata\local\{1E40E3CD-7FF7-44FF-B09A-5F042925ECDB}

2012-08-15 16:47:54 -------- d-----w- c:\users\pan\appdata\local\{A18921C6-3EAF-4E04-8F94-AE3536F21F68}

2012-08-14 12:55:52 -------- d-----w- c:\users\pan\appdata\local\{799399B8-CE06-47F2-A5AA-5A62EB0076FB}

2012-08-14 12:55:29 -------- d-----w- c:\users\pan\appdata\local\{F2309C55-5273-44A8-AC8A-95C64E41F1CC}

2012-08-13 19:08:35 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-08-13 15:50:53 -------- d-----w- c:\users\pan\appdata\local\{F4FB7E55-525D-462F-8BF4-E199C647CB79}

2012-08-13 15:50:34 -------- d-----w- c:\users\pan\appdata\local\{FD3F9E0B-F9F1-47A8-A146-795FF06E7DA4}

2012-08-13 09:16:34 -------- d-----w- c:\users\pan\appdata\local\{83F832F8-8950-4476-9AA1-12208B5F05F2}

2012-08-12 11:33:46 -------- d-----w- c:\users\pan\appdata\local\{ACA6F10F-B641-447E-9522-DFB9555DE6D7}

2012-08-12 11:33:30 -------- d-----w- c:\users\pan\appdata\local\{51DE061C-27AF-445F-889B-2BBE4F154D2C}

2012-08-11 18:54:56 -------- d-----w- c:\users\pan\appdata\local\{C15A903E-A267-49B7-A48B-E6B7AD9E8DC7}

2012-08-11 18:54:13 -------- d-----w- c:\users\pan\appdata\local\{34E89B81-8292-4190-BE96-0BF43D5B1A40}

2012-08-10 19:50:01 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6414d645-c3eb-47c7-aad8-73514edd0f0b}\mpengine.dll

2012-08-10 19:41:39 -------- d-----w- c:\users\pan\appdata\local\{E0B3327F-D375-4440-88D6-8092FE43A169}

2012-08-10 19:41:20 -------- d-----w- c:\users\pan\appdata\local\{A492ACC9-D571-4D72-A8A1-71BEC9A17266}

2012-08-10 00:47:43 -------- d-----w- c:\users\pan\appdata\local\{B7D49221-C8EE-4225-A731-B39B61B73850}

2012-08-10 00:47:18 -------- d-----w- c:\users\pan\appdata\local\{EBC8F122-FACF-4DF8-88F5-8DA6494F463E}

2012-08-09 11:08:26 -------- d-----w- c:\users\pan\appdata\local\{AB8D7EFD-9D91-4DDE-B94E-9E3260AE408B}

2012-08-09 11:08:13 -------- d-----w- c:\users\pan\appdata\local\{695209BD-6E25-4C83-BC08-DFDA3CCA3DFA}

2012-08-08 03:32:03 -------- d-----w- c:\users\pan\appdata\local\{2654DED9-667A-461D-ABF9-D289B73BD883}

2012-08-08 03:31:08 -------- d-----w- c:\users\pan\appdata\local\{E659948B-2406-4DAA-B8AE-41F3CDFDAF6F}

2012-08-07 12:20:51 -------- d-----w- c:\users\pan\appdata\local\{162B9FFA-AD5E-48AF-904F-C3BF46E9CDBE}

2012-08-07 12:20:06 -------- d-----w- c:\users\pan\appdata\local\{B262EB23-8731-493C-B5C5-2901ACA0E333}

2012-08-06 08:58:54 -------- d-----w- c:\users\pan\appdata\local\{A5C712D2-E95F-4516-A221-28C3496253BA}

2012-08-06 08:58:39 -------- d-----w- c:\users\pan\appdata\local\{6F50665D-66C8-4FE3-BF83-70B917D090A0}

2012-08-01 10:29:43 -------- d-----w- c:\users\pan\appdata\local\{CCC167EF-907F-480D-BB1B-2FC7B22891C7}

2012-08-01 10:29:12 -------- d-----w- c:\users\pan\appdata\local\{4BFD3D89-09F7-4D89-8FAC-519873CB162B}

2012-07-28 19:36:08 -------- d-----w- c:\users\pan\appdata\local\{71E94E74-13D8-4BC6-BD6C-81D45F9BB412}

2012-07-28 19:35:33 -------- d-----w- c:\users\pan\appdata\local\{672C54BA-6449-4242-8A91-25AA0B666313}

2012-07-27 22:49:51 -------- d-----w- c:\users\pan\appdata\local\{B759CAAE-DF7A-4E17-AB59-89AB4733234D}

2012-07-27 22:49:28 -------- d-----w- c:\users\pan\appdata\local\{BA7430A2-2A39-4745-BE95-B546AB5992C9}

2012-07-26 08:26:54 -------- d-----w- c:\users\pan\appdata\local\{7ADCBCC8-A007-448E-9047-F66AF8A32D77}

2012-07-26 08:26:40 -------- d-----w- c:\users\pan\appdata\local\{8644702F-9408-4DD1-9D3B-78344F6876C8}

2012-07-25 12:43:37 -------- d-----w- c:\users\pan\appdata\local\{DE88CED2-E51C-4A3D-ABD3-18DAD4FF37E2}

2012-07-25 12:43:05 -------- d-----w- c:\users\pan\appdata\local\{AFA1ED6E-EA76-4B9F-BDE1-06FF5573C4DA}

2012-07-24 12:37:35 -------- d-----w- c:\users\pan\appdata\local\{42ED71AA-459E-4332-86B9-F688464A8F36}

2012-07-24 12:37:19 -------- d-----w- c:\users\pan\appdata\local\{71055A3E-E12C-4802-9315-19D1F33483BB}

2012-07-23 17:55:12 -------- d-----w- c:\users\pan\appdata\local\{2981DD60-0DAB-4319-BC87-16F3609E5827}

2012-07-23 17:54:56 -------- d-----w- c:\users\pan\appdata\local\{C46358A0-EAEE-4EC9-9E15-A318C7730180}

2012-07-22 13:14:34 -------- d-----w- c:\users\pan\appdata\local\{2903F81C-B5C7-42E7-A372-4297B94EF638}

2012-07-22 13:14:19 -------- d-----w- c:\users\pan\appdata\local\{DB2D6CBE-5EEC-44F2-A5B8-F5BB9ECE6E77}

2012-07-21 17:20:15 -------- d-----w- c:\users\pan\appdata\local\{CAECAD3C-825F-40EE-9CC9-42BF317E485A}

2012-07-21 17:19:58 -------- d-----w- c:\users\pan\appdata\local\{28FF73EB-FBB8-4C18-8DA2-1B54A1973422}

2012-07-20 12:27:57 -------- d-----w- c:\users\pan\appdata\local\{BCED2EC5-E1A2-4BCF-9A37-B203ED1A6445}

2012-07-20 12:27:44 -------- d-----w- c:\users\pan\appdata\local\{7D408AA6-2436-4685-A17E-FC22651D730E}

.

==================== Find3M ====================

.

2012-08-14 23:30:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-14 23:30:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-05 21:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 18:15:22.94 ===============

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[Azzz090]

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.18.05

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Pan :: PAN-PC [administrator]

18/08/2012 19:41:32

mbam-log-2012-08-18 (19-41-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206152

Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\{d2f30a79-6d29-e35e-ce1a-6ef7d366573b}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

[Azzz090]

I don't think the tool is running properly. I tried twice and both times it just closed unexplextedly. It also didn't let me choose where to save it to when prompting the download, just save or cancel.

[Azzz090]

Had to uninstall and redowload but I got it.

I'll post the other when it's gone through

ComboFix 12-08-18.03 - Pan 18/08/2012 20:38:14.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1790.653 [GMT 1:00]

Running from: c:\users\Pan\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3}

c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3}\chrome.manifest

c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3}\chrome\content\_cfg.js

c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3}\chrome\content\overlay.xul

c:\users\Pan\AppData\Local\{CB1AAAAA-5F5B-455C-96FF-012FE6DDB2E3}\install.rdf

c:\users\Pan\AppData\Roaming\Cioq

c:\users\Pan\AppData\Roaming\Cioq\atun.nyk

c:\users\Pan\AppData\Roaming\Ethiy

c:\users\Pan\AppData\Roaming\Ethiy\ahidg.ydu

c:\users\Pan\AppData\Roaming\Evxe

c:\users\Pan\AppData\Roaming\Evxe\uqsuk.car

c:\users\Pan\AppData\Roaming\Evxe\uqsuk.tmp

c:\users\Pan\AppData\Roaming\Idyr

c:\users\Pan\AppData\Roaming\Idyr\usuk.evd

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\energy.dll

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\energy.drv

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\energy.exe

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\exec.drv

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\exec.sys

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\fix.exe

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\FS.sys

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\FW.exe

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\gid.sys

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\pal.dll

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\PE.exe

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\sld.drv

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\SM.dll

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\std.exe

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\std.tmp

c:\users\Pan\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys

c:\users\Pan\AppData\Roaming\Roketi

c:\users\Pan\AppData\Roaming\Roketi\heig.laf

c:\users\Pan\AppData\Roaming\Udgub

c:\users\Pan\AppData\Roaming\Udgub\efeqb.oly

c:\users\Pan\AppData\Roaming\Undiaz

c:\users\Pan\AppData\Roaming\Undiaz\ebbeo.afp

c:\users\Pan\AppData\Roaming\Uwicy

c:\users\Pan\AppData\Roaming\Uwicy\fudy.ezl

c:\users\Pan\AppData\Roaming\Wyivos

c:\users\Pan\AppData\Roaming\Wyivos\zuqia.ymi

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))

.

.

2012-08-18 14:45 . 2012-08-18 14:45 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-17 16:39 . 2012-08-17 16:39 -------- d-----w- c:\program files\Oracle

2012-08-13 19:08 . 2012-08-13 19:08 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-08-10 19:50 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6414D645-C3EB-47C7-AAD8-73514EDD0F0B}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-14 23:30 . 2012-06-21 19:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-14 23:30 . 2011-07-30 18:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-05 21:06 . 2011-02-20 14:00 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 12:46 . 2010-05-02 06:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-21 18:34 . 2012-06-21 18:34 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-13 13:40 . 2012-07-14 17:56 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 16:47 . 2012-07-13 23:35 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47 . 2012-07-13 23:35 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26 . 2012-07-13 23:35 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:19 . 2012-06-21 17:18 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 17:18 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 17:17 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 17:17 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 17:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 17:18 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 17:17 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19 . 2012-06-21 17:17 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:12 . 2012-06-21 17:17 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33 . 2012-07-14 17:44 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25 . 2012-07-14 17:44 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25 . 2012-07-14 17:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20 . 2012-07-14 17:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16 . 2012-07-14 17:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 00:04 . 2012-07-13 23:35 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03 . 2012-07-13 23:35 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 11:25 . 2010-02-15 22:26 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-04-25 00:58 . 2011-04-25 00:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2011-04-25 01:48 . 2011-04-25 01:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2011-04-25 01:00 . 2011-04-25 01:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2011-04-25 00:59 . 2011-04-25 00:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2011-04-25 00:58 . 2011-04-25 00:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2011-04-25 00:57 . 2011-04-25 00:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2011-04-25 00:58 . 2011-04-25 00:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2011-04-25 00:58 . 2011-04-25 00:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-03-31 10:09 . 2010-03-31 10:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 12:36 . 2010-04-08 12:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2011-04-25 00:51 . 2011-04-25 00:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2011-04-25 01:00 . 2011-04-25 01:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-07-18 18:40 . 2011-05-06 18:12 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 23:30]

.

2012-08-12 c:\windows\Tasks\HPCeeScheduleForPan.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-28 18:34]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = <local>;*.local

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Pan\AppData\Roaming\Mozilla\Firefox\Profiles\ptp5irss.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_UK&apn_uid=82C573F3-9864-4582-88E4-89E11D130D1C&apn_ptnrs=GG&apn_sauid=&apn_dtid=YYYYYYB3GB&&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Spotify - c:\users\Pan\AppData\Roaming\Spotify\Spotify.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-18 20:56

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\lxbccoms.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

c:\program files\SMINST\BLService.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Microsoft Application Virtualization Client\sftvsa.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\program files\Microsoft Application Virtualization Client\sftlist.exe

c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-08-18 21:02:02 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-18 20:01

.

Pre-Run: 88,586,096,640 bytes free

Post-Run: 88,878,563,328 bytes free

.

- - End Of File - - 39D21CE59EE8BDF8770FD47271D8E346

[Azzz090]

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Pan at 21:06:25 on 2012-08-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1790.701 [GMT 1:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\lxbccoms.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\alg.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\mobsync.exe

C:\Windows\Explorer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = <local>;*.local

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{ADC6FCD1-4C03-4A32-BC03-B13D92DD62DE} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BEC2AB5C-2F1E-4BA4-B5AA-888E30B510B1} : DhcpNameServer = 192.168.137.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\pan\appdata\roaming\mozilla\firefox\profiles\ptp5irss.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_UK&apn_uid=82C573F3-9864-4582-88E4-89E11D130D1C&apn_ptnrs=GG&apn_sauid=&apn_dtid=YYYYYYB3GB&&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-11 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-11 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-11 467592]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100415.001\IDSvix86.sys [2010-4-17 343088]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]

R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-28 365952]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-29 1153368]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250056]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-28 193840]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-8-18 31560]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]

.

=============== Created Last 30 ================

.

2012-08-18 20:02:06 -------- d-----w- c:\users\pan\appdata\local\temp

2012-08-18 19:54:44 -------- d-----w- C:\$RECYCLE.BIN

2012-08-18 19:32:54 256000 ----a-w- c:\windows\PEV.exe

2012-08-18 19:32:54 208896 ----a-w- c:\windows\MBR.exe

2012-08-18 19:32:53 98816 ----a-w- c:\windows\sed.exe

2012-08-18 19:32:53 518144 ----a-w- c:\windows\SWREG.exe

2012-08-18 19:32:34 -------- d-----w- C:\ComboFix

2012-08-18 15:42:07 -------- d-----w- c:\users\pan\appdata\local\{7EF2CA78-90D9-4ECB-8746-C007020E1095}

2012-08-18 14:45:13 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-18 14:18:41 -------- d-----w- c:\users\pan\appdata\local\{B5B9D7F7-19D8-42DC-B258-7C998E990F90}

2012-08-17 16:39:36 -------- d-----w- c:\program files\Oracle

2012-08-17 16:17:35 -------- d-----w- c:\users\pan\appdata\local\{053928AA-88E7-429D-8CA3-5739830A6A52}

2012-08-17 16:17:10 -------- d-----w- c:\users\pan\appdata\local\{6AD4C5B9-EE33-4405-8E98-101EDA6C1A0D}

2012-08-16 16:01:19 -------- d-----w- c:\users\pan\appdata\local\{17FAA6B0-9946-407A-A3F0-E6BC6F07F6E0}

2012-08-16 16:00:40 -------- d-----w- c:\users\pan\appdata\local\{807056E7-8E71-4BF3-9923-629900A1D74A}

2012-08-15 16:48:22 -------- d-----w- c:\users\pan\appdata\local\{1E40E3CD-7FF7-44FF-B09A-5F042925ECDB}

2012-08-15 16:47:54 -------- d-----w- c:\users\pan\appdata\local\{A18921C6-3EAF-4E04-8F94-AE3536F21F68}

2012-08-14 12:55:52 -------- d-----w- c:\users\pan\appdata\local\{799399B8-CE06-47F2-A5AA-5A62EB0076FB}

2012-08-14 12:55:29 -------- d-----w- c:\users\pan\appdata\local\{F2309C55-5273-44A8-AC8A-95C64E41F1CC}

2012-08-13 19:08:35 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-08-13 15:50:53 -------- d-----w- c:\users\pan\appdata\local\{F4FB7E55-525D-462F-8BF4-E199C647CB79}

2012-08-13 15:50:34 -------- d-----w- c:\users\pan\appdata\local\{FD3F9E0B-F9F1-47A8-A146-795FF06E7DA4}

2012-08-13 09:16:34 -------- d-----w- c:\users\pan\appdata\local\{83F832F8-8950-4476-9AA1-12208B5F05F2}

2012-08-12 11:33:46 -------- d-----w- c:\users\pan\appdata\local\{ACA6F10F-B641-447E-9522-DFB9555DE6D7}

2012-08-12 11:33:30 -------- d-----w- c:\users\pan\appdata\local\{51DE061C-27AF-445F-889B-2BBE4F154D2C}

2012-08-11 18:54:56 -------- d-----w- c:\users\pan\appdata\local\{C15A903E-A267-49B7-A48B-E6B7AD9E8DC7}

2012-08-11 18:54:13 -------- d-----w- c:\users\pan\appdata\local\{34E89B81-8292-4190-BE96-0BF43D5B1A40}

2012-08-10 19:50:01 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6414d645-c3eb-47c7-aad8-73514edd0f0b}\mpengine.dll

2012-08-10 19:41:39 -------- d-----w- c:\users\pan\appdata\local\{E0B3327F-D375-4440-88D6-8092FE43A169}

2012-08-10 19:41:20 -------- d-----w- c:\users\pan\appdata\local\{A492ACC9-D571-4D72-A8A1-71BEC9A17266}

2012-08-10 00:47:43 -------- d-----w- c:\users\pan\appdata\local\{B7D49221-C8EE-4225-A731-B39B61B73850}

2012-08-10 00:47:18 -------- d-----w- c:\users\pan\appdata\local\{EBC8F122-FACF-4DF8-88F5-8DA6494F463E}

2012-08-09 11:08:26 -------- d-----w- c:\users\pan\appdata\local\{AB8D7EFD-9D91-4DDE-B94E-9E3260AE408B}

2012-08-09 11:08:13 -------- d-----w- c:\users\pan\appdata\local\{695209BD-6E25-4C83-BC08-DFDA3CCA3DFA}

2012-08-08 03:32:03 -------- d-----w- c:\users\pan\appdata\local\{2654DED9-667A-461D-ABF9-D289B73BD883}

2012-08-08 03:31:08 -------- d-----w- c:\users\pan\appdata\local\{E659948B-2406-4DAA-B8AE-41F3CDFDAF6F}

2012-08-07 12:20:51 -------- d-----w- c:\users\pan\appdata\local\{162B9FFA-AD5E-48AF-904F-C3BF46E9CDBE}

2012-08-07 12:20:06 -------- d-----w- c:\users\pan\appdata\local\{B262EB23-8731-493C-B5C5-2901ACA0E333}

2012-08-06 08:58:54 -------- d-----w- c:\users\pan\appdata\local\{A5C712D2-E95F-4516-A221-28C3496253BA}

2012-08-06 08:58:39 -------- d-----w- c:\users\pan\appdata\local\{6F50665D-66C8-4FE3-BF83-70B917D090A0}

2012-08-01 10:29:43 -------- d-----w- c:\users\pan\appdata\local\{CCC167EF-907F-480D-BB1B-2FC7B22891C7}

2012-08-01 10:29:12 -------- d-----w- c:\users\pan\appdata\local\{4BFD3D89-09F7-4D89-8FAC-519873CB162B}

2012-07-28 19:36:08 -------- d-----w- c:\users\pan\appdata\local\{71E94E74-13D8-4BC6-BD6C-81D45F9BB412}

2012-07-28 19:35:33 -------- d-----w- c:\users\pan\appdata\local\{672C54BA-6449-4242-8A91-25AA0B666313}

2012-07-27 22:49:51 -------- d-----w- c:\users\pan\appdata\local\{B759CAAE-DF7A-4E17-AB59-89AB4733234D}

2012-07-27 22:49:28 -------- d-----w- c:\users\pan\appdata\local\{BA7430A2-2A39-4745-BE95-B546AB5992C9}

2012-07-26 08:26:54 -------- d-----w- c:\users\pan\appdata\local\{7ADCBCC8-A007-448E-9047-F66AF8A32D77}

2012-07-26 08:26:40 -------- d-----w- c:\users\pan\appdata\local\{8644702F-9408-4DD1-9D3B-78344F6876C8}

2012-07-25 12:43:37 -------- d-----w- c:\users\pan\appdata\local\{DE88CED2-E51C-4A3D-ABD3-18DAD4FF37E2}

2012-07-25 12:43:05 -------- d-----w- c:\users\pan\appdata\local\{AFA1ED6E-EA76-4B9F-BDE1-06FF5573C4DA}

2012-07-24 12:37:35 -------- d-----w- c:\users\pan\appdata\local\{42ED71AA-459E-4332-86B9-F688464A8F36}

2012-07-24 12:37:19 -------- d-----w- c:\users\pan\appdata\local\{71055A3E-E12C-4802-9315-19D1F33483BB}

2012-07-23 17:55:12 -------- d-----w- c:\users\pan\appdata\local\{2981DD60-0DAB-4319-BC87-16F3609E5827}

2012-07-23 17:54:56 -------- d-----w- c:\users\pan\appdata\local\{C46358A0-EAEE-4EC9-9E15-A318C7730180}

2012-07-22 13:14:34 -------- d-----w- c:\users\pan\appdata\local\{2903F81C-B5C7-42E7-A372-4297B94EF638}

2012-07-22 13:14:19 -------- d-----w- c:\users\pan\appdata\local\{DB2D6CBE-5EEC-44F2-A5B8-F5BB9ECE6E77}

2012-07-21 17:20:15 -------- d-----w- c:\users\pan\appdata\local\{CAECAD3C-825F-40EE-9CC9-42BF317E485A}

2012-07-21 17:19:58 -------- d-----w- c:\users\pan\appdata\local\{28FF73EB-FBB8-4C18-8DA2-1B54A1973422}

2012-07-20 12:27:57 -------- d-----w- c:\users\pan\appdata\local\{BCED2EC5-E1A2-4BCF-9A37-B203ED1A6445}

2012-07-20 12:27:44 -------- d-----w- c:\users\pan\appdata\local\{7D408AA6-2436-4685-A17E-FC22651D730E}

.

==================== Find3M ====================

.

2012-08-14 23:30:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-14 23:30:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-05 21:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 11:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 21:07:05.21 ===============

[Azzz090]

I've run a couple more Malwarebytes scans since doing the above and it's no longer detecting any problems.

If that's the end of the story then thank you so, so much. I'm a total novice at things like this and i really appriciate the time you took to help me. =)

[Azzz090]

Sorry to keep posting but I'm really spooked about all this.

I don't think my problem has been completed, as I can't upload any windows updates and their automatic solutions page cannot resolve it either.

Could someone possibly tell me a way of making sure my laptop is currently clean or not? I'm afraid that the virus has just managed to make itself undetectable by malewarebytes.

[screen317]

Hi,

Every time you reply, you get pushed to the bottom of my queue. Please stop bumping.

Grab a fresh copy of ComboFix, run it, and post its log.

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Export the threats found (if any), and post them here.
   

Next, please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[Azzz090]

I'm sorry about all the bumps. I really do appriciate the time you've put into helping me and I was taking the rather misguided position that any and all information would be usefull. Sorry again.

I think everything has been sorted because the programmes showed nothing. I'll post the logs just incase though because i'm far from an expert.

ComboFix 12-08-20.02 - Pan 20/08/2012 20:48:57.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1790.872 [GMT 1:00]

Running from: c:\users\Pan\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))

.

.

2012-08-20 20:01 . 2012-08-20 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-19 15:14 . 2012-08-19 15:14 -------- d-----w- c:\users\Pan\AppData\Local\ElevatedDiagnostics

2012-08-19 14:31 . 2012-08-19 14:33 -------- d-----w- c:\users\Pan\AppData\Local\Google

2012-08-18 20:02 . 2012-08-20 20:01 -------- d-----w- c:\users\Pan\AppData\Local\temp

2012-08-18 14:45 . 2012-08-18 14:45 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-17 16:39 . 2012-08-17 16:39 -------- d-----w- c:\program files\Oracle

2012-08-13 19:08 . 2012-08-13 19:08 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-08-10 19:50 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6414D645-C3EB-47C7-AAD8-73514EDD0F0B}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-14 23:30 . 2012-06-21 19:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-14 23:30 . 2011-07-30 18:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-05 21:06 . 2011-02-20 14:00 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 12:46 . 2010-05-02 06:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-21 18:34 . 2012-06-21 18:34 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-13 13:40 . 2012-07-14 17:56 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 16:47 . 2012-07-13 23:35 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 16:47 . 2012-07-13 23:35 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:26 . 2012-07-13 23:35 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 22:19 . 2012-06-21 17:18 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 17:18 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 17:17 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 17:17 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 17:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 17:18 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 17:17 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19 . 2012-06-21 17:17 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:12 . 2012-06-21 17:17 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33 . 2012-07-14 17:44 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25 . 2012-07-14 17:44 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25 . 2012-07-14 17:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20 . 2012-07-14 17:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16 . 2012-07-14 17:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 00:04 . 2012-07-13 23:35 278528 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 00:03 . 2012-07-13 23:35 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 11:25 . 2010-02-15 22:26 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-04-25 00:58 . 2011-04-25 00:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2011-04-25 01:48 . 2011-04-25 01:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2011-04-25 01:00 . 2011-04-25 01:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2011-04-25 00:59 . 2011-04-25 00:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2011-04-25 00:58 . 2011-04-25 00:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2011-04-25 00:57 . 2011-04-25 00:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2011-04-25 00:58 . 2011-04-25 00:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2011-04-25 00:58 . 2011-04-25 00:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-03-31 10:09 . 2010-03-31 10:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 12:36 . 2010-04-08 12:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2011-04-25 00:51 . 2011-04-25 00:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2011-04-25 01:00 . 2011-04-25 01:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-07-18 18:40 . 2011-05-06 18:12 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 23:30]

.

2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347287116-2082654252-2714282664-1000Core.job

- c:\users\Pan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 14:31]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3347287116-2082654252-2714282664-1000UA.job

- c:\users\Pan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 14:31]

.

2012-08-19 c:\windows\Tasks\HPCeeScheduleForPan.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-28 18:34]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb

uInternet Settings,ProxyOverride = <local>;*.local

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Pan\AppData\Roaming\Mozilla\Firefox\Profiles\ptp5irss.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_UK&apn_uid=82C573F3-9864-4582-88E4-89E11D130D1C&apn_ptnrs=GG&apn_sauid=&apn_dtid=YYYYYYB3GB&&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: yahoo.homepage.dontask - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-20 21:01

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-08-20 21:05:06

ComboFix-quarantined-files.txt 2012-08-20 20:05

ComboFix2.txt 2012-08-18 20:02

.

Pre-Run: 87,380,357,120 bytes free

Post-Run: 86,977,011,712 bytes free

.

- - End Of File - - CA1993286857C7D5036E7ABED722460A

21:15:37.0380 5984 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03

21:15:37.0692 5984 ============================================================

21:15:37.0692 5984 Current date / time: 2012/08/20 21:15:37.0692

21:15:37.0692 5984 SystemInfo:

21:15:37.0692 5984

21:15:37.0692 5984 OS Version: 6.0.6002 ServicePack: 2.0

21:15:37.0692 5984 Product type: Workstation

21:15:37.0692 5984 ComputerName: PAN-PC

21:15:37.0692 5984 UserName: Pan

21:15:37.0692 5984 Windows directory: C:\Windows

21:15:37.0692 5984 System windows directory: C:\Windows

21:15:37.0692 5984 Processor architecture: Intel x86

21:15:37.0692 5984 Number of processors: 2

21:15:37.0692 5984 Page size: 0x1000

21:15:37.0692 5984 Boot type: Normal boot

21:15:37.0692 5984 ============================================================

21:15:39.0393 5984 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:15:39.0408 5984 ============================================================

21:15:39.0408 5984 \Device\Harddisk0\DR0:

21:15:39.0408 5984 MBR partitions:

21:15:39.0408 5984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC8AFC1

21:15:39.0408 5984 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BC8B000, BlocksNum 0x1539000

21:15:39.0408 5984 ============================================================

21:15:39.0440 5984 C: <-> \Device\Harddisk0\DR0\Partition1

21:15:39.0627 5984 D: <-> \Device\Harddisk0\DR0\Partition2

21:15:39.0627 5984 ============================================================

21:15:39.0627 5984 Initialize success

21:15:39.0627 5984 ============================================================

21:15:41.0686 5908 ============================================================

21:15:41.0686 5908 Scan started

21:15:41.0686 5908 Mode: Manual;

21:15:41.0686 5908 ============================================================

21:15:42.0794 5908 ================ Scan system memory ========================

21:15:42.0794 5908 System memory - ok

21:15:42.0794 5908 ================ Scan services =============================

21:15:43.0262 5908 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

21:15:43.0293 5908 ACPI - ok

21:15:43.0418 5908 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:15:43.0418 5908 AdobeFlashPlayerUpdateSvc - ok

21:15:43.0496 5908 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

21:15:43.0511 5908 adp94xx - ok

21:15:43.0558 5908 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

21:15:43.0558 5908 adpahci - ok

21:15:43.0605 5908 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

21:15:43.0605 5908 adpu160m - ok

21:15:43.0652 5908 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

21:15:43.0652 5908 adpu320 - ok

21:15:43.0698 5908 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:15:43.0698 5908 AeLookupSvc - ok

21:15:43.0761 5908 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

21:15:43.0776 5908 AFD - ok

21:15:43.0808 5908 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

21:15:43.0823 5908 agp440 - ok

21:15:43.0854 5908 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

21:15:43.0854 5908 aic78xx - ok

21:15:43.0901 5908 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

21:15:43.0932 5908 ALG - ok

21:15:43.0964 5908 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys

21:15:43.0964 5908 aliide - ok

21:15:43.0979 5908 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

21:15:43.0979 5908 amdagp - ok

21:15:43.0995 5908 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys

21:15:43.0995 5908 amdide - ok

21:15:44.0026 5908 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

21:15:44.0026 5908 AmdK7 - ok

21:15:44.0073 5908 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

21:15:44.0073 5908 AmdK8 - ok

21:15:44.0104 5908 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

21:15:44.0104 5908 Appinfo - ok

21:15:44.0276 5908 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:15:44.0276 5908 Apple Mobile Device - ok

21:15:44.0354 5908 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

21:15:44.0354 5908 arc - ok

21:15:44.0400 5908 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

21:15:44.0400 5908 arcsas - ok

21:15:44.0541 5908 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:15:44.0541 5908 aspnet_state - ok

21:15:44.0588 5908 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:15:44.0588 5908 AsyncMac - ok

21:15:44.0650 5908 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

21:15:44.0666 5908 atapi - ok

21:15:44.0744 5908 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys

21:15:44.0775 5908 athr - ok

21:15:44.0853 5908 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:15:44.0884 5908 AudioEndpointBuilder - ok

21:15:44.0900 5908 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

21:15:44.0915 5908 Audiosrv - ok

21:15:44.0993 5908 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

21:15:44.0993 5908 Beep - ok

21:15:45.0056 5908 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

21:15:45.0165 5908 BFE - ok

21:15:45.0368 5908 [ 76154FA6A742C613B44BB636B1A7C057 ] BHDrvx86 C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys

21:15:45.0430 5908 BHDrvx86 - ok

21:15:45.0524 5908 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

21:15:45.0524 5908 blbdrive - ok

21:15:45.0586 5908 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:15:45.0617 5908 Bonjour Service - ok

21:15:45.0680 5908 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:15:45.0695 5908 bowser - ok

21:15:45.0726 5908 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

21:15:45.0726 5908 BrFiltLo - ok

21:15:45.0773 5908 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

21:15:45.0773 5908 BrFiltUp - ok

21:15:45.0804 5908 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

21:15:45.0820 5908 Browser - ok

21:15:45.0851 5908 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

21:15:45.0851 5908 Brserid - ok

21:15:45.0898 5908 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

21:15:45.0898 5908 BrSerWdm - ok

21:15:45.0960 5908 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

21:15:45.0960 5908 BrUsbMdm - ok

21:15:46.0023 5908 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

21:15:46.0023 5908 BrUsbSer - ok

21:15:46.0054 5908 [ CCE53AFC28347CC18EA139972E5B5E5A ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys

21:15:46.0054 5908 BthEnum - ok

21:15:46.0101 5908 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

21:15:46.0101 5908 BTHMODEM - ok

21:15:46.0179 5908 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

21:15:46.0179 5908 BthPan - ok

21:15:46.0241 5908 [ AC8A1689D5EFC4D214201155A78D8F4B ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

21:15:46.0272 5908 BTHPORT - ok

21:15:46.0304 5908 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll

21:15:46.0304 5908 BthServ - ok

21:15:46.0335 5908 [ 288C1F74E3E2EED6C7B54EB3AAC70856 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

21:15:46.0350 5908 BTHUSB - ok

21:15:46.0725 5908 catchme - ok

21:15:46.0803 5908 [ 3182B846490DC4D71FABD4A8CB6B73EA ] ccHP C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys

21:15:46.0850 5908 ccHP - ok

21:15:46.0881 5908 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:15:46.0896 5908 cdfs - ok

21:15:46.0959 5908 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:15:46.0959 5908 cdrom - ok

21:15:46.0990 5908 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

21:15:47.0006 5908 CertPropSvc - ok

21:15:47.0037 5908 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

21:15:47.0037 5908 circlass - ok

21:15:47.0084 5908 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

21:15:47.0099 5908 CLFS - ok

21:15:47.0146 5908 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:15:47.0146 5908 clr_optimization_v2.0.50727_32 - ok

21:15:47.0240 5908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:15:47.0240 5908 clr_optimization_v4.0.30319_32 - ok

21:15:47.0286 5908 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

21:15:47.0286 5908 CmBatt - ok

21:15:47.0302 5908 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:15:47.0302 5908 cmdide - ok

21:15:47.0364 5908 [ 1ADF6F4852E7D7E2E8AC481BDB970586 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys

21:15:47.0364 5908 CnxtHdAudService - ok

21:15:47.0458 5908 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

21:15:47.0474 5908 Com4QLBEx - ok

21:15:47.0520 5908 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

21:15:47.0520 5908 Compbatt - ok

21:15:47.0536 5908 COMSysApp - ok

21:15:47.0552 5908 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

21:15:47.0567 5908 crcdisk - ok

21:15:47.0630 5908 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

21:15:47.0630 5908 Crusoe - ok

21:15:47.0723 5908 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:15:47.0739 5908 CryptSvc - ok

21:15:47.0801 5908 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys

21:15:47.0801 5908 ctxusbm - ok

21:15:48.0004 5908 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

21:15:48.0082 5908 cvhsvc - ok

21:15:48.0176 5908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:15:48.0191 5908 DcomLaunch - ok

21:15:48.0254 5908 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:15:48.0254 5908 DfsC - ok

21:15:48.0363 5908 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

21:15:48.0456 5908 DFSR - ok

21:15:48.0519 5908 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

21:15:48.0534 5908 Dhcp - ok

21:15:48.0581 5908 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

21:15:48.0581 5908 disk - ok

21:15:48.0628 5908 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:15:48.0659 5908 Dnscache - ok

21:15:48.0690 5908 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

21:15:48.0706 5908 dot3svc - ok

21:15:48.0753 5908 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

21:15:48.0753 5908 DPS - ok

21:15:48.0784 5908 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:15:48.0800 5908 drmkaud - ok

21:15:48.0909 5908 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:15:48.0956 5908 DXGKrnl - ok

21:15:49.0002 5908 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

21:15:49.0002 5908 E1G60 - ok

21:15:49.0034 5908 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

21:15:49.0034 5908 EapHost - ok

21:15:49.0080 5908 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

21:15:49.0096 5908 Ecache - ok

21:15:49.0252 5908 [ 96BCD90ED9235A21629EFFDE5E941FB1 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

21:15:49.0268 5908 eeCtrl - ok

21:15:49.0424 5908 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:15:49.0439 5908 ehRecvr - ok

21:15:49.0470 5908 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

21:15:49.0486 5908 ehSched - ok

21:15:49.0502 5908 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

21:15:49.0517 5908 ehstart - ok

21:15:49.0580 5908 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

21:15:49.0611 5908 elxstor - ok

21:15:49.0767 5908 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

21:15:49.0782 5908 EMDMgmt - ok

21:15:49.0845 5908 [ 392C86F6B45C0BC696C32C27F51E749F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

21:15:49.0845 5908 EraserUtilRebootDrv - ok

21:15:49.0876 5908 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

21:15:49.0876 5908 ErrDev - ok

21:15:50.0016 5908 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

21:15:50.0032 5908 EventSystem - ok

21:15:50.0110 5908 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

21:15:50.0126 5908 exfat - ok

21:15:50.0204 5908 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll

21:15:50.0219 5908 ezSharedSvc - ok

21:15:50.0313 5908 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:15:50.0328 5908 fastfat - ok

21:15:50.0391 5908 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

21:15:50.0391 5908 fdc - ok

21:15:50.0438 5908 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

21:15:50.0453 5908 fdPHost - ok

21:15:50.0516 5908 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

21:15:50.0531 5908 FDResPub - ok

21:15:50.0609 5908 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:15:50.0625 5908 FileInfo - ok

21:15:50.0672 5908 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:15:50.0672 5908 Filetrace - ok

21:15:50.0703 5908 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

21:15:50.0703 5908 flpydisk - ok

21:15:50.0765 5908 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:15:50.0796 5908 FltMgr - ok

21:15:50.0937 5908 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

21:15:50.0999 5908 FontCache - ok

21:15:51.0062 5908 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

21:15:51.0062 5908 FontCache3.0.0.0 - ok

21:15:51.0155 5908 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

21:15:51.0155 5908 fssfltr - ok

21:15:51.0342 5908 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe

21:15:51.0436 5908 fsssvc - ok

21:15:51.0467 5908 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:15:51.0498 5908 Fs_Rec - ok

21:15:51.0545 5908 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

21:15:51.0545 5908 gagp30kx - ok

21:15:51.0654 5908 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

21:15:51.0654 5908 GameConsoleService - ok

21:15:51.0764 5908 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:15:51.0764 5908 GEARAspiWDM - ok

21:15:51.0826 5908 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

21:15:51.0857 5908 gpsvc - ok

21:15:51.0920 5908 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:15:51.0920 5908 HdAudAddService - ok

21:15:52.0029 5908 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:15:52.0060 5908 HDAudBus - ok

21:15:52.0076 5908 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

21:15:52.0076 5908 HidBth - ok

21:15:52.0107 5908 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

21:15:52.0107 5908 HidIr - ok

21:15:52.0169 5908 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

21:15:52.0169 5908 hidserv - ok

21:15:52.0232 5908 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:15:52.0232 5908 HidUsb - ok

21:15:52.0278 5908 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:15:52.0278 5908 hkmsvc - ok

21:15:52.0388 5908 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

21:15:52.0403 5908 HP Health Check Service - ok

21:15:52.0512 5908 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

21:15:52.0512 5908 HpCISSs - ok

21:15:52.0590 5908 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

21:15:52.0590 5908 HpqKbFiltr - ok

21:15:52.0731 5908 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

21:15:52.0731 5908 hpqwmiex - ok

21:15:52.0824 5908 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

21:15:52.0856 5908 HSF_DPV - ok

21:15:52.0902 5908 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys

21:15:52.0902 5908 HSXHWAZL - ok

21:15:52.0996 5908 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:15:53.0012 5908 HTTP - ok

21:15:53.0074 5908 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

21:15:53.0074 5908 i2omp - ok

21:15:53.0121 5908 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

21:15:53.0121 5908 i8042prt - ok

21:15:53.0168 5908 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

21:15:53.0168 5908 iaStorV - ok

21:15:53.0277 5908 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

21:15:53.0277 5908 IDriverT - ok

21:15:53.0339 5908 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:15:53.0386 5908 idsvc - ok

21:15:53.0589 5908 [ 785B0AB77D977445D58B02EA63C11FB2 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100415.001\IDSvix86.sys

21:15:53.0620 5908 IDSVix86 - ok

21:15:53.0651 5908 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

21:15:53.0667 5908 iirsp - ok

21:15:53.0745 5908 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

21:15:53.0760 5908 IKEEXT - ok

21:15:53.0823 5908 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys

21:15:53.0823 5908 intelide - ok

21:15:53.0870 5908 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

21:15:53.0870 5908 intelppm - ok

21:15:53.0916 5908 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:15:53.0916 5908 IPBusEnum - ok

21:15:53.0963 5908 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:15:53.0963 5908 IpFilterDriver - ok

21:15:54.0057 5908 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:15:54.0057 5908 iphlpsvc - ok

21:15:54.0072 5908 IpInIp - ok

21:15:54.0104 5908 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

21:15:54.0104 5908 IPMIDRV - ok

21:15:54.0135 5908 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

21:15:54.0135 5908 IPNAT - ok

21:15:54.0213 5908 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

21:15:54.0244 5908 iPod Service - ok

21:15:54.0260 5908 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:15:54.0260 5908 IRENUM - ok

21:15:54.0291 5908 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:15:54.0291 5908 isapnp - ok

21:15:54.0322 5908 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

21:15:54.0322 5908 iScsiPrt - ok

21:15:54.0338 5908 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

21:15:54.0338 5908 iteatapi - ok

21:15:54.0369 5908 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

21:15:54.0369 5908 iteraid - ok

21:15:54.0384 5908 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:15:54.0384 5908 kbdclass - ok

21:15:54.0447 5908 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

21:15:54.0462 5908 kbdhid - ok

21:15:54.0494 5908 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

21:15:54.0494 5908 KeyIso - ok

21:15:54.0618 5908 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:15:54.0650 5908 KSecDD - ok

21:15:54.0728 5908 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

21:15:54.0743 5908 KtmRm - ok

21:15:54.0790 5908 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

21:15:54.0821 5908 LanmanServer - ok

21:15:54.0868 5908 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:15:54.0930 5908 LanmanWorkstation - ok

21:15:55.0024 5908 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

21:15:55.0024 5908 LightScribeService - ok

21:15:55.0071 5908 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:15:55.0086 5908 lltdio - ok

21:15:55.0149 5908 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:15:55.0164 5908 lltdsvc - ok

21:15:55.0211 5908 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:15:55.0211 5908 lmhosts - ok

21:15:55.0242 5908 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

21:15:55.0242 5908 LSI_FC - ok

21:15:55.0258 5908 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

21:15:55.0258 5908 LSI_SAS - ok

21:15:55.0305 5908 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

21:15:55.0305 5908 LSI_SCSI - ok

21:15:55.0336 5908 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

21:15:55.0367 5908 luafv - ok

21:15:55.0367 5908 lxbc_device - ok

21:15:55.0430 5908 [ CA0A6FF40EBB10B19F108EB2404F40A7 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys

21:15:55.0430 5908 mbamchameleon - ok

21:15:55.0648 5908 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe

21:15:55.0664 5908 McComponentHostService - ok

21:15:55.0695 5908 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:15:55.0742 5908 Mcx2Svc - ok

21:15:55.0851 5908 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

21:15:55.0882 5908 mdmxsdk - ok

21:15:55.0929 5908 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

21:15:55.0929 5908 megasas - ok

21:15:56.0022 5908 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

21:15:56.0038 5908 MegaSR - ok

21:15:56.0132 5908 Microsoft SharePoint Workspace Audit Service - ok

21:15:56.0210 5908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

21:15:56.0225 5908 MMCSS - ok

21:15:56.0256 5908 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

21:15:56.0272 5908 Modem - ok

21:15:56.0350 5908 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:15:56.0350 5908 monitor - ok

21:15:56.0381 5908 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:15:56.0381 5908 mouclass - ok

21:15:56.0412 5908 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:15:56.0412 5908 mouhid - ok

21:15:56.0444 5908 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

21:15:56.0459 5908 MountMgr - ok

21:15:56.0506 5908 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

21:15:56.0522 5908 MozillaMaintenance - ok

21:15:56.0553 5908 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

21:15:56.0553 5908 mpio - ok

21:15:56.0584 5908 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:15:56.0600 5908 mpsdrv - ok

21:15:56.0662 5908 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

21:15:56.0678 5908 MpsSvc - ok

21:15:56.0709 5908 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

21:15:56.0724 5908 Mraid35x - ok

21:15:56.0771 5908 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:15:56.0802 5908 MRxDAV - ok

21:15:56.0834 5908 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:15:56.0849 5908 mrxsmb - ok

21:15:56.0896 5908 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:15:56.0927 5908 mrxsmb10 - ok

21:15:56.0958 5908 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:15:56.0958 5908 mrxsmb20 - ok

21:15:56.0990 5908 [ AA305CFF241DA187BD5077DE4A2A043D ] msahci C:\Windows\system32\drivers\msahci.sys

21:15:57.0005 5908 msahci - ok

21:15:57.0052 5908 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe

21:15:57.0068 5908 MSCamSvc - ok

21:15:57.0099 5908 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:15:57.0099 5908 msdsm - ok

21:15:57.0146 5908 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

21:15:57.0161 5908 MSDTC - ok

21:15:57.0224 5908 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:15:57.0224 5908 Msfs - ok

21:15:57.0255 5908 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:15:57.0255 5908 msisadrv - ok

21:15:57.0302 5908 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:15:57.0302 5908 MSiSCSI - ok

21:15:57.0333 5908 msiserver - ok

21:15:57.0364 5908 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:15:57.0364 5908 MSKSSRV - ok

21:15:57.0395 5908 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:15:57.0395 5908 MSPCLOCK - ok

21:15:57.0411 5908 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:15:57.0411 5908 MSPQM - ok

21:15:57.0489 5908 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:15:57.0520 5908 MsRPC - ok

21:15:57.0551 5908 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:15:57.0551 5908 mssmbios - ok

21:15:57.0582 5908 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:15:57.0582 5908 MSTEE - ok

21:15:57.0598 5908 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

21:15:57.0614 5908 Mup - ok

21:15:57.0660 5908 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

21:15:57.0676 5908 napagent - ok

21:15:57.0738 5908 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:15:57.0738 5908 NativeWifiP - ok

21:15:57.0816 5908 NAVENG - ok

21:15:57.0832 5908 NAVEX15 - ok

21:15:57.0910 5908 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

21:15:57.0910 5908 NDIS - ok

21:15:57.0972 5908 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:15:57.0988 5908 NdisTapi - ok

21:15:58.0004 5908 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:15:58.0019 5908 Ndisuio - ok

21:15:58.0082 5908 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:15:58.0113 5908 NdisWan - ok

21:15:58.0144 5908 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:15:58.0144 5908 NDProxy - ok

21:15:58.0175 5908 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:15:58.0175 5908 NetBIOS - ok

21:15:58.0253 5908 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

21:15:58.0269 5908 netbt - ok

21:15:58.0300 5908 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

21:15:58.0316 5908 Netlogon - ok

21:15:58.0378 5908 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

21:15:58.0394 5908 Netman - ok

21:15:58.0487 5908 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

21:15:58.0534 5908 netprofm - ok

21:15:58.0565 5908 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:15:58.0581 5908 NetTcpPortSharing - ok

21:15:58.0799 5908 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys

21:15:58.0862 5908 NETw3v32 - ok

21:15:58.0877 5908 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

21:15:58.0877 5908 nfrd960 - ok

21:15:58.0955 5908 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:15:58.0971 5908 NlaSvc - ok

21:15:59.0049 5908 [ 64C89DB40949FD0E7C8FF303676A91F1 ] Norton Internet Security C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

21:15:59.0049 5908 Norton Internet Security - ok

21:15:59.0111 5908 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:15:59.0111 5908 Npfs - ok

21:15:59.0158 5908 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

21:15:59.0158 5908 nsi - ok

21:15:59.0220 5908 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:15:59.0236 5908 nsiproxy - ok

21:15:59.0298 5908 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:15:59.0314 5908 Ntfs - ok

21:15:59.0361 5908 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

21:15:59.0361 5908 ntrigdigi - ok

21:15:59.0408 5908 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

21:15:59.0408 5908 Null - ok

21:15:59.0532 5908 [ AE78A7285DF03A277415FC62F8CE8F24 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys

21:15:59.0548 5908 NVENETFD - ok

21:15:59.0595 5908 [ B0DD52428BF564F5FC5EE331060BE2A6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys

21:15:59.0595 5908 NVHDA - ok

21:16:00.0000 5908 [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:16:00.0110 5908 nvlddmkm - ok

21:16:00.0141 5908 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:16:00.0156 5908 nvraid - ok

21:16:00.0188 5908 [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys

21:16:00.0188 5908 nvsmu - ok

21:16:00.0250 5908 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:16:00.0250 5908 nvstor - ok

21:16:00.0312 5908 [ 51E7F2C26B6ECE61C5241F1F731EAB2B ] nvsvc C:\Windows\system32\nvvsvc.exe

21:16:00.0359 5908 nvsvc - ok

21:16:00.0390 5908 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:16:00.0390 5908 nv_agp - ok

21:16:00.0406 5908 NwlnkFlt - ok

21:16:00.0406 5908 NwlnkFwd - ok

21:16:00.0468 5908 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

21:16:00.0484 5908 ohci1394 - ok

21:16:00.0578 5908 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:16:00.0593 5908 ose - ok

21:16:00.0983 5908 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:16:01.0202 5908 osppsvc - ok

21:16:01.0326 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

21:16:01.0373 5908 p2pimsvc - ok

21:16:01.0404 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

21:16:01.0404 5908 p2psvc - ok

21:16:01.0451 5908 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

21:16:01.0451 5908 Parport - ok

21:16:01.0576 5908 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:16:01.0576 5908 partmgr - ok

21:16:01.0623 5908 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

21:16:01.0623 5908 Parvdm - ok

21:16:01.0670 5908 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

21:16:01.0685 5908 PcaSvc - ok

21:16:01.0732 5908 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

21:16:01.0779 5908 pci - ok

21:16:01.0826 5908 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

21:16:01.0826 5908 pciide - ok

21:16:01.0872 5908 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

21:16:01.0872 5908 pcmcia - ok

21:16:01.0935 5908 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:16:01.0966 5908 PEAUTH - ok

21:16:02.0106 5908 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

21:16:02.0200 5908 pla - ok

21:16:02.0309 5908 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:16:02.0309 5908 PlugPlay - ok

21:16:02.0418 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

21:16:02.0450 5908 PNRPAutoReg - ok

21:16:02.0496 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

21:16:02.0512 5908 PNRPsvc - ok

21:16:02.0559 5908 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:16:02.0684 5908 PolicyAgent - ok

21:16:02.0824 5908 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:16:02.0824 5908 PptpMiniport - ok

21:16:02.0871 5908 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys

21:16:02.0871 5908 Processor - ok

21:16:02.0933 5908 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

21:16:02.0949 5908 ProfSvc - ok

21:16:02.0964 5908 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

21:16:02.0964 5908 ProtectedStorage - ok

21:16:03.0027 5908 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

21:16:03.0027 5908 PSched - ok

21:16:03.0089 5908 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

21:16:03.0089 5908 ql2300 - ok

21:16:03.0152 5908 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

21:16:03.0167 5908 ql40xx - ok

21:16:03.0261 5908 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

21:16:03.0261 5908 QWAVE - ok

21:16:03.0308 5908 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:16:03.0308 5908 QWAVEdrv - ok

21:16:03.0339 5908 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:16:03.0339 5908 RasAcd - ok

21:16:03.0370 5908 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

21:16:03.0370 5908 RasAuto - ok

21:16:03.0401 5908 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:16:03.0417 5908 Rasl2tp - ok

21:16:03.0479 5908 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

21:16:03.0510 5908 RasMan - ok

21:16:03.0557 5908 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:16:03.0557 5908 RasPppoe - ok

21:16:03.0604 5908 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:16:03.0635 5908 RasSstp - ok

21:16:03.0682 5908 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:16:03.0682 5908 rdbss - ok

21:16:03.0713 5908 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:16:03.0713 5908 RDPCDD - ok

21:16:03.0791 5908 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

21:16:03.0791 5908 rdpdr - ok

21:16:03.0807 5908 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:16:03.0807 5908 RDPENCDD - ok

21:16:03.0932 5908 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:16:03.0947 5908 RDPWD - ok

21:16:04.0072 5908 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe

21:16:04.0103 5908 Recovery Service for Windows - ok

21:16:04.0197 5908 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:16:04.0212 5908 RemoteAccess - ok

21:16:04.0259 5908 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:16:04.0275 5908 RemoteRegistry - ok

21:16:04.0353 5908 [ 23F486726DA7A9B2F3EC7326421A9C36 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

21:16:04.0353 5908 RFCOMM - ok

21:16:04.0478 5908 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe

21:16:04.0493 5908 RichVideo - ok

21:16:04.0540 5908 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

21:16:04.0587 5908 RpcLocator - ok

21:16:04.0618 5908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

21:16:04.0634 5908 RpcSs - ok

21:16:04.0712 5908 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:16:04.0712 5908 rspndr - ok

21:16:04.0774 5908 [ 8DAB5975B5C7923D61506A48E251DBAD ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS

21:16:04.0774 5908 RTSTOR - ok

21:16:04.0805 5908 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

21:16:04.0821 5908 SamSs - ok

21:16:04.0868 5908 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:16:04.0868 5908 sbp2port - ok

21:16:05.0070 5908 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

21:16:05.0133 5908 SBSDWSCService - ok

21:16:05.0226 5908 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:16:05.0242 5908 SCardSvr - ok

21:16:05.0367 5908 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

21:16:05.0382 5908 Schedule - ok

21:16:05.0460 5908 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

21:16:05.0460 5908 SCPolicySvc - ok

21:16:05.0538 5908 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

21:16:05.0538 5908 sdbus - ok

21:16:05.0632 5908 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:16:05.0648 5908 SDRSVC - ok

21:16:05.0679 5908 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:16:05.0710 5908 secdrv - ok

21:16:05.0757 5908 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

21:16:05.0757 5908 seclogon - ok

21:16:05.0788 5908 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

21:16:05.0804 5908 SENS - ok

21:16:05.0850 5908 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

21:16:05.0850 5908 Serenum - ok

21:16:05.0897 5908 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

21:16:05.0897 5908 Serial - ok

21:16:05.0960 5908 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

21:16:05.0960 5908 sermouse - ok

21:16:06.0022 5908 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

21:16:06.0053 5908 SessionEnv - ok

21:16:06.0084 5908 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:16:06.0084 5908 sffdisk - ok

21:16:06.0116 5908 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:16:06.0116 5908 sffp_mmc - ok

21:16:06.0131 5908 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:16:06.0131 5908 sffp_sd - ok

21:16:06.0194 5908 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

21:16:06.0194 5908 sfloppy - ok

21:16:06.0240 5908 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

21:16:06.0256 5908 Sftfs - ok

21:16:06.0303 5908 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

21:16:06.0334 5908 sftlist - ok

21:16:06.0381 5908 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

21:16:06.0381 5908 Sftplay - ok

21:16:06.0443 5908 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

21:16:06.0443 5908 Sftredir - ok

21:16:06.0490 5908 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

21:16:06.0490 5908 Sftvol - ok

21:16:06.0506 5908 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

21:16:06.0521 5908 sftvsa - ok

21:16:06.0584 5908 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:16:06.0599 5908 SharedAccess - ok

21:16:06.0693 5908 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:16:06.0693 5908 ShellHWDetection - ok

21:16:06.0755 5908 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

21:16:06.0755 5908 sisagp - ok

21:16:06.0802 5908 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

21:16:06.0802 5908 SiSRaid2 - ok

21:16:06.0864 5908 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

21:16:06.0864 5908 SiSRaid4 - ok

21:16:07.0098 5908 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

21:16:07.0270 5908 slsvc - ok

21:16:07.0332 5908 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

21:16:07.0364 5908 SLUINotify - ok

21:16:07.0442 5908 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:16:07.0473 5908 Smb - ok

21:16:07.0535 5908 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:16:07.0551 5908 SNMPTRAP - ok

21:16:07.0598 5908 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

21:16:07.0613 5908 spldr - ok

21:16:07.0644 5908 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

21:16:07.0644 5908 Spooler - ok

21:16:07.0878 5908 [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS

21:16:07.0894 5908 SRTSP - ok

21:16:07.0925 5908 [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS

21:16:07.0956 5908 SRTSPX - ok

21:16:08.0019 5908 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

21:16:08.0066 5908 srv - ok

21:16:08.0112 5908 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:16:08.0159 5908 srv2 - ok

21:16:08.0206 5908 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:16:08.0237 5908 srvnet - ok

21:16:08.0284 5908 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:16:08.0300 5908 SSDPSRV - ok

21:16:08.0378 5908 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:16:08.0378 5908 SstpSvc - ok

21:16:08.0456 5908 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

21:16:08.0487 5908 StillCam - ok

21:16:08.0534 5908 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

21:16:08.0565 5908 stisvc - ok

21:16:08.0596 5908 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:16:08.0596 5908 swenum - ok

21:16:08.0658 5908 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

21:16:08.0690 5908 swprv - ok

21:16:08.0721 5908 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

21:16:08.0721 5908 Symc8xx - ok

21:16:08.0736 5908 SYMDNS - ok

21:16:08.0799 5908 [ D0885F6E24259A6C65E68D6AD749910A ] SymEFA C:\Windows\system32\drivers\NIS\1008030.006\SYMEFA.SYS

21:16:08.0861 5908 SymEFA - ok

21:16:08.0908 5908 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

21:16:08.0908 5908 SymEvent - ok

21:16:08.0924 5908 SYMFW - ok

21:16:08.0986 5908 [ 34F1C9D5DCC19DF1E824D6B73767B8AF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys

21:16:08.0986 5908 SymIM - ok

21:16:09.0002 5908 SYMNDISV - ok

21:16:09.0017 5908 SYMREDRV - ok

21:16:09.0064 5908 [ 26BC80EC79D7BA478249C266CBDF17B4 ] SYMTDI C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS

21:16:09.0064 5908 SYMTDI - ok

21:16:09.0080 5908 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

21:16:09.0080 5908 Sym_hi - ok

21:16:09.0126 5908 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

21:16:09.0126 5908 Sym_u3 - ok

21:16:09.0189 5908 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

21:16:09.0189 5908 SynTP - ok

21:16:09.0251 5908 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

21:16:09.0282 5908 SysMain - ok

21:16:09.0345 5908 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:16:09.0360 5908 TabletInputService - ok

21:16:09.0407 5908 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:16:09.0423 5908 TapiSrv - ok

21:16:09.0470 5908 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

21:16:09.0470 5908 TBS - ok

21:16:09.0532 5908 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:16:09.0548 5908 Tcpip - ok

21:16:09.0626 5908 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

21:16:09.0657 5908 Tcpip6 - ok

21:16:09.0719 5908 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:16:09.0750 5908 tcpipreg - ok

21:16:09.0782 5908 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:16:09.0797 5908 TDPIPE - ok

21:16:09.0828 5908 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:16:09.0828 5908 TDTCP - ok

21:16:09.0875 5908 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:16:09.0875 5908 tdx - ok

21:16:09.0969 5908 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:16:09.0969 5908 TermDD - ok

21:16:10.0047 5908 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

21:16:10.0047 5908 TermService - ok

21:16:10.0094 5908 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

21:16:10.0109 5908 Themes - ok

21:16:10.0140 5908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

21:16:10.0156 5908 THREADORDER - ok

21:16:10.0218 5908 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

21:16:10.0250 5908 TrkWks - ok

21:16:10.0312 5908 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:16:10.0343 5908 TrustedInstaller - ok

21:16:10.0390 5908 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:16:10.0390 5908 tssecsrv - ok

21:16:10.0421 5908 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

21:16:10.0437 5908 tunmp - ok

21:16:10.0468 5908 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:16:10.0468 5908 tunnel - ok

21:16:10.0499 5908 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

21:16:10.0499 5908 uagp35 - ok

21:16:10.0562 5908 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:16:10.0562 5908 udfs - ok

21:16:10.0608 5908 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:16:10.0640 5908 UI0Detect - ok

21:16:10.0671 5908 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:16:10.0671 5908 uliagpkx - ok

21:16:10.0702 5908 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

21:16:10.0702 5908 uliahci - ok

21:16:10.0733 5908 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

21:16:10.0733 5908 UlSata - ok

21:16:10.0780 5908 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

21:16:10.0780 5908 ulsata2 - ok

21:16:10.0811 5908 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:16:10.0827 5908 umbus - ok

21:16:10.0920 5908 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

21:16:10.0936 5908 upnphost - ok

21:16:10.0998 5908 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

21:16:11.0014 5908 USBAAPL - ok

21:16:11.0076 5908 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

21:16:11.0108 5908 usbaudio - ok

21:16:11.0154 5908 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:16:11.0186 5908 usbccgp - ok

21:16:11.0232 5908 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:16:11.0248 5908 usbcir - ok

21:16:11.0295 5908 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:16:11.0295 5908 usbehci - ok

21:16:11.0342 5908 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:16:11.0357 5908 usbhub - ok

21:16:11.0388 5908 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

21:16:11.0420 5908 usbohci - ok

21:16:11.0466 5908 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

21:16:11.0482 5908 usbprint - ok

21:16:11.0545 5908 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:16:11.0545 5908 USBSTOR - ok

21:16:11.0592 5908 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

21:16:11.0592 5908 usbuhci - ok

21:16:11.0686 5908 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

21:16:11.0701 5908 usbvideo - ok

21:16:11.0733 5908 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

21:16:11.0748 5908 UxSms - ok

21:16:11.0811 5908 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

21:16:11.0873 5908 vds - ok

21:16:11.0904 5908 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:16:11.0904 5908 vga - ok

21:16:11.0935 5908 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

21:16:11.0967 5908 VgaSave - ok

21:16:11.0998 5908 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

21:16:11.0998 5908 viaagp - ok

21:16:12.0029 5908 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

21:16:12.0029 5908 ViaC7 - ok

21:16:12.0060 5908 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys

21:16:12.0076 5908 viaide - ok

21:16:12.0107 5908 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:16:12.0107 5908 volmgr - ok

21:16:12.0169 5908 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:16:12.0185 5908 volmgrx - ok

21:16:12.0247 5908 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:16:12.0263 5908 volsnap - ok

21:16:12.0279 5908 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

21:16:12.0294 5908 vsmraid - ok

21:16:12.0419 5908 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

21:16:12.0497 5908 VSS - ok

21:16:12.0653 5908 [ E26744E5DD71A16E80D4DD5A286B8423 ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys

21:16:12.0700 5908 VX3000 - ok

21:16:12.0778 5908 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

21:16:12.0793 5908 W32Time - ok

21:16:12.0856 5908 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

21:16:12.0856 5908 WacomPen - ok

21:16:12.0934 5908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

21:16:12.0965 5908 Wanarp - ok

21:16:12.0965 5908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:16:12.0981 5908 Wanarpv6 - ok

21:16:13.0059 5908 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:16:13.0090 5908 wcncsvc - ok

21:16:13.0137 5908 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:16:13.0168 5908 WcsPlugInService - ok

21:16:13.0215 5908 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

21:16:13.0215 5908 Wd - ok

21:16:13.0293 5908 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:16:13.0308 5908 Wdf01000 - ok

21:16:13.0355 5908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:16:13.0371 5908 WdiServiceHost - ok

21:16:13.0386 5908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:16:13.0402 5908 WdiSystemHost - ok

21:16:13.0480 5908 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

21:16:13.0480 5908 WebClient - ok

21:16:13.0605 5908 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:16:13.0620 5908 Wecsvc - ok

21:16:13.0667 5908 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:16:13.0683 5908 wercplsupport - ok

21:16:13.0729 5908 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

21:16:13.0761 5908 WerSvc - ok

21:16:13.0854 5908 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

21:16:13.0870 5908 winachsf - ok

21:16:13.0948 5908 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

21:16:13.0963 5908 WinDefend - ok

21:16:13.0995 5908 WinHttpAutoProxySvc - ok

21:16:14.0104 5908 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:16:14.0119 5908 Winmgmt - ok

21:16:14.0197 5908 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

21:16:14.0291 5908 WinRM - ok

21:16:14.0353 5908 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

21:16:14.0385 5908 Wlansvc - ok

21:16:14.0759 5908 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:16:14.0868 5908 wlidsvc - ok

21:16:14.0931 5908 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

21:16:14.0931 5908 WmiAcpi - ok

21:16:14.0993 5908 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:16:15.0009 5908 wmiApSrv - ok

21:16:15.0165 5908 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

21:16:15.0211 5908 WMPNetworkSvc - ok

21:16:15.0274 5908 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:16:15.0289 5908 WPCSvc - ok

21:16:15.0336 5908 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:16:15.0352 5908 WPDBusEnum - ok

21:16:15.0399 5908 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

21:16:15.0399 5908 WpdUsb - ok

21:16:15.0555 5908 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

21:16:15.0601 5908 WPFFontCache_v0400 - ok

21:16:15.0648 5908 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:16:15.0664 5908 ws2ifsl - ok

21:16:15.0711 5908 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

21:16:15.0726 5908 wscsvc - ok

21:16:15.0773 5908 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

21:16:15.0789 5908 WSDPrintDevice - ok

21:16:15.0804 5908 WSearch - ok

21:16:15.0976 5908 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

21:16:16.0085 5908 wuauserv - ok

21:16:16.0101 5908 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:16:16.0116 5908 WUDFRd - ok

21:16:16.0179 5908 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:16:16.0194 5908 wudfsvc - ok

21:16:16.0257 5908 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys

21:16:16.0257 5908 XAudio - ok

21:16:16.0319 5908 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe

21:16:16.0335 5908 XAudioService - ok

21:16:16.0428 5908 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys

21:16:16.0444 5908 yukonwlh - ok

21:16:16.0459 5908 ================ Scan global ===============================

21:16:16.0537 5908 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

21:16:16.0600 5908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

21:16:16.0631 5908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

21:16:16.0709 5908 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

21:16:16.0709 5908 [Global] - ok

21:16:16.0709 5908 ================ Scan MBR ==================================

21:16:16.0771 5908 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0

21:16:17.0255 5908 \Device\Harddisk0\DR0 - ok

21:16:17.0255 5908 ================ Scan VBR ==================================

21:16:17.0271 5908 [ 645998E75AE47ED1E51475A0C5603374 ] \Device\Harddisk0\DR0\Partition1

21:16:17.0286 5908 \Device\Harddisk0\DR0\Partition1 - ok

21:16:17.0286 5908 [ 513BE8C10A76F353B60ED78287C5DDE6 ] \Device\Harddisk0\DR0\Partition2

21:16:17.0302 5908 \Device\Harddisk0\DR0\Partition2 - ok

21:16:17.0302 5908 ============================================================

21:16:17.0302 5908 Scan finished

21:16:17.0302 5908 ============================================================

21:16:17.0349 6276 Detected object count: 0

21:16:17.0349 6276 Actual detected object count: 0

21:21:59.0733 5008 Deinitialize success

Results of screen317's Security Check version 0.99.46

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.1

Java 6 Update 24

Java 7 Update 5

Java 6 Update 7

Java version out of Date!

Adobe Flash Player 11.3.300.271

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (Firefox,. Firefox out of Date!

Google Chrome 21.0.1180.79

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Spybot Teatimer.exe is disabled!

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

[screen317]

Hi,

Did you run ADWCleaner??

Run TFC by OldTimer to clear temporary files:

• Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ASK

ASK Toolbar

JavaFX 2.1.1

Adobe Flash Player 11.3.300.271

Adobe Reader 9

Java™ 6 Update 24

Java™ 7 Update 5

Java™ 6 Update 7

Spybot (if you don't update and use it often)

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Reboot.

Let me know what issues remain.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!