Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still having problems


  • This topic is locked This topic is locked
26 replies to this topic

#1 erthomp143

erthomp143

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 December 2011 - 09:31 PM

Continued from First post

Internet Explorer.. get IE stopped working error, then IE restarting. Also getting random IE window opens, just to home page. Also getting url redirects.

Windows 7 (64 bit) AMD processor TF-20... not sure what else to add..

I have ran Norton's, Spybot S&D, Malwarebyte's, SuperAntiSpyware, Avast, BitDefender, also got a hijack this log... I see tracking cookies but other than that no threats...

logs:

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Eric at 18:03:53 on 2011-12-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1455 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27360310f825l0394z185t4842x29s
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27360310f825l0394z185t4842x29s
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27360310f825l0394z185t4842x29s
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [tsnpstd3] C:\Windows\tsnpstd3.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\RCADET~1.LNK - C:\Users\Eric\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SYSTEM~1\PHILIP~1.LNK - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send To &Bluetooth - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: //80/
Trusted Zone: remocam.net\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B37D8AB5-3A6C-4219-BC46-93B26EF0E53D} - hxxp://www.remocam.net/XViewer.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{84412028-F34C-4A25-8B20-EE41BB07A738} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{93168A75-FF4B-4541-A4A3-CAD18F78781F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{93168A75-FF4B-4541-A4A3-CAD18F78781F}\035324430313836303537373 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{93168A75-FF4B-4541-A4A3-CAD18F78781F}\25F69716C60234F6572747D2373616E6E696E676 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{93168A75-FF4B-4541-A4A3-CAD18F78781F}\3636D2D686 : DhcpNameServer = 192.168.0.1 68.238.64.12
TCP: Interfaces\{93168A75-FF4B-4541-A4A3-CAD18F78781F}\C696E6B6379737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{93168A75-FF4B-4541-A4A3-CAD18F78781F}\D4F4257414E48494C4C494E4E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{93168A75-FF4B-4541-A4A3-CAD18F78781F}\D4F6277616E68496C6C60294E6E6 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{93168A75-FF4B-4541-A4A3-CAD18F78781F}\E4544574541425 : DhcpNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [tsnpstd3] C:\Windows\tsnpstd3.exe
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
Hosts: 178.250.45.15 www.statcounter.com.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\e3rm4rco.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=90468578000000000000904ce5146dd8&tlver=1.4.31.2&instlRef=sst&affID=100633&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\e3rm4rco.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\e3rm4rco.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [2011-11-29 1156216]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111209.002\IDSviA64.sys [2011-12-9 488568]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-4-27 328536]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
R2 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2011-11-23 1029480]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-15 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-23 138760]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-3 1153368]
R2 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2011-11-23 1037672]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-10-2 2358656]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-15 240160]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-23 138360]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-16 135664]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-9-20 21712]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-16 135664]
S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.sys [2011-11-24 617088]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SymDSMon;SymDSMon;\??\C:\Windows\system32\drivers\SymDSMon.sys --> C:\Windows\system32\drivers\SymDSMon.sys [?]
S3 SYMSpeedDisk;SYMSpeedDisk;C:\Windows\System32\drivers\SymSpeedDisk.sys [2011-11-23 108800]
S3 SystemExplorerHelpService;System Explorer Help Service;C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe [2011-12-1 712520]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-11 22:11:39 -------- d-----w- C:\Users\Eric\AppData\Local\{8B9C2238-6CFD-4466-9F6F-D6E7BB37E611}
2011-12-11 22:11:25 -------- d-----w- C:\Users\Eric\AppData\Local\{72A697A4-9BBC-4678-9006-41A2A815225E}
2011-12-10 22:18:30 -------- d-----w- C:\Users\Eric\AppData\Local\{7367C047-24B8-403D-AA0E-85612E3784C4}
2011-12-10 22:18:16 -------- d-----w- C:\Users\Eric\AppData\Local\{8A003A9B-A089-4396-ACA9-599FD720F02A}
2011-12-10 20:48:59 -------- d-----w- C:\Users\Eric\AppData\Local\{82B6FE8F-23E7-4618-83BC-2318210EBE3F}
2011-12-10 20:47:32 -------- d-----w- C:\Users\Eric\AppData\Local\{63697B92-EEB8-40D9-8729-E9724D6729F6}
2011-12-09 23:33:55 -------- d-----w- C:\Users\Eric\AppData\Local\{EDA1E607-8912-4E66-B83E-544E5AE704D5}
2011-12-09 23:33:42 -------- d-----w- C:\Users\Eric\AppData\Local\{CA3DA5B0-BDB3-4E3A-87A0-C3FEE77B57CE}
2011-12-09 20:41:25 -------- d-----w- C:\Users\Eric\AppData\Local\{4E402DAA-D157-4AD8-A585-AB26A2705ED8}
2011-12-08 17:26:38 -------- d-----w- C:\Users\Eric\AppData\Local\{3CCDE8C8-A519-4AAD-9E0B-3B021C3836F7}
2011-12-08 17:26:23 -------- d-----w- C:\Users\Eric\AppData\Local\{4E1899A0-BCE8-46E7-8039-90D58B44B119}
2011-12-07 20:44:01 -------- d-----w- C:\Users\Eric\AppData\Local\{7E2AFF3C-FA9D-4A83-A4BF-5DF10ED72A2B}
2011-12-07 20:43:47 -------- d-----w- C:\Users\Eric\AppData\Local\{29D5855A-88BE-4A46-B555-780F5FA7ECE7}
2011-12-07 17:02:39 -------- d-----w- C:\Users\Eric\AppData\Local\{B4DBEEC3-B3E3-421A-B9F2-4ECD2A084023}
2011-12-07 17:01:11 -------- d-----w- C:\Users\Eric\AppData\Local\{C3D83172-6BD3-477E-BDE8-832F1A4CC03E}
2011-12-07 06:29:37 -------- d-----w- C:\Users\Eric\AppData\Local\{22014A1B-3F79-4C1C-A802-4EC02C15DC28}
2011-12-07 06:29:16 -------- d-----w- C:\Users\Eric\AppData\Local\{E2A8C563-612A-4E56-A35A-9B64FD1E0CC4}
2011-12-06 17:49:03 -------- d-----w- C:\Users\Eric\AppData\Local\{04CF5790-90EC-4943-A5D8-3CE8C09F2D62}
2011-12-06 17:48:49 -------- d-----w- C:\Users\Eric\AppData\Local\{7E26B892-3DA5-4DCE-A9E5-5A7752B5EBFA}
2011-12-05 21:58:39 -------- d-----w- C:\Users\Eric\AppData\Local\{228675FD-3874-4ADB-85AD-362930EA623B}
2011-12-05 21:58:26 -------- d-----w- C:\Users\Eric\AppData\Local\{661CC04A-871A-4BF3-B6C5-180612BF25D7}
2011-12-05 08:33:23 -------- d-----w- C:\Users\Eric\AppData\Local\{555B2E80-7904-495E-9720-8A34A4F646C6}
2011-12-05 08:33:09 -------- d-----w- C:\Users\Eric\AppData\Local\{C3E16F36-6162-4C69-BDF0-1D5947607DEB}
2011-12-04 18:00:57 -------- d-----w- C:\Users\Eric\AppData\Local\{471BE7FC-3775-496A-81DF-9980BA770B19}
2011-12-04 18:00:43 -------- d-----w- C:\Users\Eric\AppData\Local\{CFB95AAD-A04D-46D4-BC0E-AEB536F54975}
2011-12-03 19:31:02 -------- d-----w- C:\Users\Eric\AppData\Local\{67AFD1C5-3CDC-4B50-B899-502814A5A625}
2011-12-03 19:30:49 -------- d-----w- C:\Users\Eric\AppData\Local\{0BFE4100-E18F-4043-81DA-357604EC9535}
2011-12-03 17:30:12 -------- d-----w- C:\Users\Eric\AppData\Local\{D4BC443A-08E5-457F-895B-EC892913430A}
2011-12-03 17:29:58 -------- d-----w- C:\Users\Eric\AppData\Local\{2D18E65A-EEE5-49EB-8B16-7AD303C0AA85}
2011-12-02 21:27:05 -------- d-----w- C:\Users\Eric\AppData\Local\{C28FE742-0D35-4A87-B6C9-A4AC2487F6C1}
2011-12-02 21:26:51 -------- d-----w- C:\Users\Eric\AppData\Local\{FA91E006-0B6F-41BA-B624-5CEFED1D6648}
2011-12-02 04:54:49 -------- d-----w- C:\Users\Eric\AppData\Local\{E42FB394-4A60-4A79-A9A8-9D4BF561300E}
2011-12-02 04:54:35 -------- d-----w- C:\Users\Eric\AppData\Local\{E94D4A2A-9FE1-4B3B-BAE6-1D91F1623C62}
2011-12-01 21:33:25 -------- d-----w- C:\ProgramData\WEBREG
2011-12-01 21:31:23 -------- d-----w- C:\Users\Eric\AppData\Local\HP
2011-12-01 21:23:43 -------- d-----w- C:\Windows\SysWow64\spool
2011-12-01 21:18:40 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-12-01 21:18:01 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-12-01 21:12:21 -------- d-----w- C:\Program Files (x86)\HP
2011-12-01 21:10:11 -------- d-----w- C:\Program Files\HP
2011-12-01 21:07:19 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2011-12-01 19:30:51 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-12-01 19:30:15 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-12-01 19:30:02 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-12-01 19:29:24 108544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-01 19:29:15 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-12-01 19:29:15 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-12-01 15:14:56 -------- d-----w- C:\Users\Eric\AppData\Local\{0EB807CC-9FB2-4EEA-A6D9-521DF33E6538}
2011-12-01 15:14:30 -------- d-----w- C:\Users\Eric\AppData\Local\{C83FD482-348A-492F-A117-5B82ACF5976B}
2011-12-01 01:15:51 -------- d-----w- C:\Users\Eric\AppData\Local\{18A43D01-50BD-4365-866C-666F055A08EE}
2011-12-01 01:15:38 -------- d-----w- C:\Users\Eric\AppData\Local\{8BECB1AD-A498-4C1D-9ECA-A3E367B40209}
2011-11-30 07:16:48 -------- d-----w- C:\Users\Eric\AppData\Local\{17F663B7-DDB7-4F39-AE03-2614CD238EE1}
2011-11-30 07:16:31 -------- d-----w- C:\Users\Eric\AppData\Local\{6C6B8D6C-EE78-46CA-A83D-7B368E74B196}
2011-11-29 17:23:12 -------- d-----w- C:\Users\Eric\AppData\Local\{40DBDA6E-79CF-4407-99BD-82A9C45EB806}
2011-11-29 17:22:55 -------- d-----w- C:\Users\Eric\AppData\Local\{1394D924-0EC6-484D-94DF-7F6525A64F46}
2011-11-28 17:22:51 -------- d-----w- C:\Users\Eric\AppData\Local\{1A411CFC-7025-43EF-A4A0-3EBE0D3ED60D}
2011-11-28 17:22:38 -------- d-----w- C:\Users\Eric\AppData\Local\{33B388A8-17D9-497A-B8F4-7FC56F871B2B}
2011-11-27 23:14:09 -------- d-----w- C:\Users\Eric\AppData\Local\{5015131F-2103-42D0-9E92-97EF33E7A627}
2011-11-27 23:13:48 -------- d-----w- C:\Users\Eric\AppData\Local\{F49AB785-D245-496D-8188-42DC3A5974B1}
2011-11-25 19:06:56 -------- d-----w- C:\Users\Eric\AppData\Local\{26BAF803-00E8-47BC-AA9E-197E564B22D7}
2011-11-25 19:06:41 -------- d-----w- C:\Users\Eric\AppData\Local\{68CB2264-AA51-488A-B722-ECFDD7C9F417}
2011-11-25 09:10:10 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-25 07:02:18 -------- d-----w- C:\Users\Eric\AppData\Local\{FD521586-8AAD-4C5A-BE14-75375BBA97D5}
2011-11-25 07:01:56 -------- d-----w- C:\Users\Eric\AppData\Local\{FF4F5D70-126D-432C-B2B9-A88A11406C50}
2011-11-25 06:22:14 94208 ----a-w- C:\Windows\amcap.exe
2011-11-25 06:22:05 843776 ----a-w- C:\Windows\vsnpstd3.exe
2011-11-25 06:22:05 262144 ----a-w- C:\Windows\tsnpstd3.exe
2011-11-25 06:22:05 166912 ----a-w- C:\Windows\System32\rsnpstd3.dll
2011-11-25 06:22:04 10246144 ----a-w- C:\Windows\SysWow64\drivers\snpstd3.sys
2011-11-25 06:22:03 61440 ----a-w- C:\Windows\SysWow64\vsnpstd3.dll
2011-11-25 06:22:03 172032 ----a-w- C:\Windows\SysWow64\rsnpstd3.dll
2011-11-25 06:22:02 53248 ----a-w- C:\Windows\csnpstd3.dll
2011-11-25 06:22:02 18944 ----a-w- C:\Windows\System32\csnpstd3.dll
2011-11-25 06:21:59 -------- d-----w- C:\Program Files (x86)\Common Files\snpstd3
2011-11-25 05:14:27 40960 ----a-w- C:\Windows\98Setup.exe
2011-11-25 05:14:27 119568 ----a-w- C:\Windows\SysWow64\KSPRf3ff.rra
2011-11-25 05:14:26 -------- d-----w- C:\Program Files (x86)\PC Camera
2011-11-25 05:14:25 617088 ----a-w- C:\Windows\SysWow64\drivers\PFC027.sys
2011-11-25 05:14:25 14336 ----a-w- C:\Windows\SysWow64\P207USD.dll
2011-11-25 05:14:25 -------- d-----w- C:\Program Files (x86)\Common Files\PAC207
2011-11-25 05:13:48 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-11-25 05:13:47 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-25 05:13:47 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-25 05:13:47 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-25 05:13:47 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-25 05:13:46 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-25 05:13:45 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-25 05:13:45 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-25 00:00:27 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-11-24 23:59:43 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-11-24 23:59:43 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-11-24 23:38:57 -------- d-----w- C:\AMD
2011-11-24 23:16:11 -------- d-----w- C:\Users\Eric\AppData\Roaming\Norton Utilities
2011-11-24 16:44:59 -------- d-----w- C:\Users\Eric\AppData\Local\{D84442EB-014E-438B-B664-CF1F9C5BA636}
2011-11-24 16:44:45 -------- d-----w- C:\Users\Eric\AppData\Local\{CD997433-9559-46F2-8B8D-CD9D4A3DF2E6}
2011-11-24 00:37:52 -------- d-----w- C:\ProgramData\Norton Installer
2011-11-24 00:36:53 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-11-24 00:36:51 191232 ----a-w- C:\Windows\System32\drivers\SymDSMon.sys
2011-11-24 00:36:51 163384 ----a-w- C:\Windows\System32\drivers\SymSpeedDisk.sys
2011-11-24 00:36:51 108800 ----a-w- C:\Windows\SysWow64\drivers\SymSpeedDisk.sys
2011-11-24 00:36:49 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec
2011-11-24 00:36:48 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2011-11-24 00:36:48 39784 ----a-w- C:\Windows\System32\CleanMFT64.exe
2011-11-24 00:36:48 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2011-11-24 00:36:48 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
2011-11-24 00:36:47 506368 ----a-w- C:\Windows\SysWow64\msxml.dll
2011-11-24 00:36:43 -------- d-----w- C:\ProgramData\Symantec
2011-11-24 00:36:43 -------- d-----w- C:\Program Files (x86)\Norton Utilities 15
2011-11-23 22:47:35 -------- d-----w- C:\Users\Eric\AppData\Local\{EF8A0B82-3E8F-4B41-BE82-75F437B4356D}
2011-11-23 22:46:18 -------- d-----w- C:\Users\Eric\AppData\Local\{90C2CB0C-B90A-460C-B1E3-AB654A08E744}
2011-11-23 19:39:53 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-11-23 19:06:52 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys
2011-11-23 19:06:52 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys
2011-11-23 19:06:52 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys
2011-11-23 19:06:51 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys
2011-11-23 19:06:51 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys
2011-11-23 19:06:51 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys
2011-11-23 19:06:51 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys
2011-11-23 19:06:26 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A
2011-11-23 18:51:35 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-11-23 18:51:35 -------- d-----w- C:\Program Files\Symantec
2011-11-23 18:51:35 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-11-23 18:50:22 -------- d-----w- C:\Windows\System32\drivers\NISx64
2011-11-23 18:50:18 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2011-11-23 18:50:17 -------- d-----w- C:\ProgramData\Norton
2011-11-23 18:43:34 -------- d-----w- C:\ProgramData\NortonInstaller
2011-11-23 18:43:34 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-11-23 06:45:28 -------- d-----w- C:\Users\Eric\AppData\Local\{58227B7E-CE9C-4066-9BAC-81886E4BB49F}
2011-11-23 06:45:01 -------- d-----w- C:\Users\Eric\AppData\Local\{66BF8F96-8F24-4C29-811F-F43D0D420AD1}
2011-11-22 16:33:40 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34E28D80-3F78-4E85-87FB-6CEA6775D2D9}\mpengine.dll
2011-11-21 16:42:31 -------- d-----w- C:\Users\Eric\AppData\Local\{D2093C0D-0F68-4E40-9F11-94159E907FDB}
2011-11-21 16:42:17 -------- d-----w- C:\Users\Eric\AppData\Local\{5DF7052E-9805-4B30-A5EE-C4E2A6C7050E}
2011-11-20 18:40:41 -------- d-----w- C:\Users\Eric\AppData\Local\{F212C4E9-08A4-4B59-9ADB-0CDCEE2E3AE1}
2011-11-20 18:40:27 -------- d-----w- C:\Users\Eric\AppData\Local\{2956CFC5-E22C-4DEA-984D-6B323D156A6D}
2011-11-20 00:46:26 -------- d-----w- C:\Users\Eric\AppData\Local\{4ED58902-B6EF-4637-815F-CD24C2ECF3CA}
2011-11-20 00:46:13 -------- d-----w- C:\Users\Eric\AppData\Local\{E5B2E656-0019-462E-821D-FE08DF13997D}
2011-11-19 07:05:25 -------- d-----w- C:\Users\Eric\AppData\Local\{29807B5E-3924-4BE8-BBD6-BDFE1E9D42AA}
2011-11-19 07:05:06 -------- d-----w- C:\Users\Eric\AppData\Local\{2EEB6CE8-3A8A-4AB3-ACD6-507E5B25C53A}
2011-11-18 18:42:26 -------- d-----w- C:\Users\Eric\AppData\Local\{81FB5572-84F8-446E-8E6C-CECAED088653}
2011-11-18 18:40:48 -------- d-----w- C:\Users\Eric\AppData\Local\{90A4CA5C-666F-43B8-8D1F-8152DC6A712B}
2011-11-17 17:49:47 -------- d-----w- C:\Users\Eric\AppData\Local\{70031C35-8339-49C0-A0A4-D8A3048B74C9}
2011-11-17 17:49:35 -------- d-----w- C:\Users\Eric\AppData\Local\{A3A298CA-DBD4-4A49-B5CF-13D1747F03FF}
2011-11-16 21:22:19 -------- d-----w- C:\Users\Eric\AppData\Local\{22068245-C9B5-4E8C-847D-50ED69189807}
2011-11-16 21:22:03 -------- d-----w- C:\Users\Eric\AppData\Local\{AC662157-A811-4EB0-9E63-9F1871297DDA}
2011-11-16 04:55:19 -------- d-----w- C:\Users\Eric\AppData\Local\{9A5C4E87-7694-465F-8D89-111F29ACB4F3}
2011-11-16 04:55:05 -------- d-----w- C:\Users\Eric\AppData\Local\{51AEF3FC-11A6-446D-82E0-274F33F06472}
2011-11-15 15:52:36 -------- d-----w- C:\Users\Eric\AppData\Local\{DA696AFA-AD12-4B1A-ABD4-009F5DE28D60}
2011-11-15 15:52:22 -------- d-----w- C:\Users\Eric\AppData\Local\{3A26D33E-955D-4261-93B6-56606EFAB5F8}
2011-11-15 07:59:30 -------- d-----w- C:\Users\Eric\AppData\Roaming\QuickScan
2011-11-14 16:28:55 -------- d-----w- C:\Users\Eric\AppData\Local\{FF90D06B-2B02-47D4-8C8A-E94115DFC312}
2011-11-14 16:28:42 -------- d-----w- C:\Users\Eric\AppData\Local\{97E7EBEC-2B1C-4148-BDDC-04AFA114A23A}
2011-11-14 04:23:51 -------- d-----w- C:\Users\Eric\AppData\Local\{5706A114-796C-44A6-A77E-261AB03E51FF}
2011-11-14 04:23:34 -------- d-----w- C:\Users\Eric\AppData\Local\{01DA11AC-5330-40AD-8E03-6E4817E7DC0C}
2011-11-13 22:20:33 388096 ----a-r- C:\Users\Eric\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-13 22:20:29 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-13 08:39:36 -------- d-----w- C:\Users\Eric\AppData\Local\{C37CB960-BB28-47F5-BAEC-2E7729967B6A}
2011-11-13 08:39:01 -------- d-----w- C:\Users\Eric\AppData\Local\{8322CF9A-918A-4CC6-AC02-5AB48F9A75FF}
2011-11-12 22:19:41 -------- d-----w- C:\Users\Eric\AppData\Local\{88727902-F823-4B8C-8925-D1BD300D92B6}
2011-11-12 04:35:35 -------- d-----w- C:\Users\Eric\AppData\Local\{2DDBD512-90A6-4388-BA61-CE41D3E19670}
2011-11-12 04:35:10 -------- d-----w- C:\Users\Eric\AppData\Local\{6B9FD649-FB62-483D-94AC-90E68D88B8BD}
.
==================== Find3M ====================
.
2011-11-20 01:08:47 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-20 01:08:46 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-16 21:12:53 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-26 05:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-10-26 05:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-10-26 05:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
2011-10-26 05:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
2011-10-26 05:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-26 05:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-10-20 06:14:52 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-10-20 06:14:32 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-10-13 00:14:54 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-09-20 16:29:41 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
.
============= FINISH: 18:14:45.92 ===============


Attached File  Attach.zip   3.13KB   1 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 14 December 2011 - 10:32 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 erthomp143

erthomp143
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 15 December 2011 - 05:22 PM

Hi Gringo,

Thank you for your help...

Combofix ran fine, but IE kept opening durning the process. I'm still having the same issue, but need to add that once in a while I get a blue screen and the system restarts. This is not new since running combofix just something I forgot to add before...

Here's the log:

-logComboFix 11-12-15.02 - Eric 12/15/2011 10:37:24.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1525 [GMT -8:00]
Running from: c:\users\Eric\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\e3rm4rco.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 19:24 . 2011-12-15 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-14 21:56 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 21:53 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 21:53 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 21:53 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-01 21:33 . 2011-12-01 21:33 -------- d-----w- c:\programdata\WEBREG
2011-12-01 21:32 . 2011-12-01 21:36 -------- d-----w- c:\users\Eric\AppData\Roaming\HP
2011-12-01 21:31 . 2011-12-01 21:31 -------- d-----w- c:\users\Eric\AppData\Local\HP
2011-12-01 21:25 . 2011-12-01 21:25 -------- d-----w- c:\programdata\HP Product Assistant
2011-12-01 21:23 . 2011-12-01 21:23 -------- d-----w- c:\windows\SysWow64\spool
2011-12-01 21:18 . 2011-12-01 21:18 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-12-01 21:18 . 2011-12-01 21:18 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-12-01 21:12 . 2011-12-01 21:26 -------- d-----w- c:\program files (x86)\HP
2011-12-01 21:10 . 2011-12-01 21:10 -------- d-----w- c:\program files\HP
2011-12-01 21:07 . 2011-12-01 21:33 -------- d-----w- c:\programdata\HP
2011-12-01 21:07 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-12-01 19:30 . 2011-12-01 19:30 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-12-01 19:30 . 2011-12-01 19:30 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-12-01 19:30 . 2011-12-01 19:30 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-12-01 19:29 . 2011-12-01 19:29 108544 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-01 19:29 . 2011-12-01 19:29 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-01 19:29 . 2011-12-01 19:29 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-25 09:10 . 2011-11-25 09:10 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-25 06:22 . 2006-07-03 18:31 94208 ----a-w- c:\windows\amcap.exe
2011-11-25 06:22 . 2007-03-31 01:44 262144 ----a-w- c:\windows\tsnpstd3.exe
2011-11-25 06:22 . 2007-03-21 23:23 166912 ----a-w- c:\windows\system32\rsnpstd3.dll
2011-11-25 06:22 . 2006-09-18 22:12 843776 ----a-w- c:\windows\vsnpstd3.exe
2011-11-25 06:22 . 2007-04-14 03:24 10246144 ----a-w- c:\windows\SysWow64\drivers\snpstd3.sys
2011-11-25 06:22 . 2007-03-30 23:09 61440 ----a-w- c:\windows\SysWow64\vsnpstd3.dll
2011-11-25 06:22 . 2007-03-21 23:23 172032 ----a-w- c:\windows\SysWow64\rsnpstd3.dll
2011-11-25 06:22 . 2005-11-23 21:55 53248 ----a-w- c:\windows\csnpstd3.dll
2011-11-25 06:22 . 2005-11-23 04:40 18944 ----a-w- c:\windows\system32\csnpstd3.dll
2011-11-25 06:21 . 2011-11-26 05:51 -------- d-----w- c:\program files (x86)\Common Files\snpstd3
2011-11-25 05:14 . 2004-11-22 21:37 40960 ----a-w- c:\windows\98Setup.exe
2011-11-25 05:14 . 2000-06-09 01:00 119568 ----a-w- c:\windows\SysWow64\KSPRf3ff.rra
2011-11-25 05:14 . 2011-11-25 05:14 -------- d-----w- c:\program files (x86)\PC Camera
2011-11-25 05:14 . 2011-11-25 05:14 -------- d-----w- c:\program files (x86)\Common Files\PAC207
2011-11-25 05:14 . 2007-10-26 02:31 617088 ----a-w- c:\windows\SysWow64\drivers\PFC027.sys
2011-11-25 05:14 . 2006-10-12 19:57 14336 ----a-w- c:\windows\SysWow64\P207USD.dll
2011-11-25 05:13 . 2005-11-14 07:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-11-25 05:13 . 2005-11-14 07:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-25 05:13 . 2005-11-14 07:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-25 05:13 . 2005-11-14 07:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-25 05:13 . 2005-11-14 07:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-25 05:13 . 2005-11-14 07:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-25 05:13 . 2011-11-25 05:13 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-25 05:13 . 2011-11-25 05:13 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-25 00:00 . 2011-11-25 00:00 -------- d-----w- c:\programdata\ATI
2011-11-25 00:00 . 2011-11-25 00:00 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-24 23:59 . 2011-11-24 23:59 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-24 23:59 . 2011-11-24 23:59 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-11-24 23:38 . 2011-11-24 23:38 -------- d-----w- C:\AMD
2011-11-24 23:16 . 2011-11-24 23:18 -------- d-----w- c:\users\Eric\AppData\Roaming\Norton Utilities
2011-11-24 00:37 . 2011-11-24 00:37 -------- d-----w- c:\programdata\Norton Installer
2011-11-24 00:36 . 2010-11-30 10:23 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-11-24 00:36 . 2010-11-30 10:24 191232 ----a-w- c:\windows\system32\drivers\SymDSMon.sys
2011-11-24 00:36 . 2010-11-30 10:24 163384 ----a-w- c:\windows\system32\drivers\SymSpeedDisk.sys
2011-11-24 00:36 . 2010-11-30 10:24 108800 ----a-w- c:\windows\SysWow64\drivers\SymSpeedDisk.sys
2011-11-24 00:36 . 2011-11-24 00:36 -------- d-----w- c:\program files (x86)\Common Files\Symantec
2011-11-24 00:36 . 2010-11-30 10:24 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2011-11-24 00:36 . 2010-11-30 10:24 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2011-11-24 00:36 . 2010-11-30 10:24 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2011-11-24 00:36 . 2010-11-30 10:23 39784 ----a-w- c:\windows\system32\CleanMFT64.exe
2011-11-24 00:36 . 2010-11-30 10:24 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2011-11-24 00:36 . 2011-11-24 23:11 -------- d-----w- c:\program files (x86)\Norton Utilities 15
2011-11-24 00:36 . 2011-11-24 00:36 -------- d-----w- c:\programdata\Symantec
2011-11-23 19:39 . 2011-11-23 19:39 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-11-23 18:51 . 2011-11-23 18:51 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-11-23 18:51 . 2011-11-23 18:51 -------- d-----w- c:\program files\Symantec
2011-11-23 18:51 . 2011-11-23 18:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-23 18:50 . 2011-11-23 19:14 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-11-23 18:50 . 2011-11-23 18:50 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-11-23 18:50 . 2011-11-23 18:50 -------- d-----w- c:\programdata\Norton
2011-11-23 18:43 . 2011-11-23 18:43 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-11-22 16:33 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E28D80-3F78-4E85-87FB-6CEA6775D2D9}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 01:08 . 2011-08-21 02:56 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-20 01:08 . 2011-08-21 21:58 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-16 21:12 . 2011-05-16 15:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-13 22:20 . 2011-11-13 22:20 388096 ----a-r- c:\users\Eric\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-26 05:21 . 2011-10-26 05:21 66560 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-26 05:21 . 2011-10-26 05:21 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-10-26 05:21 . 2011-10-26 05:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-26 05:21 . 2011-10-26 05:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-26 05:21 . 2011-10-26 05:21 16991744 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-26 05:20 . 2011-10-26 05:20 13950464 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-20 06:14 . 2011-10-20 06:14 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-10-20 06:14 . 2011-10-20 06:14 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-13 00:14 . 2011-10-13 00:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-29 16:29 . 2011-11-08 23:15 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-20 16:29 . 2011-09-20 16:29 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-31 262144]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-01 296056]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
.
c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
RCA Detective.lnk - c:\users\Eric\Documents\RCA Detective\RCADetective.exe [2010-3-18 910848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-12-27 1701224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=vpnt.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-09-20 21712]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 135664]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-05-05 177664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [x]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2010-11-30 163384]
R3 SystemExplorerHelpService;System Explorer Help Service;c:\program files (x86)\System Explorer\SystemExplorerService64.exe [2011-09-22 712520]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-11-15 1156216]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111214.001\IDSvia64.sys [2011-11-23 488568]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-26 361984]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2010-11-30 1029480]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2010-11-30 1037672]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-23 138360]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 22:20]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-16 22:20]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2641880275-27559060-2151379789-1000Core.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 19:21]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2641880275-27559060-2151379789-1000UA.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 19:21]
.
2011-12-15 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Norton Utilities 15\nu.exe [2011-11-24 10:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=27360310f825l0394z185t4842x29s
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: //80/
Trusted Zone: remocam.net\www
TCP: DhcpNameServer = 192.168.0.1
DPF: {B37D8AB5-3A6C-4219-BC46-93B26EF0E53D} - hxxp://www.remocam.net/XViewer.cab
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\e3rm4rco.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=90468578000000000000904ce5146dd8&tlver=1.4.31.2&instlRef=sst&affID=100633&q=
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-15 11:53:21
ComboFix-quarantined-files.txt 2011-12-15 19:53
.
Pre-Run: 44,963,139,584 bytes free
Post-Run: 44,301,459,456 bytes free
.
- - End Of File - - C76A5B5B38AC90E3693F5350BA82D734


Eric

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 16 December 2011 - 11:44 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 erthomp143

erthomp143
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 16 December 2011 - 02:08 PM

no threat... same problem...

Here's the log:

11:04:50.0437 3076 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:04:52.0172 3076 ============================================================
11:04:52.0172 3076 Current date / time: 2011/12/16 11:04:52.0172
11:04:52.0172 3076 SystemInfo:
11:04:52.0172 3076
11:04:52.0172 3076 OS Version: 6.1.7601 ServicePack: 1.0
11:04:52.0172 3076 Product type: Workstation
11:04:52.0173 3076 ComputerName: PT109
11:04:52.0173 3076 UserName: Eric
11:04:52.0173 3076 Windows directory: C:\Windows
11:04:52.0173 3076 System windows directory: C:\Windows
11:04:52.0173 3076 Running under WOW64
11:04:52.0173 3076 Processor architecture: Intel x64
11:04:52.0173 3076 Number of processors: 1
11:04:52.0173 3076 Page size: 0x1000
11:04:52.0173 3076 Boot type: Normal boot
11:04:52.0173 3076 ============================================================
11:04:57.0702 3076 Initialize success
11:05:00.0565 5748 ============================================================
11:05:00.0565 5748 Scan started
11:05:00.0565 5748 Mode: Manual;
11:05:00.0565 5748 ============================================================
11:05:04.0695 5748 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:05:04.0730 5748 1394ohci - ok
11:05:04.0870 5748 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:05:04.0882 5748 ACPI - ok
11:05:04.0943 5748 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:05:04.0946 5748 AcpiPmi - ok
11:05:05.0219 5748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:05:05.0295 5748 adp94xx - ok
11:05:05.0371 5748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:05:05.0380 5748 adpahci - ok
11:05:05.0413 5748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:05:05.0420 5748 adpu320 - ok
11:05:05.0540 5748 Afc - ok
11:05:05.0735 5748 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:05:05.0753 5748 AFD - ok
11:05:05.0855 5748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:05:05.0861 5748 agp440 - ok
11:05:05.0902 5748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:05:05.0908 5748 aliide - ok
11:05:06.0018 5748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:05:06.0050 5748 amdide - ok
11:05:06.0118 5748 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:05:06.0147 5748 amdiox64 - ok
11:05:06.0258 5748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:05:06.0262 5748 AmdK8 - ok
11:05:06.0314 5748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:05:06.0340 5748 AmdPPM - ok
11:05:06.0420 5748 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:05:06.0449 5748 amdsata - ok
11:05:06.0543 5748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:05:06.0602 5748 amdsbs - ok
11:05:06.0688 5748 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:05:06.0693 5748 amdxata - ok
11:05:06.0760 5748 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:05:06.0765 5748 AppID - ok
11:05:06.0989 5748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:05:07.0112 5748 arc - ok
11:05:07.0229 5748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:05:07.0251 5748 arcsas - ok
11:05:07.0425 5748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:05:07.0429 5748 AsyncMac - ok
11:05:07.0470 5748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:05:07.0471 5748 atapi - ok
11:05:07.0703 5748 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
11:05:07.0998 5748 atikmdag - ok
11:05:08.0146 5748 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
11:05:08.0150 5748 AtiPcie - ok
11:05:08.0294 5748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:05:08.0345 5748 b06bdrv - ok
11:05:08.0469 5748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:05:08.0478 5748 b57nd60a - ok
11:05:08.0731 5748 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:05:08.0832 5748 BCM43XX - ok
11:05:08.0893 5748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:05:08.0896 5748 Beep - ok
11:05:09.0144 5748 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111210.003\BHDrvx64.sys
11:05:09.0179 5748 BHDrvx64 - ok
11:05:09.0311 5748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:05:09.0338 5748 blbdrive - ok
11:05:09.0416 5748 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:05:09.0439 5748 bowser - ok
11:05:09.0480 5748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:05:09.0484 5748 BrFiltLo - ok
11:05:09.0515 5748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:05:09.0519 5748 BrFiltUp - ok
11:05:09.0618 5748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:05:09.0626 5748 Brserid - ok
11:05:09.0751 5748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:05:09.0754 5748 BrSerWdm - ok
11:05:09.0786 5748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:05:09.0790 5748 BrUsbMdm - ok
11:05:09.0818 5748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:05:09.0821 5748 BrUsbSer - ok
11:05:09.0905 5748 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:05:09.0910 5748 BthEnum - ok
11:05:09.0953 5748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:05:09.0959 5748 BTHMODEM - ok
11:05:10.0043 5748 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:05:10.0068 5748 BthPan - ok
11:05:10.0201 5748 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:05:10.0230 5748 BTHPORT - ok
11:05:10.0309 5748 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:05:10.0313 5748 BTHUSB - ok
11:05:10.0540 5748 catchme - ok
11:05:10.0721 5748 ccSet_NIS (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys
11:05:10.0743 5748 ccSet_NIS - ok
11:05:10.0835 5748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:05:10.0842 5748 cdfs - ok
11:05:10.0945 5748 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:05:10.0950 5748 cdrom - ok
11:05:11.0045 5748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:05:11.0049 5748 circlass - ok
11:05:11.0108 5748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:05:11.0125 5748 CLFS - ok
11:05:11.0248 5748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:05:11.0255 5748 CmBatt - ok
11:05:11.0311 5748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:05:11.0323 5748 cmdide - ok
11:05:11.0442 5748 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:05:11.0531 5748 CNG - ok
11:05:11.0599 5748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:05:11.0614 5748 Compbatt - ok
11:05:11.0714 5748 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:05:11.0764 5748 CompositeBus - ok
11:05:11.0841 5748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:05:11.0844 5748 crcdisk - ok
11:05:11.0976 5748 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:05:11.0980 5748 DfsC - ok
11:05:12.0061 5748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:05:12.0064 5748 discache - ok
11:05:12.0345 5748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:05:12.0367 5748 Disk - ok
11:05:12.0542 5748 DKbFltr - ok
11:05:12.0637 5748 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:05:12.0644 5748 Dot4 - ok
11:05:12.0686 5748 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:05:12.0721 5748 Dot4Print - ok
11:05:12.0822 5748 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:05:12.0826 5748 dot4usb - ok
11:05:12.0911 5748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:05:12.0931 5748 drmkaud - ok
11:05:13.0111 5748 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
11:05:13.0216 5748 DrvAgent64 - ok
11:05:13.0389 5748 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:05:13.0413 5748 DXGKrnl - ok
11:05:13.0612 5748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:05:13.0707 5748 ebdrv - ok
11:05:13.0853 5748 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:05:13.0906 5748 eeCtrl - ok
11:05:14.0115 5748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:05:14.0150 5748 elxstor - ok
11:05:14.0281 5748 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:05:14.0287 5748 EraserUtilRebootDrv - ok
11:05:14.0412 5748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:05:14.0415 5748 ErrDev - ok
11:05:14.0536 5748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:05:14.0560 5748 exfat - ok
11:05:14.0660 5748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:05:14.0667 5748 fastfat - ok
11:05:14.0790 5748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:05:14.0808 5748 fdc - ok
11:05:14.0899 5748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:05:14.0924 5748 FileInfo - ok
11:05:14.0959 5748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:05:14.0962 5748 Filetrace - ok
11:05:15.0009 5748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:05:15.0013 5748 flpydisk - ok
11:05:15.0191 5748 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:05:15.0250 5748 FltMgr - ok
11:05:15.0302 5748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:05:15.0306 5748 FsDepends - ok
11:05:15.0481 5748 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
11:05:15.0484 5748 fssfltr - ok
11:05:15.0525 5748 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:05:15.0528 5748 Fs_Rec - ok
11:05:15.0627 5748 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:05:15.0633 5748 fvevol - ok
11:05:15.0717 5748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:05:15.0721 5748 gagp30kx - ok
11:05:15.0815 5748 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:05:15.0842 5748 GEARAspiWDM - ok
11:05:16.0126 5748 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:05:16.0130 5748 hamachi - ok
11:05:16.0217 5748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:05:16.0222 5748 hcw85cir - ok
11:05:16.0320 5748 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:05:16.0353 5748 HdAudAddService - ok
11:05:16.0440 5748 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:05:16.0445 5748 HDAudBus - ok
11:05:16.0498 5748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:05:16.0502 5748 HidBatt - ok
11:05:16.0553 5748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:05:16.0584 5748 HidBth - ok
11:05:16.0658 5748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:05:16.0663 5748 HidIr - ok
11:05:16.0776 5748 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:05:16.0799 5748 HidUsb - ok
11:05:17.0144 5748 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:05:17.0149 5748 HpSAMD - ok
11:05:17.0249 5748 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:05:17.0269 5748 HTTP - ok
11:05:17.0308 5748 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:05:17.0310 5748 hwpolicy - ok
11:05:17.0373 5748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:05:17.0379 5748 i8042prt - ok
11:05:17.0472 5748 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:05:17.0523 5748 iaStorV - ok
11:05:17.0732 5748 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111215.001\IDSvia64.sys
11:05:17.0743 5748 IDSVia64 - ok
11:05:17.0891 5748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:05:17.0895 5748 iirsp - ok
11:05:18.0022 5748 IntcAzAudAddService - ok
11:05:18.0103 5748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:05:18.0106 5748 intelide - ok
11:05:18.0185 5748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:05:18.0188 5748 intelppm - ok
11:05:18.0285 5748 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:05:18.0289 5748 IpFilterDriver - ok
11:05:18.0363 5748 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:05:18.0369 5748 IPMIDRV - ok
11:05:18.0440 5748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:05:18.0451 5748 IPNAT - ok
11:05:18.0532 5748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:05:18.0534 5748 IRENUM - ok
11:05:18.0577 5748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:05:18.0606 5748 isapnp - ok
11:05:18.0690 5748 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:05:18.0704 5748 iScsiPrt - ok
11:05:18.0790 5748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:05:18.0793 5748 kbdclass - ok
11:05:18.0904 5748 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:05:18.0908 5748 kbdhid - ok
11:05:18.0975 5748 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:05:18.0985 5748 KSecDD - ok
11:05:19.0067 5748 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:05:19.0072 5748 KSecPkg - ok
11:05:19.0124 5748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:05:19.0127 5748 ksthunk - ok
11:05:19.0230 5748 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
11:05:19.0260 5748 L1C - ok
11:05:19.0486 5748 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:05:19.0490 5748 LHidFilt - ok
11:05:19.0581 5748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:05:19.0585 5748 lltdio - ok
11:05:19.0657 5748 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:05:19.0662 5748 LMouFilt - ok
11:05:19.0737 5748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:05:19.0797 5748 LSI_FC - ok
11:05:19.0836 5748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:05:19.0841 5748 LSI_SAS - ok
11:05:19.0878 5748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:05:19.0884 5748 LSI_SAS2 - ok
11:05:19.0911 5748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:05:19.0916 5748 LSI_SCSI - ok
11:05:19.0971 5748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:05:19.0976 5748 luafv - ok
11:05:20.0035 5748 MCSTRM - ok
11:05:20.0112 5748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:05:20.0115 5748 megasas - ok
11:05:20.0158 5748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:05:20.0166 5748 MegaSR - ok
11:05:20.0234 5748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:05:20.0237 5748 Modem - ok
11:05:20.0301 5748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:05:20.0302 5748 monitor - ok
11:05:20.0371 5748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:05:20.0375 5748 mouclass - ok
11:05:20.0425 5748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:05:20.0428 5748 mouhid - ok
11:05:20.0523 5748 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:05:20.0532 5748 mountmgr - ok
11:05:20.0597 5748 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:05:20.0602 5748 mpio - ok
11:05:20.0649 5748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:05:20.0653 5748 mpsdrv - ok
11:05:20.0712 5748 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:05:20.0717 5748 MRxDAV - ok
11:05:20.0781 5748 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:05:20.0786 5748 mrxsmb - ok
11:05:20.0856 5748 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:05:20.0865 5748 mrxsmb10 - ok
11:05:20.0901 5748 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:05:20.0906 5748 mrxsmb20 - ok
11:05:20.0948 5748 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:05:20.0960 5748 msahci - ok
11:05:21.0018 5748 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:05:21.0024 5748 msdsm - ok
11:05:21.0126 5748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:05:21.0129 5748 Msfs - ok
11:05:21.0171 5748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:05:21.0182 5748 mshidkmdf - ok
11:05:21.0240 5748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:05:21.0243 5748 msisadrv - ok
11:05:21.0304 5748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:05:21.0331 5748 MSKSSRV - ok
11:05:21.0383 5748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:05:21.0386 5748 MSPCLOCK - ok
11:05:21.0428 5748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:05:21.0431 5748 MSPQM - ok
11:05:21.0493 5748 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:05:21.0506 5748 MsRPC - ok
11:05:21.0566 5748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:05:21.0569 5748 mssmbios - ok
11:05:21.0646 5748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:05:21.0668 5748 MSTEE - ok
11:05:21.0721 5748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:05:21.0723 5748 MTConfig - ok
11:05:21.0767 5748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:05:21.0771 5748 Mup - ok
11:05:21.0850 5748 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:05:21.0875 5748 mwlPSDFilter - ok
11:05:21.0956 5748 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:05:21.0983 5748 mwlPSDNServ - ok
11:05:22.0033 5748 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:05:22.0078 5748 mwlPSDVDisk - ok
11:05:22.0215 5748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:05:22.0222 5748 NativeWifiP - ok
11:05:22.0414 5748 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111215.036\ENG64.SYS
11:05:22.0418 5748 NAVENG - ok
11:05:22.0522 5748 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20111215.036\EX64.SYS
11:05:22.0592 5748 NAVEX15 - ok
11:05:22.0761 5748 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:05:22.0796 5748 NDIS - ok
11:05:22.0902 5748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:05:22.0905 5748 NdisCap - ok
11:05:22.0963 5748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:05:22.0967 5748 NdisTapi - ok
11:05:23.0092 5748 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:05:23.0096 5748 Ndisuio - ok
11:05:23.0170 5748 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:05:23.0176 5748 NdisWan - ok
11:05:23.0245 5748 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:05:23.0250 5748 NDProxy - ok
11:05:23.0328 5748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:05:23.0351 5748 NetBIOS - ok
11:05:23.0418 5748 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:05:23.0433 5748 NetBT - ok
11:05:23.0543 5748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:05:23.0554 5748 nfrd960 - ok
11:05:23.0627 5748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:05:23.0631 5748 Npfs - ok
11:05:23.0676 5748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:05:23.0678 5748 nsiproxy - ok
11:05:23.0813 5748 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:05:23.0870 5748 Ntfs - ok
11:05:23.0964 5748 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
11:05:23.0997 5748 NTIDrvr - ok
11:05:24.0088 5748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:05:24.0090 5748 Null - ok
11:05:24.0183 5748 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:05:24.0189 5748 nvraid - ok
11:05:24.0281 5748 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:05:24.0286 5748 nvstor - ok
11:05:24.0370 5748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:05:24.0375 5748 nv_agp - ok
11:05:24.0441 5748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:05:24.0445 5748 ohci1394 - ok
11:05:24.0585 5748 PAC207 (da0e2a107f753b1cb20bec2961694d66) C:\Windows\system32\DRIVERS\PFC027.SYS
11:05:24.0591 5748 PAC207 - ok
11:05:24.0683 5748 PAC7302 (d7ba92a9a9838a51d5674a08ba253a02) C:\Windows\system32\DRIVERS\PAC7302.SYS
11:05:24.0718 5748 PAC7302 - ok
11:05:24.0761 5748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:05:24.0791 5748 Parport - ok
11:05:24.0856 5748 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:05:24.0860 5748 partmgr - ok
11:05:24.0915 5748 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:05:24.0920 5748 pci - ok
11:05:24.0956 5748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:05:24.0959 5748 pciide - ok
11:05:25.0006 5748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:05:25.0031 5748 pcmcia - ok
11:05:25.0082 5748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:05:25.0085 5748 pcw - ok
11:05:25.0145 5748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:05:25.0164 5748 PEAUTH - ok
11:05:25.0487 5748 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:05:25.0498 5748 PptpMiniport - ok
11:05:25.0539 5748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:05:25.0544 5748 Processor - ok
11:05:25.0638 5748 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:05:25.0642 5748 Psched - ok
11:05:25.0711 5748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:05:25.0752 5748 ql2300 - ok
11:05:25.0807 5748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:05:25.0812 5748 ql40xx - ok
11:05:25.0858 5748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:05:25.0861 5748 QWAVEdrv - ok
11:05:25.0895 5748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:05:25.0898 5748 RasAcd - ok
11:05:25.0970 5748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:05:25.0975 5748 RasAgileVpn - ok
11:05:26.0064 5748 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:05:26.0069 5748 Rasl2tp - ok
11:05:26.0115 5748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:05:26.0119 5748 RasPppoe - ok
11:05:26.0178 5748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:05:26.0181 5748 RasSstp - ok
11:05:26.0222 5748 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:05:26.0231 5748 rdbss - ok
11:05:26.0262 5748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:05:26.0266 5748 rdpbus - ok
11:05:26.0304 5748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:05:26.0305 5748 RDPCDD - ok
11:05:26.0374 5748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:05:26.0376 5748 RDPENCDD - ok
11:05:26.0415 5748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:05:26.0418 5748 RDPREFMP - ok
11:05:26.0470 5748 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:05:26.0476 5748 RDPWD - ok
11:05:26.0546 5748 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:05:26.0573 5748 rdyboost - ok
11:05:26.0724 5748 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:05:26.0729 5748 RFCOMM - ok
11:05:26.0845 5748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:05:26.0856 5748 rspndr - ok
11:05:26.0953 5748 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
11:05:26.0960 5748 RSUSBSTOR - ok
11:05:26.0997 5748 RtsUIR - ok
11:05:27.0089 5748 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:05:27.0117 5748 SASDIFSV - ok
11:05:27.0160 5748 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:05:27.0163 5748 SASKUTIL - ok
11:05:27.0220 5748 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:05:27.0225 5748 sbp2port - ok
11:05:27.0333 5748 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:05:27.0336 5748 scfilter - ok
11:05:27.0444 5748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:05:27.0449 5748 secdrv - ok
11:05:27.0518 5748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:05:27.0521 5748 Serenum - ok
11:05:27.0580 5748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:05:27.0675 5748 Serial - ok
11:05:27.0717 5748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:05:27.0720 5748 sermouse - ok
11:05:27.0792 5748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:05:27.0820 5748 sffdisk - ok
11:05:27.0869 5748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:05:27.0872 5748 sffp_mmc - ok
11:05:27.0898 5748 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:05:27.0901 5748 sffp_sd - ok
11:05:27.0935 5748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:05:27.0958 5748 sfloppy - ok
11:05:28.0053 5748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:05:28.0056 5748 SiSRaid2 - ok
11:05:28.0096 5748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:05:28.0101 5748 SiSRaid4 - ok
11:05:28.0166 5748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:05:28.0171 5748 Smb - ok
11:05:28.0265 5748 speedfan - ok
11:05:28.0304 5748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:05:28.0306 5748 spldr - ok
11:05:28.0435 5748 SRTSP (1321a6c3c92bbd3f3bbe1292cff8e91a) C:\Windows\System32\Drivers\NISx64\1302000.00A\SRTSP64.SYS
11:05:28.0458 5748 SRTSP - ok
11:05:28.0495 5748 SRTSPX (bd129c22c3b8c2e584227269dfa77b09) C:\Windows\system32\drivers\NISx64\1302000.00A\SRTSPX64.SYS
11:05:28.0498 5748 SRTSPX - ok
11:05:28.0558 5748 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:05:28.0578 5748 srv - ok
11:05:28.0620 5748 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:05:28.0638 5748 srv2 - ok
11:05:28.0672 5748 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:05:28.0678 5748 srvnet - ok
11:05:28.0779 5748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:05:28.0782 5748 stexstor - ok
11:05:28.0839 5748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:05:28.0891 5748 swenum - ok
11:05:29.0071 5748 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS
11:05:29.0092 5748 SymDS - ok
11:05:29.0144 5748 SymDSMon (e7b1bcb70355a84d6dfee12702b588d0) C:\Windows\system32\drivers\SymDSMon.sys
11:05:29.0151 5748 SymDSMon - ok
11:05:29.0225 5748 SymEFA (d89a88ad71e12f963b1f436a0e91dcbf) C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS
11:05:29.0260 5748 SymEFA - ok
11:05:29.0340 5748 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:05:29.0345 5748 SymEvent - ok
11:05:29.0404 5748 SymIRON (dd70da422460fded831d211df151d560) C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS
11:05:29.0410 5748 SymIRON - ok
11:05:29.0470 5748 SymNetS (bce4eb2eef05e388959b46fd21388c2d) C:\Windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS
11:05:29.0490 5748 SymNetS - ok
11:05:29.0546 5748 SYMSpeedDisk (f0268941519d73658199ecb1bb712be1) C:\Windows\system32\drivers\SymSpeedDisk.sys
11:05:29.0551 5748 SYMSpeedDisk - ok
11:05:29.0661 5748 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
11:05:29.0675 5748 SynTP - ok
11:05:29.0927 5748 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:05:29.0990 5748 Tcpip - ok
11:05:30.0123 5748 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:05:30.0212 5748 TCPIP6 - ok
11:05:30.0348 5748 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:05:30.0381 5748 tcpipreg - ok
11:05:30.0443 5748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:05:30.0445 5748 TDPIPE - ok
11:05:30.0489 5748 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:05:30.0492 5748 TDTCP - ok
11:05:30.0563 5748 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:05:30.0568 5748 tdx - ok
11:05:30.0655 5748 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:05:30.0661 5748 TermDD - ok
11:05:30.0762 5748 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:05:30.0765 5748 tssecsrv - ok
11:05:30.0796 5748 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:05:30.0800 5748 TsUsbFlt - ok
11:05:30.0909 5748 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:05:30.0913 5748 tunnel - ok
11:05:30.0960 5748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:05:30.0963 5748 uagp35 - ok
11:05:31.0003 5748 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
11:05:31.0006 5748 UBHelper - ok
11:05:31.0062 5748 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:05:31.0071 5748 udfs - ok
11:05:31.0225 5748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:05:31.0228 5748 uliagpkx - ok
11:05:31.0299 5748 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:05:31.0302 5748 umbus - ok
11:05:31.0374 5748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:05:31.0376 5748 UmPass - ok
11:05:31.0468 5748 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
11:05:31.0477 5748 USBAAPL64 - ok
11:05:31.0524 5748 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:05:31.0553 5748 usbccgp - ok
11:05:31.0576 5748 USBCCID - ok
11:05:31.0632 5748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:05:31.0636 5748 usbcir - ok
11:05:31.0662 5748 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:05:31.0665 5748 usbehci - ok
11:05:31.0737 5748 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
11:05:31.0766 5748 usbfilter - ok
11:05:31.0835 5748 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:05:31.0843 5748 usbhub - ok
11:05:31.0917 5748 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:05:31.0962 5748 usbohci - ok
11:05:32.0054 5748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:05:32.0056 5748 usbprint - ok
11:05:32.0145 5748 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:05:32.0150 5748 usbscan - ok
11:05:32.0199 5748 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:05:32.0203 5748 USBSTOR - ok
11:05:32.0264 5748 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:05:32.0286 5748 usbuhci - ok
11:05:32.0440 5748 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:05:32.0446 5748 usbvideo - ok
11:05:32.0553 5748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:05:32.0579 5748 vdrvroot - ok
11:05:32.0948 5748 vflt (00c7df4f50962ba218ab60d32869100b) C:\Windows\system32\DRIVERS\vfilter.sys
11:05:32.0951 5748 vflt - ok
11:05:33.0015 5748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:05:33.0051 5748 vga - ok
11:05:33.0116 5748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:05:33.0120 5748 VgaSave - ok
11:05:33.0173 5748 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:05:33.0180 5748 vhdmp - ok
11:05:33.0213 5748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:05:33.0297 5748 viaide - ok
11:05:33.0358 5748 vnet (a99ca064ad11266fe7067a79bf78bbb5) C:\Windows\system32\DRIVERS\virtualnet.sys
11:05:33.0362 5748 vnet - ok
11:05:33.0411 5748 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:05:33.0414 5748 volmgr - ok
11:05:33.0457 5748 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:05:33.0464 5748 volmgrx - ok
11:05:33.0512 5748 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:05:33.0547 5748 volsnap - ok
11:05:33.0623 5748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:05:33.0629 5748 vsmraid - ok
11:05:33.0692 5748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:05:33.0695 5748 vwifibus - ok
11:05:33.0766 5748 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:05:33.0769 5748 vwififlt - ok
11:05:33.0842 5748 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:05:33.0845 5748 vwifimp - ok
11:05:33.0910 5748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:05:33.0913 5748 WacomPen - ok
11:05:33.0980 5748 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:05:34.0013 5748 WANARP - ok
11:05:34.0051 5748 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:05:34.0055 5748 Wanarpv6 - ok
11:05:34.0169 5748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:05:34.0172 5748 Wd - ok
11:05:34.0225 5748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:05:34.0246 5748 Wdf01000 - ok
11:05:34.0357 5748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:05:34.0360 5748 WfpLwf - ok
11:05:34.0385 5748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:05:34.0389 5748 WIMMount - ok
11:05:34.0559 5748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:05:34.0562 5748 WmiAcpi - ok
11:05:34.0740 5748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:05:34.0743 5748 ws2ifsl - ok
11:05:34.0840 5748 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:05:34.0877 5748 WudfPf - ok
11:05:35.0095 5748 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:05:35.0135 5748 WUDFRd - ok
11:05:35.0275 5748 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:05:35.0358 5748 \Device\Harddisk0\DR0 - ok
11:05:35.0382 5748 Boot (0x1200) (5459335376d3362822284ec209f8a6e2) \Device\Harddisk0\DR0\Partition0
11:05:35.0383 5748 \Device\Harddisk0\DR0\Partition0 - ok
11:05:35.0414 5748 Boot (0x1200) (a1ce9e2b3c536adc01b312e850b8e2b2) \Device\Harddisk0\DR0\Partition1
11:05:35.0446 5748 \Device\Harddisk0\DR0\Partition1 - ok
11:05:35.0452 5748 ============================================================
11:05:35.0452 5748 Scan finished
11:05:35.0452 5748 ============================================================
11:05:35.0482 3648 Detected object count: 0
11:05:35.0482 3648 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 16 December 2011 - 02:29 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 erthomp143

erthomp143
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 16 December 2011 - 03:00 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-16 11:57:37
-----------------------------
11:57:37.329 OS Version: Windows x64 6.1.7601 Service Pack 1
11:57:37.329 Number of processors: 1 586 0x7C02
11:57:37.329 ComputerName: PT109 UserName: Eric
11:57:42.743 Initialize success
11:57:47.289 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:57:47.289 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
11:57:49.332 Disk 0 MBR read successfully
11:57:49.348 Disk 0 MBR scan
11:57:49.348 Disk 0 Windows 7 default MBR code
11:57:49.348 Service scanning
11:57:53.513 Modules scanning
11:57:53.513 Disk 0 trace - called modules:
11:57:53.529 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003125254]<<
11:57:53.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030b9060]
11:57:53.544 3 CLASSPNP.SYS[fffff88001b6443f] -> nt!IofCallDriver -> [0xfffffa80030b6040]
11:57:53.544 5 ACPI.sys[fffff88000f6e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003077060]
11:57:53.560 \Driver\atapi[0xfffffa8002b7ee70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8003125254
11:57:53.560 Scan finished successfully
11:59:49.875 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
11:59:49.875 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 16 December 2011 - 03:03 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 erthomp143

erthomp143
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 16 December 2011 - 03:54 PM

Hi,

TDSS said:
Suspicious use of kernel callback but MBR appears intact. Repair not done.
No infections were found

On reboot Norton's showed this threat Boot.Tidserv, Norton's was unable to remove it. This is the first time I have seen this...

Rebooted and ran aswMBR here's the log:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-16 12:49:27
-----------------------------
12:49:27.305 OS Version: Windows x64 6.1.7601 Service Pack 1
12:49:27.305 Number of processors: 1 586 0x7C02
12:49:27.305 ComputerName: PT109 UserName: Eric
12:49:28.412 Initialize success
12:49:33.848 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:49:33.848 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
12:49:35.891 Disk 0 MBR read successfully
12:49:35.891 Disk 0 MBR scan
12:49:35.891 Disk 0 Windows 7 default MBR code
12:49:35.907 Service scanning
12:49:41.273 Modules scanning
12:49:41.273 Disk 0 trace - called modules:
12:49:41.304 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800311f254]<<
12:49:41.304 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003087290]
12:49:41.320 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80030b09b0]
12:49:41.320 5 ACPI.sys[fffff88000e547a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003071060]
12:49:41.320 \Driver\atapi[0xfffffa8002b5dae0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800311f254
12:49:41.336 Scan finished successfully
12:50:00.851 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
12:50:00.867 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR_2.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 16 December 2011 - 04:01 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 erthomp143

erthomp143
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 16 December 2011 - 04:06 PM

This may take a few days to get to, but not more than five...

Thank you for your help so far...

Eric

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 16 December 2011 - 08:41 PM

no problem and thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 erthomp143

erthomp143
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 17 December 2011 - 10:54 PM

I think I'm going to need to redo this screenshot, but here it is...

Posted Image

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 17 December 2011 - 11:19 PM

Hello


I need you to run gparted while you are in puppy that is what I need the screen shot of



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 erthomp143

erthomp143
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 17 December 2011 - 11:52 PM

You know I had the instructions printed out and sitting right next to me and I still missed a step.. jezz...

Okay so what I did was named it the same (screenshot1) and uploaded it over the old one, so I could say, yeah that's what I did... lol

anyway, inserting it in this post also...

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users