Jump to content

Google redirect


Recommended Posts

Hi,

Yay, I have the fashionable new Trojan, too!

I have run defogger and dds. Here is the Malwarebytes log, followed by the dds txt contents:

///////////////////////////////////////////////////////////

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7311

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

7/28/2011 11:00:47 AM

mbam-log-2011-07-28 (11-00-47).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 345939

Time elapsed: 53 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

/////////////////////////////////////////////////////////////////////

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by EP at 16:24:50 on 2011-07-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1883 [GMT -7:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\HP\QuickPlay\QPService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Stickies\stickies.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Users\EP\Desktop\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [spybotSD TeaTimer] "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"

mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [<NO NAME>]

mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\EP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\EP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - C:\Program Files (x86)\Stickies\stickies.exe

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: devry.edu\my

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{E5A060FD-697E-443A-88C3-F8EB51273371} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO-X64: Browser Defender BHO - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO-X64: HelloWorldBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun-x64: [(Default)]

mRun-x64: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\EP\AppData\Roaming\Mozilla\Firefox\Profiles\rth2a23x.default\

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\EP\AppData\Roaming\Mozilla\Firefox\Profiles\rth2a23x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Users\EP\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]

R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]

R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]

R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-22 1151096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110728.031\IDSviA64.sys [2011-7-28 488056]

R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-12 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-7-29 337872]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-28 366640]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-7-3 130008]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-28 1153368]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2011-3-22 4048256]

R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-7-28 1201656]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-27 136824]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 EraserSvc11113;Symantec Eraser Service;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-7-3 130008]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-7-21 2151640]

S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]

S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-7-29 371472]

S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-7-29 1117144]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

SUnknown swprv32;swprv32; [x]

.

=============== Created Last 30 ================

.

2011-07-29 22:18:51 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-07-29 22:17:24 -------- d-----w- C:\ProgramData\Hitman Pro

2011-07-29 19:52:02 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2011-07-29 19:47:27 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2011-07-29 19:47:15 -------- d-----w- C:\Program Files (x86)\Lavasoft

2011-07-29 19:42:01 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-07-29 19:42:00 713016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

2011-07-29 19:42:00 265176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe

2011-07-29 19:42:00 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll

2011-07-29 19:42:00 166872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

2011-07-29 19:42:00 14232536 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll

2011-07-29 19:42:00 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll

2011-07-29 19:42:00 105432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll

2011-07-29 19:20:46 -------- d-----w- C:\Users\EP\AppData\Local\Threat Expert

2011-07-29 18:55:44 767952 ----a-w- C:\Windows\BDTSupport.dll

2011-07-29 18:55:43 149456 ----a-w- C:\Windows\SGDetectionTool.dll

2011-07-29 18:55:42 2029520 ----a-w- C:\Windows\PCTBDCore.dll

2011-07-29 18:55:42 1533904 ----a-w- C:\Windows\PCTBDRes.dll

2011-07-29 18:55:21 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys

2011-07-29 18:55:21 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys

2011-07-29 18:55:17 337048 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2011-07-29 18:55:17 143896 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2011-07-29 18:55:08 282440 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2011-07-29 18:54:58 279344 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2011-07-29 18:54:28 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys

2011-07-29 18:54:12 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2011-07-29 18:54:12 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-07-29 18:52:09 -------- d-----w- C:\ProgramData\PC Tools

2011-07-29 05:16:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-07-29 05:16:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-07-29 03:11:36 -------- d-----w- C:\Program Files (x86)\MSSOAP

2011-07-29 03:11:36 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2011-07-29 03:11:20 1563024 ----a-w- C:\Windows\WRSetup.dll

2011-07-29 03:11:20 -------- d-----w- C:\Users\EP\AppData\Roaming\Webroot

2011-07-29 03:11:20 -------- d-----w- C:\ProgramData\Webroot

2011-07-29 03:11:20 -------- d-----w- C:\Program Files (x86)\Webroot

2011-07-28 18:48:57 2565632 ----a-w- C:\Windows\System32\esent.dll

2011-07-28 16:35:42 -------- d-----w- C:\Users\EP\AppData\Roaming\Malwarebytes

2011-07-28 16:35:34 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-28 16:35:32 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-28 16:35:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-28 16:35:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-28 00:27:41 188416 ----a-w- C:\Windows\iesshell.dll

2011-07-28 00:26:56 -------- d-----w- C:\ProgramData\Chasys Draw IES

2011-07-28 00:26:50 -------- d-----w- C:\Program Files (x86)\John Paul Chacha's Lab

2011-07-27 20:33:17 -------- d-----w- C:\ProgramData\WebEx

2011-07-27 20:22:43 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-07-27 17:50:33 -------- d-----w- C:\Users\EP\AppData\Roaming\SUPERAntiSpyware.com

2011-07-27 17:50:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-07-27 17:50:27 -------- d-----w- C:\ProgramData\!SASCORE

2011-07-27 17:50:24 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-07-27 04:16:59 -------- d-----w- C:\Users\EP\AppData\Roaming\QuickScan

2011-07-26 22:26:56 -------- d-----w- C:\Users\EP\AppData\Local\Google

2011-07-17 17:44:25 -------- d-----w- C:\ProgramData\GoldWave

2011-07-17 17:42:11 -------- d-----w- C:\Program Files (x86)\GoldWave

2011-07-17 17:39:33 -------- d-----w- C:\ProgramData\ESTsoft

2011-07-17 17:39:28 -------- d-----w- C:\Users\EP\AppData\Roaming\ESTsoft

2011-07-17 17:39:28 -------- d-----w- C:\Program Files (x86)\ESTsoft

2011-07-16 00:23:54 -------- d-----w- C:\Users\EP\AppData\Local\QuickPlay

2011-07-13 15:58:40 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-07-09 13:39:20 -------- d-----w- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}

2011-07-09 02:11:17 -------- d-----w- C:\Users\EP\AppData\Roaming\HP Support Assistant

2011-07-08 18:59:31 -------- d-----w- C:\Users\EP\AppData\Roaming\stickies

2011-07-08 18:59:30 638 ----a-w- C:\Windows\uninstallstickies.bat

2011-07-08 18:59:29 -------- d-----w- C:\Program Files (x86)\Stickies

2011-07-07 19:14:36 -------- d-----r- C:\Users\EP\AppData\Roaming\Brother

2011-07-07 18:53:09 -------- d-----w- C:\ProgramData\Brother

2011-07-06 20:30:45 -------- d-----w- C:\Users\EP\AppData\Local\CrashDumps

2011-07-06 18:26:07 -------- d-----w- C:\Program Files (x86)\Chami

2011-07-06 16:03:45 -------- d-----w- C:\ProgramData\LightScribe

2011-07-06 16:00:57 -------- d-----w- C:\Windows\en

2011-07-06 15:56:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-07-06 15:56:01 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-07-06 15:56:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-07-06 15:56:01 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-07-06 15:51:05 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\83b3c53c1cc3bf422\MeshBetaRemover.exe

2011-07-06 15:50:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\79df4cb31cc3bf41a\DSETUP.dll

2011-07-06 15:50:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\79df4cb31cc3bf41a\DXSETUP.exe

2011-07-06 15:50:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\79df4cb31cc3bf41a\dsetup32.dll

2011-07-06 15:50:48 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78f4e9451cc3bf419\DSETUP.dll

2011-07-06 15:50:48 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78f4e9451cc3bf419\DXSETUP.exe

2011-07-06 15:50:48 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78f4e9451cc3bf419\dsetup32.dll

2011-07-06 15:49:56 -------- d-----w- C:\Users\EP\AppData\Local\Windows Live

2011-07-06 15:37:54 -------- d-----w- C:\Windows\System32\SPReview

2011-07-06 15:37:24 -------- d-----w- C:\Windows\System32\EventProviders

2011-07-06 15:31:26 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-07-06 15:31:26 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-07-05 20:58:54 -------- d-----w- C:\ProgramData\Human Computing

2011-07-05 20:58:54 -------- d-----w- C:\Program Files (x86)\Human Computing

2011-07-05 20:58:53 -------- d-----w- C:\Windows\Local Settings

2011-07-05 20:58:53 -------- d-----w- C:\Program Files (x86)\Business Objects

2011-07-05 20:57:30 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2011-07-05 19:19:38 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-07-05 19:19:38 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-07-05 19:19:25 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-07-05 19:19:09 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2011-07-05 19:19:09 3715584 ----a-w- C:\Windows\System32\mstscax.dll

2011-07-05 19:19:09 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2011-07-05 19:19:08 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll

2011-07-05 19:19:08 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll

2011-07-05 19:17:54 1244160 ----a-w- C:\Windows\System32\imapi2fs.dll

2011-07-05 19:15:59 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe

2011-07-05 19:14:32 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-07-05 19:14:32 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-07-05 19:10:42 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-07-05 03:12:56 -------- d-----w- C:\Program Files (x86)\CDisplay

2011-07-04 22:37:12 -------- d-----w- C:\Windows\SysWow64\Wat

2011-07-04 22:37:12 -------- d-----w- C:\Windows\System32\Wat

2011-07-04 19:31:10 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-07-04 18:16:28 -------- d-----w- C:\Tunes

2011-07-04 17:57:27 -------- d-----w- C:\Users\EP\AppData\Roaming\LockLizard

2011-07-04 17:57:21 765952 ----a-w- C:\Windows\SysWow64\msvcp71d.dll

2011-07-04 17:57:21 544768 ----a-w- C:\Windows\SysWow64\msvcr71d.dll

2011-07-04 17:57:20 -------- d-----w- C:\ProgramData\LockLizard

2011-07-04 17:57:20 -------- d-----w- C:\Program Files (x86)\Lizard Safeguard PDF Viewer

2011-07-04 16:57:32 -------- d-----w- C:\Users\EP\AppData\Local\Adobe

2011-07-04 16:13:51 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-04 16:11:31 715776 ----a-w- C:\Windows\System32\kerberos.dll

2011-07-04 16:11:31 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-07-04 16:10:07 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-07-04 16:10:07 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-07-04 16:10:07 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-07-04 16:10:07 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-07-04 16:10:07 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll

2011-07-04 16:10:07 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-07-04 16:09:10 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-07-04 16:09:10 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-07-04 16:08:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-07-04 16:08:42 850944 ----a-w- C:\Windows\SysWow64\sbe.dll

2011-07-04 16:08:42 723968 ----a-w- C:\Windows\System32\EncDec.dll

2011-07-04 16:08:42 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-07-04 16:08:42 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-07-04 16:08:42 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-07-04 16:08:42 1118720 ----a-w- C:\Windows\System32\sbe.dll

2011-07-04 16:08:41 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-07-04 16:06:22 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-07-04 16:06:22 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-07-04 16:06:21 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2011-07-04 15:58:32 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-07-04 15:58:32 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-07-04 15:55:21 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-04 15:55:21 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-07-04 15:55:21 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-07-04 15:53:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-07-04 15:53:54 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-07-04 15:53:53 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-07-04 15:46:30 613376 ----a-w- C:\Windows\System32\vbscript.dll

2011-07-04 15:46:29 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-07-04 15:45:23 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-07-04 15:45:23 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-07-04 15:45:23 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-07-04 15:45:23 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-07-04 15:43:19 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2011-07-04 15:43:19 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-07-04 15:43:19 367616 ----a-w- C:\Windows\System32\atmfd.dll

2011-07-04 15:43:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-07-04 15:43:19 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-07-04 15:43:19 100864 ----a-w- C:\Windows\System32\fontsub.dll

2011-07-04 15:41:53 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-07-04 15:41:53 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-07-04 15:41:53 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-07-04 15:39:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-07-04 15:39:27 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-07-04 15:39:27 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-07-04 15:36:46 642944 ----a-w- C:\Windows\System32\winload.efi

2011-07-04 15:36:46 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll

2011-07-04 15:36:46 605552 ----a-w- C:\Windows\System32\winload.exe

2011-07-04 15:36:46 566208 ----a-w- C:\Windows\System32\winresume.efi

2011-07-04 15:36:46 518672 ----a-w- C:\Windows\System32\winresume.exe

2011-07-04 15:36:46 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-07-04 15:36:46 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-07-04 15:36:46 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-07-04 15:36:17 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-07-04 15:36:16 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-07-04 15:33:17 974336 ----a-w- C:\Windows\System32\WFS.exe

2011-07-04 15:33:17 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-07-04 15:32:49 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-07-04 15:32:49 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-07-04 15:31:52 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-07-04 02:51:44 382584 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys

2011-07-04 02:51:43 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symefa64.sys

2011-07-04 02:51:43 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtsp64.sys

2011-07-04 02:51:43 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symds64.sys

2011-07-04 02:51:43 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtspx64.sys

2011-07-04 02:51:42 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\ironx64.sys

2011-07-04 02:50:33 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D

2011-07-04 02:15:26 -------- d-----w- C:\Users\EP\AppData\Roaming\OpenOffice.org

2011-07-03 23:35:11 -------- d-----w- C:\Users\EP\AppData\Roaming\Human Computing

2011-07-03 23:13:15 -------- d-----w- C:\Program Files (x86)\EASEUS

2011-07-03 23:07:28 28976 ----a-w- C:\Windows\System32\nitrolocalmon.dll

2011-07-03 23:07:28 17200 ----a-w- C:\Windows\System32\nitrolocalui.dll

2011-07-03 23:07:02 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll

2011-07-03 23:07:02 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2011-07-03 23:07:01 -------- d-----w- C:\Program Files\Common Files\Nitro PDF

2011-07-03 23:07:01 -------- d-----w- C:\Program Files (x86)\Nitro PDF

2011-07-03 23:07:01 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro PDF

2011-07-03 23:05:36 -------- d-----w- C:\Program Files (x86)\Winamp Detect

2011-07-03 23:05:28 -------- d-----w- C:\Users\EP\AppData\Local\OpenCandy

2011-07-03 23:05:28 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2011-07-03 23:05:26 -------- d-----w- C:\Users\EP\AppData\Roaming\OpenCandy

2011-07-03 23:03:05 -------- d-----w- C:\Program Files\CCleaner

2011-07-03 22:58:07 -------- d-----w- C:\Users\EP\AppData\Roaming\Stardock

2011-07-03 22:58:05 -------- dc-h--w- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}

2011-07-03 22:58:03 -------- d-----w- C:\Program Files (x86)\Fences

2011-07-03 22:57:32 -------- d-----w- C:\Users\EP\AppData\Local\PackageAware

2011-07-03 22:50:11 -------- d-----w- C:\ProgramData\Softland

2011-07-03 22:50:02 -------- d-----w- C:\Users\EP\AppData\Roaming\Softland

2011-07-03 22:50:02 -------- d-----w- C:\Program Files (x86)\Softland

2011-07-03 22:45:56 -------- d-----w- C:\Users\EP\AppData\Roaming\IrfanView

2011-07-03 22:45:56 -------- d-----w- C:\Program Files (x86)\IrfanView

2011-07-03 22:37:23 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-07-03 22:34:18 -------- d-----w- C:\Users\EP\AppData\Local\Mozilla

2011-07-03 22:34:07 -------- d-----w- C:\Users\EP\AppData\Local\Thunderbird

2011-07-03 22:26:25 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2011-07-03 22:25:26 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-07-03 22:13:19 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2011-07-03 22:12:50 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2011-07-03 22:11:04 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2011-07-03 22:09:46 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2011-07-03 22:09:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2011-07-03 22:09:33 -------- d-----w- C:\Windows\SHELLNEW

2011-07-03 22:09:16 -------- d-----w- C:\Users\EP\AppData\Local\Microsoft Help

2011-07-03 21:59:59 -------- d-----w- C:\Program Files (x86)\BitTorrent

2011-07-03 21:59:16 -------- d-----w- C:\Users\EP\AppData\Roaming\BitTorrent

2011-07-03 21:42:23 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-07-03 21:42:23 -------- d-----w- C:\Program Files\Symantec

2011-07-03 21:42:23 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2011-07-03 21:41:22 -------- d-----w- C:\Windows\System32\drivers\NISx64

2011-07-03 21:41:02 -------- d-----w- C:\Program Files (x86)\Norton Internet Security

2011-07-03 21:37:58 -------- d-----w- C:\ProgramData\PCSettings

2011-07-03 21:36:29 -------- d-----w- C:\Users\EP\AppData\Roaming\HpUpdate

2011-07-03 21:28:32 -------- d-----w- C:\Windows\ehome

2011-07-03 21:26:32 -------- d-----w- C:\Users\EP\AppData\Local\VirtualStore

2011-07-03 21:26:23 -------- d-----w- C:\Users\EP\AppData\Local\Hewlett-Packard_Company

2011-07-03 21:26:20 -------- d-----w- C:\Users\EP\AppData\Roaming\hpqlog

2011-07-03 21:26:09 -------- d-----w- C:\Users\EP\AppData\Local\Hewlett-Packard

2011-07-03 21:24:13 -------- d-----w- C:\Users\EP\AppData\Roaming\HP TCS

2011-07-03 21:11:30 -------- d-----w- C:\ProgramData\Recovery

2011-07-03 20:50:30 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-07-03 20:50:30 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-07-03 20:50:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-07-03 20:48:26 -------- d-----w- C:\Program Files (x86)\muvee Technologies

2011-07-03 20:48:15 -------- d-----w- C:\Program Files (x86)\Common Files\muvee Technologies

2011-07-03 20:38:40 -------- d-----w- C:\Windows\SysWow64\x64

2011-07-03 20:38:40 -------- d-----w- C:\Windows\SysWow64\Lang

2011-07-03 20:38:39 948760 ----a-w- C:\Windows\SysWow64\igxpun.exe

2011-07-03 20:38:38 -------- d-----w- C:\Intel

2011-07-03 20:38:20 -------- d-----w- C:\Program Files\CONEXANT

2011-07-03 20:37:40 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-07-03 20:37:40 215040 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-07-03 20:37:24 -------- d-----w- C:\Program Files\Synaptics

2011-07-03 20:37:01 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-07-03 20:36:26 -------- d-----w- C:\Program Files (x86)\Atheros

2011-07-03 20:36:21 -------- d-----w- C:\ProgramData\Atheros

2011-06-30 18:30:14 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

.

==================== Find3M ====================

.

2011-07-06 16:25:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-07-06 16:25:26 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

.

============= FINISH: 16:27:32.34 ===============

Attach.zip

Link to post
Share on other sites

Hello wackadoo and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

I noticed in your log you have more than one antivirus (Lavasoft, Webroot, and Norton) program and more than one anti-spyware (Windows Defender, Spyware Doctor, Webroot, Norton, and Lavasoft) program installed.

This is very dangerous, as multiple protection programs of the same type can interfere with one another and actually allow more infections to get through.

It is important that only one antivirus, and only one anti-spyware program is running realtime protection.

I strongly suggest you either (1) uninstall some of the programs through Control Panel->Add or Remove Programs,

OR (2) keep all programs, but leave one of them disabled most of the time.

You can still use it for scanning your computer.

Note: I strongly suggest that you choose to keep Norton, as it provides you with not only Antivirus and Anti-spyware support, but Firewall coverage as well ;).

Note: If you choose to keep Lavasoft, you will need to do the following:

  • Please temporarily disable Ad-Aware's Ad-Watch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
    Right click on the Adaware icon in the system tray and select Exit.
    (you may need to do this after every reboot).

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Thank you for the info and help. I actually was downloading everything in sight to try to root out this bugger. I usually run only Norton, and on top of that now Malwarebytes. Malwarebytes is stopping the redirects from going through most of the time, but I just get a blank page (obviously, I don't get the Google search result page I wanted, unless I go back to the results and try it again, as clicking a second time usually goes through to the desired site). Here is my log:

2011/07/31 11:42:06.0436 5188 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11

2011/07/31 11:42:08.0446 5188 ================================================================================

2011/07/31 11:42:08.0446 5188 SystemInfo:

2011/07/31 11:42:08.0446 5188

2011/07/31 11:42:08.0446 5188 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/31 11:42:08.0446 5188 Product type: Workstation

2011/07/31 11:42:08.0446 5188 ComputerName: EP-PC

2011/07/31 11:42:08.0446 5188 UserName: EP

2011/07/31 11:42:08.0446 5188 Windows directory: C:\Windows

2011/07/31 11:42:08.0446 5188 System windows directory: C:\Windows

2011/07/31 11:42:08.0446 5188 Running under WOW64

2011/07/31 11:42:08.0446 5188 Processor architecture: Intel x64

2011/07/31 11:42:08.0446 5188 Number of processors: 2

2011/07/31 11:42:08.0446 5188 Page size: 0x1000

2011/07/31 11:42:08.0446 5188 Boot type: Normal boot

2011/07/31 11:42:08.0446 5188 ================================================================================

2011/07/31 11:42:13.0458 5188 Initialize success

2011/07/31 11:42:16.0490 4432 ================================================================================

2011/07/31 11:42:16.0490 4432 Scan started

2011/07/31 11:42:16.0490 4432 Mode: Manual;

2011/07/31 11:42:16.0490 4432 ================================================================================

2011/07/31 11:42:17.0930 4432 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/07/31 11:42:17.0980 4432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/07/31 11:42:18.0030 4432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/07/31 11:42:18.0120 4432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/31 11:42:18.0250 4432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/31 11:42:18.0290 4432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/31 11:42:18.0520 4432 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/07/31 11:42:18.0620 4432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/07/31 11:42:18.0690 4432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/07/31 11:42:18.0720 4432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/07/31 11:42:18.0820 4432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/31 11:42:18.0882 4432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/31 11:42:18.0942 4432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/07/31 11:42:18.0982 4432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/31 11:42:19.0062 4432 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/07/31 11:42:19.0152 4432 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/07/31 11:42:19.0292 4432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/07/31 11:42:19.0332 4432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/31 11:42:19.0382 4432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/31 11:42:19.0432 4432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/07/31 11:42:19.0572 4432 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys

2011/07/31 11:42:19.0742 4432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/07/31 11:42:19.0892 4432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/31 11:42:19.0962 4432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/31 11:42:20.0162 4432 BHDrvx64 (c823adeedd3ae6f3db52b6152e5789cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys

2011/07/31 11:42:20.0292 4432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/31 11:42:20.0352 4432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/31 11:42:20.0412 4432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/31 11:42:20.0492 4432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/31 11:42:20.0572 4432 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys

2011/07/31 11:42:20.0622 4432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/31 11:42:20.0742 4432 BrSerIf (34f6c504b150f99dae69d7073d2a4df4) C:\Windows\system32\DRIVERS\BrSerIf.sys

2011/07/31 11:42:20.0782 4432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/31 11:42:20.0832 4432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/31 11:42:20.0881 4432 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys

2011/07/31 11:42:20.0924 4432 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys

2011/07/31 11:42:21.0034 4432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/31 11:42:21.0124 4432 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

2011/07/31 11:42:21.0244 4432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/31 11:42:21.0314 4432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

2011/07/31 11:42:21.0434 4432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/31 11:42:21.0484 4432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/31 11:42:21.0554 4432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/31 11:42:21.0634 4432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/07/31 11:42:21.0704 4432 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/07/31 11:42:21.0844 4432 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys

2011/07/31 11:42:21.0984 4432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/31 11:42:22.0044 4432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/31 11:42:22.0094 4432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/31 11:42:22.0254 4432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/07/31 11:42:22.0304 4432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/31 11:42:22.0364 4432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/07/31 11:42:22.0494 4432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/31 11:42:22.0594 4432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/31 11:42:22.0794 4432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/07/31 11:42:22.0984 4432 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

2011/07/31 11:42:23.0134 4432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/31 11:42:23.0264 4432 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/07/31 11:42:23.0374 4432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/07/31 11:42:23.0454 4432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/31 11:42:23.0504 4432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/31 11:42:23.0614 4432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/31 11:42:23.0684 4432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/31 11:42:23.0724 4432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/31 11:42:23.0770 4432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/31 11:42:23.0846 4432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/07/31 11:42:23.0966 4432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/31 11:42:24.0006 4432 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/31 11:42:24.0076 4432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/31 11:42:24.0186 4432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/31 11:42:24.0246 4432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/31 11:42:24.0306 4432 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/07/31 11:42:24.0426 4432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/31 11:42:24.0486 4432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/31 11:42:24.0526 4432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/31 11:42:24.0556 4432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/31 11:42:24.0696 4432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

2011/07/31 11:42:24.0826 4432 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/07/31 11:42:24.0946 4432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/31 11:42:25.0046 4432 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys

2011/07/31 11:42:25.0206 4432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/07/31 11:42:25.0286 4432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/31 11:42:25.0376 4432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/07/31 11:42:25.0456 4432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/07/31 11:42:25.0636 4432 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110729.030\IDSvia64.sys

2011/07/31 11:42:25.0998 4432 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/07/31 11:42:26.0330 4432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/31 11:42:26.0450 4432 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys

2011/07/31 11:42:26.0580 4432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/07/31 11:42:26.0650 4432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/31 11:42:26.0710 4432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/31 11:42:26.0830 4432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/31 11:42:26.0890 4432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/31 11:42:26.0950 4432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/31 11:42:26.0990 4432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/07/31 11:42:27.0120 4432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/07/31 11:42:27.0190 4432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/07/31 11:42:27.0300 4432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/07/31 11:42:27.0360 4432 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/31 11:42:27.0430 4432 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/31 11:42:27.0530 4432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/31 11:42:27.0630 4432 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

2011/07/31 11:42:27.0760 4432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/31 11:42:27.0840 4432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/31 11:42:27.0870 4432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/31 11:42:27.0920 4432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/31 11:42:28.0020 4432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/31 11:42:28.0080 4432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/31 11:42:28.0190 4432 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys

2011/07/31 11:42:28.0280 4432 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/07/31 11:42:28.0330 4432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/31 11:42:28.0420 4432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/31 11:42:28.0510 4432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/31 11:42:28.0570 4432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/31 11:42:28.0670 4432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

2011/07/31 11:42:28.0730 4432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/31 11:42:28.0780 4432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/07/31 11:42:28.0900 4432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/07/31 11:42:28.0950 4432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/31 11:42:29.0030 4432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/07/31 11:42:29.0090 4432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/31 11:42:29.0190 4432 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/31 11:42:29.0230 4432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/31 11:42:29.0290 4432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/07/31 11:42:29.0350 4432 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/07/31 11:42:29.0470 4432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/31 11:42:29.0510 4432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/31 11:42:29.0550 4432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/07/31 11:42:29.0610 4432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/31 11:42:29.0730 4432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/31 11:42:29.0750 4432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/31 11:42:29.0830 4432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/07/31 11:42:29.0890 4432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/07/31 11:42:29.0930 4432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/31 11:42:30.0030 4432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/31 11:42:30.0090 4432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/31 11:42:30.0160 4432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/31 11:42:30.0310 4432 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110731.003\ENG64.SYS

2011/07/31 11:42:30.0420 4432 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110731.003\EX64.SYS

2011/07/31 11:42:30.0600 4432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/07/31 11:42:30.0730 4432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/31 11:42:30.0780 4432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/31 11:42:30.0850 4432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/31 11:42:30.0970 4432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/31 11:42:31.0020 4432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/07/31 11:42:31.0080 4432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/31 11:42:31.0190 4432 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/31 11:42:31.0430 4432 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2011/07/31 11:42:31.0652 4432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/31 11:42:31.0732 4432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/31 11:42:31.0852 4432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/31 11:42:31.0952 4432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/07/31 11:42:32.0072 4432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/31 11:42:32.0132 4432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/07/31 11:42:32.0192 4432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/07/31 11:42:32.0312 4432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/07/31 11:42:32.0372 4432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/07/31 11:42:32.0482 4432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/07/31 11:42:32.0592 4432 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/07/31 11:42:32.0662 4432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/07/31 11:42:32.0702 4432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/07/31 11:42:32.0762 4432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/31 11:42:32.0882 4432 PCTCore (b00029a297e54c2e2f169d83448b8508) C:\Windows\system32\drivers\PCTCore64.sys

2011/07/31 11:42:32.0942 4432 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys

2011/07/31 11:42:33.0082 4432 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys

2011/07/31 11:42:33.0202 4432 PCTSD (dea3e7a33e268d4f1fbb4516c784646b) C:\Windows\system32\Drivers\PCTSD64.sys

2011/07/31 11:42:33.0252 4432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/31 11:42:33.0312 4432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/31 11:42:33.0552 4432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/31 11:42:33.0612 4432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/07/31 11:42:33.0702 4432 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/31 11:42:33.0852 4432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/31 11:42:33.0972 4432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/31 11:42:34.0022 4432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/31 11:42:34.0062 4432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/31 11:42:34.0132 4432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/31 11:42:34.0252 4432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/31 11:42:34.0302 4432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/31 11:42:34.0352 4432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/31 11:42:34.0422 4432 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/31 11:42:34.0542 4432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/31 11:42:34.0612 4432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/31 11:42:34.0732 4432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/31 11:42:34.0782 4432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/31 11:42:34.0832 4432 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/07/31 11:42:34.0982 4432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/07/31 11:42:35.0112 4432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/31 11:42:35.0222 4432 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys

2011/07/31 11:42:35.0302 4432 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/07/31 11:42:35.0492 4432 SASDIFSV (b2a29cc6c019fe738c39037c6218444c) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2011/07/31 11:42:35.0532 4432 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2011/07/31 11:42:35.0582 4432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/07/31 11:42:35.0702 4432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/31 11:42:35.0812 4432 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

2011/07/31 11:42:35.0962 4432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/31 11:42:36.0032 4432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/31 11:42:36.0072 4432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/07/31 11:42:36.0122 4432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/31 11:42:36.0272 4432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/07/31 11:42:36.0312 4432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/31 11:42:36.0352 4432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/31 11:42:36.0412 4432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/31 11:42:36.0472 4432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/31 11:42:36.0542 4432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/31 11:42:36.0582 4432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/31 11:42:36.0642 4432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/31 11:42:36.0762 4432 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS

2011/07/31 11:42:36.0902 4432 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS

2011/07/31 11:42:36.0962 4432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/07/31 11:42:37.0072 4432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/31 11:42:37.0132 4432 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

2011/07/31 11:42:37.0202 4432 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

2011/07/31 11:42:37.0342 4432 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

2011/07/31 11:42:37.0412 4432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/31 11:42:37.0522 4432 ssfs0bbc (ad47a64046ddbc23a54d7c5cbc22db94) C:\Windows\system32\DRIVERS\ssfs0bbc.sys

2011/07/31 11:42:37.0562 4432 ssidrv (4f5f30eed40cf4b4bd22f07902133ed7) C:\Windows\system32\DRIVERS\ssidrv.sys

2011/07/31 11:42:37.0632 4432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/31 11:42:37.0732 4432 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

2011/07/31 11:42:37.0802 4432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/07/31 11:42:37.0892 4432 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS

2011/07/31 11:42:38.0032 4432 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS

2011/07/31 11:42:38.0152 4432 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

2011/07/31 11:42:38.0232 4432 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS

2011/07/31 11:42:38.0282 4432 SymNetS (81d134628a98a22b6e054e971af525dc) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS

2011/07/31 11:42:38.0402 4432 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys

2011/07/31 11:42:38.0552 4432 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

2011/07/31 11:42:38.0732 4432 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/31 11:42:38.0862 4432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/31 11:42:38.0942 4432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/31 11:42:38.0972 4432 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/31 11:42:39.0055 4432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/31 11:42:39.0154 4432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/07/31 11:42:39.0278 4432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/31 11:42:39.0346 4432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/31 11:42:39.0476 4432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/31 11:42:39.0526 4432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/31 11:42:39.0586 4432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/31 11:42:39.0756 4432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/31 11:42:39.0816 4432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/07/31 11:42:39.0876 4432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/31 11:42:39.0936 4432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/31 11:42:40.0086 4432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/07/31 11:42:40.0146 4432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/31 11:42:40.0236 4432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/31 11:42:40.0326 4432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

2011/07/31 11:42:40.0386 4432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/31 11:42:40.0476 4432 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/31 11:42:40.0546 4432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

2011/07/31 11:42:40.0586 4432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/31 11:42:40.0666 4432 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/31 11:42:40.0746 4432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/31 11:42:40.0826 4432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/31 11:42:40.0906 4432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/31 11:42:40.0966 4432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/07/31 11:42:41.0026 4432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/07/31 11:42:41.0086 4432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/07/31 11:42:41.0176 4432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/07/31 11:42:41.0226 4432 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/07/31 11:42:41.0316 4432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/31 11:42:41.0396 4432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/31 11:42:41.0446 4432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/31 11:42:41.0516 4432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/31 11:42:41.0626 4432 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/31 11:42:41.0656 4432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/31 11:42:41.0776 4432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/07/31 11:42:41.0826 4432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/31 11:42:42.0016 4432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/31 11:42:42.0066 4432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/31 11:42:42.0156 4432 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

2011/07/31 11:42:42.0376 4432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/31 11:42:42.0476 4432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/31 11:42:42.0586 4432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/07/31 11:42:42.0756 4432 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/31 11:42:42.0826 4432 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys

2011/07/31 11:42:42.0906 4432 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

2011/07/31 11:42:42.0976 4432 MBR (0x1B8) (8065ab345e5f3212518e1e127758d69e) \Device\Harddisk0\DR0

2011/07/31 11:42:43.0016 4432 Boot (0x1200) (b4f72108e0a55c13f1fbfb818c419b67) \Device\Harddisk0\DR0\Partition0

2011/07/31 11:42:43.0036 4432 Boot (0x1200) (307fa6a015facab8e27e1438fb90c0d1) \Device\Harddisk0\DR0\Partition1

2011/07/31 11:42:43.0076 4432 Boot (0x1200) (b19908a7f8da54a6bb01566becc38cb8) \Device\Harddisk0\DR0\Partition2

2011/07/31 11:42:43.0086 4432 ================================================================================

2011/07/31 11:42:43.0086 4432 Scan finished

2011/07/31 11:42:43.0086 4432 ================================================================================

2011/07/31 11:42:43.0106 4684 Detected object count: 0

2011/07/31 11:42:43.0106 4684 Actual detected object count: 0

Link to post
Share on other sites

OK... tried running ComboFix yesterday, and it topped after completing Stage 48... for hours....................

I uninstalled a couple of the mal-ware programs that I had recently donwloaded, rebooted, and ran through Defogger, DDS, TDSSkiller, and ComboFix again. It worked this time, so I hope you don't mind my re-posting the new logs from these steps. Here we go:

DDS:

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by EP at 10:17:36 on 2011-08-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2708 [GMT -7:00]

.

AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Stickies\stickies.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\HP\QuickPlay\QPService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\EP\Desktop\SCour Sucks\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [spybotSD TeaTimer] "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"

mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray

StartupFolder: C:\Users\EP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\EP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - C:\Program Files (x86)\Stickies\stickies.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

Trusted Zone: devry.edu\my

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{E5A060FD-697E-443A-88C3-F8EB51273371} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO-X64: HelloWorldBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun-x64: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [spySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\EP\AppData\Roaming\Mozilla\Firefox\Profiles\rth2a23x.default\

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\EP\AppData\Roaming\Mozilla\Firefox\Profiles\rth2a23x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Users\EP\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-22 1151096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110729.030\IDSviA64.sys [2011-7-30 488056]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-28 366640]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-7-3 130008]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-1-14 341296]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-28 1153368]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2011-3-22 4048256]

R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-7-28 1201656]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-27 136824]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]

S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-08-01 02:00:25 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-01 01:59:33 -------- d-s---w- C:\ComboFix

2011-07-31 19:22:50 98816 ----a-w- C:\Windows\sed.exe

2011-07-31 19:22:50 518144 ----a-w- C:\Windows\SWREG.exe

2011-07-31 19:22:50 256000 ----a-w- C:\Windows\PEV.exe

2011-07-31 19:22:50 208896 ----a-w- C:\Windows\MBR.exe

2011-07-31 17:41:58 -------- d-----w- C:\Program Files\Cool PDF Reader

2011-07-29 22:18:51 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-07-29 22:17:24 -------- d-----w- C:\ProgramData\Hitman Pro

2011-07-29 19:52:02 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2011-07-29 19:47:15 -------- d-----w- C:\Program Files (x86)\Lavasoft

2011-07-29 19:42:01 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-07-29 19:42:00 713016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

2011-07-29 19:42:00 265176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe

2011-07-29 19:42:00 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll

2011-07-29 19:42:00 166872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

2011-07-29 19:42:00 14232536 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll

2011-07-29 19:42:00 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll

2011-07-29 19:42:00 105432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll

2011-07-29 19:20:46 -------- d-----w- C:\Users\EP\AppData\Local\Threat Expert

2011-07-29 18:54:12 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-07-29 18:52:09 -------- d-----w- C:\ProgramData\PC Tools

2011-07-29 05:16:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-07-29 05:16:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-07-29 03:11:36 -------- d-----w- C:\Program Files (x86)\MSSOAP

2011-07-29 03:11:36 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2011-07-29 03:11:20 1563024 ----a-w- C:\Windows\WRSetup.dll

2011-07-29 03:11:20 -------- d-----w- C:\Users\EP\AppData\Roaming\Webroot

2011-07-29 03:11:20 -------- d-----w- C:\ProgramData\Webroot

2011-07-29 03:11:20 -------- d-----w- C:\Program Files (x86)\Webroot

2011-07-28 18:48:57 2565632 ----a-w- C:\Windows\System32\esent.dll

2011-07-28 16:35:42 -------- d-----w- C:\Users\EP\AppData\Roaming\Malwarebytes

2011-07-28 16:35:34 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-28 16:35:32 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-28 16:35:29 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-28 16:35:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-28 00:27:41 188416 ----a-w- C:\Windows\iesshell.dll

2011-07-28 00:26:56 -------- d-----w- C:\ProgramData\Chasys Draw IES

2011-07-28 00:26:50 -------- d-----w- C:\Program Files (x86)\John Paul Chacha's Lab

2011-07-27 20:33:17 -------- d-----w- C:\ProgramData\WebEx

2011-07-27 20:22:43 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-07-27 17:50:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-07-27 17:50:27 -------- d-----w- C:\ProgramData\!SASCORE

2011-07-27 04:16:59 -------- d-----w- C:\Users\EP\AppData\Roaming\QuickScan

2011-07-26 22:26:56 -------- d-----w- C:\Users\EP\AppData\Local\Google

2011-07-17 17:44:25 -------- d-----w- C:\ProgramData\GoldWave

2011-07-17 17:42:11 -------- d-----w- C:\Program Files (x86)\GoldWave

2011-07-17 17:39:33 -------- d-----w- C:\ProgramData\ESTsoft

2011-07-17 17:39:28 -------- d-----w- C:\Users\EP\AppData\Roaming\ESTsoft

2011-07-17 17:39:28 -------- d-----w- C:\Program Files (x86)\ESTsoft

2011-07-16 00:23:54 -------- d-----w- C:\Users\EP\AppData\Local\QuickPlay

2011-07-13 15:58:40 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-07-09 13:39:20 -------- d-----w- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}

2011-07-09 02:11:17 -------- d-----w- C:\Users\EP\AppData\Roaming\HP Support Assistant

2011-07-08 18:59:31 -------- d-----w- C:\Users\EP\AppData\Roaming\stickies

2011-07-08 18:59:30 638 ----a-w- C:\Windows\uninstallstickies.bat

2011-07-08 18:59:29 -------- d-----w- C:\Program Files (x86)\Stickies

2011-07-07 19:14:36 -------- d-----r- C:\Users\EP\AppData\Roaming\Brother

2011-07-07 18:53:09 -------- d-----w- C:\ProgramData\Brother

2011-07-06 20:30:45 -------- d-----w- C:\Users\EP\AppData\Local\CrashDumps

2011-07-06 18:26:07 -------- d-----w- C:\Program Files (x86)\Chami

2011-07-06 16:03:45 -------- d-----w- C:\ProgramData\LightScribe

2011-07-06 16:00:57 -------- d-----w- C:\Windows\en

2011-07-06 15:56:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-07-06 15:56:01 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-07-06 15:56:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-07-06 15:56:01 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-07-06 15:51:05 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\83b3c53c1cc3bf422\MeshBetaRemover.exe

2011-07-06 15:50:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\79df4cb31cc3bf41a\DSETUP.dll

2011-07-06 15:50:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\79df4cb31cc3bf41a\DXSETUP.exe

2011-07-06 15:50:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\79df4cb31cc3bf41a\dsetup32.dll

2011-07-06 15:50:48 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78f4e9451cc3bf419\DSETUP.dll

2011-07-06 15:50:48 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78f4e9451cc3bf419\DXSETUP.exe

2011-07-06 15:50:48 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78f4e9451cc3bf419\dsetup32.dll

2011-07-06 15:49:56 -------- d-----w- C:\Users\EP\AppData\Local\Windows Live

2011-07-06 15:37:54 -------- d-----w- C:\Windows\System32\SPReview

2011-07-06 15:37:24 -------- d-----w- C:\Windows\System32\EventProviders

2011-07-06 15:31:26 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-07-06 15:31:26 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-07-05 20:58:54 -------- d-----w- C:\ProgramData\Human Computing

2011-07-05 20:58:54 -------- d-----w- C:\Program Files (x86)\Human Computing

2011-07-05 20:58:53 -------- d-----w- C:\Windows\Local Settings

2011-07-05 20:58:53 -------- d-----w- C:\Program Files (x86)\Business Objects

2011-07-05 20:57:30 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2011-07-05 19:19:38 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-07-05 19:19:38 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-07-05 19:19:25 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-07-05 19:19:09 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2011-07-05 19:19:09 3715584 ----a-w- C:\Windows\System32\mstscax.dll

2011-07-05 19:19:09 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2011-07-05 19:19:08 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll

2011-07-05 19:19:08 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll

2011-07-05 19:17:54 1244160 ----a-w- C:\Windows\System32\imapi2fs.dll

2011-07-05 19:15:59 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe

2011-07-05 19:14:32 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-07-05 19:14:32 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-07-05 19:10:42 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-07-05 03:12:56 -------- d-----w- C:\Program Files (x86)\CDisplay

2011-07-04 22:37:12 -------- d-----w- C:\Windows\SysWow64\Wat

2011-07-04 22:37:12 -------- d-----w- C:\Windows\System32\Wat

2011-07-04 19:31:10 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-07-04 18:16:28 -------- d-----w- C:\Tunes

2011-07-04 17:57:27 -------- d-----w- C:\Users\EP\AppData\Roaming\LockLizard

2011-07-04 17:57:21 765952 ----a-w- C:\Windows\SysWow64\msvcp71d.dll

2011-07-04 17:57:21 544768 ----a-w- C:\Windows\SysWow64\msvcr71d.dll

2011-07-04 17:57:20 -------- d-----w- C:\ProgramData\LockLizard

2011-07-04 17:57:20 -------- d-----w- C:\Program Files (x86)\Lizard Safeguard PDF Viewer

2011-07-04 16:57:32 -------- d-----w- C:\Users\EP\AppData\Local\Adobe

2011-07-04 16:13:51 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-04 16:11:31 715776 ----a-w- C:\Windows\System32\kerberos.dll

2011-07-04 16:11:31 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-07-04 16:10:07 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-07-04 16:10:07 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-07-04 16:10:07 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-07-04 16:10:07 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-07-04 16:10:07 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll

2011-07-04 16:10:07 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-07-04 16:09:10 142336 ----a-w- C:\Windows\System32\poqexec.exe

2011-07-04 16:09:10 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2011-07-04 16:08:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-07-04 16:08:42 850944 ----a-w- C:\Windows\SysWow64\sbe.dll

2011-07-04 16:08:42 723968 ----a-w- C:\Windows\System32\EncDec.dll

2011-07-04 16:08:42 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2011-07-04 16:08:42 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-07-04 16:08:42 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2011-07-04 16:08:42 1118720 ----a-w- C:\Windows\System32\sbe.dll

2011-07-04 16:08:41 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2011-07-04 16:06:22 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-07-04 16:06:22 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-07-04 16:06:21 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2011-07-04 15:58:32 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-07-04 15:58:32 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-07-04 15:55:21 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-04 15:55:21 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-07-04 15:55:21 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-07-04 15:53:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-07-04 15:53:54 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-07-04 15:53:53 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-07-04 15:46:30 613376 ----a-w- C:\Windows\System32\vbscript.dll

2011-07-04 15:46:29 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-07-04 15:45:23 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-07-04 15:45:23 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-07-04 15:45:23 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-07-04 15:45:23 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-07-04 15:43:19 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2011-07-04 15:43:19 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-07-04 15:43:19 367616 ----a-w- C:\Windows\System32\atmfd.dll

2011-07-04 15:43:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-07-04 15:43:19 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-07-04 15:43:19 100864 ----a-w- C:\Windows\System32\fontsub.dll

2011-07-04 15:41:53 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-07-04 15:41:53 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-07-04 15:41:53 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-07-04 15:39:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-07-04 15:39:27 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-07-04 15:39:27 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-07-04 15:36:46 642944 ----a-w- C:\Windows\System32\winload.efi

2011-07-04 15:36:46 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll

2011-07-04 15:36:46 605552 ----a-w- C:\Windows\System32\winload.exe

2011-07-04 15:36:46 566208 ----a-w- C:\Windows\System32\winresume.efi

2011-07-04 15:36:46 518672 ----a-w- C:\Windows\System32\winresume.exe

2011-07-04 15:36:46 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-07-04 15:36:46 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-07-04 15:36:46 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-07-04 15:36:17 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-07-04 15:36:16 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-07-04 15:33:17 974336 ----a-w- C:\Windows\System32\WFS.exe

2011-07-04 15:33:17 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-07-04 15:32:49 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-07-04 15:32:49 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-07-04 15:31:52 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-07-04 02:51:44 382584 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys

2011-07-04 02:51:43 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symefa64.sys

2011-07-04 02:51:43 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtsp64.sys

2011-07-04 02:51:43 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symds64.sys

2011-07-04 02:51:43 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtspx64.sys

2011-07-04 02:51:42 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\ironx64.sys

2011-07-04 02:50:33 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D

2011-07-04 02:15:26 -------- d-----w- C:\Users\EP\AppData\Roaming\OpenOffice.org

2011-07-03 23:35:11 -------- d-----w- C:\Users\EP\AppData\Roaming\Human Computing

2011-07-03 23:13:15 -------- d-----w- C:\Program Files (x86)\EASEUS

2011-07-03 23:07:28 28976 ----a-w- C:\Windows\System32\nitrolocalmon.dll

2011-07-03 23:07:28 17200 ----a-w- C:\Windows\System32\nitrolocalui.dll

2011-07-03 23:07:02 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll

2011-07-03 23:07:02 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2011-07-03 23:07:01 -------- d-----w- C:\Program Files\Common Files\Nitro PDF

2011-07-03 23:07:01 -------- d-----w- C:\Program Files (x86)\Nitro PDF

2011-07-03 23:07:01 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro PDF

2011-07-03 23:05:36 -------- d-----w- C:\Program Files (x86)\Winamp Detect

2011-07-03 23:05:28 -------- d-----w- C:\Users\EP\AppData\Local\OpenCandy

2011-07-03 23:05:28 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2011-07-03 23:05:26 -------- d-----w- C:\Users\EP\AppData\Roaming\OpenCandy

2011-07-03 23:03:05 -------- d-----w- C:\Program Files\CCleaner

2011-07-03 22:58:07 -------- d-----w- C:\Users\EP\AppData\Roaming\Stardock

2011-07-03 22:58:05 -------- dc-h--w- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}

2011-07-03 22:58:03 -------- d-----w- C:\Program Files (x86)\Fences

2011-07-03 22:57:32 -------- d-----w- C:\Users\EP\AppData\Local\PackageAware

2011-07-03 22:50:11 -------- d-----w- C:\ProgramData\Softland

2011-07-03 22:50:02 -------- d-----w- C:\Users\EP\AppData\Roaming\Softland

2011-07-03 22:50:02 -------- d-----w- C:\Program Files (x86)\Softland

2011-07-03 22:45:56 -------- d-----w- C:\Users\EP\AppData\Roaming\IrfanView

2011-07-03 22:45:56 -------- d-----w- C:\Program Files (x86)\IrfanView

2011-07-03 22:37:23 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-07-03 22:34:18 -------- d-----w- C:\Users\EP\AppData\Local\Mozilla

2011-07-03 22:34:07 -------- d-----w- C:\Users\EP\AppData\Local\Thunderbird

2011-07-03 22:26:25 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2011-07-03 22:25:26 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-07-03 22:13:19 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2011-07-03 22:12:50 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2011-07-03 22:11:04 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2011-07-03 22:09:46 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2011-07-03 22:09:46 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2011-07-03 22:09:33 -------- d-----w- C:\Windows\SHELLNEW

2011-07-03 22:09:16 -------- d-----w- C:\Users\EP\AppData\Local\Microsoft Help

2011-07-03 21:59:59 -------- d-----w- C:\Program Files (x86)\BitTorrent

2011-07-03 21:59:16 -------- d-----w- C:\Users\EP\AppData\Roaming\BitTorrent

2011-07-03 21:42:23 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-07-03 21:42:23 -------- d-----w- C:\Program Files\Symantec

2011-07-03 21:42:23 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2011-07-03 21:41:22 -------- d-----w- C:\Windows\System32\drivers\NISx64

2011-07-03 21:41:02 -------- d-----w- C:\Program Files (x86)\Norton Internet Security

2011-07-03 21:37:58 -------- d-----w- C:\ProgramData\PCSettings

2011-07-03 21:36:29 -------- d-----w- C:\Users\EP\AppData\Roaming\HpUpdate

2011-07-03 21:28:32 -------- d-----w- C:\Windows\ehome

2011-07-03 21:26:32 -------- d-----w- C:\Users\EP\AppData\Local\VirtualStore

2011-07-03 21:26:23 -------- d-----w- C:\Users\EP\AppData\Local\Hewlett-Packard_Company

2011-07-03 21:26:20 -------- d-----w- C:\Users\EP\AppData\Roaming\hpqlog

2011-07-03 21:26:09 -------- d-----w- C:\Users\EP\AppData\Local\Hewlett-Packard

2011-07-03 21:24:13 -------- d-----w- C:\Users\EP\AppData\Roaming\HP TCS

2011-07-03 21:11:30 -------- d-----w- C:\ProgramData\Recovery

2011-07-03 20:50:30 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-07-03 20:50:30 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-07-03 20:50:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-07-03 20:48:26 -------- d-----w- C:\Program Files (x86)\muvee Technologies

2011-07-03 20:48:15 -------- d-----w- C:\Program Files (x86)\Common Files\muvee Technologies

2011-07-03 20:38:40 -------- d-----w- C:\Windows\SysWow64\x64

2011-07-03 20:38:40 -------- d-----w- C:\Windows\SysWow64\Lang

2011-07-03 20:38:39 948760 ----a-w- C:\Windows\SysWow64\igxpun.exe

2011-07-03 20:38:38 -------- d-----w- C:\Intel

2011-07-03 20:38:20 -------- d-----w- C:\Program Files\CONEXANT

2011-07-03 20:37:40 67584 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-07-03 20:37:40 215040 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-07-03 20:37:24 -------- d-----w- C:\Program Files\Synaptics

2011-07-03 20:37:01 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-07-03 20:36:26 -------- d-----w- C:\Program Files (x86)\Atheros

2011-07-03 20:36:21 -------- d-----w- C:\ProgramData\Atheros

.

==================== Find3M ====================

.

2011-07-06 16:25:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-07-06 16:25:26 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

.

============= FINISH: 10:19:05.54 ===============

Attach.zip

Link to post
Share on other sites

Follow up to the post a moment ago. Here are the logs for TDSSKiller and ComboFix:

2011/08/01 10:56:27.0451 2452 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11

2011/08/01 10:56:28.0231 2452 ================================================================================

2011/08/01 10:56:28.0231 2452 SystemInfo:

2011/08/01 10:56:28.0231 2452

2011/08/01 10:56:28.0231 2452 OS Version: 6.1.7601 ServicePack: 1.0

2011/08/01 10:56:28.0231 2452 Product type: Workstation

2011/08/01 10:56:28.0231 2452 ComputerName: EP-PC

2011/08/01 10:56:28.0231 2452 UserName: EP

2011/08/01 10:56:28.0231 2452 Windows directory: C:\Windows

2011/08/01 10:56:28.0231 2452 System windows directory: C:\Windows

2011/08/01 10:56:28.0231 2452 Running under WOW64

2011/08/01 10:56:28.0231 2452 Processor architecture: Intel x64

2011/08/01 10:56:28.0231 2452 Number of processors: 2

2011/08/01 10:56:28.0231 2452 Page size: 0x1000

2011/08/01 10:56:28.0231 2452 Boot type: Normal boot

2011/08/01 10:56:28.0231 2452 ================================================================================

2011/08/01 10:56:30.0056 2452 Initialize success

2011/08/01 10:56:36.0093 2836 ================================================================================

2011/08/01 10:56:36.0093 2836 Scan started

2011/08/01 10:56:36.0093 2836 Mode: Manual;

2011/08/01 10:56:36.0093 2836 ================================================================================

2011/08/01 10:56:38.0121 2836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/08/01 10:56:38.0387 2836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/08/01 10:56:38.0667 2836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/08/01 10:56:38.0933 2836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/08/01 10:56:39.0104 2836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/08/01 10:56:39.0151 2836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/08/01 10:56:39.0323 2836 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/08/01 10:56:39.0494 2836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/08/01 10:56:39.0541 2836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/08/01 10:56:39.0713 2836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/08/01 10:56:39.0853 2836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/08/01 10:56:39.0884 2836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/08/01 10:56:40.0025 2836 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/08/01 10:56:40.0149 2836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/08/01 10:56:40.0321 2836 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/08/01 10:56:40.0555 2836 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/08/01 10:56:41.0039 2836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/08/01 10:56:41.0241 2836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/08/01 10:56:41.0429 2836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/01 10:56:41.0663 2836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/08/01 10:56:41.0990 2836 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys

2011/08/01 10:56:42.0287 2836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/08/01 10:56:42.0489 2836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/08/01 10:56:42.0630 2836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/08/01 10:56:43.0004 2836 BHDrvx64 (c823adeedd3ae6f3db52b6152e5789cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys

2011/08/01 10:56:43.0254 2836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/08/01 10:56:43.0472 2836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/01 10:56:43.0706 2836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/08/01 10:56:43.0878 2836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/08/01 10:56:43.0956 2836 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys

2011/08/01 10:56:44.0190 2836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/08/01 10:56:44.0517 2836 BrSerIf (34f6c504b150f99dae69d7073d2a4df4) C:\Windows\system32\DRIVERS\BrSerIf.sys

2011/08/01 10:56:44.0783 2836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/08/01 10:56:44.0954 2836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/08/01 10:56:45.0126 2836 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys

2011/08/01 10:56:45.0266 2836 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys

2011/08/01 10:56:45.0329 2836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/08/01 10:56:45.0531 2836 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

2011/08/01 10:56:45.0594 2836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/01 10:56:45.0781 2836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

2011/08/01 10:56:45.0937 2836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/08/01 10:56:46.0015 2836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/08/01 10:56:46.0171 2836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/08/01 10:56:46.0249 2836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/08/01 10:56:46.0499 2836 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/08/01 10:56:46.0701 2836 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys

2011/08/01 10:56:46.0951 2836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/08/01 10:56:47.0076 2836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/08/01 10:56:47.0138 2836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/08/01 10:56:47.0372 2836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/08/01 10:56:47.0731 2836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/08/01 10:56:47.0903 2836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/08/01 10:56:48.0152 2836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/08/01 10:56:48.0714 2836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/01 10:56:49.0307 2836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/08/01 10:56:49.0681 2836 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

2011/08/01 10:56:50.0040 2836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/08/01 10:56:50.0289 2836 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/08/01 10:56:50.0695 2836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/08/01 10:56:50.0882 2836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/08/01 10:56:51.0069 2836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/08/01 10:56:51.0288 2836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/01 10:56:51.0600 2836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/08/01 10:56:51.0834 2836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/08/01 10:56:52.0005 2836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/01 10:56:52.0239 2836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/08/01 10:56:52.0489 2836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/08/01 10:56:52.0707 2836 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/01 10:56:52.0895 2836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/08/01 10:56:53.0066 2836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/08/01 10:56:53.0269 2836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/08/01 10:56:53.0503 2836 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/08/01 10:56:53.0831 2836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/08/01 10:56:54.0033 2836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/08/01 10:56:54.0267 2836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/08/01 10:56:54.0517 2836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/08/01 10:56:54.0735 2836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

2011/08/01 10:56:55.0016 2836 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/08/01 10:56:55.0266 2836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/08/01 10:56:55.0593 2836 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys

2011/08/01 10:56:55.0968 2836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/08/01 10:56:56.0124 2836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/08/01 10:56:56.0186 2836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/08/01 10:56:56.0342 2836 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/08/01 10:56:56.0592 2836 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110729.030\IDSvia64.sys

2011/08/01 10:56:57.0762 2836 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/08/01 10:56:58.0386 2836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/08/01 10:56:58.0635 2836 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys

2011/08/01 10:56:58.0869 2836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/08/01 10:56:59.0010 2836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/01 10:56:59.0057 2836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/01 10:56:59.0291 2836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/08/01 10:56:59.0540 2836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/08/01 10:56:59.0681 2836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/08/01 10:56:59.0790 2836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/08/01 10:56:59.0993 2836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/08/01 10:57:00.0227 2836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/08/01 10:57:00.0383 2836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/08/01 10:57:00.0492 2836 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/01 10:57:00.0632 2836 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/08/01 10:57:00.0679 2836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/08/01 10:57:01.0022 2836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/01 10:57:01.0194 2836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/08/01 10:57:01.0381 2836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/08/01 10:57:01.0459 2836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/08/01 10:57:01.0615 2836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/08/01 10:57:01.0771 2836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/08/01 10:57:01.0974 2836 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys

2011/08/01 10:57:02.0145 2836 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/08/01 10:57:02.0208 2836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/08/01 10:57:02.0270 2836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/08/01 10:57:02.0442 2836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/08/01 10:57:02.0504 2836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/01 10:57:02.0645 2836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

2011/08/01 10:57:02.0707 2836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/01 10:57:02.0847 2836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/08/01 10:57:02.0925 2836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/08/01 10:57:03.0050 2836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/01 10:57:03.0113 2836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/08/01 10:57:03.0175 2836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/01 10:57:03.0362 2836 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/01 10:57:03.0425 2836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/01 10:57:03.0518 2836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/08/01 10:57:03.0643 2836 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/08/01 10:57:03.0705 2836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/08/01 10:57:03.0877 2836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/08/01 10:57:03.0955 2836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/08/01 10:57:04.0142 2836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/01 10:57:04.0173 2836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/01 10:57:04.0205 2836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/08/01 10:57:04.0298 2836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/08/01 10:57:04.0548 2836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/08/01 10:57:04.0766 2836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/08/01 10:57:04.0844 2836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/08/01 10:57:04.0985 2836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/08/01 10:57:05.0063 2836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/01 10:57:05.0250 2836 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110731.003\ENG64.SYS

2011/08/01 10:57:05.0421 2836 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110731.003\EX64.SYS

2011/08/01 10:57:05.0624 2836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/08/01 10:57:05.0811 2836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/08/01 10:57:05.0889 2836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/01 10:57:06.0061 2836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/01 10:57:06.0155 2836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/01 10:57:06.0279 2836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/08/01 10:57:06.0420 2836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/01 10:57:06.0576 2836 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/01 10:57:07.0184 2836 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2011/08/01 10:57:07.0605 2836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/08/01 10:57:07.0933 2836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/08/01 10:57:08.0183 2836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/01 10:57:08.0651 2836 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/08/01 10:57:08.0947 2836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/08/01 10:57:09.0041 2836 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/08/01 10:57:09.0212 2836 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/08/01 10:57:09.0384 2836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/08/01 10:57:09.0431 2836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/08/01 10:57:09.0602 2836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/08/01 10:57:09.0649 2836 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/08/01 10:57:09.0758 2836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/08/01 10:57:09.0774 2836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/08/01 10:57:09.0821 2836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/08/01 10:57:09.0961 2836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/08/01 10:57:09.0992 2836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/08/01 10:57:10.0148 2836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/01 10:57:10.0179 2836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/08/01 10:57:10.0320 2836 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/01 10:57:10.0382 2836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/08/01 10:57:10.0523 2836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/08/01 10:57:10.0569 2836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/01 10:57:10.0601 2836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/01 10:57:10.0710 2836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/08/01 10:57:10.0757 2836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/01 10:57:10.0897 2836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/01 10:57:11.0022 2836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/01 10:57:11.0084 2836 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/01 10:57:11.0100 2836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/08/01 10:57:11.0209 2836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/01 10:57:11.0271 2836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/01 10:57:11.0303 2836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/08/01 10:57:11.0365 2836 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/08/01 10:57:11.0474 2836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/08/01 10:57:11.0583 2836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/01 10:57:11.0677 2836 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys

2011/08/01 10:57:11.0817 2836 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/08/01 10:57:11.0911 2836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/08/01 10:57:12.0020 2836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/08/01 10:57:12.0098 2836 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

2011/08/01 10:57:12.0239 2836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/08/01 10:57:12.0270 2836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/08/01 10:57:12.0301 2836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/08/01 10:57:12.0410 2836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/08/01 10:57:12.0457 2836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/08/01 10:57:12.0488 2836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/01 10:57:12.0519 2836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/01 10:57:12.0629 2836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/08/01 10:57:12.0675 2836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/08/01 10:57:12.0707 2836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/08/01 10:57:12.0831 2836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/08/01 10:57:12.0878 2836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/08/01 10:57:13.0050 2836 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS

2011/08/01 10:57:13.0237 2836 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS

2011/08/01 10:57:13.0331 2836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/08/01 10:57:13.0518 2836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/01 10:57:13.0658 2836 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

2011/08/01 10:57:13.0752 2836 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

2011/08/01 10:57:13.0908 2836 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

2011/08/01 10:57:14.0033 2836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/01 10:57:14.0111 2836 ssfs0bbc (ad47a64046ddbc23a54d7c5cbc22db94) C:\Windows\system32\DRIVERS\ssfs0bbc.sys

2011/08/01 10:57:14.0267 2836 ssidrv (4f5f30eed40cf4b4bd22f07902133ed7) C:\Windows\system32\DRIVERS\ssidrv.sys

2011/08/01 10:57:14.0313 2836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/08/01 10:57:14.0423 2836 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

2011/08/01 10:57:14.0485 2836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/08/01 10:57:14.0625 2836 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS

2011/08/01 10:57:14.0828 2836 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS

2011/08/01 10:57:14.0984 2836 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

2011/08/01 10:57:15.0047 2836 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS

2011/08/01 10:57:15.0187 2836 SymNetS (81d134628a98a22b6e054e971af525dc) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS

2011/08/01 10:57:15.0359 2836 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys

2011/08/01 10:57:15.0546 2836 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

2011/08/01 10:57:15.0780 2836 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/01 10:57:15.0920 2836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/01 10:57:15.0983 2836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/08/01 10:57:16.0092 2836 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/08/01 10:57:16.0154 2836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/01 10:57:16.0201 2836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/08/01 10:57:16.0326 2836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/01 10:57:16.0388 2836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/08/01 10:57:16.0544 2836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/01 10:57:16.0591 2836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/08/01 10:57:16.0653 2836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/01 10:57:16.0763 2836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/01 10:57:16.0809 2836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/08/01 10:57:16.0841 2836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/08/01 10:57:16.0965 2836 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/08/01 10:57:17.0090 2836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/08/01 10:57:17.0184 2836 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/08/01 10:57:17.0277 2836 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/01 10:57:17.0402 2836 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

2011/08/01 10:57:17.0496 2836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/01 10:57:17.0590 2836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/08/01 10:57:17.0668 2836 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

2011/08/01 10:57:17.0746 2836 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/08/01 10:57:17.0886 2836 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

2011/08/01 10:57:17.0964 2836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/08/01 10:57:18.0058 2836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/01 10:57:18.0104 2836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/08/01 10:57:18.0136 2836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/08/01 10:57:18.0214 2836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/08/01 10:57:18.0276 2836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/08/01 10:57:18.0323 2836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/08/01 10:57:18.0354 2836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/08/01 10:57:18.0448 2836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/08/01 10:57:18.0494 2836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/08/01 10:57:18.0526 2836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/08/01 10:57:18.0619 2836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/08/01 10:57:18.0697 2836 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/01 10:57:18.0713 2836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/01 10:57:18.0822 2836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/08/01 10:57:18.0884 2836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/01 10:57:19.0040 2836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/08/01 10:57:19.0072 2836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/08/01 10:57:19.0165 2836 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

2011/08/01 10:57:19.0337 2836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/08/01 10:57:19.0415 2836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/08/01 10:57:19.0555 2836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/08/01 10:57:19.0618 2836 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/01 10:57:19.0742 2836 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys

2011/08/01 10:57:19.0820 2836 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

2011/08/01 10:57:19.0852 2836 MBR (0x1B8) (8065ab345e5f3212518e1e127758d69e) \Device\Harddisk0\DR0

2011/08/01 10:57:19.0867 2836 Boot (0x1200) (b4f72108e0a55c13f1fbfb818c419b67) \Device\Harddisk0\DR0\Partition0

2011/08/01 10:57:19.0883 2836 Boot (0x1200) (307fa6a015facab8e27e1438fb90c0d1) \Device\Harddisk0\DR0\Partition1

2011/08/01 10:57:19.0914 2836 Boot (0x1200) (b19908a7f8da54a6bb01566becc38cb8) \Device\Harddisk0\DR0\Partition2

2011/08/01 10:57:19.0914 2836 ================================================================================

2011/08/01 10:57:19.0914 2836 Scan finished

2011/08/01 10:57:19.0914 2836 ================================================================================

2011/08/01 10:57:19.0914 3704 Detected object count: 0

2011/08/01 10:57:19.0914 3704 Actual detected object count: 0

////////////////////////////////////////////////////

ComboFix 11-07-31.04 - EP 08/01/2011 10:24:23.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2733 [GMT -7:00]

Running from: c:\users\EP\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))

.

.

2011-08-01 17:33 . 2011-08-01 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-31 17:41 . 2011-07-31 17:41 -------- d-----w- c:\program files\Cool PDF Reader

2011-07-29 22:18 . 2011-07-29 22:18 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-29 22:17 . 2011-07-29 22:18 -------- d-----w- c:\programdata\Hitman Pro

2011-07-29 19:52 . 2011-07-29 19:52 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-07-29 19:47 . 2011-08-01 17:01 -------- dc----w- c:\windows\system32\DRVSTORE

2011-07-29 19:47 . 2011-07-29 19:47 -------- d-----w- c:\program files (x86)\Lavasoft

2011-07-29 19:47 . 2011-08-01 17:02 -------- d-----w- c:\programdata\Lavasoft

2011-07-29 18:54 . 2011-08-01 17:04 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-07-29 18:52 . 2011-08-01 16:54 -------- d-----w- c:\programdata\PC Tools

2011-07-29 05:16 . 2011-07-29 14:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-29 05:16 . 2011-07-29 05:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-07-29 03:11 . 2011-07-29 03:11 -------- d-----w- c:\program files (x86)\MSSOAP

2011-07-29 03:11 . 2011-07-29 03:16 -------- d-----w- c:\programdata\Webroot

2011-07-29 03:11 . 2011-07-29 03:11 -------- d-----w- c:\program files (x86)\Webroot

2011-07-29 03:11 . 2011-04-20 16:34 1563024 ----a-w- c:\windows\WRSetup.dll

2011-07-28 18:48 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2011-07-28 16:35 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-28 16:35 . 2011-07-28 16:35 -------- d-----w- c:\programdata\Malwarebytes

2011-07-28 16:35 . 2011-07-28 16:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-28 16:35 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-28 00:27 . 2011-07-28 00:26 188416 ----a-w- c:\windows\iesshell.dll

2011-07-28 00:26 . 2011-07-28 00:27 -------- d-----w- c:\programdata\Chasys Draw IES

2011-07-28 00:26 . 2011-07-28 00:26 -------- d-----w- c:\program files (x86)\John Paul Chacha's Lab

2011-07-27 20:33 . 2011-07-27 20:33 -------- d-----w- c:\programdata\WebEx

2011-07-27 20:23 . 2011-07-27 20:23 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-07-27 17:50 . 2011-07-27 17:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-07-27 17:50 . 2011-07-27 17:50 -------- d-----w- c:\programdata\!SASCORE

2011-07-26 22:29 . 2011-07-26 22:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-07-26 22:26 . 2011-07-26 23:32 -------- d-----w- c:\program files (x86)\Google

2011-07-17 17:44 . 2011-07-17 17:44 -------- d-----w- c:\programdata\GoldWave

2011-07-17 17:42 . 2011-07-17 17:42 -------- d-----w- c:\program files (x86)\GoldWave

2011-07-17 17:39 . 2011-07-20 18:35 -------- d-----w- c:\programdata\ESTsoft

2011-07-17 17:39 . 2011-07-20 18:35 -------- d-----w- c:\program files (x86)\ESTsoft

2011-07-13 15:58 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-07-09 13:39 . 2011-07-09 13:39 -------- d-----w- c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}

2011-07-08 18:59 . 2011-07-08 18:59 638 ----a-w- c:\windows\uninstallstickies.bat

2011-07-08 18:59 . 2011-07-08 18:59 -------- d-----w- c:\program files (x86)\Stickies

2011-07-07 18:53 . 2011-07-07 18:53 -------- d-----w- c:\programdata\Brother

2011-07-06 18:26 . 2011-07-06 18:26 -------- d-----w- c:\program files (x86)\Chami

2011-07-06 16:03 . 2011-07-06 16:03 -------- d-----w- c:\programdata\LightScribe

2011-07-06 16:00 . 2011-07-06 16:00 -------- d-----w- c:\windows\en

2011-07-06 15:56 . 2011-07-06 15:56 -------- d-----w- c:\program files\Windows Live

2011-07-06 15:56 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-07-06 15:56 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-07-06 15:56 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-07-06 15:56 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-07-06 15:51 . 2011-07-06 15:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\83b3c53c1cc3bf422\MeshBetaRemover.exe

2011-07-06 15:50 . 2011-07-06 15:50 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\79df4cb31cc3bf41a\DSETUP.dll

2011-07-06 15:50 . 2011-07-06 15:50 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\79df4cb31cc3bf41a\DXSETUP.exe

2011-07-06 15:50 . 2011-07-06 15:50 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\79df4cb31cc3bf41a\dsetup32.dll

2011-07-06 15:50 . 2011-07-06 15:50 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\78f4e9451cc3bf419\DSETUP.dll

2011-07-06 15:50 . 2011-07-06 15:50 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\78f4e9451cc3bf419\DXSETUP.exe

2011-07-06 15:50 . 2011-07-06 15:50 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\78f4e9451cc3bf419\dsetup32.dll

2011-07-06 15:37 . 2011-07-06 15:37 -------- d-----w- c:\windows\system32\SPReview

2011-07-06 15:37 . 2011-07-06 15:37 -------- d-----w- c:\windows\system32\EventProviders

2011-07-06 15:31 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-07-06 15:31 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-07-05 20:58 . 2011-07-05 20:58 -------- d-----w- c:\programdata\Human Computing

2011-07-05 20:58 . 2011-07-05 20:58 -------- d-----w- c:\program files (x86)\Human Computing

2011-07-05 20:58 . 2011-07-05 20:58 -------- d-----w- c:\windows\Local Settings

2011-07-05 20:58 . 2011-07-05 20:58 -------- d-----w- c:\program files (x86)\Business Objects

2011-07-05 20:57 . 2011-07-06 16:43 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-07-05 19:19 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-07-05 19:19 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-07-05 19:19 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-07-05 19:19 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2011-07-05 19:19 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll

2011-07-05 19:19 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2011-07-05 19:19 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll

2011-07-05 19:19 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll

2011-07-05 19:17 . 2010-11-20 13:26 1244160 ----a-w- c:\windows\system32\imapi2fs.dll

2011-07-05 19:16 . 2010-11-20 13:27 475136 ----a-w- c:\windows\system32\wlangpui.dll

2011-07-05 19:15 . 2010-11-20 13:27 67072 ----a-w- c:\windows\system32\wsnmp32.dll

2011-07-05 19:14 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-07-05 19:14 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-07-05 19:10 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-07-05 03:12 . 2011-07-05 03:12 -------- d-----w- c:\program files (x86)\CDisplay

2011-07-04 22:37 . 2011-07-04 22:37 -------- d-----w- c:\windows\SysWow64\Wat

2011-07-04 22:37 . 2011-07-04 22:37 -------- d-----w- c:\windows\system32\Wat

2011-07-04 19:31 . 2011-07-04 19:31 -------- d-----w- c:\program files (x86)\MSXML 4.0

2011-07-04 18:42 . 2011-07-04 18:42 -------- d-----w- c:\windows\Sun

2011-07-04 18:16 . 2011-07-19 01:02 -------- d-----w- C:\Tunes

2011-07-04 17:57 . 2003-03-19 11:04 765952 ----a-w- c:\windows\SysWow64\msvcp71d.dll

2011-07-04 17:57 . 2003-03-19 11:03 544768 ----a-w- c:\windows\SysWow64\msvcr71d.dll

2011-07-04 17:57 . 2011-07-04 17:57 -------- d-----w- c:\program files (x86)\Lizard Safeguard PDF Viewer

2011-07-04 17:57 . 2011-07-04 17:57 -------- d-----w- c:\programdata\LockLizard

2011-07-04 17:02 . 2011-07-04 17:02 -------- d-----w- c:\users\Public\CyberLink

2011-07-04 16:13 . 2011-07-04 16:13 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-04 16:11 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll

2011-07-04 16:11 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-07-04 16:10 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-07-04 16:10 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-07-04 16:10 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-07-04 16:10 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-07-04 16:10 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-07-04 16:10 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll

2011-07-04 16:09 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-07-04 16:09 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-07-04 16:08 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll

2011-07-04 16:08 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll

2011-07-04 16:08 . 2010-12-23 10:42 723968 ----a-w- c:\windows\system32\EncDec.dll

2011-07-04 16:08 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2011-07-04 16:08 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll

2011-07-04 16:08 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2011-07-04 16:08 . 2010-12-23 05:54 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-07-04 16:08 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2011-07-04 16:06 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-07-04 16:06 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-07-04 16:06 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2011-07-04 15:58 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-07-04 15:58 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-07-04 15:55 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-04 15:55 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-04 15:55 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-07-04 15:53 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-07-04 15:53 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-07-04 15:53 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-07-04 15:46 . 2011-02-18 10:56 613376 ----a-w- c:\windows\system32\vbscript.dll

2011-07-04 15:46 . 2011-02-18 05:43 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-07-04 15:45 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-07-04 15:45 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-07-04 15:45 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-07-04 15:45 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-07-04 15:43 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 16:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-07-06 16:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-07-06 15:56 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-14 17:04 . 2011-07-09 13:44 55864 ----a-w- c:\windows\help\OEM\Scripts\HPSAUpdaterObj.exe

2011-06-14 17:04 . 2011-07-09 13:44 49152 ----a-w- c:\windows\help\OEM\Scripts\Interop.TaskScheduler.dll

2011-06-14 17:04 . 2011-07-09 13:44 23816 ----a-w- c:\windows\help\OEM\Scripts\HPSAScript.exe

2011-06-14 17:04 . 2011-07-09 13:44 22584 ----a-w- c:\windows\help\OEM\Scripts\HPSA_CIP.exe

2011-06-14 17:04 . 2011-07-09 13:44 20536 ----a-w- c:\windows\help\OEM\Scripts\HPSA_LINK_REDIRECTOR.exe

2011-06-14 17:04 . 2011-07-09 13:44 20224 ----a-w- c:\windows\help\OEM\Scripts\HC_checkMUI.dll

2011-06-14 17:04 . 2011-07-09 13:44 20024 ----a-w- c:\windows\help\OEM\Scripts\HPSA_BUY_BATTERY.exe

2011-06-14 17:04 . 2011-07-09 13:44 18696 ----a-w- c:\windows\help\OEM\Scripts\HC_HPHCImprove.exe

2011-06-14 17:04 . 2011-07-09 13:44 18184 ----a-w- c:\windows\help\OEM\Scripts\HC_SREnable.exe

2011-06-14 17:04 . 2011-07-09 13:44 18184 ----a-w- c:\windows\help\OEM\Scripts\HC_Launch.exe

2011-06-14 17:04 . 2011-07-09 13:44 17672 ----a-w- c:\windows\help\OEM\Scripts\HPSA_NoDisplay.exe

2011-06-14 17:04 . 2011-07-09 13:44 17672 ----a-w- c:\windows\help\OEM\Scripts\HC_WindowsUpdateCheck.exe

2011-06-14 17:04 . 2011-07-09 13:44 17672 ----a-w- c:\windows\help\OEM\Scripts\HC_GuestEnabled.exe

2011-06-14 17:04 . 2011-07-09 13:44 17160 ----a-w- c:\windows\help\OEM\Scripts\HC_HibernateEnable.exe

2011-06-14 17:04 . 2011-07-09 13:44 130312 ----a-w- c:\windows\help\OEM\Scripts\HPSAMessageBox.exe

2011-06-14 17:04 . 2011-07-09 13:44 1243704 ----a-w- c:\windows\help\OEM\Scripts\HPSAUpgrade.exe

2011-06-03 05:57 . 2011-07-28 18:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-01_01.30.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-29 18:42 . 2011-08-01 17:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-07-29 18:42 . 2011-08-01 01:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 04:54 . 2011-08-01 01:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-08-01 17:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-08-01 17:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-08-01 01:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-08-01 17:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-08-01 01:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-08-17 18:30 . 2011-08-01 17:36 38542 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-01 17:36 53100 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-03 21:27 . 2011-08-01 17:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-03 21:27 . 2011-07-29 18:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-08-01 17:08 91512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-07-03 21:27 . 2011-08-01 17:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-07-03 21:27 . 2011-07-29 18:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-07-03 21:27 . 2011-07-29 18:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-03 21:27 . 2011-08-01 17:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-07-03 21:27 . 2011-08-01 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-07-03 21:27 . 2011-08-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-03 21:27 . 2011-08-01 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-03 21:27 . 2011-08-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-03 21:32 . 2011-08-01 17:36 7136 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2883755398-791160840-328614615-1001_UserData.bin

- 2011-07-29 18:42 . 2011-07-29 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-01 17:34 . 2011-08-01 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-01 17:34 . 2011-08-01 17:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-29 18:42 . 2011-07-29 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-04 14:49 . 2011-08-01 15:22 298566 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-07-04 01:44 . 2011-08-01 01:55 296678 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 04:45 . 2011-08-01 17:04 457448 c:\windows\system32\FNTCACHE.DAT

+ 2009-07-14 05:01 . 2011-08-01 17:33 442308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-07-29 18:41 442308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:45 . 2011-08-01 17:07 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2011-07-28 20:41 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-07-04 15:58 . 2011-08-01 17:03 23159312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2883755398-791160840-328614615-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-06-30 74752]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"SpySweeper"="c:\program files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-20 6515800]

.

c:\users\EP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2011-7-8 1122304]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

.

R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]

R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 51727736]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110729.030\IDSvia64.sys [2011-07-08 488056]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-26 92216]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-07-29 1201656]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-27 c:\windows\Tasks\HPCeeScheduleForEP.job

- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-08-17 21:38]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: devry.edu\my

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\EP\AppData\Roaming\Mozilla\Firefox\Profiles\rth2a23x.default\

.

- - - - ORPHANS REMOVED - - - -

.

Notify-igfxcui - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.bin

c:\program files (x86)\Brother\Brmfcmon\BrMfcmon.exe

.

**************************************************************************

.

Completion time: 2011-08-01 10:42:25 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-01 17:42

.

Pre-Run: 170,369,650,688 bytes free

Post-Run: 169,691,291,648 bytes free

.

- - End Of File - - E79FEF8AE87701D29EE5F81FB1458F0A

Link to post
Share on other sites

I uninstalled a couple of the mal-ware programs that I had recently donwloaded, rebooted, and ran through Defogger, DDS, TDSSkiller, and ComboFix again. It worked this time, so I hope you don't mind my re-posting the new logs from these steps. Here we go:

No worries- it happens ;)

Let's do some more scans to give us a better look at the problem:

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

---------

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

---------

Please include the aswMBR log and MBR.dat Zip File, as well as the MBRCheck log in your next reply ;)

Link to post
Share on other sites

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software

Run date: 2011-08-01 11:47:37

-----------------------------

11:47:37.869 OS Version: Windows x64 6.1.7601 Service Pack 1

11:47:37.869 Number of processors: 2 586 0x170A

11:47:37.869 ComputerName: EP-PC UserName: EP

11:47:39.070 Initialize success

11:49:03.729 AVAST engine defs: 11080100

11:49:18.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

11:49:18.019 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OCA0G Size: 238475MB BusType: 11

11:49:20.062 Disk 0 MBR read successfully

11:49:20.062 Disk 0 MBR scan

11:49:20.062 Disk 0 unknown MBR code

11:49:20.078 Service scanning

11:49:21.591 Modules scanning

11:49:21.591 Disk 0 trace - called modules:

11:49:21.622 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

11:49:21.622 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b1d060]

11:49:21.638 3 CLASSPNP.SYS[fffff880010ab43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004784060]

11:49:23.369 AVAST engine scan C:\Windows

11:49:26.661 AVAST engine scan C:\Windows\system32

11:51:26.750 AVAST engine scan C:\Windows\system32\drivers

11:51:40.197 AVAST engine scan C:\Users\EP

11:57:24.864 AVAST engine scan C:\ProgramData

11:58:23.661 Scan finished successfully

12:01:07.087 Disk 0 MBR has been saved successfully to "C:\Users\EP\Desktop\MBR.dat"

12:01:07.087 The log file has been saved successfully to "C:\Users\EP\Desktop\aswMBR.txt"

I see that you also requested MBRCheck log, but I do not know where to find this.

MBR.zip

Link to post
Share on other sites

Are you running it as Administrator?

Try that, and if it doesn't work, try this:

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, locate and run MBRCheck on your Desktop- please post the log it creates ;)

Link to post
Share on other sites

Hi again. Thank you for your patience, as I guess this isn't going as you expect it to.

I have been running as Admin, and have now also run in safe mode. It just does not create the MBRcheck file. When the program is finished (after clicking for teh log file) you can see that it has created the MBR.dat file and the aswMBR file, but nothing else.

Link to post
Share on other sites

Hi again. Thank you for your patience, as I guess this isn't going as you expect it to.

No worries :)

Let's try this:

Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    6zvqld.gif
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.

Link to post
Share on other sites

I ran the Kaspersky tool and it detected no threats. I ran a handful of searches on Google just now, and no redirect. OK.... I want to be happy, but... where did the nasty little bugger go?

Looks like we squashed it ;)

Before we move on, let's run the following online scans to make sure there's nothing hiding that we may have missed:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

--------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

In reverse order, BitDefender results: Your computer is not infected

And here is the log from ESET:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=87c1c8113a24a048b94979fc8a9a325d

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-02 07:29:52

# local_time=2011-08-02 12:29:52 (-0700, US Mountain Standard Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3588 16777214 85 79 234876 15271380 0 0

# compatibility_mode=5893 16776574 66 85 1412370 63847224 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=190175

# found=2

# cleaned=0

# scan_time=9619

C:\Qoobox\Quarantine\C\Users\EP\AppData\Roaming\Mozilla\Firefox\Profiles\rth2a23x.default\extensions\{4e206968-380a-4f54-9a94-2ed6750f032e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Users\EP\AppData\Roaming\Mozilla\Firefox\Profiles\rth2a23x.default\extensions\{4e206968-380a-4f54-9a94-2ed6750f032e}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Looking good ;)

Let's see what programs of yours are out-of-date :):

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player 10.3.181.34

Adobe Reader X (10.1.0)

Mozilla Firefox (x86 en-US..)

Mozilla Thunderbird (5.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

Spybot Teatimer.exe is disabled!

``````````End of Log````````````

Link to post
Share on other sites

Before we move on, please take the time to install the following updates, as using outdated applications leaves you extremely vulnerable to getting infected again ;):

-----------

I see you have User Accounts Control (UAC) disabled.

This is an important security feature which helps prevent malware and other unwanted software from being installed on your computer.

I strongly suggest you keep it enabled. See this link for instructions on how to enable it: http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off

-----------

You are using Internet Explorer version 8. Since you are using Windows 7, you qualify forthe latest version, which is 9. Using an outdated version of a web browser leaves you extremley vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

-----------

Please let me know how the updates went, as failed updates may indicate additional malware ;)

Link to post
Share on other sites

Glad to hear the updates went well! :)

As we go forward, should I be logged in as Admin?

Yes, preferably ;)

Unless there are any further issues, I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Thank you for all of your help!

I do have one more issue -- though it may not be your field of expertise. Now that I am using different user accounts, when I log in with a standard user account, I am unable to open Gmail and I am unable to click on anything (messages, folders) in Hotmail. The Admin account can do these things fine, though. Any tips on this issue?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.