Jump to content

Recommended Posts

So I started with (what I *thought* was) a simple piece of malware. However, using Malwarebytes, HJT, Spybot, Avira, etc. I still haven't been able to corner it and squash it. Up until this point, I've been able to find the methods to kill my bugs online, but this situation seems to be a bit out of control... it started with my search engines redirecting me to other sites, and tonight I get home and there's a new "antivirus" that's been installed "OpenCloud Security". I cleaned out the opencloud thing with MalwareBytes, but I'm still not completely cleaned... After reading the steps to take before initial posting...I've attached/pasted everything I think y'all ask for. It didn't say whether I should or not, but I also added a copy of a HJT log to the zip file. Thanks in advance for taking the time to help me out here.

Contents of DDS.TXT

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23

Run by Nick at 22:57:43 on 2011-09-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5880.4054 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\splwow64.exe

C:\Users\Nick\AppData\Local\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uLocal Page = hxxp://www.google.com/

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{29472D80-33D2-4E01-A34E-5C2E94D3BA2A} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

TB-X64: Family Toolbar: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7iyhat2u.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-8 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-8 269480]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2010-4-27 126392]

R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-6-23 470528]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-8 1153368]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 RRNetCapMP;RRNetCapMP;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\D7E5.tmp --> C:\Windows\system32\D7E5.tmp [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\system32\DRIVERS\PulseUsb.sys --> C:\Windows\system32\DRIVERS\PulseUsb.sys [?]

S3 RRNetCap;RRNetCap Service;C:\Windows\system32\DRIVERS\rrnetcap.sys --> C:\Windows\system32\DRIVERS\rrnetcap.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-18 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Nick\Desktop\realtemp\WinRing0x64.sys [2011-8-18 14544]

S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]

S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-2 1038088]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]

.

=============== File Associations ===============

.

.txt=MUSHclient.TextDocument

.

=============== Created Last 30 ================

.

2011-09-19 03:49:03 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-19 02:35:18 97792 ----a-w- C:\ProgramData\GoogleBackupOnline.dll

2011-09-19 02:34:58 -------- d-----w- C:\Users\Nick\AppData\Roaming\OpenCloud Security

2011-09-17 01:28:23 -------- d-----w- C:\Program Files (x86)\WinPcap

2011-09-16 19:55:35 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{388C7BB0-ACBF-41BA-B6FD-53DABEBDF0FB}\mpengine.dll

2011-09-11 03:50:27 -------- d-----w- C:\Users\Nick\AppData\Local\Mozilla Firefox

2011-09-09 04:23:50 6144 ------w- C:\Windows\System32\D7E5.tmp

2011-09-09 04:21:48 6144 ------w- C:\Windows\System32\F9E5.tmp

2011-09-09 04:20:28 -------- d-----w- C:\Program Files (x86)\Sophos

2011-09-08 06:07:51 -------- d-----w- C:\Users\Nick\AppData\Roaming\SQLyog

2011-09-08 06:07:44 -------- d-----w- C:\Program Files (x86)\SQLyog Trial

2011-09-06 21:36:38 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2011-09-06 21:31:14 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-09-06 21:30:09 -------- d-----w- C:\ProgramData\Hitman Pro

2011-09-05 04:22:44 -------- d-----w- C:\Users\Nick\AppData\Local\Adobe

2011-09-03 03:10:48 -------- d-----w- C:\Program Files (x86)\WPF Toolkit

2011-09-03 03:08:58 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2011-09-03 03:08:23 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2011-09-03 03:07:41 -------- d-----w- C:\Program Files (x86)\Microsoft Expression

2011-08-25 19:48:04 388096 ----a-r- C:\Users\Nick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-25 19:48:04 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-08-24 22:15:23 -------- d-----w- C:\Users\Nick\AppData\Local\Opera

2011-08-24 05:40:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 05:40:02 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-22 22:55:50 46112 ----a-w- C:\Windows\System32\drivers\tbhsd.sys

2011-07-22 22:55:45 37480 ----a-w- C:\Windows\System32\drivers\rrnetcap.sys

2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 16:08:35 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-01 08:20:51 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2011-06-29 03:24:28 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-29 03:24:28 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-29 01:30:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-24 02:34:52 26112 ----a-w- C:\Windows\System32\drivers\PulseUsb.sys

2011-06-24 02:34:52 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

.

============= FINISH: 22:58:49.22 ===============

attach.zip

Link to post
Share on other sites

Hello and :welcome:

Lets do also an additional rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

2011/09/21 17:46:16.0434 5092 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10

2011/09/21 17:46:16.0840 5092 ================================================================================

2011/09/21 17:46:16.0840 5092 SystemInfo:

2011/09/21 17:46:16.0840 5092

2011/09/21 17:46:16.0840 5092 OS Version: 6.1.7601 ServicePack: 1.0

2011/09/21 17:46:16.0840 5092 Product type: Workstation

2011/09/21 17:46:16.0840 5092 ComputerName: NICKS_PC

2011/09/21 17:46:16.0840 5092 UserName: Nick

2011/09/21 17:46:16.0840 5092 Windows directory: C:\Windows

2011/09/21 17:46:16.0840 5092 System windows directory: C:\Windows

2011/09/21 17:46:16.0840 5092 Running under WOW64

2011/09/21 17:46:16.0840 5092 Processor architecture: Intel x64

2011/09/21 17:46:16.0840 5092 Number of processors: 4

2011/09/21 17:46:16.0840 5092 Page size: 0x1000

2011/09/21 17:46:16.0840 5092 Boot type: Normal boot

2011/09/21 17:46:16.0840 5092 ================================================================================

2011/09/21 17:46:23.0033 5092 Initialize success

2011/09/21 17:46:34.0265 2308 ================================================================================

2011/09/21 17:46:34.0265 2308 Scan started

2011/09/21 17:46:34.0265 2308 Mode: Manual;

2011/09/21 17:46:34.0265 2308 ================================================================================

2011/09/21 17:46:36.0246 2308 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/09/21 17:46:36.0278 2308 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/09/21 17:46:36.0324 2308 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/09/21 17:46:36.0371 2308 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

2011/09/21 17:46:36.0434 2308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/09/21 17:46:36.0449 2308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/09/21 17:46:36.0480 2308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/09/21 17:46:36.0543 2308 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/09/21 17:46:36.0558 2308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/09/21 17:46:36.0605 2308 ahcix64s (b7103982196eb826be70f29405c566db) C:\Windows\system32\DRIVERS\ahcix64s.sys

2011/09/21 17:46:36.0636 2308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/09/21 17:46:36.0855 2308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/09/21 17:46:36.0886 2308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/09/21 17:46:37.0042 2308 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/09/21 17:46:37.0182 2308 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/09/21 17:46:37.0229 2308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/09/21 17:46:37.0260 2308 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys

2011/09/21 17:46:37.0276 2308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/09/21 17:46:37.0292 2308 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys

2011/09/21 17:46:37.0385 2308 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/09/21 17:46:37.0448 2308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/09/21 17:46:37.0463 2308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/09/21 17:46:37.0526 2308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/21 17:46:37.0572 2308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/09/21 17:46:37.0635 2308 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

2011/09/21 17:46:37.0682 2308 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/09/21 17:46:37.0713 2308 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

2011/09/21 17:46:37.0744 2308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/09/21 17:46:37.0775 2308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/09/21 17:46:37.0806 2308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/09/21 17:46:37.0900 2308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/09/21 17:46:37.0962 2308 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/21 17:46:37.0994 2308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/09/21 17:46:38.0025 2308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/09/21 17:46:38.0056 2308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/09/21 17:46:38.0087 2308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/09/21 17:46:38.0103 2308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/09/21 17:46:38.0134 2308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/09/21 17:46:38.0165 2308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/09/21 17:46:38.0212 2308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/21 17:46:38.0274 2308 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

2011/09/21 17:46:38.0337 2308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/09/21 17:46:38.0368 2308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/09/21 17:46:38.0430 2308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/21 17:46:38.0446 2308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/09/21 17:46:38.0493 2308 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/09/21 17:46:38.0524 2308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/21 17:46:38.0571 2308 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/09/21 17:46:38.0618 2308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/09/21 17:46:38.0696 2308 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/09/21 17:46:38.0727 2308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/09/21 17:46:38.0805 2308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/09/21 17:46:38.0883 2308 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

2011/09/21 17:46:38.0961 2308 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

2011/09/21 17:46:39.0008 2308 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/09/21 17:46:39.0054 2308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/09/21 17:46:39.0132 2308 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/21 17:46:39.0273 2308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/09/21 17:46:39.0382 2308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/09/21 17:46:39.0429 2308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/09/21 17:46:39.0507 2308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/09/21 17:46:39.0554 2308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/09/21 17:46:39.0585 2308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/21 17:46:39.0616 2308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/09/21 17:46:39.0647 2308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/09/21 17:46:39.0710 2308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/21 17:46:39.0756 2308 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/09/21 17:46:39.0803 2308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/09/21 17:46:39.0819 2308 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/21 17:46:39.0881 2308 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/09/21 17:46:39.0912 2308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/09/21 17:46:39.0944 2308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/09/21 17:46:40.0022 2308 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/09/21 17:46:40.0084 2308 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/09/21 17:46:40.0115 2308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/09/21 17:46:40.0146 2308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/09/21 17:46:40.0178 2308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/09/21 17:46:40.0209 2308 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/21 17:46:40.0287 2308 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/09/21 17:46:40.0349 2308 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/09/21 17:46:40.0396 2308 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/09/21 17:46:40.0427 2308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/09/21 17:46:40.0474 2308 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

2011/09/21 17:46:40.0521 2308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/09/21 17:46:40.0630 2308 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys

2011/09/21 17:46:40.0708 2308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/09/21 17:46:40.0739 2308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/21 17:46:40.0802 2308 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/21 17:46:40.0864 2308 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/09/21 17:46:40.0895 2308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/09/21 17:46:40.0942 2308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/09/21 17:46:40.0973 2308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/09/21 17:46:41.0020 2308 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/09/21 17:46:41.0082 2308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/09/21 17:46:41.0114 2308 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/09/21 17:46:41.0145 2308 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/21 17:46:41.0192 2308 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/09/21 17:46:41.0207 2308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/09/21 17:46:41.0285 2308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/21 17:46:41.0363 2308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/09/21 17:46:41.0379 2308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/09/21 17:46:41.0410 2308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/09/21 17:46:41.0441 2308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/09/21 17:46:41.0472 2308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/09/21 17:46:41.0504 2308 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

2011/09/21 17:46:41.0535 2308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/09/21 17:46:41.0550 2308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/09/21 17:46:41.0628 2308 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\D7E5.tmp

2011/09/21 17:46:41.0660 2308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/09/21 17:46:41.0722 2308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/21 17:46:41.0769 2308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/21 17:46:41.0816 2308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/21 17:46:41.0878 2308 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/09/21 17:46:41.0925 2308 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/09/21 17:46:41.0956 2308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/21 17:46:42.0018 2308 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/09/21 17:46:42.0096 2308 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/21 17:46:42.0143 2308 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/21 17:46:42.0190 2308 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/21 17:46:42.0237 2308 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/09/21 17:46:42.0268 2308 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/09/21 17:46:42.0315 2308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/09/21 17:46:42.0346 2308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/09/21 17:46:42.0377 2308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/09/21 17:46:42.0424 2308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/21 17:46:42.0455 2308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/21 17:46:42.0486 2308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/09/21 17:46:42.0549 2308 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/09/21 17:46:42.0580 2308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/09/21 17:46:42.0596 2308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/09/21 17:46:42.0658 2308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/09/21 17:46:42.0689 2308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/09/21 17:46:42.0736 2308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/21 17:46:42.0876 2308 NAVENG (deb92e93a522f85c71bc647ddee8a81d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100308.003\ENG64.SYS

2011/09/21 17:46:42.0923 2308 NAVEX15 (b6bef62e7c7cc46c5ff3bb4fb31ed156) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100308.003\EX64.SYS

2011/09/21 17:46:43.0032 2308 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/09/21 17:46:43.0064 2308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/09/21 17:46:43.0126 2308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/21 17:46:43.0204 2308 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/21 17:46:43.0266 2308 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/21 17:46:43.0329 2308 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/09/21 17:46:43.0376 2308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/21 17:46:43.0422 2308 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/21 17:46:43.0516 2308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/09/21 17:46:43.0578 2308 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys

2011/09/21 17:46:43.0610 2308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/09/21 17:46:43.0641 2308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/21 17:46:43.0719 2308 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

2011/09/21 17:46:43.0766 2308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/09/21 17:46:43.0828 2308 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

2011/09/21 17:46:43.0859 2308 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

2011/09/21 17:46:43.0890 2308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/09/21 17:46:43.0953 2308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/09/21 17:46:44.0046 2308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/09/21 17:46:44.0093 2308 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/09/21 17:46:44.0124 2308 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/09/21 17:46:44.0156 2308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/09/21 17:46:44.0187 2308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/09/21 17:46:44.0218 2308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/09/21 17:46:44.0249 2308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/09/21 17:46:44.0405 2308 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/21 17:46:44.0436 2308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/09/21 17:46:44.0514 2308 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/21 17:46:44.0561 2308 PulseUsb (edc3cc1d029601c8da3ff8bcfb08881f) C:\Windows\system32\DRIVERS\PulseUsb.sys

2011/09/21 17:46:44.0624 2308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/09/21 17:46:44.0655 2308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/09/21 17:46:44.0702 2308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/21 17:46:44.0733 2308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/21 17:46:44.0795 2308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/09/21 17:46:44.0873 2308 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/21 17:46:44.0920 2308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/21 17:46:44.0967 2308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/21 17:46:45.0029 2308 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/21 17:46:45.0060 2308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/09/21 17:46:45.0076 2308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/21 17:46:45.0107 2308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/21 17:46:45.0123 2308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/09/21 17:46:45.0170 2308 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/09/21 17:46:45.0232 2308 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/09/21 17:46:45.0326 2308 RRNetCap (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys

2011/09/21 17:46:45.0341 2308 RRNetCapMP (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys

2011/09/21 17:46:45.0388 2308 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys

2011/09/21 17:46:45.0419 2308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/21 17:46:45.0466 2308 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/09/21 17:46:45.0513 2308 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/09/21 17:46:45.0591 2308 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/09/21 17:46:45.0669 2308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/09/21 17:46:45.0731 2308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/21 17:46:45.0762 2308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/09/21 17:46:45.0778 2308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/09/21 17:46:45.0856 2308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/09/21 17:46:45.0887 2308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/21 17:46:45.0918 2308 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/09/21 17:46:45.0950 2308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/21 17:46:45.0981 2308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/09/21 17:46:46.0012 2308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/09/21 17:46:46.0074 2308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/09/21 17:46:46.0121 2308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/09/21 17:46:46.0215 2308 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS

2011/09/21 17:46:46.0230 2308 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS

2011/09/21 17:46:46.0277 2308 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/09/21 17:46:46.0308 2308 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/21 17:46:46.0340 2308 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/21 17:46:46.0402 2308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/09/21 17:46:46.0449 2308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/09/21 17:46:46.0542 2308 tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys

2011/09/21 17:46:46.0605 2308 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

2011/09/21 17:46:46.0683 2308 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/21 17:46:46.0745 2308 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/21 17:46:46.0792 2308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/09/21 17:46:46.0823 2308 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/09/21 17:46:46.0901 2308 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/21 17:46:46.0964 2308 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/09/21 17:46:47.0042 2308 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/21 17:46:47.0120 2308 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/09/21 17:46:47.0198 2308 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/21 17:46:47.0260 2308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/09/21 17:46:47.0307 2308 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/21 17:46:47.0400 2308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/21 17:46:47.0447 2308 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/09/21 17:46:47.0494 2308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/09/21 17:46:47.0556 2308 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/21 17:46:47.0619 2308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/09/21 17:46:47.0650 2308 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

2011/09/21 17:46:47.0697 2308 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys

2011/09/21 17:46:47.0728 2308 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

2011/09/21 17:46:47.0790 2308 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

2011/09/21 17:46:47.0837 2308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/21 17:46:47.0884 2308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/21 17:46:47.0915 2308 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/21 17:46:47.0962 2308 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

2011/09/21 17:46:48.0056 2308 VBoxDrv (3c0e800be1c84f6997cc594e3d08f99d) C:\Windows\system32\DRIVERS\VBoxDrv.sys

2011/09/21 17:46:48.0071 2308 VBoxNetAdp (e9a2485ea54122837c41b0147edd3f52) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

2011/09/21 17:46:48.0087 2308 VBoxNetFlt (eb4178e41627fc64ebb14965a57810ac) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

2011/09/21 17:46:48.0149 2308 VBoxUSBMon (a2ee1cd3b1242f56e560eddee3185500) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

2011/09/21 17:46:48.0180 2308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/09/21 17:46:48.0212 2308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/21 17:46:48.0243 2308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/09/21 17:46:48.0290 2308 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/09/21 17:46:48.0352 2308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/09/21 17:46:48.0368 2308 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/09/21 17:46:48.0414 2308 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/09/21 17:46:48.0446 2308 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/09/21 17:46:48.0477 2308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/09/21 17:46:48.0633 2308 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys

2011/09/21 17:46:48.0695 2308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2011/09/21 17:46:48.0742 2308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/09/21 17:46:48.0773 2308 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/21 17:46:48.0820 2308 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/21 17:46:48.0867 2308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/09/21 17:46:48.0898 2308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/21 17:46:48.0960 2308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/09/21 17:46:48.0992 2308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/09/21 17:46:49.0179 2308 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\Nick\Desktop\realtemp\WinRing0x64.sys

2011/09/21 17:46:49.0288 2308 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/09/21 17:46:49.0335 2308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/09/21 17:46:49.0397 2308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/21 17:46:49.0444 2308 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

2011/09/21 17:46:49.0522 2308 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/09/21 17:46:49.0553 2308 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/21 17:46:49.0616 2308 MBR (0x1B8) (58f7b8fc5bcb6c9d7d14b93b96fd1eff) \Device\Harddisk0\DR0

2011/09/21 17:46:49.0912 2308 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1

2011/09/21 17:46:56.0994 2308 Boot (0x1200) (e6d2df8a2d22be217eb4e67c432ffd76) \Device\Harddisk0\DR0\Partition0

2011/09/21 17:46:57.0010 2308 Boot (0x1200) (5e5e57feef77ee5130b77ab5d04faf34) \Device\Harddisk0\DR0\Partition1

2011/09/21 17:46:57.0041 2308 Boot (0x1200) (3b42f37076fb8cc754efa764448fb05c) \Device\Harddisk0\DR0\Partition2

2011/09/21 17:46:57.0057 2308 Boot (0x1200) (96d429bb5b3417c15ec24c3482dc760a) \Device\Harddisk1\DR1\Partition0

2011/09/21 17:46:57.0057 2308 ================================================================================

2011/09/21 17:46:57.0057 2308 Scan finished

2011/09/21 17:46:57.0057 2308 ================================================================================

2011/09/21 17:46:57.0072 1648 Detected object count: 0

2011/09/21 17:46:57.0072 1648 Actual detected object count: 0

2011/09/21 17:47:12.0033 4860 Deinitialize success

For what it's worth...this is the sixth time I've run TDSSKiller, and it has never detected anything.

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

ComboFix 11-09-22.03 - Nick 09/22/2011 17:28:39.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5880.3710 [GMT -5:00]

Running from: c:\users\Nick\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\GoogleBackupOnline.dll

c:\users\Nick\AppData\Local\ApplicationHistory

c:\users\Nick\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll

c:\users\Nick\AppData\Roaming\2B54.B1D

c:\users\Nick\AppData\Roaming\OpenCloud Security

c:\windows\SysWow64\comct332.ocx

.

.

((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))

.

.

2011-09-20 16:19 . 2006-01-04 18:04 729161 ----a-w- c:\windows\SysWow64\fpimage.dll

2011-09-20 16:19 . 2006-01-04 18:04 1410704 ----a-w- c:\windows\SysWow64\FPSPR70.ocx

2011-09-20 16:19 . 2011-09-20 16:19 -------- d-----w- c:\program files (x86)\Respondus LockDown Browser

2011-09-17 01:28 . 2011-09-17 01:58 -------- d-----w- c:\program files (x86)\WinPcap

2011-09-11 03:50 . 2011-09-19 04:03 -------- d-----w- c:\users\Nick\AppData\Local\Mozilla Firefox

2011-09-09 04:23 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\D7E5.tmp

2011-09-09 04:21 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\F9E5.tmp

2011-09-09 04:20 . 2011-09-09 04:20 -------- d-----w- c:\program files (x86)\Sophos

2011-09-08 06:07 . 2011-09-09 04:20 -------- d-----w- c:\users\Nick\AppData\Roaming\SQLyog

2011-09-08 06:07 . 2011-09-08 06:07 -------- d-----w- c:\program files (x86)\SQLyog Trial

2011-09-06 21:36 . 2011-09-06 21:36 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-09-06 21:31 . 2011-09-06 21:31 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-09-06 21:30 . 2011-09-06 21:36 -------- d-----w- c:\programdata\Hitman Pro

2011-09-05 04:22 . 2011-09-11 04:26 -------- d-----w- c:\users\Nick\AppData\Local\Adobe

2011-09-03 03:10 . 2011-09-03 03:10 -------- d-----w- c:\program files (x86)\WPF Toolkit

2011-09-03 03:08 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-09-03 03:08 . 2011-09-03 03:08 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2011-09-03 03:07 . 2011-09-03 03:13 -------- d-----w- c:\program files (x86)\Microsoft Expression

2011-08-25 19:48 . 2011-08-25 19:48 388096 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-25 19:48 . 2011-08-25 19:48 -------- d-----w- c:\program files (x86)\Trend Micro

2011-08-24 22:15 . 2011-08-24 22:15 -------- d-----w- c:\users\Nick\AppData\Local\Opera

2011-08-24 22:15 . 2011-08-24 22:15 -------- d-----w- c:\program files (x86)\Opera

2011-08-24 05:40 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 05:40 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 22:00 . 2011-07-09 18:03 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 04:10 . 2011-09-20 18:58 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83F778E2-F2E4-43BA-B49F-73F23E62AA46}\mpengine.dll

2011-07-22 22:55 . 2011-07-22 22:55 46112 ----a-w- c:\windows\system32\drivers\tbhsd.sys

2011-07-22 22:55 . 2011-07-22 22:55 37480 ----a-w- c:\windows\system32\drivers\rrnetcap.sys

2011-07-22 05:22 . 2011-08-10 08:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 04:54 . 2011-08-10 08:28 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41 . 2011-08-10 08:29 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-10 08:29 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-10 08:29 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-10 08:29 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-10 08:29 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-10 08:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-10 08:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-10 08:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-10 08:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-10 08:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-10 08:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-10 08:29 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-10 08:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 02:21 . 2011-08-10 08:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:21 . 2011-08-10 08:29 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:17 . 2011-08-10 08:29 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-10 08:29 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-10 08:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-10 08:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 16:08 . 2011-07-09 00:39 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-09 16:08 . 2011-07-09 00:39 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-07-09 02:46 . 2011-08-10 08:29 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-01 08:20 . 2011-05-07 06:41 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-06-29 03:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-29 03:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-29 01:30 . 2011-06-29 01:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ALSysIO;ALSysIO;c:\users\Nick\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\D7E5.tmp [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [x]

R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Nick\Desktop\realtemp\WinRing0x64.sys [2008-07-27 14544]

R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]

R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-02 1038088]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]

S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-06-24 470528]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = hxxp://www.google.com/

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SYSTEM32\blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\7iyhat2u.default\

FF - prefs.js: network.proxy.type - 0

.

.

------- File Associations -------

.

.txt=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)

AddRemove-Adobe_b2d6abde968e6f277ddbfd501383e02 - c:\program files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe

AddRemove-zScope Classic - c:\programdata\{0CFCD6D6-0A2A-42DF-B997-AE0F4FB691D1}\zcinstall.exe

AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe

AddRemove-{8EED9602-BF4A-43BD-8870-B7C5801A4AD2} - c:\programdata\{0CFCD6D6-0A2A-42DF-B997-AE0F4FB691D1}\zcinstall.exe

AddRemove-{9008D736-35CA-40DB-A2BE-5F32D954E5AA} - c:\programdata\Uninstall\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\D7E5.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1562255272-50254487-3003411860-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EAE6C368-E8C9-CAB3-0350-5DD0DA89FF3B}*]

"hahkkchmmfopjdef"=hex:6b,61,63,67,62,63,6f,70,68,64,6d,66,66,68,62,6a,65,64,

6d,64,64,64,00,00

"ianjahjfekdlepdmkb"=hex:6b,61,63,67,62,63,6f,70,68,64,6d,66,66,68,62,6a,65,64,

6d,64,64,64,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe

.

**************************************************************************

.

Completion time: 2011-09-22 18:11:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-22 23:11

.

Pre-Run: 782,206,570,496 bytes free

Post-Run: 781,784,956,928 bytes free

.

- - End Of File - - D834D0D265FE0DB7307DB9D47027BCCD

Link to post
Share on other sites

Hi again, how are things running at this point?

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avira or Norton.

Link to post
Share on other sites

I'm at work right now, but I will fight with Norton some more when I get home. I thought I had it completely cleaned out. Only saw the services after I'd posted the original thread, but decided not to tinker around until the malware was removed. I haven't had anything pop up wanting me to buy more antivirus malware (opencloud security), but I haven't done a google search either - so I will hit google hard this evening and update then.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.