Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

_this_program_will_be_deleted


  • This topic is locked This topic is locked
16 replies to this topic

#1 Vil Ignoble

Vil Ignoble

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 20 May 2011 - 01:50 AM

when i go to firewall allow access throguh firewall i have two entries named _this_program_will_be_deleted
in the description it says cyberlink powerdvd9, cyberlink will not help me as the program comes with optical disk drive
i have uninstalled all of the cyberlink software and they are still there
I have windows 7 professional 64bit

here is hjt log, please check it

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:29:07 AM, on 5/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bigfoot Killer Network Manager.lnk = C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} (CUpdateAdvisorCtrl Object) - http://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bigfoot Networks Killer Service - Unknown owner - C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11877 bytes

Edited by Vil Ignoble, 20 May 2011 - 01:52 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 28 May 2011 - 05:13 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Vil Ignoble

Vil Ignoble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 29 May 2011 - 02:41 PM

Since then, NPE from norton said computer had a self replicator so it deleted, and i did system image recovery.

Ev erything was doing good, I find the _this_program_will_be_deleted again, but they are only in the firewall inbound rules
and not where they were before. I run NPE and it says rikvm_9ec60124 is bad, but it cannot remove it the .sys as
the file is gone after computer starts up and is only there when it boots, i cannot get HJT to run as i forgot who to get i tto save log like the last time.
It says "save to log"? i click yes and it does not save it, though it no longer says anything about hosts files.
Also cmd.exe when run as administrator has the wrong taskbar icon it has the icon for games and I cannot
figure out how to change it, I ran the windows fix it fixed it the first couple of times, but after restart it
goes back to games when RAA cmd.exe for 32
Here is DDS

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by vilignoble at 14:25:49 on 2011-05-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4608 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\vilignoble\Downloads\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.msn.com
mDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [Conime] %windir%\system32\conime.exe
mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files (x86)\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\vilignoble\AppData\Roaming\Mozilla\Firefox\Profiles\d7pgi4lx.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-5-21 1127032]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110527.001\IDSviA64.sys [2011-5-27 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/03/25 09:17:24];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-1-19 146928]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-1-14 570368]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-3-25 72304]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-3-9 366000]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-5-21 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-21 2218600]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-5-29 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-5-29 212256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\system32\DRIVERS\Edge7x64.sys --> C:\Windows\system32\DRIVERS\Edge7x64.sys [?]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\system32\DRIVERS\Xeno7x64.sys --> C:\Windows\system32\DRIVERS\Xeno7x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-28 136824]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/27 07:01:27;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-5-26 401920]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-05-29 19:09:11 388096 ----a-r- C:\Users\vilignoble\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-29 19:09:10 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-28 12:49:49 -------- d-----w- C:\SymCache
2011-05-28 12:26:02 -------- d-----w- C:\Users\vilignoble\AppData\Local\Apps
2011-05-28 12:18:11 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-28 11:32:54 31272 ----a-w- C:\Windows\System32\AppleChargerSrv.exe
2011-05-28 11:32:54 21104 ----a-w- C:\Windows\System32\drivers\AppleCharger.sys
2011-05-28 11:32:54 -------- d-----w- C:\Program Files\GIGABYTE
2011-05-27 22:07:00 -------- d-----w- C:\Users\vilignoble\AppData\Local\IsolatedStorage
2011-05-26 13:16:13 -------- d-sh--w- C:\ProgramData\SecuROM
2011-05-26 13:15:13 69448 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-05-26 13:15:13 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2011-05-26 13:15:13 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-05-26 13:15:13 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2011-05-26 13:15:13 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
2011-05-26 12:48:54 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-05-26 12:48:54 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-05-26 12:35:57 -------- d-----w- C:\Users\vilignoble\AppData\Local\Rockstar Games
2011-05-26 12:26:49 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2011-05-26 08:38:29 -------- d-----w- C:\ProgramData\Amazon
2011-05-26 08:38:20 -------- d-----w- C:\Program Files (x86)\Amazon
2011-05-26 08:18:36 -------- d-----w- C:\Users\vilignoble\Cyberlink
2011-05-26 07:31:53 -------- d-----w- C:\ProgramData\Bigfoot Networks
2011-05-26 07:31:53 -------- d-----w- C:\Program Files\Bigfoot Networks
2011-05-25 03:06:54 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-25 03:06:39 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-25 03:06:27 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-25 03:06:24 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-25 02:06:57 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 08:03:14 -------- d-----w- C:\Symbols
2011-05-24 07:31:14 -------- d-----w- C:\ProgramData\LightScribe
2011-05-24 04:13:01 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit
2011-05-24 04:12:35 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2011-05-24 04:11:51 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2011-05-24 04:11:38 -------- d-----w- C:\Program Files\Application Verifier (x64)
2011-05-24 04:11:38 -------- d-----w- C:\Program Files (x86)\Application Verifier
2011-05-24 04:10:34 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-05-22 23:07:08 -------- d-----w- C:\Users\vilignoble\AppData\Local\Thunderbird
2011-05-22 09:01:41 -------- d-----w- C:\Windows\pss
2011-05-22 08:31:06 -------- d-----w- C:\Users\vilignoble\AppData\Local\Mozilla
2011-05-22 06:25:59 -------- d-----w- C:\Users\vilignoble\AppData\Local\NVIDIA Corporation
2011-05-22 06:05:27 -------- d-----w- C:\Users\vilignoble\AppData\Local\WindowsUpdate
2011-05-22 05:38:07 -------- d-----w- C:\Users\vilignoble\AppData\Local\ElevatedDiagnostics
2011-05-22 04:25:11 -------- d-----w- C:\Users\vilignoble\AppData\Local\CrashDumps
2011-05-22 04:21:40 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-22 04:21:26 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-22 04:21:12 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-22 04:21:08 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-22 04:19:52 -------- d-----w- C:\Users\vilignoble\AppData\Local\Cyberlink
2011-05-22 02:22:13 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-05-22 02:12:27 -------- d-----w- C:\Users\vilignoble\AppData\Local\Eastman_Kodak_Company
2011-05-22 02:10:23 -------- d-----w- C:\Users\vilignoble\AppData\Local\Eastman Kodak Company
2011-05-22 02:10:07 -------- d-----w- C:\Windows\SysWow64\kodak
2011-05-22 02:08:49 -------- d-----w- C:\Windows\SysWow64\spool
2011-05-22 02:08:17 -------- d-----w- C:\Program Files (x86)\Kodak
2011-05-22 02:07:16 -------- d-----w- C:\Users\vilignoble\AppData\Roaming\Temp
2011-05-22 02:07:15 -------- d-----w- C:\ProgramData\Kodak
2011-05-22 01:52:45 -------- d-----w- C:\Program Files (x86)\SAMSUNG
2011-05-22 01:52:28 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-05-22 01:52:28 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-05-22 01:52:28 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-05-22 01:52:28 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-05-22 01:52:28 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-05-22 01:52:28 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-05-22 01:52:28 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-05-22 00:52:33 -------- d-----w- C:\Windows\System32\appmgmt
2011-05-22 00:40:20 -------- d-----w- C:\Program Files\Common Files\Logitech
2011-05-22 00:13:37 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-05-22 00:13:37 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-05-22 00:07:59 349800 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-05-22 00:07:31 -------- d-----w- C:\Program Files (x86)\Intel Desktop Board
2011-05-22 00:06:31 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-05-22 00:04:20 -------- d-----w- C:\Program Files (x86)\obj
2011-05-22 00:04:16 -------- d-----w- C:\Windows\GBD
2011-05-21 23:17:44 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-05-21 23:17:07 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-21 23:02:02 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-21 22:59:16 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-21 21:01:35 -------- d-----w- C:\Users\vilignoble\AppData\Local\Adobe
2011-05-21 09:23:28 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-05-21 09:23:28 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-05-21 09:17:07 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-05-21 09:17:07 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-05-21 09:17:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-05-21 09:17:07 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-05-21 09:17:07 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-05-21 09:06:29 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
2011-05-21 09:05:01 43640 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2011-05-21 08:58:05 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-21 08:58:04 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-05-21 08:58:03 -------- d-----w- C:\Program Files\Symantec
2011-05-21 08:58:03 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-05-21 08:57:45 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymEFA64.sys
2011-05-21 08:57:45 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-05-21 08:57:45 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymDS64.sys
2011-05-21 08:57:45 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-05-21 08:57:45 382584 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-05-21 08:57:45 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\Ironx64.sys
2011-05-21 08:57:37 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-05-21 08:57:37 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-05-21 08:57:36 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-05-21 08:57:21 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-05-21 08:43:23 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-05-21 08:33:29 -------- d-----w- C:\Users\vilignoble\AppData\Local\NPE
2011-05-21 08:10:50 -------- d-----w- C:\Windows\SysWow64\Wat
2011-05-21 08:10:50 -------- d-----w- C:\Windows\System32\Wat
2011-05-21 08:00:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-21 07:59:46 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-05-21 07:59:46 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-21 07:59:46 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-21 07:59:46 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
.
==================== Find3M ====================
.
2011-05-27 11:59:54 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-05-27 11:59:54 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-05-27 11:59:54 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-04-09 23:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-09 23:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-08 04:19:38 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-04-08 04:19:36 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-04-08 04:19:36 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-04-08 04:19:26 6338152 ----a-w- C:\Windows\System32\nvcpl.dll
2011-04-08 04:19:08 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-03-25 16:55:05 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-03-25 16:55:05 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-03-25 16:55:04 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-03-25 16:55:04 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59:24 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2011-03-03 15:59:18 174184 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2011-03-03 15:59:17 1359976 ----a-w- C:\Windows\System32\nvhdagenco642040.dll
2011-03-03 13:03:16 142848 ----a-w- C:\Windows\System32\EKIJCOINST12.dll
2011-03-03 12:57:58 613376 ----a-w- C:\Windows\System32\EKIJ5000MON.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
.
============= FINISH: 14:26:08.13 ===============

Attached Files


Edited by Vil Ignoble, 29 May 2011 - 02:44 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 29 May 2011 - 02:55 PM

Hi, lets first scan for rootkits here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Vil Ignoble

Vil Ignoble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 30 May 2011 - 07:21 AM

Hello

It said clean.

2011/05/30 07:19:25.0020 5516 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 07:19:25.0317 5516 ================================================================================
2011/05/30 07:19:25.0317 5516 SystemInfo:
2011/05/30 07:19:25.0317 5516
2011/05/30 07:19:25.0317 5516 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/30 07:19:25.0317 5516 Product type: Workstation
2011/05/30 07:19:25.0317 5516 ComputerName: VILIGNOBLE-PC
2011/05/30 07:19:25.0317 5516 UserName: vilignoble
2011/05/30 07:19:25.0317 5516 Windows directory: C:\Windows
2011/05/30 07:19:25.0317 5516 System windows directory: C:\Windows
2011/05/30 07:19:25.0317 5516 Running under WOW64
2011/05/30 07:19:25.0317 5516 Processor architecture: Intel x64
2011/05/30 07:19:25.0317 5516 Number of processors: 8
2011/05/30 07:19:25.0317 5516 Page size: 0x1000
2011/05/30 07:19:25.0317 5516 Boot type: Normal boot
2011/05/30 07:19:25.0317 5516 ================================================================================
2011/05/30 07:19:26.0175 5516 Initialize success
2011/05/30 07:19:34.0177 4908 ================================================================================
2011/05/30 07:19:34.0177 4908 Scan started
2011/05/30 07:19:34.0177 4908 Mode: Manual;
2011/05/30 07:19:34.0177 4908 ================================================================================
2011/05/30 07:19:34.0614 4908 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/30 07:19:34.0645 4908 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/05/30 07:19:34.0661 4908 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/05/30 07:19:34.0677 4908 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/05/30 07:19:34.0708 4908 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/05/30 07:19:34.0723 4908 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/05/30 07:19:34.0755 4908 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/05/30 07:19:34.0770 4908 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/30 07:19:34.0786 4908 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/30 07:19:34.0848 4908 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/30 07:19:34.0848 4908 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/05/30 07:19:34.0848 4908 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/05/30 07:19:34.0864 4908 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/05/30 07:19:34.0879 4908 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/05/30 07:19:34.0879 4908 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/05/30 07:19:34.0895 4908 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/05/30 07:19:34.0926 4908 AppleCharger (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys
2011/05/30 07:19:34.0942 4908 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/05/30 07:19:34.0942 4908 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/05/30 07:19:34.0973 4908 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/30 07:19:34.0973 4908 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/30 07:19:35.0004 4908 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/05/30 07:19:35.0082 4908 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/30 07:19:35.0129 4908 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/30 07:19:35.0176 4908 BfEdge7x64 (c47279fb1e004269437436ac201bce93) C:\Windows\system32\DRIVERS\Edge7x64.sys
2011/05/30 07:19:35.0207 4908 BFN7x64 (851bfc266ac6424f44f7dfb05de4d803) C:\Windows\system32\DRIVERS\Xeno7x64.sys
2011/05/30 07:19:35.0301 4908 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110518.001\BHDrvx64.sys
2011/05/30 07:19:35.0332 4908 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/30 07:19:35.0347 4908 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/30 07:19:35.0363 4908 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/05/30 07:19:35.0379 4908 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/05/30 07:19:35.0379 4908 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/30 07:19:35.0394 4908 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/30 07:19:35.0410 4908 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/30 07:19:35.0410 4908 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/30 07:19:35.0425 4908 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/05/30 07:19:35.0441 4908 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/30 07:19:35.0457 4908 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/30 07:19:35.0472 4908 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/05/30 07:19:35.0535 4908 CLBStor (125327df629324fad78d9a95ccd0f425) C:\Windows\system32\DRIVERS\CLBStor.sys
2011/05/30 07:19:35.0550 4908 CLBUDF (9c0cd75fea24e7e0e835eee7f14406f7) C:\Windows\system32\drivers\CLBUDF.sys
2011/05/30 07:19:35.0581 4908 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/30 07:19:35.0628 4908 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/05/30 07:19:35.0644 4908 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/30 07:19:35.0659 4908 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/05/30 07:19:35.0659 4908 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/05/30 07:19:35.0675 4908 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/30 07:19:35.0691 4908 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/05/30 07:19:35.0722 4908 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/05/30 07:19:35.0753 4908 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/05/30 07:19:35.0753 4908 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/30 07:19:35.0769 4908 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/05/30 07:19:35.0784 4908 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
2011/05/30 07:19:35.0815 4908 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/30 07:19:35.0831 4908 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/30 07:19:35.0909 4908 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/05/30 07:19:35.0987 4908 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/30 07:19:36.0018 4908 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/05/30 07:19:36.0065 4908 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/30 07:19:36.0081 4908 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/30 07:19:36.0096 4908 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/30 07:19:36.0096 4908 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/30 07:19:36.0127 4908 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/05/30 07:19:36.0143 4908 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/30 07:19:36.0159 4908 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/30 07:19:36.0174 4908 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/05/30 07:19:36.0190 4908 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/05/30 07:19:36.0205 4908 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/30 07:19:36.0221 4908 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/30 07:19:36.0221 4908 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/30 07:19:36.0237 4908 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/30 07:19:36.0252 4908 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/30 07:19:36.0252 4908 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/30 07:19:36.0283 4908 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/05/30 07:19:36.0299 4908 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/30 07:19:36.0315 4908 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/05/30 07:19:36.0361 4908 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/05/30 07:19:36.0377 4908 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/05/30 07:19:36.0393 4908 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/30 07:19:36.0408 4908 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/30 07:19:36.0408 4908 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/05/30 07:19:36.0424 4908 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/30 07:19:36.0439 4908 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/30 07:19:36.0455 4908 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/05/30 07:19:36.0564 4908 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110527.001\IDSvia64.sys
2011/05/30 07:19:36.0580 4908 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/05/30 07:19:36.0627 4908 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/30 07:19:36.0658 4908 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/30 07:19:36.0673 4908 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/30 07:19:36.0689 4908 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/30 07:19:36.0689 4908 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/30 07:19:36.0705 4908 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/30 07:19:36.0720 4908 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/30 07:19:36.0736 4908 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/30 07:19:36.0751 4908 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/05/30 07:19:36.0767 4908 JRAID (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys
2011/05/30 07:19:36.0783 4908 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/30 07:19:36.0798 4908 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/30 07:19:36.0814 4908 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/30 07:19:36.0829 4908 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/30 07:19:36.0829 4908 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/30 07:19:36.0892 4908 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/30 07:19:36.0907 4908 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/30 07:19:36.0923 4908 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/30 07:19:36.0923 4908 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/05/30 07:19:36.0939 4908 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/30 07:19:36.0939 4908 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/30 07:19:36.0970 4908 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/05/30 07:19:36.0970 4908 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/05/30 07:19:36.0985 4908 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/30 07:19:36.0985 4908 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/30 07:19:37.0001 4908 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/30 07:19:37.0001 4908 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/30 07:19:37.0017 4908 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/05/30 07:19:37.0017 4908 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/05/30 07:19:37.0032 4908 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/30 07:19:37.0032 4908 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/05/30 07:19:37.0063 4908 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/30 07:19:37.0079 4908 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/30 07:19:37.0079 4908 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/30 07:19:37.0095 4908 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/05/30 07:19:37.0095 4908 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/05/30 07:19:37.0126 4908 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/30 07:19:37.0141 4908 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/30 07:19:37.0157 4908 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/30 07:19:37.0188 4908 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/30 07:19:37.0219 4908 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/30 07:19:37.0235 4908 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/30 07:19:37.0251 4908 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/05/30 07:19:37.0251 4908 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/30 07:19:37.0266 4908 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/30 07:19:37.0266 4908 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/05/30 07:19:37.0282 4908 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/30 07:19:37.0313 4908 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/30 07:19:37.0391 4908 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110529.002\ENG64.SYS
2011/05/30 07:19:37.0438 4908 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110529.002\EX64.SYS
2011/05/30 07:19:37.0516 4908 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/05/30 07:19:37.0531 4908 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/30 07:19:37.0547 4908 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/30 07:19:37.0563 4908 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/30 07:19:37.0578 4908 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/30 07:19:37.0578 4908 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/05/30 07:19:37.0594 4908 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/30 07:19:37.0594 4908 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/30 07:19:37.0672 4908 netr28x (68cdb276a3009f0cf000c6352c1f72e7) C:\Windows\system32\DRIVERS\netr28x.sys
2011/05/30 07:19:37.0719 4908 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/05/30 07:19:37.0734 4908 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/30 07:19:37.0734 4908 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/30 07:19:37.0765 4908 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/05/30 07:19:37.0781 4908 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/30 07:19:37.0797 4908 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/05/30 07:19:37.0812 4908 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/05/30 07:19:37.0859 4908 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/30 07:19:37.0999 4908 nvlddmkm (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/30 07:19:38.0109 4908 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
2011/05/30 07:19:38.0155 4908 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/05/30 07:19:38.0155 4908 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/05/30 07:19:38.0187 4908 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/30 07:19:38.0202 4908 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/30 07:19:38.0202 4908 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/05/30 07:19:38.0218 4908 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/05/30 07:19:38.0233 4908 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/05/30 07:19:38.0249 4908 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/30 07:19:38.0249 4908 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/05/30 07:19:38.0265 4908 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/30 07:19:38.0265 4908 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/30 07:19:38.0311 4908 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/30 07:19:38.0327 4908 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/05/30 07:19:38.0343 4908 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/30 07:19:38.0374 4908 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/05/30 07:19:38.0389 4908 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/05/30 07:19:38.0389 4908 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/30 07:19:38.0436 4908 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/30 07:19:38.0467 4908 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/30 07:19:38.0467 4908 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/30 07:19:38.0483 4908 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/30 07:19:38.0483 4908 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/30 07:19:38.0499 4908 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/30 07:19:38.0499 4908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/30 07:19:38.0514 4908 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/30 07:19:38.0545 4908 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/05/30 07:19:38.0561 4908 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/30 07:19:38.0561 4908 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/30 07:19:38.0577 4908 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/05/30 07:19:38.0592 4908 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/05/30 07:19:38.0608 4908 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/30 07:19:38.0670 4908 RTL8167 (47032c855ddcb5ad7236286689ede288) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/30 07:19:38.0701 4908 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/05/30 07:19:38.0701 4908 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/30 07:19:38.0717 4908 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/30 07:19:38.0733 4908 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/30 07:19:38.0748 4908 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/05/30 07:19:38.0764 4908 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/05/30 07:19:38.0764 4908 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/05/30 07:19:38.0795 4908 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/30 07:19:38.0811 4908 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/30 07:19:38.0811 4908 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/30 07:19:38.0826 4908 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/05/30 07:19:38.0842 4908 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/05/30 07:19:38.0842 4908 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/05/30 07:19:38.0857 4908 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/30 07:19:38.0889 4908 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/30 07:19:38.0951 4908 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS
2011/05/30 07:19:38.0998 4908 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
2011/05/30 07:19:39.0013 4908 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/05/30 07:19:39.0029 4908 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/30 07:19:39.0045 4908 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/30 07:19:39.0091 4908 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/05/30 07:19:39.0123 4908 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/30 07:19:39.0154 4908 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/05/30 07:19:39.0169 4908 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/30 07:19:39.0169 4908 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
2011/05/30 07:19:39.0201 4908 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
2011/05/30 07:19:39.0216 4908 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/30 07:19:39.0232 4908 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/05/30 07:19:39.0247 4908 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
2011/05/30 07:19:39.0247 4908 SymNetS (81d134628a98a22b6e054e971af525dc) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS
2011/05/30 07:19:39.0279 4908 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/05/30 07:19:39.0341 4908 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/30 07:19:39.0357 4908 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/30 07:19:39.0372 4908 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/30 07:19:39.0388 4908 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/30 07:19:39.0419 4908 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/30 07:19:39.0419 4908 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/30 07:19:39.0450 4908 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/30 07:19:39.0450 4908 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/30 07:19:39.0466 4908 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
2011/05/30 07:19:39.0481 4908 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/30 07:19:39.0481 4908 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/05/30 07:19:39.0497 4908 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/30 07:19:39.0513 4908 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/30 07:19:39.0528 4908 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/30 07:19:39.0544 4908 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/05/30 07:19:39.0559 4908 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/30 07:19:39.0591 4908 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/30 07:19:39.0591 4908 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/30 07:19:39.0606 4908 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/30 07:19:39.0606 4908 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/05/30 07:19:39.0622 4908 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2011/05/30 07:19:39.0622 4908 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/30 07:19:39.0637 4908 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/30 07:19:39.0637 4908 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/30 07:19:39.0653 4908 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/30 07:19:39.0669 4908 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/30 07:19:39.0669 4908 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/05/30 07:19:39.0684 4908 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/30 07:19:39.0700 4908 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/05/30 07:19:39.0715 4908 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/30 07:19:39.0715 4908 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/05/30 07:19:39.0731 4908 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/05/30 07:19:39.0731 4908 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/05/30 07:19:39.0747 4908 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/05/30 07:19:39.0762 4908 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/30 07:19:39.0762 4908 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/30 07:19:39.0778 4908 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/05/30 07:19:39.0793 4908 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/05/30 07:19:39.0793 4908 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 07:19:39.0809 4908 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 07:19:39.0825 4908 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/05/30 07:19:39.0840 4908 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/30 07:19:39.0903 4908 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/30 07:19:39.0918 4908 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/30 07:19:39.0965 4908 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
2011/05/30 07:19:39.0981 4908 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
2011/05/30 07:19:40.0012 4908 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/30 07:19:40.0027 4908 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
2011/05/30 07:19:40.0043 4908 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
2011/05/30 07:19:40.0043 4908 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/30 07:19:40.0059 4908 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/05/30 07:19:40.0090 4908 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/30 07:19:40.0105 4908 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/30 07:19:40.0152 4908 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
2011/05/30 07:19:40.0168 4908 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk<UNK>\DR<UNK>(0)
2011/05/30 07:19:40.0183 4908 ================================================================================
2011/05/30 07:19:40.0183 4908 Scan finished
2011/05/30 07:19:40.0183 4908 ================================================================================
2011/05/30 07:19:40.0183 5760 Detected object count: 0
2011/05/30 07:19:40.0183 5760 Actual detected object count: 0

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 30 May 2011 - 07:39 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Vil Ignoble

Vil Ignoble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 30 May 2011 - 08:42 AM

I disable norton antivirus and combofix says norton antispyware is still running, how to disable?

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 30 May 2011 - 09:11 AM

Just ignore the warning and continue in that case.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Vil Ignoble

Vil Ignoble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 30 May 2011 - 09:29 AM

I figured it out by into norton anitvirus setting then turn off antispyware.

Here is log

ComboFix 11-05-29.02 - vilignoble 05/30/2011 9:18.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4771 [GMT -5:00]
Running from: c:\users\vilignoble\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 14:20 . 2011-05-30 14:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 19:09 . 2011-05-29 19:09 388096 ----a-r- c:\users\vilignoble\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-29 19:09 . 2011-05-29 19:09 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-29 12:09 . 2011-05-29 12:09 -------- d-----w- c:\users\vilignoble\AppData\Roaming\InstallShield
2011-05-28 12:49 . 2011-05-28 12:49 -------- d-----w- C:\SymCache
2011-05-28 12:26 . 2011-05-28 12:26 -------- d-----w- c:\users\vilignoble\AppData\Local\Apps
2011-05-28 11:32 . 2011-05-28 11:32 -------- d-----w- c:\program files\GIGABYTE
2011-05-28 11:32 . 2011-01-10 23:16 21104 ----a-w- c:\windows\system32\drivers\AppleCharger.sys
2011-05-28 11:32 . 2010-04-06 21:30 31272 ----a-w- c:\windows\system32\AppleChargerSrv.exe
2011-05-27 22:07 . 2011-05-27 22:07 -------- d-----w- c:\users\vilignoble\AppData\Local\IsolatedStorage
2011-05-26 13:16 . 2011-05-26 13:16 -------- d-sh--w- c:\programdata\SecuROM
2011-05-26 13:15 . 2009-03-16 19:18 69448 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-05-26 13:15 . 2009-03-16 19:18 517448 ----a-w- c:\windows\SysWow64\XAudio2_4.dll
2011-05-26 13:15 . 2009-03-16 19:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
2011-05-26 13:15 . 2009-03-16 19:18 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_6.dll
2011-05-26 13:15 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2011-05-26 12:51 . 2011-05-26 12:51 -------- d--h--r- c:\users\vilignoble\AppData\Roaming\SecuROM
2011-05-26 12:48 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-05-26 12:48 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-05-26 12:35 . 2011-05-26 13:15 -------- d-----w- c:\users\vilignoble\AppData\Local\Rockstar Games
2011-05-26 12:26 . 2011-05-26 13:15 -------- d-----w- c:\program files (x86)\Rockstar Games
2011-05-26 08:38 . 2011-05-26 08:38 -------- d-----w- c:\programdata\Amazon
2011-05-26 08:38 . 2011-05-26 08:38 -------- d-----w- c:\program files (x86)\Amazon
2011-05-26 08:18 . 2011-05-26 08:18 -------- d-----w- c:\users\vilignoble\Cyberlink
2011-05-26 07:31 . 2011-05-26 07:36 -------- d-----w- c:\programdata\Bigfoot Networks
2011-05-26 07:31 . 2011-05-26 07:31 -------- d-----w- c:\program files\Bigfoot Networks
2011-05-25 03:06 . 2011-05-25 03:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-25 03:06 . 2011-05-25 03:06 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-25 03:06 . 2011-05-25 03:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-25 03:06 . 2011-05-25 03:06 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-25 02:06 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 08:03 . 2011-05-29 16:45 -------- d-----w- C:\Symbols
2011-05-24 07:31 . 2011-05-24 07:31 -------- d-----w- c:\programdata\LightScribe
2011-05-24 04:13 . 2011-05-24 04:13 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-05-24 04:12 . 2011-05-24 04:12 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-05-24 04:11 . 2011-05-29 16:41 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2011-05-24 04:11 . 2011-05-24 04:11 -------- d-----w- c:\program files\Application Verifier (x64)
2011-05-24 04:11 . 2011-05-24 04:11 -------- d-----w- c:\program files (x86)\Application Verifier
2011-05-24 04:10 . 2011-05-24 04:10 -------- d-----w- c:\windows\symbols
2011-05-24 04:10 . 2011-05-24 04:10 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2011-05-24 04:05 . 2011-05-24 04:05 -------- d-----w- c:\program files\Microsoft SDKs
2011-05-22 23:07 . 2011-05-22 23:07 -------- d-----w- c:\users\vilignoble\AppData\Roaming\Thunderbird
2011-05-22 23:07 . 2011-05-22 23:07 -------- d-----w- c:\users\vilignoble\AppData\Local\Thunderbird
2011-05-22 23:06 . 2011-05-22 23:06 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2011-05-22 08:31 . 2011-05-22 08:31 -------- d-----w- c:\users\vilignoble\AppData\Local\Mozilla
2011-05-22 06:25 . 2011-05-22 06:30 -------- d-----w- c:\users\vilignoble\AppData\Local\NVIDIA Corporation
2011-05-22 06:05 . 2011-05-22 06:05 -------- d-----w- c:\users\vilignoble\AppData\Local\WindowsUpdate
2011-05-22 05:38 . 2011-05-29 10:31 -------- d-----w- c:\users\vilignoble\AppData\Local\ElevatedDiagnostics
2011-05-22 04:25 . 2011-05-29 12:43 -------- d-----w- c:\users\vilignoble\AppData\Local\CrashDumps
2011-05-22 04:21 . 2011-05-29 13:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-22 04:21 . 2011-05-29 13:11 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-22 04:21 . 2011-05-29 13:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-22 04:21 . 2011-05-29 13:11 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-22 04:19 . 2011-05-27 16:10 -------- d-----w- c:\users\vilignoble\AppData\Local\Cyberlink
2011-05-22 04:19 . 2011-05-26 08:19 -------- d-----w- c:\users\vilignoble\AppData\Roaming\CyberLink
2011-05-22 02:22 . 2011-03-03 12:58 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-05-22 02:12 . 2011-05-22 02:23 -------- d-----w- c:\users\vilignoble\AppData\Local\Eastman_Kodak_Company
2011-05-22 02:10 . 2011-05-22 02:10 -------- d-----w- c:\users\vilignoble\AppData\Local\Eastman Kodak Company
2011-05-22 02:10 . 2011-05-22 02:10 -------- d-----w- c:\windows\SysWow64\kodak
2011-05-22 02:08 . 2011-05-22 02:08 -------- d-----w- c:\windows\SysWow64\spool
2011-05-22 02:08 . 2011-05-22 02:08 -------- d-----w- c:\program files (x86)\Kodak
2011-05-22 02:07 . 2011-05-30 14:15 -------- d-----w- c:\programdata\Kodak
2011-05-22 01:52 . 2011-05-22 01:52 -------- d-----w- c:\program files (x86)\SAMSUNG
2011-05-22 01:52 . 2011-05-22 01:52 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-05-22 01:52 . 2011-05-22 01:52 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-05-22 01:52 . 2004-04-19 04:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-05-22 01:52 . 2004-04-19 04:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-05-22 01:52 . 2004-04-19 04:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-05-22 01:52 . 2004-04-19 04:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-05-22 01:52 . 2004-04-19 04:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-05-22 01:06 . 2011-05-22 01:06 -------- d-----w- c:\programdata\LogiShrd
2011-05-22 00:52 . 2011-05-22 00:52 -------- d-----w- c:\windows\system32\appmgmt
2011-05-22 00:40 . 2011-05-22 00:40 -------- d-----w- c:\program files\Common Files\Logitech
2011-05-22 00:24 . 2011-05-23 06:00 -------- d-----w- c:\users\UpdatusUser
2011-05-22 00:13 . 2010-10-27 15:05 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-05-22 00:13 . 2010-10-27 15:05 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-05-22 00:07 . 2010-10-27 15:05 349800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-05-22 00:07 . 2011-05-22 00:07 -------- d-----w- c:\program files (x86)\Intel Desktop Board
2011-05-22 00:06 . 2011-05-22 00:20 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-05-22 00:04 . 2011-05-22 00:04 -------- d-----w- c:\program files (x86)\obj
2011-05-22 00:04 . 2011-05-22 00:04 -------- d-----w- c:\windows\GBD
2011-05-21 23:17 . 2011-05-21 23:17 -------- d-----w- c:\windows\SysWow64\Adobe
2011-05-21 23:17 . 2011-05-22 10:45 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-21 23:17 . 2011-05-21 23:17 -------- d-----w- c:\windows\SysWow64\Macromed
2011-05-21 23:02 . 2011-05-21 23:01 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-21 22:59 . 2011-05-21 22:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-21 21:02 . 2011-05-21 23:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-05-21 21:01 . 2011-05-21 23:15 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-05-21 21:01 . 2011-05-21 21:05 -------- d-----w- c:\users\vilignoble\AppData\Local\Adobe
2011-05-21 20:59 . 2011-05-21 20:59 -------- d-----w- c:\program files\Java
2011-05-21 20:58 . 2011-05-21 20:58 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-21 20:57 . 2011-05-21 20:57 -------- d-----w- c:\program files (x86)\Java
2011-05-21 09:23 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-21 09:23 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-05-21 09:17 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-05-21 09:17 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-05-21 09:17 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-05-21 09:17 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-05-21 09:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-05-21 09:06 . 2011-05-21 09:06 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2011-05-21 09:05 . 2011-03-31 03:04 43640 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-05-21 08:58 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-21 08:58 . 2011-05-21 08:58 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-05-21 08:58 . 2011-05-21 08:58 -------- d-----w- c:\program files\Symantec
2011-05-21 08:58 . 2011-05-21 08:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-21 08:57 . 2011-05-21 08:57 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-05-21 08:57 . 2011-05-21 08:57 -------- d-----w- c:\program files (x86)\Norton 360
2011-05-21 08:57 . 2011-05-21 08:57 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-05-21 08:43 . 2011-05-21 09:06 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-05-21 08:33 . 2011-05-29 12:35 -------- d-----w- c:\users\vilignoble\AppData\Local\NPE
2011-05-21 08:26 . 2011-05-21 08:26 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-05-21 08:10 . 2011-05-21 08:10 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-21 08:10 . 2011-05-21 08:10 -------- d-----w- c:\windows\system32\Wat
2011-05-21 08:00 . 2011-03-03 03:52 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-05-21 07:59 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-21 07:59 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-21 07:59 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-21 07:59 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-27 11:59 . 2011-03-25 16:16 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-05-27 11:59 . 2011-03-25 16:16 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-05-27 11:59 . 2011-03-25 16:16 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-05-26 12:50 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-05-26 12:50 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 23:55 . 2011-04-09 23:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 23:55 . 2011-04-09 23:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-08 05:14 . 2011-03-25 16:48 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-04-08 05:14 . 2011-03-25 16:48 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-03-25 16:48 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2011-03-25 16:48 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2011-03-25 16:48 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-08 04:19 . 2011-04-08 04:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 04:19 . 2011-04-08 04:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-08 04:19 . 2011-04-08 04:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-08 04:19 . 2011-04-08 04:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 04:19 . 2011-04-08 04:19 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-03-25 16:55 . 2011-03-25 16:55 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-03-25 16:55 . 2011-03-25 16:55 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-25 16:55 . 2011-03-25 16:54 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-03-25 16:55 . 2011-03-25 16:54 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-03-04 06:19 . 2011-05-21 08:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-05-21 08:01 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 13:03 . 2011-03-03 13:03 142848 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-03-03 12:57 . 2011-03-03 12:57 613376 ----a-w- c:\windows\system32\EKIJ5000MON.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-30_14.10.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-05-30 14:17 41854 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-05-30 11:07 45158 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-30 14:17 45158 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-02 10:27 . 2011-05-30 14:17 6456 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1643612854-3128440630-566368958-1000_UserData.bin
- 2011-05-30 11:04 . 2011-05-30 11:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-30 14:15 . 2011-05-30 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-30 11:04 . 2011-05-30 11:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-30 14:15 . 2011-05-30 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-05-30 14:20 655438 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-05-30 11:09 655438 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-05-30 14:20 118564 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-05-30 11:09 118564 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-05-30 00:19 230860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-30 14:14 230860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-21 08:34 . 2011-05-30 14:14 5802608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643612854-3128440630-566368958-1000-4096.dat
- 2011-05-21 08:34 . 2011-05-30 00:19 5802608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643612854-3128440630-566368958-1000-4096.dat
+ 2011-05-21 09:24 . 2011-05-30 14:14 10089700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1643612854-3128440630-566368958-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-03-03 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Name of App"="c:\program files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe" [2010-08-04 692317]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"InstantBurn"="c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2010-02-10 697640]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-28 75048]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2011-1-14 699904]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2011-5-29 1643808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/27 07:01;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-04-19 1127032]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110527.001\IDSvia64.sys [2011-03-15 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/03/25 09:17];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-01-19 23:10 146928]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-01-14 570368]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-11-26 212256]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;c:\windows\system32\DRIVERS\Edge7x64.sys [x]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-21 136824]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-03-03 2922496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
FF - ProfilePath - c:\users\vilignoble\AppData\Roaming\Mozilla\Firefox\Profiles\d7pgi4lx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1643612854-3128440630-566368958-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,dd,b5,61,6f,cd,49,44,94,fc,81,6c,ee,15,62,6c,ca,76,15,ef,c0,
5f,76,aa,65,70,82,b5,5b,5f,11,70,36,59,a7,01,55,64,25,a3,b9,24,61,2f,0e,91,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-30 09:21:52
ComboFix-quarantined-files.txt 2011-05-30 14:21
.
Pre-Run: 1,925,315,076,096 bytes free
Post-Run: 1,925,248,872,448 bytes free
.
- - End Of File - - 3FA5AA0726EA58F451914FAC353F3ADD

I also get these errors

\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

and info
Application popup: : \??\C:\ComboFix\catchme.sys failed to load

this also created a recycle folder in my external harddriver, it may not have been combofix, i am sure, but i dont think it was there before,
I ran this combofix twice as the first time, i did not have external harddrive connected.

Edited by Vil Ignoble, 30 May 2011 - 10:07 AM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 30 May 2011 - 10:04 AM

Do you have any other problem except for the cyberlink entries? My guess is that these are leftovers after an uninstall.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Vil Ignoble

Vil Ignoble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 30 May 2011 - 10:25 AM

Thank you for your help,

Is that from cyberlink updating? I will send them a picture as they had asked for one before of those entries when they were in the firewall rules but they do not support oem,

I have some errors i was wondering if you knew anything about, my cmd.exe (only when run as adminsitrator) has the taskbar icon games, here is a picture. I ran the windows fix it for icons rebuidl , but it doe snot fix.

I started getting this error yesterday
There was an error while attempting to read the local hosts file.
This think this one started after running windows fix it for defaulting hosts file.

This one
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
I cannot find PEVSystemStart in services.

And when I try to update driver for wifi miniport adapter it says driver is unsigned, should I install anyways?
Should I leave $Recycle.bin in my external harddrive?Attached File  gamescmd.png   202.37KB   1 downloads

Edited by Vil Ignoble, 30 May 2011 - 10:26 AM.


#12 Vil Ignoble

Vil Ignoble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 30 May 2011 - 11:44 AM

Combo quarantined some stuff i had not noticed,

2011-05-30 14:20:55 . 2011-05-30 14:20:55 413 ----a-w- C:\Qoobox\Quarantine\F\av1.zip
2011-05-30 14:20:55 . 2009-12-17 23:13:52 146 ----a-w- C:\Qoobox\Quarantine\F\Autorun.inf.vir
2011-05-30 14:11:20 . 2011-05-30 14:11:20 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2011-05-30 14:11:15 . 2011-05-30 14:11:15 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2011-05-30 14:11:09 . 2011-05-30 14:11:09 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-Conime.reg.dat
2011-05-30 14:11:08 . 2011-05-30 14:21:15 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2011-05-30 14:09:59 . 2011-05-30 14:20:05 7,282 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-05-30 14:06:28 . 2011-05-30 14:17:30 102 ----a-w- C:\Qoobox\Quarantine\catchme.log

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:35 PM

Posted 30 May 2011 - 12:22 PM

Is that from cyberlink updating? I will send them a picture as they had asked for one before of those entries when they were in the firewall rules but they do not support oem,

You can simply reset your firewall rules. Afterwards different programs will ask for permission if necessary.

I have some errors i was wondering if you knew anything about, my cmd.exe (only when run as adminsitrator) has the taskbar icon games, here is a picture. I ran the windows fix it for icons rebuidl , but it doe snot fix.

This will sometimes happen if you use a customized theme (or a downloaded theme). You can try to change the Windows theme and see how the icon looks afterwards.

I started getting this error yesterday
There was an error while attempting to read the local hosts file.
This think this one started after running windows fix it for defaulting hosts file.

This one
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
I cannot find PEVSystemStart in services.

These are related to combofix and nothing to worry about.

And when I try to update driver for wifi miniport adapter it says driver is unsigned, should I install anyways?

No, 64 bit Windows needs signed drivers, otherwise it will not load them.

Should I leave $Recycle.bin in my external harddrive?

Yes, this is normal.

The files quarantined by combofix are mostly registry backups. You don't need to worry about these.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Vil Ignoble

Vil Ignoble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 30 May 2011 - 01:59 PM

Cmd.exe did not change after changing theme

its target says %SystemRoot%\System32\cmd.exe /c "start http://socialgames.splashtop.com/gbsp/mb/?p=w" where is it coming from like that? That is the properties of the taskbar icon.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6725

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/30/2011 1:54:07 PM
mbam-log-2011-05-30 (13-54-07).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 350023
Time elapsed: 21 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Vil Ignoble, 30 May 2011 - 02:00 PM.


#15 Vil Ignoble

Vil Ignoble
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 30 May 2011 - 02:16 PM

I see two shortcuts for games that have that same target and one is in
programsfiles(x86)\\DeviceVM\Browser Configuation Utility\plugins\ZyngaGames
and other
Users\Username\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Start Menu
and they have the same target




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users