Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wierd IE lag spike problem


  • This topic is locked This topic is locked
44 replies to this topic

#1 Waj Wounda

Waj Wounda

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 28 September 2011 - 12:21 AM

So, when I open IE(or any Browser), it doesn't take a long time to load, but when I'm playing various assorted online games/videos, there will be random lag spikes. They last typically about 10-15 seconds, and happen about once a minute. If its any help, heres my HiJackThis log... And is it just me, or is this abnormally large?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:33 PM, on 9/28/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dave\Downloads\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm330YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38165970-8229-4D75-A359-E29702FC3CBC}: NameServer = 192.168.0.1,205.171.3.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{38165970-8229-4D75-A359-E29702FC3CBC}: NameServer = 192.168.0.1,205.171.3.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{38165970-8229-4D75-A359-E29702FC3CBC}: NameServer = 192.168.0.1,205.171.3.25
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10385 bytes
So does anyone else wonder what happened to the Jonas Brothers, No? Well, um, yeah, didn't think so...

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 03 October 2011 - 12:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420827 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Waj Wounda

Waj Wounda
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 06 October 2011 - 05:23 PM

Muchos gracias, helpbot, and I still keep having the same problem,except its moved to games too, like Counter Strike and StarCraft II.
Heres the DDS log as per requested...
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Dave at 16:18:20 on 2011-10-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1902 [GMT -6:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxdxcoms.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=C:\Windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [hpqSRMon]
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm330YYUS
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Windows\system32\wpclsp.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: Interfaces\{38165970-8229-4D75-A359-E29702FC3CBC} : NameServer = 192.168.0.1,205.171.3.25
TCP: Interfaces\{42C5DFFF-5300-4C26-9F3E-B5B1C120705A} : DhcpNameServer = 184.48.208.1 64.134.255.2 64.134.255.10
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {9565115D-C7D6-46D3-BD63-B67B481A4368} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpqSRMon]
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110920.001\BHDrvx64.sys [2011-9-28 1152632]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110930.030\IDSviA64.sys [2011-10-2 488568]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\system32\DRIVERS\StarPortLite.sys --> C:\Windows\system32\DRIVERS\StarPortLite.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-5-9 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-28 2255464]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-3-31 428640]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-29 136824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 135664]
S3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-17 135664]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-15 03:30:18 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-15 03:30:18 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 01:37:05 3 ----a-w- C:\Users\Dave\AppData\Roaming\ispnetkey.dll
2011-09-14 01:37:05 -------- d-----w- C:\ProgramData\KeyExtender
2011-09-10 18:13:54 -------- d-----w- C:\Users\Dave\AppData\Local\Proxure
2011-09-10 18:13:25 -------- d-----w- C:\ProgramData\ClubSanDisk
.
==================== Find3M ====================
.
2011-10-07 21:50:43 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 22:12:53 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-10 19:11:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-12 17:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 17:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 17:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 17:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 17:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 17:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 17:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 17:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-11 13:45:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 16:19:13.17 ===============

Edited by Waj Wounda, 06 October 2011 - 05:24 PM.

So does anyone else wonder what happened to the Jonas Brothers, No? Well, um, yeah, didn't think so...

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 AM

Posted 07 October 2011 - 12:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Waj Wounda

Waj Wounda
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 08 October 2011 - 05:54 PM

The Problem did not go away, same thing is happening. Combofix took about 17 minutes, here it is...

ComboFix 11-10-08.04 - Dave 10/09/2011 16:22:43.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1949 [GMT -6:00]
Running from: c:\users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3J01E2V\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\save tube video company
c:\program files (x86)\save tube video company\SaveTubeVideo\FF\tmp
c:\users\Dave\AppData\Roaming\ispnetkey.dll
c:\users\Dave\AppData\Roaming\Local
c:\users\Dave\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Dave\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Dave\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Dave\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Dave\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Dave\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Dave\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\users\Dave\Documents\~WRD1454.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\windows\SysWow64\asd
c:\windows\SysWow64\asd\mylng.cfg
c:\windows\SysWow64\asd\YFSysKeys.ocx
c:\windows\SysWow64\Chip.dll
c:\windows\SysWow64\f3PSSavr.scr
c:\windows\SysWow64\gdi3232.dll
c:\windows\SysWow64\YkkcnmJOjMgfz.vbs
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 22:35 . 2011-10-09 22:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-09 22:35 . 2011-10-09 22:35 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-10-09 22:35 . 2011-10-09 22:35 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-09 22:35 . 2011-10-09 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 22:35 . 2011-10-09 22:35 -------- d-----w- c:\users\Dave\AppData\Local\temp
2011-09-15 03:30 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-15 03:30 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 01:37 . 2011-09-14 01:39 -------- d-----w- c:\programdata\KeyExtender
2011-09-10 18:13 . 2011-09-10 18:13 -------- d-----w- c:\users\Dave\AppData\Local\Proxure
2011-09-10 18:13 . 2011-09-10 18:13 -------- d-----w- c:\programdata\ClubSanDisk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 21:50 . 2011-06-17 19:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 22:12 . 2010-11-14 07:49 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-10 19:11 . 2010-05-15 03:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-02 02:15 . 2011-09-02 02:15 53248 ----a-r- c:\users\Dave\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-03 11:50 . 2011-08-28 11:57 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-08-28 11:57 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2011-08-28 11:57 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-08-28 11:57 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-08-28 11:57 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-08-28 11:57 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-08-28 11:57 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-08-28 11:54 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2011-08-28 11:54 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-08-28 11:54 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-08-28 11:54 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-08-28 11:54 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-08-28 11:54 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-08-28 11:54 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-08-28 11:54 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-08-28 11:54 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-08-28 11:54 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-08-28 11:54 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-08-28 11:54 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-28 11:54 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-28 11:54 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-08-28 11:54 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-08-28 11:54 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-08-28 11:54 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-08-28 11:54 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2011-08-28 11:54 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2011-08-28 11:54 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-08-28 11:54 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2010-10-16 19:13 335976 ----a-w- c:\windows\system32\nvhotkey.dll
2011-07-22 05:42 . 2011-08-12 00:06 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-12 00:06 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-12 00:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-12 00:06 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-12 00:06 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-12 00:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-12 17:34 . 2011-07-12 17:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 17:34 . 2011-07-12 17:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 17:34 . 2011-07-12 17:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 17:34 . 2011-07-12 17:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 17:20 . 2011-07-12 17:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 17:20 . 2011-07-12 17:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 17:20 . 2011-07-12 17:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 17:20 . 2011-07-12 17:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 04:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SASDIFSV;SASDIFSV;c:\users\Dave\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Dave\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 135664]
R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 135664]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110920.001\BHDrvx64.sys [2011-09-09 1152632]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111007.030\IDSvia64.sys [2011-08-23 488568]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-10-06 365952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 136824]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP141
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 02:36]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 02:36]
.
2011-09-12 c:\windows\Tasks\HPCeeScheduleForDave.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-21 18:34]
.
2010-07-24 c:\windows\Tasks\HPCeeScheduleForKidling.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-21 18:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: Interfaces\{38165970-8229-4D75-A359-E29702FC3CBC}: NameServer = 192.168.0.1,205.171.3.25
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="D99A3B28558E8B182FAF9E009E47088266CCE57A9CE0F90113D69776E573FB3EC8BAEFBDA17F30DB95870B880077B39287E023C8C817A431C03756D1FA7FB260A15583C27D3240BE7DBDB6C9D85616C660D520340B46A608E661204EE0FCE0B12354619568430EE616660538EDB7CBEA310B5AE309230718F4232B69BD1D15288D0F972A2BFD52CD900AFC5C4527D39DBEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67948EDD5E5BE2F6E6679DB7CE019D40AA5C8B821EB2C067A906ED4E8820BEC1AAAE6252D0ED7CC737218C8F2388597609055B81C95D3DFCDE55DA0E651BDFEBDA216A7A037D5CF8C3E134F8FAB018500A64FAC024B873F81E41363C4D77CEC61FDCFEC1963462DB4B82CB5B8BC161BACF8B7E251624696B5C1340B8BF55CFAB0F3EAB1FC0932F32A9114D68DEBDCF809B57EC3CA1C0D8C6DD9A2C85D21858571425F1B1C9DF15A18B1EA6F79269B45002AA41B25975AE64BB2A23CBACE792E7EDF5C7B9909F9BB2783D3A81D9CE143DECEA69DB636B8CFD641841D80BAE5E642F17931A85A07ED4C608DDA4FABAA7BB96804A2F7B1248B39A3E1599BD9ACB343FF436DEADF1ADD6A19A5BA1503D5B2713D9B9C7F19B6B88F2FDA3A429A125A3587E7D33A268CC6F0916F1DF47ACCEBEC468036429FCB4E3D6B66631C478E1638928AFE7121B3238D19F52E863A1D8A3E42364E61971921106D1C5199D1AB18734E806723C676BADA25EA269B9797F5D000212574B762DBF1037255F55C87688903DAD6BF7ED36B278007CB4755580547883B260E04E5D83DBD8D6269D8348C2A9A4C610AC11060C21B4EFC0D41ACCD981A862508CFEAF5323A624B53F146FF65DA1E640D87A8461C1B1FD27A972879E25F72D9A1653678AF318C7F91806EB4A5EBD96830D150BC2D12F9B25D9498A39BEFA9957D758F86AAE297282172770C2B482D37FEF91A9209DE9B31D60D0E024FEBE1CBEC0618E138AD54783C00B624FB9810F8239E4A34FC422A415CBFD4DBD6CD421B15684040F11A2DFD42E085D3E1DCC2DFDB746F1893B1D3FB6BD8AC2C75F5407B2AD1BEC47209647738A3A30C561FC8706CAB1BE6C47244B516DF26AE9035421E772448D0DE8BB7DFC97815B7C5D2E6B5468E7EAF8068201542478A0AD59F5B61EE3E0E0927220F6B627FE17E03BFE98441B6D8815E68990D6BF20F481B6D60242561892EE94569B89241CCE52F913C5D8FE095F8AAE8D1993B3B32D38C32032673053051FFDF5C7FE89021E146E931B3646C8EA05F2E733E606C0C109FEF9EAC56DC1CE81B01A4A496621D950BBA9B524B47ADB17A1F3E8D3D0175E8C371143379C55B7D9035F683A61AB08135F87A511A43414377993358041CCE34291"
"OOCC7.00.00.01PROSTATION"="A7572B5797139B57108B9CC5CB3D1051864E968D5C1E446E358136FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67948EDD5E5BE2F6E6679DB7CE019D40AA5C3A00B18B0E86D4E7901F7DFEB6840BE95DDEF0BC49A8AC6CFD6E14C6E99C00BC1BB42D00E69A7345CA53931CE6DCBE2C4E0721E0A96610B5D05524B85696D50141097513598A0D8DBD78080FD0D6A39881AA970390876C3D6E41E74C2A7522F428B0086990EEF65D3351AEF242A63A4F313A27558DFA8AC8A4EE49E5D6099425C9D7073FFE94EBA4771604F74EB6E6C71C19409A73E91574430E53FD8FD5C370A71CB8E1DA7B89295CF1A7DF4B256E4B079F7C2B59AD9E2F1EC4B8A3CD12288BC60F86B39AD7D282B8825A03D1C1FEF7B41917749BD499BA8B2D4CF64D299F7D30377FABFE122E1EE55C064C4193A53FF3C5F074D8A2DF2FE652092E0D3B6BA26F8E53530648E5BDC006B2BBBAD358E590DA0E42F20C2C7591360A92D11C31AA16835948754928732CF911E2A56F6C085DFE1484133E21CEEE4E127F24D2FA9938F50C3E571B872B8DA7F36BAA081D11B2CED177221542CB65020569D09A3446EE3E087AF8747B20CC72508EB9F38B446ADA35EB51A4F6546131EAD26664AFDCD5A610586A43DC62D8B0C39C043C3A37E126534693B28C22D2A972D5BA52A35D0FEA0A4402A86BD724AD8B787F1E9052FDA8627D9E3BB3C5ACB26B9FE43C279B3E3FFE43D7764739A3280B19678AD955A3CFC0A0EDEA0020E6844B7241AEB93F8D489DE849B7F9935054490B382945D03E79ECCCC125E9E87DCCAAA2EE673BC42721B7E0F729EA46A858F0EB35D1E6AABB7C8A381D004E2B70AB4699D3DA72F9BD5743E9C8B8EA08AD4FD070E313B69D101E62A946C6EDC5423680D418318884856CD955E58D2B5FE5C75C5F0F2C0EB5B11C5F7F49F6ECEA7B755BE526458ADB3756B9883A7EC22B5B45AA144595ADD699A51228F3C3D221276781F13026694B0E01447FF7992B9B1ABFF47C57F739B4C8DF2E29DA948CC355FBC0312818F9F2CC480048161E43B3B3211B9DDB2F375ABFE08B1A55826B82199808F148917746B67F16844A014DCF40C7A18EADCE14A586B726A7FCDBA2DC0B17EC950BBF7F0E946CD46B956BEF195687ACF96A1C9D4827E01E1232254BADC6C2A911B10291643448AFC636B7359296280920748E89C6B0D2B7AC9713E11DEADD1A6EC0EA143A64C1B9F3B1F80C909FE22553F156EDFC36F459E1939045AB1B9D3EC87FC1CF52FBFA2EE55273463B1A69137A4DD3C4964DA211ABD3BC3C2A81AA3C537A82F246D00A6BA3A41E9B8FADDB0B91B39C7017902D0C9B45E9EDC0C5A15DD2015D8F80C2F773C6F9A6A45F0853E728977A32531F5721D41B"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-10-09 16:39:03
ComboFix-quarantined-files.txt 2011-10-09 22:39
.
Pre-Run: 95,115,083,776 bytes free
Post-Run: 93,442,486,272 bytes free
.
- - End Of File - - A3F2E99632EA984F6860E7C7B6C91E1A

Edited by Waj Wounda, 08 October 2011 - 05:56 PM.

So does anyone else wonder what happened to the Jonas Brothers, No? Well, um, yeah, didn't think so...

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 AM

Posted 08 October 2011 - 06:57 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Waj Wounda

Waj Wounda
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 10 October 2011 - 05:23 PM

No nothing there...
16:21:23.0805 7840 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
16:21:24.0310 7840 ============================================================
16:21:24.0310 7840 Current date / time: 2011/10/11 16:21:24.0310
16:21:24.0310 7840 SystemInfo:
16:21:24.0310 7840
16:21:24.0310 7840 OS Version: 6.0.6002 ServicePack: 2.0
16:21:24.0310 7840 Product type: Workstation
16:21:24.0311 7840 ComputerName: DAVE-PC
16:21:24.0311 7840 UserName: Dave
16:21:24.0311 7840 Windows directory: C:\Windows
16:21:24.0311 7840 System windows directory: C:\Windows
16:21:24.0311 7840 Running under WOW64
16:21:24.0311 7840 Processor architecture: Intel x64
16:21:24.0311 7840 Number of processors: 2
16:21:24.0311 7840 Page size: 0x1000
16:21:24.0311 7840 Boot type: Normal boot
16:21:24.0311 7840 ============================================================
16:21:24.0916 7840 Initialize success
16:21:37.0438 8184 ============================================================
16:21:37.0438 8184 Scan started
16:21:37.0438 8184 Mode: Manual;
16:21:37.0438 8184 ============================================================
16:21:37.0902 8184 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:21:37.0905 8184 ACPI - ok
16:21:38.0020 8184 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:21:38.0024 8184 adp94xx - ok
16:21:38.0126 8184 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:21:38.0129 8184 adpahci - ok
16:21:38.0215 8184 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:21:38.0217 8184 adpu160m - ok
16:21:38.0507 8184 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:21:38.0509 8184 adpu320 - ok
16:21:38.0648 8184 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
16:21:38.0651 8184 AFD - ok
16:21:38.0744 8184 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:21:38.0745 8184 agp440 - ok
16:21:38.0830 8184 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:21:38.0831 8184 aic78xx - ok
16:21:38.0920 8184 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
16:21:38.0920 8184 aliide - ok
16:21:38.0986 8184 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
16:21:38.0987 8184 amdide - ok
16:21:39.0070 8184 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:21:39.0071 8184 AmdK8 - ok
16:21:39.0157 8184 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\Windows\system32\DRIVERS\AmdLLD64.sys
16:21:39.0158 8184 AmdLLD64 - ok
16:21:39.0256 8184 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:21:39.0257 8184 arc - ok
16:21:39.0346 8184 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:21:39.0347 8184 arcsas - ok
16:21:39.0447 8184 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:21:39.0448 8184 AsyncMac - ok
16:21:39.0535 8184 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:21:39.0536 8184 atapi - ok
16:21:39.0650 8184 athr (7392080816811f6500ff685b8db66d7f) C:\Windows\system32\DRIVERS\athrx.sys
16:21:39.0658 8184 athr - ok
16:21:39.0754 8184 Beep - ok
16:21:39.0912 8184 BHDrvx64 (440eee1cf57ed22e8838df6e60c8c45d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110920.001\BHDrvx64.sys
16:21:39.0919 8184 BHDrvx64 - ok
16:21:40.0008 8184 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:21:40.0009 8184 blbdrive - ok
16:21:40.0112 8184 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:21:40.0113 8184 bowser - ok
16:21:40.0184 8184 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:21:40.0185 8184 BrFiltLo - ok
16:21:40.0254 8184 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:21:40.0254 8184 BrFiltUp - ok
16:21:40.0330 8184 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:21:40.0331 8184 Brserid - ok
16:21:40.0417 8184 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:21:40.0418 8184 BrSerWdm - ok
16:21:40.0487 8184 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:21:40.0487 8184 BrUsbMdm - ok
16:21:40.0559 8184 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:21:40.0559 8184 BrUsbSer - ok
16:21:40.0634 8184 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:21:40.0635 8184 BTHMODEM - ok
16:21:40.0666 8184 catchme - ok
16:21:40.0752 8184 CAXHWAZL (942bd3cb0933febd194b42d4e489c246) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:21:40.0755 8184 CAXHWAZL - ok
16:21:40.0831 8184 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:21:40.0832 8184 cdfs - ok
16:21:40.0922 8184 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:21:40.0924 8184 cdrom - ok
16:21:41.0012 8184 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
16:21:41.0013 8184 circlass - ok
16:21:41.0098 8184 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:21:41.0102 8184 CLFS - ok
16:21:41.0194 8184 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
16:21:41.0195 8184 CmBatt - ok
16:21:41.0260 8184 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
16:21:41.0261 8184 cmdide - ok
16:21:41.0379 8184 CnxtHdAudService (d760753a9b2489a317d722133ce67efc) C:\Windows\system32\drivers\CHDRT64.sys
16:21:41.0381 8184 CnxtHdAudService - ok
16:21:41.0461 8184 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
16:21:41.0462 8184 Compbatt - ok
16:21:41.0546 8184 CompFilter64 (11cc395d18ff03e95e8c6a149c84c91b) C:\Windows\system32\DRIVERS\lvbflt64.sys
16:21:41.0547 8184 CompFilter64 - ok
16:21:41.0628 8184 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:21:41.0629 8184 crcdisk - ok
16:21:41.0735 8184 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:21:41.0736 8184 DfsC - ok
16:21:41.0852 8184 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:21:41.0853 8184 disk - ok
16:21:41.0960 8184 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
16:21:41.0962 8184 Dot4 - ok
16:21:42.0044 8184 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:21:42.0045 8184 Dot4Print - ok
16:21:42.0116 8184 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
16:21:42.0117 8184 dot4usb - ok
16:21:42.0210 8184 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:21:42.0210 8184 drmkaud - ok
16:21:42.0295 8184 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:21:42.0302 8184 DXGKrnl - ok
16:21:42.0400 8184 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:21:42.0402 8184 E1G60 - ok
16:21:42.0506 8184 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:21:42.0508 8184 Ecache - ok
16:21:42.0622 8184 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:21:42.0626 8184 eeCtrl - ok
16:21:42.0705 8184 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:21:42.0709 8184 elxstor - ok
16:21:42.0850 8184 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:21:42.0852 8184 EraserUtilRebootDrv - ok
16:21:42.0923 8184 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:21:42.0924 8184 ErrDev - ok
16:21:43.0014 8184 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:21:43.0019 8184 exfat - ok
16:21:43.0109 8184 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:21:43.0114 8184 fastfat - ok
16:21:43.0191 8184 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:21:43.0192 8184 fdc - ok
16:21:43.0271 8184 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:21:43.0272 8184 FileInfo - ok
16:21:43.0332 8184 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:21:43.0333 8184 Filetrace - ok
16:21:43.0389 8184 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:21:43.0390 8184 flpydisk - ok
16:21:43.0473 8184 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:21:43.0475 8184 FltMgr - ok
16:21:43.0584 8184 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:21:43.0585 8184 fssfltr - ok
16:21:43.0655 8184 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:21:43.0656 8184 Fs_Rec - ok
16:21:43.0739 8184 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:21:43.0740 8184 gagp30kx - ok
16:21:43.0818 8184 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:21:43.0819 8184 GEARAspiWDM - ok
16:21:43.0953 8184 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
16:21:43.0955 8184 HdAudAddService - ok
16:21:44.0050 8184 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:21:44.0057 8184 HDAudBus - ok
16:21:44.0117 8184 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:21:44.0118 8184 HidBth - ok
16:21:44.0200 8184 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
16:21:44.0200 8184 HidIr - ok
16:21:44.0286 8184 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:21:44.0287 8184 HidUsb - ok
16:21:44.0372 8184 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:21:44.0373 8184 HpCISSs - ok
16:21:44.0474 8184 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:21:44.0475 8184 HpqKbFiltr - ok
16:21:44.0586 8184 HSF_DPV (dda869537ae9ce501954cb7793134d96) C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:21:44.0620 8184 HSF_DPV - ok
16:21:44.0704 8184 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:21:44.0725 8184 HTTP - ok
16:21:44.0806 8184 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:21:44.0807 8184 i2omp - ok
16:21:44.0867 8184 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:21:44.0868 8184 i8042prt - ok
16:21:44.0944 8184 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:21:44.0950 8184 iaStorV - ok
16:21:45.0089 8184 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111007.030\IDSvia64.sys
16:21:45.0093 8184 IDSVia64 - ok
16:21:45.0155 8184 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:21:45.0156 8184 iirsp - ok
16:21:45.0233 8184 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
16:21:45.0234 8184 intelide - ok
16:21:45.0306 8184 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:21:45.0307 8184 intelppm - ok
16:21:45.0405 8184 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:45.0407 8184 IpFilterDriver - ok
16:21:45.0469 8184 IpInIp - ok
16:21:45.0529 8184 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:21:45.0531 8184 IPMIDRV - ok
16:21:45.0609 8184 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:21:45.0611 8184 IPNAT - ok
16:21:45.0685 8184 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:21:45.0686 8184 IRENUM - ok
16:21:45.0767 8184 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:21:45.0768 8184 isapnp - ok
16:21:45.0857 8184 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:21:45.0861 8184 iScsiPrt - ok
16:21:45.0912 8184 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:21:45.0913 8184 iteatapi - ok
16:21:45.0979 8184 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:21:45.0980 8184 iteraid - ok
16:21:46.0050 8184 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:21:46.0051 8184 kbdclass - ok
16:21:46.0104 8184 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:21:46.0105 8184 kbdhid - ok
16:21:46.0187 8184 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
16:21:46.0206 8184 KSecDD - ok
16:21:46.0289 8184 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:21:46.0290 8184 ksthunk - ok
16:21:46.0365 8184 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:21:46.0366 8184 lltdio - ok
16:21:46.0437 8184 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:21:46.0440 8184 LSI_FC - ok
16:21:46.0505 8184 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:21:46.0507 8184 LSI_SAS - ok
16:21:46.0564 8184 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:21:46.0566 8184 LSI_SCSI - ok
16:21:46.0644 8184 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:21:46.0647 8184 luafv - ok
16:21:46.0752 8184 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
16:21:46.0758 8184 LVRS64 - ok
16:21:46.0945 8184 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:21:46.0976 8184 LVUVC64 - ok
16:21:47.0108 8184 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:21:47.0109 8184 mdmxsdk - ok
16:21:47.0142 8184 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:21:47.0143 8184 megasas - ok
16:21:47.0201 8184 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:21:47.0205 8184 MegaSR - ok
16:21:47.0246 8184 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:21:47.0247 8184 Modem - ok
16:21:47.0279 8184 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:21:47.0280 8184 monitor - ok
16:21:47.0298 8184 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:21:47.0299 8184 mouclass - ok
16:21:47.0354 8184 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:21:47.0355 8184 mouhid - ok
16:21:47.0387 8184 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:21:47.0388 8184 MountMgr - ok
16:21:47.0450 8184 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:21:47.0452 8184 mpio - ok
16:21:47.0481 8184 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:21:47.0484 8184 mpsdrv - ok
16:21:47.0499 8184 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:21:47.0500 8184 Mraid35x - ok
16:21:47.0542 8184 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:21:47.0546 8184 MRxDAV - ok
16:21:47.0586 8184 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:21:47.0589 8184 mrxsmb - ok
16:21:47.0618 8184 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:21:47.0623 8184 mrxsmb10 - ok
16:21:47.0651 8184 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:21:47.0653 8184 mrxsmb20 - ok
16:21:47.0684 8184 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
16:21:47.0685 8184 msahci - ok
16:21:47.0696 8184 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:21:47.0697 8184 msdsm - ok
16:21:47.0741 8184 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:21:47.0742 8184 Msfs - ok
16:21:47.0759 8184 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:21:47.0760 8184 msisadrv - ok
16:21:47.0785 8184 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:21:47.0785 8184 MSKSSRV - ok
16:21:47.0813 8184 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:21:47.0814 8184 MSPCLOCK - ok
16:21:47.0843 8184 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:21:47.0843 8184 MSPQM - ok
16:21:47.0886 8184 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:21:47.0893 8184 MsRPC - ok
16:21:47.0920 8184 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:21:47.0921 8184 mssmbios - ok
16:21:47.0941 8184 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:21:47.0942 8184 MSTEE - ok
16:21:47.0963 8184 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:21:47.0964 8184 Mup - ok
16:21:48.0022 8184 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:21:48.0025 8184 NativeWifiP - ok
16:21:48.0113 8184 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111007.034\ENG64.SYS
16:21:48.0115 8184 NAVENG - ok
16:21:48.0181 8184 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111007.034\EX64.SYS
16:21:48.0195 8184 NAVEX15 - ok
16:21:48.0331 8184 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:21:48.0337 8184 NDIS - ok
16:21:48.0373 8184 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:21:48.0374 8184 NdisTapi - ok
16:21:48.0415 8184 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:21:48.0416 8184 Ndisuio - ok
16:21:48.0461 8184 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:21:48.0465 8184 NdisWan - ok
16:21:48.0490 8184 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:21:48.0491 8184 NDProxy - ok
16:21:48.0524 8184 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:21:48.0524 8184 NetBIOS - ok
16:21:48.0573 8184 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:21:48.0578 8184 netbt - ok
16:21:48.0722 8184 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
16:21:48.0746 8184 NETw3v64 - ok
16:21:48.0779 8184 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:21:48.0781 8184 nfrd960 - ok
16:21:48.0828 8184 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:21:48.0829 8184 Npfs - ok
16:21:48.0886 8184 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:21:48.0887 8184 nsiproxy - ok
16:21:48.0977 8184 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:21:49.0012 8184 Ntfs - ok
16:21:49.0069 8184 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:21:49.0069 8184 NuidFltr - ok
16:21:49.0105 8184 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:21:49.0105 8184 Null - ok
16:21:49.0143 8184 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
16:21:49.0144 8184 NVHDA - ok
16:21:49.0477 8184 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:21:49.0568 8184 nvlddmkm - ok
16:21:49.0646 8184 NVNET (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:21:49.0652 8184 NVNET - ok
16:21:49.0688 8184 nvsmu (17fa8703054e5b3dde7956fe705dbacd) C:\Windows\system32\DRIVERS\nvsmu.sys
16:21:49.0689 8184 nvsmu - ok
16:21:49.0705 8184 NwlnkFlt - ok
16:21:49.0717 8184 NwlnkFwd - ok
16:21:49.0751 8184 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
16:21:49.0753 8184 ohci1394 - ok
16:21:49.0789 8184 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:21:49.0792 8184 Parport - ok
16:21:49.0839 8184 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:21:49.0841 8184 partmgr - ok
16:21:49.0884 8184 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:21:49.0886 8184 pci - ok
16:21:49.0948 8184 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
16:21:49.0948 8184 pciide - ok
16:21:49.0969 8184 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:21:49.0973 8184 pcmcia - ok
16:21:50.0007 8184 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
16:21:50.0009 8184 pcouffin - ok
16:21:50.0043 8184 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:21:50.0066 8184 PEAUTH - ok
16:21:50.0157 8184 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:21:50.0159 8184 PptpMiniport - ok
16:21:50.0185 8184 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
16:21:50.0186 8184 Processor - ok
16:21:50.0243 8184 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:21:50.0245 8184 PSched - ok
16:21:50.0284 8184 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:21:50.0293 8184 ql2300 - ok
16:21:50.0308 8184 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:21:50.0310 8184 ql40xx - ok
16:21:50.0334 8184 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:21:50.0335 8184 QWAVEdrv - ok
16:21:50.0350 8184 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:21:50.0351 8184 RasAcd - ok
16:21:50.0407 8184 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:21:50.0409 8184 Rasl2tp - ok
16:21:50.0458 8184 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:21:50.0458 8184 RasPppoe - ok
16:21:50.0497 8184 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:21:50.0498 8184 RasSstp - ok
16:21:50.0548 8184 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:21:50.0555 8184 rdbss - ok
16:21:50.0573 8184 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:21:50.0574 8184 RDPCDD - ok
16:21:50.0603 8184 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:21:50.0606 8184 rdpdr - ok
16:21:50.0620 8184 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:21:50.0621 8184 RDPENCDD - ok
16:21:50.0651 8184 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:21:50.0656 8184 RDPWD - ok
16:21:50.0709 8184 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:21:50.0710 8184 RimUsb - ok
16:21:50.0733 8184 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:21:50.0735 8184 rspndr - ok
16:21:50.0782 8184 SASDIFSV - ok
16:21:50.0788 8184 SASKUTIL - ok
16:21:50.0817 8184 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:21:50.0818 8184 sbp2port - ok
16:21:50.0849 8184 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
16:21:50.0851 8184 sdbus - ok
16:21:50.0872 8184 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:21:50.0873 8184 secdrv - ok
16:21:50.0897 8184 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:21:50.0897 8184 Serenum - ok
16:21:50.0923 8184 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:21:50.0924 8184 Serial - ok
16:21:50.0945 8184 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:21:50.0945 8184 sermouse - ok
16:21:50.0977 8184 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:21:50.0977 8184 sffdisk - ok
16:21:50.0998 8184 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:21:50.0999 8184 sffp_mmc - ok
16:21:51.0014 8184 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:21:51.0014 8184 sffp_sd - ok
16:21:51.0036 8184 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:21:51.0037 8184 sfloppy - ok
16:21:51.0076 8184 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
16:21:51.0082 8184 Sftfs - ok
16:21:51.0116 8184 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:21:51.0119 8184 Sftplay - ok
16:21:51.0143 8184 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:21:51.0144 8184 Sftredir - ok
16:21:51.0163 8184 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
16:21:51.0164 8184 Sftvol - ok
16:21:51.0195 8184 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:21:51.0196 8184 SiSRaid2 - ok
16:21:51.0208 8184 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:21:51.0210 8184 SiSRaid4 - ok
16:21:51.0249 8184 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:21:51.0252 8184 Smb - ok
16:21:51.0315 8184 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:21:51.0316 8184 spldr - ok
16:21:51.0388 8184 sptd (131575cdf93fdf365de107d0242e52d8) C:\Windows\System32\Drivers\sptd.sys
16:21:51.0394 8184 sptd - ok
16:21:51.0461 8184 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
16:21:51.0483 8184 SRTSP - ok
16:21:51.0501 8184 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
16:21:51.0502 8184 SRTSPX - ok
16:21:51.0527 8184 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:21:51.0535 8184 srv - ok
16:21:51.0572 8184 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:21:51.0575 8184 srv2 - ok
16:21:51.0600 8184 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:21:51.0604 8184 srvnet - ok
16:21:51.0653 8184 StarPortLite (415205b445c60b09e779f78d6df25667) C:\Windows\system32\DRIVERS\StarPortLite.sys
16:21:51.0654 8184 StarPortLite - ok
16:21:51.0702 8184 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:21:51.0703 8184 swenum - ok
16:21:51.0731 8184 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:21:51.0732 8184 Symc8xx - ok
16:21:51.0795 8184 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
16:21:51.0803 8184 SymDS - ok
16:21:51.0845 8184 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
16:21:51.0867 8184 SymEFA - ok
16:21:51.0908 8184 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:21:51.0927 8184 SymEvent - ok
16:21:51.0970 8184 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
16:21:51.0973 8184 SymIRON - ok
16:21:52.0026 8184 SYMTDIv (6cb70a5d30e4322bab4ad52866b0a4b8) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS
16:21:52.0034 8184 SYMTDIv - ok
16:21:52.0076 8184 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:21:52.0077 8184 Sym_hi - ok
16:21:52.0089 8184 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:21:52.0090 8184 Sym_u3 - ok
16:21:52.0178 8184 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
16:21:52.0189 8184 Tcpip - ok
16:21:52.0234 8184 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
16:21:52.0244 8184 Tcpip6 - ok
16:21:52.0285 8184 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:21:52.0286 8184 tcpipreg - ok
16:21:52.0305 8184 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:21:52.0306 8184 TDPIPE - ok
16:21:52.0327 8184 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:21:52.0328 8184 TDTCP - ok
16:21:52.0354 8184 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:21:52.0356 8184 tdx - ok
16:21:52.0393 8184 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:21:52.0394 8184 TermDD - ok
16:21:52.0427 8184 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:21:52.0428 8184 tssecsrv - ok
16:21:52.0454 8184 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:21:52.0454 8184 tunmp - ok
16:21:52.0517 8184 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:21:52.0518 8184 tunnel - ok
16:21:52.0538 8184 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:21:52.0540 8184 uagp35 - ok
16:21:52.0589 8184 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:21:52.0595 8184 udfs - ok
16:21:52.0631 8184 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:21:52.0633 8184 uliagpkx - ok
16:21:52.0660 8184 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:21:52.0663 8184 uliahci - ok
16:21:52.0678 8184 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:21:52.0680 8184 UlSata - ok
16:21:52.0695 8184 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:21:52.0696 8184 ulsata2 - ok
16:21:52.0721 8184 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:21:52.0722 8184 umbus - ok
16:21:52.0754 8184 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
16:21:52.0755 8184 UMPass - ok
16:21:52.0824 8184 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:21:52.0825 8184 USBAAPL64 - ok
16:21:52.0857 8184 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
16:21:52.0859 8184 usbaudio - ok
16:21:52.0869 8184 usbbus - ok
16:21:52.0912 8184 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:21:52.0914 8184 usbccgp - ok
16:21:52.0951 8184 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:21:52.0953 8184 usbcir - ok
16:21:52.0964 8184 UsbDiag - ok
16:21:53.0008 8184 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:21:53.0009 8184 usbehci - ok
16:21:53.0039 8184 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:21:53.0044 8184 usbhub - ok
16:21:53.0061 8184 USBModem - ok
16:21:53.0082 8184 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
16:21:53.0083 8184 usbohci - ok
16:21:53.0118 8184 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:21:53.0119 8184 usbprint - ok
16:21:53.0155 8184 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:21:53.0157 8184 usbscan - ok
16:21:53.0194 8184 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:21:53.0196 8184 USBSTOR - ok
16:21:53.0229 8184 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:21:53.0230 8184 usbuhci - ok
16:21:53.0256 8184 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
16:21:53.0260 8184 usbvideo - ok
16:21:53.0289 8184 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:21:53.0290 8184 vga - ok
16:21:53.0312 8184 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:21:53.0313 8184 VgaSave - ok
16:21:53.0332 8184 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
16:21:53.0333 8184 viaide - ok
16:21:53.0358 8184 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:21:53.0359 8184 volmgr - ok
16:21:53.0407 8184 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:21:53.0414 8184 volmgrx - ok
16:21:53.0442 8184 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:21:53.0447 8184 volsnap - ok
16:21:53.0463 8184 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:21:53.0465 8184 vsmraid - ok
16:21:53.0490 8184 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:21:53.0491 8184 WacomPen - ok
16:21:53.0538 8184 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:53.0540 8184 Wanarp - ok
16:21:53.0545 8184 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:53.0546 8184 Wanarpv6 - ok
16:21:53.0564 8184 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:21:53.0565 8184 Wd - ok
16:21:53.0605 8184 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:21:53.0626 8184 Wdf01000 - ok
16:21:53.0690 8184 winachsf (590812dd01a4fe83c6e92fdb701e59a6) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:21:53.0714 8184 winachsf - ok
16:21:53.0764 8184 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:21:53.0765 8184 WmiAcpi - ok
16:21:53.0828 8184 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
16:21:53.0830 8184 WpdUsb - ok
16:21:53.0850 8184 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:21:53.0851 8184 ws2ifsl - ok
16:21:53.0878 8184 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:21:53.0879 8184 WSDPrintDevice - ok
16:21:53.0924 8184 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:21:53.0926 8184 WUDFRd - ok
16:21:53.0993 8184 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
16:21:53.0994 8184 XAudio - ok
16:21:54.0024 8184 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
16:21:54.0027 8184 yukonx64 - ok
16:21:54.0048 8184 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
16:21:54.0053 8184 \Device\Harddisk0\DR0 - ok
16:21:54.0062 8184 Boot (0x1200) (bf7d9f3092173ae7cbdd646f53973371) \Device\Harddisk0\DR0\Partition0
16:21:54.0063 8184 \Device\Harddisk0\DR0\Partition0 - ok
16:21:54.0098 8184 Boot (0x1200) (7ec862e8edda1b1b0c2bc0084831494b) \Device\Harddisk0\DR0\Partition1
16:21:54.0099 8184 \Device\Harddisk0\DR0\Partition1 - ok
16:21:54.0099 8184 ============================================================
16:21:54.0099 8184 Scan finished
16:21:54.0099 8184 ============================================================
16:21:54.0115 6748 Detected object count: 0
16:21:54.0115 6748 Actual detected object count: 0
16:22:08.0596 7748 ============================================================
16:22:08.0596 7748 Scan started
16:22:08.0596 7748 Mode: Manual;
16:22:08.0596 7748 ============================================================
16:22:08.0867 7748 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:22:08.0869 7748 ACPI - ok
16:22:08.0893 7748 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:22:08.0897 7748 adp94xx - ok
16:22:08.0923 7748 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:22:08.0926 7748 adpahci - ok
16:22:08.0939 7748 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:22:08.0941 7748 adpu160m - ok
16:22:08.0954 7748 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:22:08.0956 7748 adpu320 - ok
16:22:09.0024 7748 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
16:22:09.0028 7748 AFD - ok
16:22:09.0053 7748 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:22:09.0054 7748 agp440 - ok
16:22:09.0067 7748 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:22:09.0068 7748 aic78xx - ok
16:22:09.0095 7748 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
16:22:09.0095 7748 aliide - ok
16:22:09.0107 7748 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
16:22:09.0107 7748 amdide - ok
16:22:09.0124 7748 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:22:09.0124 7748 AmdK8 - ok
16:22:09.0166 7748 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\Windows\system32\DRIVERS\AmdLLD64.sys
16:22:09.0167 7748 AmdLLD64 - ok
16:22:09.0254 7748 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:22:09.0255 7748 arc - ok
16:22:09.0265 7748 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:22:09.0266 7748 arcsas - ok
16:22:09.0300 7748 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:22:09.0300 7748 AsyncMac - ok
16:22:09.0323 7748 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:22:09.0324 7748 atapi - ok
16:22:09.0391 7748 athr (7392080816811f6500ff685b8db66d7f) C:\Windows\system32\DRIVERS\athrx.sys
16:22:09.0398 7748 athr - ok
16:22:09.0417 7748 Beep - ok
16:22:09.0542 7748 BHDrvx64 (440eee1cf57ed22e8838df6e60c8c45d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110920.001\BHDrvx64.sys
16:22:09.0550 7748 BHDrvx64 - ok
16:22:09.0583 7748 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:22:09.0584 7748 blbdrive - ok
16:22:09.0632 7748 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:22:09.0633 7748 bowser - ok
16:22:09.0648 7748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:22:09.0649 7748 BrFiltLo - ok
16:22:09.0673 7748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:22:09.0673 7748 BrFiltUp - ok
16:22:09.0694 7748 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:22:09.0695 7748 Brserid - ok
16:22:09.0714 7748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:22:09.0715 7748 BrSerWdm - ok
16:22:09.0739 7748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:22:09.0740 7748 BrUsbMdm - ok
16:22:09.0752 7748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:22:09.0753 7748 BrUsbSer - ok
16:22:09.0775 7748 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:22:09.0776 7748 BTHMODEM - ok
16:22:09.0783 7748 catchme - ok
16:22:09.0816 7748 CAXHWAZL (942bd3cb0933febd194b42d4e489c246) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:22:09.0818 7748 CAXHWAZL - ok
16:22:09.0839 7748 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:22:09.0841 7748 cdfs - ok
16:22:09.0875 7748 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:22:09.0876 7748 cdrom - ok
16:22:09.0898 7748 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
16:22:09.0899 7748 circlass - ok
16:22:09.0927 7748 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:22:09.0930 7748 CLFS - ok
16:22:09.0969 7748 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
16:22:09.0970 7748 CmBatt - ok
16:22:09.0991 7748 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
16:22:09.0991 7748 cmdide - ok
16:22:10.0042 7748 CnxtHdAudService (d760753a9b2489a317d722133ce67efc) C:\Windows\system32\drivers\CHDRT64.sys
16:22:10.0045 7748 CnxtHdAudService - ok
16:22:10.0056 7748 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
16:22:10.0057 7748 Compbatt - ok
16:22:10.0087 7748 CompFilter64 (11cc395d18ff03e95e8c6a149c84c91b) C:\Windows\system32\DRIVERS\lvbflt64.sys
16:22:10.0087 7748 CompFilter64 - ok
16:22:10.0101 7748 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:22:10.0102 7748 crcdisk - ok
16:22:10.0164 7748 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:22:10.0166 7748 DfsC - ok
16:22:10.0226 7748 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:22:10.0227 7748 disk - ok
16:22:10.0279 7748 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
16:22:10.0280 7748 Dot4 - ok
16:22:10.0296 7748 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:22:10.0297 7748 Dot4Print - ok
16:22:10.0335 7748 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
16:22:10.0336 7748 dot4usb - ok
16:22:10.0361 7748 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:22:10.0362 7748 drmkaud - ok
16:22:10.0414 7748 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:22:10.0420 7748 DXGKrnl - ok
16:22:10.0441 7748 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:22:10.0443 7748 E1G60 - ok
16:22:10.0491 7748 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:22:10.0493 7748 Ecache - ok
16:22:10.0585 7748 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:22:10.0589 7748 eeCtrl - ok
16:22:10.0624 7748 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:22:10.0627 7748 elxstor - ok
16:22:10.0657 7748 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:22:10.0659 7748 EraserUtilRebootDrv - ok
16:22:10.0675 7748 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:22:10.0675 7748 ErrDev - ok
16:22:10.0733 7748 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:22:10.0734 7748 exfat - ok
16:22:10.0783 7748 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:22:10.0785 7748 fastfat - ok
16:22:10.0809 7748 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:22:10.0810 7748 fdc - ok
16:22:10.0833 7748 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:22:10.0834 7748 FileInfo - ok
16:22:10.0850 7748 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:22:10.0851 7748 Filetrace - ok
16:22:10.0874 7748 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:22:10.0875 7748 flpydisk - ok
16:22:10.0925 7748 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:22:10.0927 7748 FltMgr - ok
16:22:10.0958 7748 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:22:10.0959 7748 fssfltr - ok
16:22:10.0976 7748 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:22:10.0976 7748 Fs_Rec - ok
16:22:11.0001 7748 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:22:11.0003 7748 gagp30kx - ok
16:22:11.0027 7748 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:22:11.0028 7748 GEARAspiWDM - ok
16:22:11.0093 7748 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
16:22:11.0095 7748 HdAudAddService - ok
16:22:11.0144 7748 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:22:11.0151 7748 HDAudBus - ok
16:22:11.0180 7748 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:22:11.0181 7748 HidBth - ok
16:22:11.0237 7748 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
16:22:11.0238 7748 HidIr - ok
16:22:11.0271 7748 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:22:11.0272 7748 HidUsb - ok
16:22:11.0301 7748 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:22:11.0302 7748 HpCISSs - ok
16:22:11.0336 7748 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:22:11.0337 7748 HpqKbFiltr - ok
16:22:11.0404 7748 HSF_DPV (dda869537ae9ce501954cb7793134d96) C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:22:11.0414 7748 HSF_DPV - ok
16:22:11.0455 7748 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:22:11.0459 7748 HTTP - ok
16:22:11.0471 7748 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:22:11.0472 7748 i2omp - ok
16:22:11.0496 7748 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:22:11.0497 7748 i8042prt - ok
16:22:11.0513 7748 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:22:11.0515 7748 iaStorV - ok
16:22:11.0640 7748 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111007.030\IDSvia64.sys
16:22:11.0644 7748 IDSVia64 - ok
16:22:11.0698 7748 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:22:11.0699 7748 iirsp - ok
16:22:11.0732 7748 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
16:22:11.0733 7748 intelide - ok
16:22:11.0757 7748 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:22:11.0758 7748 intelppm - ok
16:22:11.0800 7748 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:22:11.0801 7748 IpFilterDriver - ok
16:22:11.0814 7748 IpInIp - ok
16:22:11.0835 7748 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:22:11.0837 7748 IPMIDRV - ok
16:22:11.0859 7748 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:22:11.0861 7748 IPNAT - ok
16:22:11.0880 7748 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys16:22:11.0881 7748 IRENUM - ok
16:22:11.0892 7748 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:22:11.0893 7748 isapnp - ok
16:22:11.0930 7748 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:22:11.0932 7748 iScsiPrt - ok
16:22:11.0945 7748 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:22:11.0946 7748 iteatapi - ok
16:22:11.0958 7748 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:22:11.0959 7748 iteraid - ok
16:22:11.0989 7748 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:22:11.0990 7748 kbdclass - ok
16:22:12.0010 7748 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:22:12.0010 7748 kbdhid - ok
16:22:12.0048 7748 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
16:22:12.0053 7748 KSecDD - ok
16:22:12.0072 7748 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:22:12.0073 7748 ksthunk - ok
16:22:12.0105 7748 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:22:12.0106 7748 lltdio - ok
16:22:12.0132 7748 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:22:12.0133 7748 LSI_FC - ok
16:22:12.0146 7748 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:22:12.0147 7748 LSI_SAS - ok
16:22:12.0159 7748 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:22:12.0161 7748 LSI_SCSI - ok
16:22:12.0183 7748 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:22:12.0185 7748 luafv - ok
16:22:12.0269 7748 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
16:22:12.0272 7748 LVRS64 - ok
16:22:12.0391 7748 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:22:12.0418 7748 LVUVC64 - ok
16:22:12.0458 7748 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:22:12.0459 7748 mdmxsdk - ok
16:22:12.0470 7748 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:22:12.0471 7748 megasas - ok
16:22:12.0500 7748 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:22:12.0503 7748 MegaSR - ok
16:22:12.0530 7748 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:22:12.0531 7748 Modem - ok
16:22:12.0552 7748 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:22:12.0553 7748 monitor - ok
16:22:12.0570 7748 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:22:12.0571 7748 mouclass - ok
16:22:12.0603 7748 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:22:12.0604 7748 mouhid - ok
16:22:12.0626 7748 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:22:12.0627 7748 MountMgr - ok
16:22:12.0640 7748 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:22:12.0641 7748 mpio - ok
16:22:12.0665 7748 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:22:12.0666 7748 mpsdrv - ok
16:22:12.0681 7748 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:22:12.0682 7748 Mraid35x - ok
16:22:12.0725 7748 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:22:12.0727 7748 MRxDAV - ok
16:22:12.0758 7748 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:22:12.0759 7748 mrxsmb - ok
16:22:12.0791 7748 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:22:12.0794 7748 mrxsmb10 - ok
16:22:12.0823 7748 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:22:12.0824 7748 mrxsmb20 - ok
16:22:12.0836 7748 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
16:22:12.0837 7748 msahci - ok
16:22:12.0849 7748 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:22:12.0853 7748 msdsm - ok
16:22:12.0876 7748 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:22:12.0877 7748 Msfs - ok
16:22:12.0893 7748 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:22:12.0894 7748 msisadrv - ok
16:22:12.0934 7748 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:22:12.0935 7748 MSKSSRV - ok
16:22:12.0952 7748 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:22:12.0953 7748 MSPCLOCK - ok
16:22:12.0971 7748 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:22:12.0971 7748 MSPQM - ok
16:22:13.0013 7748 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:22:13.0016 7748 MsRPC - ok
16:22:13.0037 7748 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:22:13.0038 7748 mssmbios - ok
16:22:13.0058 7748 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:22:13.0059 7748 MSTEE - ok
16:22:13.0079 7748 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:22:13.0081 7748 Mup - ok
16:22:13.0127 7748 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:22:13.0129 7748 NativeWifiP - ok
16:22:13.0275 7748 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111007.034\ENG64.SYS
16:22:13.0276 7748 NAVENG - ok
16:22:13.0353 7748 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20111007.034\EX64.SYS
16:22:13.0367 7748 NAVEX15 - ok
16:22:13.0425 7748 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:22:13.0431 7748 NDIS - ok
16:22:13.0456 7748 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:22:13.0457 7748 NdisTapi - ok
16:22:13.0476 7748 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:22:13.0477 7748 Ndisuio - ok
16:22:13.0522 7748 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:13.0523 7748 NdisWan - ok
16:22:13.0539 7748 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:22:13.0540 7748 NDProxy - ok
16:22:13.0585 7748 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:22:13.0586 7748 NetBIOS - ok
16:22:13.0634 7748 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:22:13.0636 7748 netbt - ok
16:22:13.0736 7748 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
16:22:13.0756 7748 NETw3v64 - ok
16:22:13.0783 7748 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:22:13.0784 7748 nfrd960 - ok
16:22:13.0808 7748 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:22:13.0810 7748 Npfs - ok
16:22:13.0836 7748 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:22:13.0837 7748 nsiproxy - ok
16:22:13.0916 7748 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:22:13.0927 7748 Ntfs - ok
16:22:13.0962 7748 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:22:13.0963 7748 NuidFltr - ok
16:22:13.0976 7748 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:22:13.0977 7748 Null - ok
16:22:14.0004 7748 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
16:22:14.0005 7748 NVHDA - ok
16:22:14.0400 7748 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:22:14.0491 7748 nvlddmkm - ok
16:22:14.0540 7748 NVNET (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:22:14.0544 7748 NVNET - ok
16:22:14.0571 7748 nvsmu (17fa8703054e5b3dde7956fe705dbacd) C:\Windows\system32\DRIVERS\nvsmu.sys
16:22:14.0572 7748 nvsmu - ok
16:22:14.0589 7748 NwlnkFlt - ok
16:22:14.0603 7748 NwlnkFwd - ok
16:22:14.0634 7748 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
16:22:14.0635 7748 ohci1394 - ok
16:22:14.0672 7748 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:22:14.0674 7748 Parport - ok
16:22:14.0722 7748 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:22:14.0723 7748 partmgr - ok
16:22:14.0767 7748 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:22:14.0769 7748 pci - ok
16:22:14.0808 7748 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
16:22:14.0809 7748 pciide - ok
16:22:14.0830 7748 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:22:14.0832 7748 pcmcia - ok
16:22:14.0867 7748 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
16:22:14.0869 7748 pcouffin - ok
16:22:14.0904 7748 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:22:14.0909 7748 PEAUTH - ok
16:22:14.0984 7748 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:22:14.0986 7748 PptpMiniport - ok
16:22:15.0001 7748 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
16:22:15.0003 7748 Processor - ok
16:22:15.0034 7748 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:22:15.0035 7748 PSched - ok
16:22:15.0089 7748 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:22:15.0099 7748 ql2300 - ok
16:22:15.0111 7748 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:22:15.0112 7748 ql40xx - ok
16:22:15.0139 7748 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:22:15.0140 7748 QWAVEdrv - ok
16:22:15.0165 7748 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:22:15.0166 7748 RasAcd - ok
16:22:15.0190 7748 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:22:15.0192 7748 Rasl2tp - ok
16:22:15.0274 7748 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:22:15.0275 7748 RasPppoe - ok
16:22:15.0313 7748 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:22:15.0314 7748 RasSstp - ok
16:22:15.0353 7748 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:22:15.0356 7748 rdbss - ok
16:22:15.0378 7748 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:22:15.0379 7748 RDPCDD - ok
16:22:15.0409 7748 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:22:15.0412 7748 rdpdr - ok
16:22:15.0424 7748 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:22:15.0425 7748 RDPENCDD - ok
16:22:15.0468 7748 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:22:15.0470 7748 RDPWD - ok
16:22:15.0515 7748 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:22:15.0515 7748 RimUsb - ok
16:22:15.0538 7748 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:22:15.0540 7748 rspndr - ok
16:22:15.0609 7748 SASDIFSV - ok
16:22:15.0618 7748 SASKUTIL - ok
16:22:15.0644 7748 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:22:15.0646 7748 sbp2port - ok
16:22:15.0677 7748 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
16:22:15.0678 7748 sdbus - ok
16:22:15.0700 7748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:22:15.0701 7748 secdrv - ok
16:22:15.0724 7748 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:22:15.0725 7748 Serenum - ok
16:22:15.0750 7748 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:22:15.0752 7748 Serial - ok
16:22:15.0772 7748 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:22:15.0773 7748 sermouse - ok
16:22:15.0804 7748 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:22:15.0805 7748 sffdisk - ok
16:22:15.0825 7748 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:22:15.0826 7748 sffp_mmc - ok
16:22:15.0853 7748 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:22:15.0853 7748 sffp_sd - ok
16:22:15.0874 7748 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:22:15.0875 7748 sfloppy - ok
16:22:15.0914 7748 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
16:22:15.0920 7748 Sftfs - ok
16:22:15.0955 7748 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:22:15.0958 7748 Sftplay - ok
16:22:15.0982 7748 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:22:15.0983 7748 Sftredir - ok
16:22:16.0002 7748 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
16:22:16.0003 7748 Sftvol - ok
16:22:16.0034 7748 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:22:16.0035 7748 SiSRaid2 - ok
16:22:16.0047 7748 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:22:16.0048 7748 SiSRaid4 - ok
16:22:16.0088 7748 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:22:16.0089 7748 Smb - ok
16:22:16.0143 7748 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:22:16.0144 7748 spldr - ok
16:22:16.0225 7748 sptd (131575cdf93fdf365de107d0242e52d8) C:\Windows\System32\Drivers\sptd.sys
16:22:16.0231 7748 sptd - ok
16:22:16.0333 7748 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
16:22:16.0338 7748 SRTSP - ok
16:22:16.0362 7748 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
16:22:16.0362 7748 SRTSPX - ok
16:22:16.0408 7748 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:22:16.0412 7748 srv - ok
16:22:16.0444 7748 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:22:16.0446 7748 srv2 - ok
16:22:16.0483 7748 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:22:16.0485 7748 srvnet - ok
16:22:16.0525 7748 StarPortLite (415205b445c60b09e779f78d6df25667) C:\Windows\system32\DRIVERS\StarPortLite.sys
16:22:16.0526 7748 StarPortLite - ok
16:22:16.0562 7748 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:22:16.0563 7748 swenum - ok
16:22:16.0591 7748 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:22:16.0593 7748 Symc8xx - ok
16:22:16.0689 7748 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
16:22:16.0692 7748 SymDS - ok
16:22:16.0728 7748 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
16:22:16.0735 7748 SymEFA - ok
16:22:16.0779 7748 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:22:16.0781 7748 SymEvent - ok
16:22:16.0819 7748 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
16:22:16.0821 7748 SymIRON - ok
16:22:16.0865 7748 SYMTDIv (6cb70a5d30e4322bab4ad52866b0a4b8) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS
16:22:16.0868 7748 SYMTDIv - ok
16:22:16.0892 7748 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:22:16.0893 7748 Sym_hi - ok
16:22:16.0908 7748 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:22:16.0909 7748 Sym_u3 - ok
16:22:16.0983 7748 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
16:22:16.0993 7748 Tcpip - ok
16:22:17.0039 7748 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
16:22:17.0048 7748 Tcpip6 - ok
16:22:17.0091 7748 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:22:17.0092 7748 tcpipreg - ok
16:22:17.0111 7748 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:22:17.0111 7748 TDPIPE - ok
16:22:17.0132 7748 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:22:17.0133 7748 TDTCP - ok
16:22:17.0159 7748 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:22:17.0160 7748 tdx - ok
16:22:17.0198 7748 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:22:17.0200 7748 TermDD - ok
16:22:17.0238 7748 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:22:17.0239 7748 tssecsrv - ok
16:22:17.0270 7748 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:22:17.0271 7748 tunmp - ok
16:22:17.0311 7748 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:22:17.0312 7748 tunnel - ok
16:22:17.0332 7748 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:22:17.0333 7748 uagp35 - ok
16:22:17.0372 7748 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:22:17.0375 7748 udfs - ok
16:22:17.0403 7748 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:22:17.0404 7748 uliagpkx - ok
16:22:17.0432 7748 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:22:17.0434 7748 uliahci - ok
16:22:17.0448 7748 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:22:17.0450 7748 UlSata - ok
16:22:17.0463 7748 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:22:17.0465 7748 ulsata2 - ok
16:22:17.0482 7748 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:22:17.0483 7748 umbus - ok
16:22:17.0504 7748 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
16:22:17.0505 7748 UMPass - ok
16:22:17.0563 7748 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:22:17.0564 7748 USBAAPL64 - ok
16:22:17.0584 7748 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
16:22:17.0586 7748 usbaudio - ok
16:22:17.0597 7748 usbbus - ok
16:22:17.0639 7748 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:22:17.0640 7748 usbccgp - ok
16:22:17.0667 7748 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:22:17.0668 7748 usbcir - ok
16:22:17.0678 7748 UsbDiag - ok
16:22:17.0713 7748 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:22:17.0714 7748 usbehci - ok
16:22:17.0744 7748 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:22:17.0747 7748 usbhub - ok
16:22:17.0757 7748 USBModem - ok
16:22:17.0777 7748 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
16:22:17.0778 7748 usbohci - ok
16:22:17.0812 7748 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:22:17.0813 7748 usbprint - ok
16:22:17.0849 7748 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:22:17.0851 7748 usbscan - ok
16:22:17.0888 7748 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:22:17.0889 7748 USBSTOR - ok
16:22:17.0923 7748 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:22:17.0924 7748 usbuhci - ok
16:22:17.0962 7748 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
16:22:17.0963 7748 usbvideo - ok
16:22:17.0994 7748 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:22:17.0995 7748 vga - ok
16:22:18.0017 7748 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:22:18.0018 7748 VgaSave - ok
16:22:18.0037 7748 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
16:22:18.0038 7748 viaide - ok
16:22:18.0051 7748 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:22:18.0052 7748 volmgr - ok
16:22:18.0101 7748 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:22:18.0104 7748 volmgrx - ok
16:22:18.0126 7748 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:22:18.0129 7748 volsnap - ok
16:22:18.0143 7748 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:22:18.0145 7748 vsmraid - ok
16:22:18.0173 7748 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:22:18.0174 7748 WacomPen - ok
16:22:18.0265 7748 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:22:18.0266 7748 Wanarp - ok
16:22:18.0272 7748 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:22:18.0273 7748 Wanarpv6 - ok
16:22:18.0293 7748 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:22:18.0294 7748 Wd - ok
16:22:18.0333 7748 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:22:18.0339 7748 Wdf01000 - ok
16:22:18.0395 7748 winachsf (590812dd01a4fe83c6e92fdb701e59a6) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:22:18.0400 7748 winachsf - ok
16:22:18.0458 7748 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:22:18.0459 7748 WmiAcpi - ok
16:22:18.0511 7748 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
16:22:18.0512 7748 WpdUsb - ok
16:22:18.0533 7748 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:22:18.0534 7748 ws2ifsl - ok
16:22:18.0573 7748 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:22:18.0574 7748 WSDPrintDevice - ok
16:22:18.0606 7748 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:22:18.0608 7748 WUDFRd - ok
16:22:18.0631 7748 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
16:22:18.0632 7748 XAudio - ok
16:22:18.0674 7748 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
16:22:18.0676 7748 yukonx64 - ok
16:22:18.0697 7748 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
16:22:18.0702 7748 \Device\Harddisk0\DR0 - ok
16:22:18.0712 7748 Boot (0x1200) (bf7d9f3092173ae7cbdd646f53973371) \Device\Harddisk0\DR0\Partition0
16:22:18.0714 7748 \Device\Harddisk0\DR0\Partition0 - ok
16:22:18.0747 7748 Boot (0x1200) (7ec862e8edda1b1b0c2bc0084831494b) \Device\Harddisk0\DR0\Partition1
16:22:18.0747 7748 \Device\Harddisk0\DR0\Partition1 - ok
16:22:18.0748 7748 ============================================================
16:22:18.0748 7748 Scan finished
16:22:18.0748 7748 ============================================================
16:22:18.0762 7568 Detected object count: 0
16:22:18.0763 7568 Actual detected object count: 0
So does anyone else wonder what happened to the Jonas Brothers, No? Well, um, yeah, didn't think so...

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 AM

Posted 10 October 2011 - 05:29 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Waj Wounda

Waj Wounda
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 10 October 2011 - 06:08 PM

Did not fix, no difference...

ComboFix 11-10-10.04 - Dave 10/11/2011 16:46:41.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2188 [GMT -6:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
Command switches used :: c:\users\Dave\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\btn_search.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_e7a4.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\limewire_logo.png
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 22:58 . 2011-10-11 22:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-10-11 22:58 . 2011-10-11 22:58 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-10-11 22:58 . 2011-10-11 22:58 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-11 22:58 . 2011-10-11 22:58 -------- d-----w- c:\users\Kidling\AppData\Local\temp
2011-10-11 22:58 . 2011-10-11 22:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-11 22:58 . 2011-10-11 22:58 -------- d-----w- c:\users\Dave\AppData\Local\temp
2011-09-15 03:30 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-15 03:30 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 01:37 . 2011-09-14 01:39 -------- d-----w- c:\programdata\KeyExtender
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 21:50 . 2011-06-17 19:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 22:12 . 2010-11-14 07:49 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-10 19:11 . 2010-05-15 03:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-02 02:15 . 2011-09-02 02:15 53248 ----a-r- c:\users\Dave\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-03 11:50 . 2011-08-28 11:57 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-08-28 11:57 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2011-08-28 11:57 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-08-28 11:57 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-08-28 11:57 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-08-28 11:57 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-08-28 11:57 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-08-28 11:54 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2011-08-28 11:54 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-08-28 11:54 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-08-28 11:54 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-08-28 11:54 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-08-28 11:54 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-08-28 11:54 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-08-28 11:54 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-08-28 11:54 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-08-28 11:54 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-08-28 11:54 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-08-28 11:54 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-28 11:54 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-28 11:54 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-08-28 11:54 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-08-28 11:54 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-08-28 11:54 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-08-28 11:54 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 11:50 . 2011-08-28 11:54 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2011-08-28 11:54 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-08-28 11:54 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2010-10-16 19:13 335976 ----a-w- c:\windows\system32\nvhotkey.dll
2011-07-22 05:42 . 2011-08-12 00:06 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-12 00:06 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-12 00:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-12 00:06 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-12 00:06 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-12 00:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-09_22.35.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-09 22:58 . 2011-10-09 22:58 29651 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-10-08 18:18 . 2011-10-08 18:18 29651 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2008-01-21 02:23 . 2011-10-11 21:50 97738 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-08-05 16:35 . 2011-10-09 20:04 24424 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1219201912-2357815610-2664865005-1000_UserData.bin
+ 2009-08-05 16:35 . 2011-10-11 21:50 24424 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1219201912-2357815610-2664865005-1000_UserData.bin
- 2011-10-09 20:01 . 2011-10-09 20:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-11 21:47 . 2011-10-11 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-09 20:01 . 2011-10-09 20:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-11 21:47 . 2011-10-11 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:45 . 2011-10-11 21:50 108722 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2011-10-11 21:53 613964 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-10-09 20:07 613964 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-10-09 20:07 108632 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-10-11 21:53 108632 c:\windows\system32\perfc009.dat
- 2010-05-19 22:00 . 2011-10-08 18:18 345112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-19 22:00 . 2011-10-09 22:58 345112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-07 10:40 . 2011-10-08 00:16 1698344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1219201912-2357815610-2664865005-1000-8192.dat
+ 2011-06-07 10:40 . 2011-10-09 22:58 1698344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1219201912-2357815610-2664865005-1000-8192.dat
+ 2011-06-07 10:40 . 2011-10-09 22:58 15837708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1219201912-2357815610-2664865005-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SASDIFSV;SASDIFSV;c:\users\Dave\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Dave\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 135664]
R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 135664]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110920.001\BHDrvx64.sys [2011-09-09 1152632]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111007.030\IDSvia64.sys [2011-08-23 488568]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-10-06 365952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 136824]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 54514425
*Deregistered* - 54514425
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 02:36]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 02:36]
.
2011-09-12 c:\windows\Tasks\HPCeeScheduleForDave.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-21 18:34]
.
2010-07-24 c:\windows\Tasks\HPCeeScheduleForKidling.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-21 18:34]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: Interfaces\{38165970-8229-4D75-A359-E29702FC3CBC}: NameServer = 192.168.0.1,205.171.3.25
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="D99A3B28558E8B182FAF9E009E47088266CCE57A9CE0F90113D69776E573FB3EC8BAEFBDA17F30DB95870B880077B39287E023C8C817A431C03756D1FA7FB260A15583C27D3240BE7DBDB6C9D85616C660D520340B46A608E661204EE0FCE0B12354619568430EE616660538EDB7CBEA310B5AE309230718F4232B69BD1D15288D0F972A2BFD52CD900AFC5C4527D39DBEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67948EDD5E5BE2F6E6679DB7CE019D40AA5C8B821EB2C067A906ED4E8820BEC1AAAE6252D0ED7CC737218C8F2388597609055B81C95D3DFCDE55DA0E651BDFEBDA216A7A037D5CF8C3E134F8FAB018500A64FAC024B873F81E41363C4D77CEC61FDCFEC1963462DB4B82CB5B8BC161BACF8B7E251624696B5C1340B8BF55CFAB0F3EAB1FC0932F32A9114D68DEBDCF809B57EC3CA1C0D8C6DD9A2C85D21858571425F1B1C9DF15A18B1EA6F79269B45002AA41B25975AE64BB2A23CBACE792E7EDF5C7B9909F9BB2783D3A81D9CE143DECEA69DB636B8CFD641841D80BAE5E642F17931A85A07ED4C608DDA4FABAA7BB96804A2F7B1248B39A3E1599BD9ACB343FF436DEADF1ADD6A19A5BA1503D5B2713D9B9C7F19B6B88F2FDA3A429A125A3587E7D33A268CC6F0916F1DF47ACCEBEC468036429FCB4E3D6B66631C478E1638928AFE7121B3238D19F52E863A1D8A3E42364E61971921106D1C5199D1AB18734E806723C676BADA25EA269B9797F5D000212574B762DBF1037255F55C87688903DAD6BF7ED36B278007CB4755580547883B260E04E5D83DBD8D6269D8348C2A9A4C610AC11060C21B4EFC0D41ACCD981A862508CFEAF5323A624B53F146FF65DA1E640D87A8461C1B1FD27A972879E25F72D9A1653678AF318C7F91806EB4A5EBD96830D150BC2D12F9B25D9498A39BEFA9957D758F86AAE297282172770C2B482D37FEF91A9209DE9B31D60D0E024FEBE1CBEC0618E138AD54783C00B624FB9810F8239E4A34FC422A415CBFD4DBD6CD421B15684040F11A2DFD42E085D3E1DCC2DFDB746F1893B1D3FB6BD8AC2C75F5407B2AD1BEC47209647738A3A30C561FC8706CAB1BE6C47244B516DF26AE9035421E772448D0DE8BB7DFC97815B7C5D2E6B5468E7EAF8068201542478A0AD59F5B61EE3E0E0927220F6B627FE17E03BFE98441B6D8815E68990D6BF20F481B6D60242561892EE94569B89241CCE52F913C5D8FE095F8AAE8D1993B3B32D38C32032673053051FFDF5C7FE89021E146E931B3646C8EA05F2E733E606C0C109FEF9EAC56DC1CE81B01A4A496621D950BBA9B524B47ADB17A1F3E8D3D0175E8C371143379C55B7D9035F683A61AB08135F87A511A43414377993358041CCE34291"
"OOCC7.00.00.01PROSTATION"="A7572B5797139B57108B9CC5CB3D1051864E968D5C1E446E358136FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67948EDD5E5BE2F6E6679DB7CE019D40AA5C3A00B18B0E86D4E7901F7DFEB6840BE95DDEF0BC49A8AC6CFD6E14C6E99C00BC1BB42D00E69A7345CA53931CE6DCBE2C4E0721E0A96610B5D05524B85696D50141097513598A0D8DBD78080FD0D6A39881AA970390876C3D6E41E74C2A7522F428B0086990EEF65D3351AEF242A63A4F313A27558DFA8AC8A4EE49E5D6099425C9D7073FFE94EBA4771604F74EB6E6C71C19409A73E91574430E53FD8FD5C370A71CB8E1DA7B89295CF1A7DF4B256E4B079F7C2B59AD9E2F1EC4B8A3CD12288BC60F86B39AD7D282B8825A03D1C1FEF7B41917749BD499BA8B2D4CF64D299F7D30377FABFE122E1EE55C064C4193A53FF3C5F074D8A2DF2FE652092E0D3B6BA26F8E53530648E5BDC006B2BBBAD358E590DA0E42F20C2C7591360A92D11C31AA16835948754928732CF911E2A56F6C085DFE1484133E21CEEE4E127F24D2FA9938F50C3E571B872B8DA7F36BAA081D11B2CED177221542CB65020569D09A3446EE3E087AF8747B20CC72508EB9F38B446ADA35EB51A4F6546131EAD26664AFDCD5A610586A43DC62D8B0C39C043C3A37E126534693B28C22D2A972D5BA52A35D0FEA0A4402A86BD724AD8B787F1E9052FDA8627D9E3BB3C5ACB26B9FE43C279B3E3FFE43D7764739A3280B19678AD955A3CFC0A0EDEA0020E6844B7241AEB93F8D489DE849B7F9935054490B382945D03E79ECCCC125E9E87DCCAAA2EE673BC42721B7E0F729EA46A858F0EB35D1E6AABB7C8A381D004E2B70AB4699D3DA72F9BD5743E9C8B8EA08AD4FD070E313B69D101E62A946C6EDC5423680D418318884856CD955E58D2B5FE5C75C5F0F2C0EB5B11C5F7F49F6ECEA7B755BE526458ADB3756B9883A7EC22B5B45AA144595ADD699A51228F3C3D221276781F13026694B0E01447FF7992B9B1ABFF47C57F739B4C8DF2E29DA948CC355FBC0312818F9F2CC480048161E43B3B3211B9DDB2F375ABFE08B1A55826B82199808F148917746B67F16844A014DCF40C7A18EADCE14A586B726A7FCDBA2DC0B17EC950BBF7F0E946CD46B956BEF195687ACF96A1C9D4827E01E1232254BADC6C2A911B10291643448AFC636B7359296280920748E89C6B0D2B7AC9713E11DEADD1A6EC0EA143A64C1B9F3B1F80C909FE22553F156EDFC36F459E1939045AB1B9D3EC87FC1CF52FBFA2EE55273463B1A69137A4DD3C4964DA211ABD3BC3C2A81AA3C537A82F246D00A6BA3A41E9B8FADDB0B91B39C7017902D0C9B45E9EDC0C5A15DD2015D8F80C2F773C6F9A6A45F0853E728977A32531F5721D41B"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-10-11 17:02:32
ComboFix-quarantined-files.txt 2011-10-11 23:02
ComboFix2.txt 2011-10-09 22:39
.
Pre-Run: 93,722,849,280 bytes free
Post-Run: 93,205,430,272 bytes free
.
- - End Of File - - 0E43ABE90807A690F76F08D281626C58
So does anyone else wonder what happened to the Jonas Brothers, No? Well, um, yeah, didn't think so...

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 AM

Posted 10 October 2011 - 06:20 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Waj Wounda

Waj Wounda
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 10 October 2011 - 06:21 PM

7-Zip 9.20
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.0)
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
BufferChm
C4400
C4400_Help
CameraHelperMsi
Cards_Calendar_OrderGift_DoMorePlugout
Copy
D3DX10
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DocProc
DocProcQFolder
erLT
ESU for Microsoft Vista
eSupportQFolder
Game Booster 3
Google Update Helper
GPBaseService
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 H2
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
Java Auto Updater
Java™ 6 Update 27
Java™ 6 Update 7
Junk Mail filter update
LG USB Modem driver
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office Click-to-Run 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
OpenOffice.org 3.3
OS Files for Hero Editor
PanoStandAlone
PC SpeedScan Pro
Portforward Static IP Address 1.0.45
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickTime
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Segoe UI
SolutionCenter
SoulSeek 157 NS 13e
StarCraft II
Status
System Requirements Lab
System Requirements Lab CYRI
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
So does anyone else wonder what happened to the Jonas Brothers, No? Well, um, yeah, didn't think so...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 AM

Posted 10 October 2011 - 06:26 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Waj Wounda

Waj Wounda
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 10 October 2011 - 06:47 PM

I can't open the Malwarebytes Anti-Malware, a error 5 message occurs. But heres the HiJackThis Log...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:46:11 PM, on 10/11/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dave\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKUS\S-1-5-21-1219201912-2357815610-2664865005-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1219201912-2357815610-2664865005-1007\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'UpdatusUser')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38165970-8229-4D75-A359-E29702FC3CBC}: NameServer = 192.168.0.1,205.171.3.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{38165970-8229-4D75-A359-E29702FC3CBC}: NameServer = 192.168.0.1,205.171.3.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{38165970-8229-4D75-A359-E29702FC3CBC}: NameServer = 192.168.0.1,205.171.3.25
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 9973 bytes
So does anyone else wonder what happened to the Jonas Brothers, No? Well, um, yeah, didn't think so...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 AM

Posted 10 October 2011 - 06:52 PM

Uninstall Malwarebytes

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Waj Wounda

Waj Wounda
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 10 October 2011 - 07:12 PM

I don't have it installed...
So does anyone else wonder what happened to the Jonas Brothers, No? Well, um, yeah, didn't think so...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users