Solved: globalroot\systemroot\assembly\temp\U.....

cinderblock · 13-May-2012, 06:18 PM **#16**

The internet is working very well on infected computer, but after downloading ComboFix, and disabling Norton, I thought it best to turn it off.

Stage 4 must be doing some heavy lifting :0 -- still there

May have to depart in about a half hour. Gotta let the kiddie's take me to dinner :-)

kevinf80 · 13-May-2012, 06:26 PM **#17**

Yep it late for me too, 23:30 local time. If CF is definitely frozen shut it down, then do the following:

Download aswMBR from Here
If it asks to update during the process please allow this to happen.

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
Once the scan finishes click Save log to save the log to your Desktop.
Copy and paste the contents of aswMBR.txt back here for review

You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Kevin

cinderblock · 13-May-2012, 07:15 PM **#18**

Then you best be getting off to bed, Kevin!

I followed your suggestion regarding ComboFix. Sorry to have messed that process up....

I'm sorry to say I'm not smart enough to figure out how to attach the MBR log

Asw Log follows:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-13 18:54:01
-----------------------------
18:54:01.920 OS Version: Windows x64 6.1.7600
18:54:01.920 Number of processors: 1 586 0x603
18:54:01.920 ComputerName: BRANDON-HP UserName: brandon
18:54:02.762 Initialize success
18:54:20.220 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
18:54:20.220 Disk 0 Vendor: ST925031 0005 Size: 238475MB BusType: 11
18:54:20.235 Disk 0 MBR read successfully
18:54:20.251 Disk 0 MBR scan
18:54:20.251 Disk 0 unknown MBR code
18:54:20.267 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:54:20.282 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220533 MB offset 409600
18:54:20.313 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17638 MB offset 452061184
18:54:20.329 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
18:54:20.376 Disk 0 scanning C:\Windows\system32\drivers
18:54:31.561 Service scanning
18:54:55.694 Modules scanning
18:54:55.710 Disk 0 trace - called modules:
18:54:55.788 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
18:54:56.303 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002598060]
18:54:56.318 3 CLASSPNP.SYS[fffff88001b2d43f] -> nt!IofCallDriver -> [0xfffffa800254f8f0]
18:54:56.318 5 amdxata.sys[fffff880010f37a8] -> nt!IofCallDriver -> \Device\00000061[0xfffffa80023fa130]
18:54:56.334 Scan finished successfully
18:55:39.530 Disk 0 MBR has been saved successfully to "C:\Users\brandon\Desktop\MBR.dat"
18:55:39.530 The log file has been saved successfully to "C:\Users\brandon\Desktop\051312_aswMBR.txt"

*possibly* the MBR log will follow...not sure if I can get it to

kevinf80 · 13-May-2012, 07:26 PM **#19**

That log and your MBR are clean, OK lets try a different scanner, this is purely diagnostic and will make no changes to your system....

Download

OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3

Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".

Under the Custom Scan box paste this in:

Code:

activex
netsvcs
/md5start
afd.sys
i8042prt.sys
ipsec.sys
netbt.sys
svchost.exe
tcpip.sys
/md5stop
%windir%\$ntuninstallkb*. /30
%windir%\system32\drivers\*.sys /lockedfiles
%windir%\*.* /mp
%windir%\*.* /rp
%windir%\*.* /sl

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Its very late for me now, i`ll have to pick this thread up later, sleepy time me thinks...

Let me see the two logs, also give me an update on current issues/concerns....

Kevin

cinderblock · 14-May-2012, 12:48 AM **#20**

Oh, how I wanted to have a couple of logs for you to view first thing in the morning, ha!....(and certainly hope you got a well deserved good-night's rest) but, alas - I'm a weenie....

When I clicked Link 1, and downloaded to desktop, Norton wasn't happy. I received a Warning Window - titled "Download Insight" that cited three different reason for me to not run the application. Here's the reasons:

1) Very few users - Fewer than 5 users in the Norton community have used this file
2) Very new - This file was released less than 1 week ago (not sure how accurate this opinion is, as the oldtimer site shows reviews for this version - 3.2.43.0 - dated Oct 2010)
3) Unproven - There is not enough information about this file to recommend it.

Sooooo, I tried Link 2. Norton liked it even less! Told me that a virus (Backdoor.Graybird?) was found?

As I have very little confidence in my computer skills, I am running to you Kevin for your thoughts before I go ahead and hit "Run as Administrator"

sorry to be dragging this out....

About issues/concerns:

One of the on-going concerns I have is the inability to set up a wireless connection with the HP Deskjet 3051k J611 series printer. Serial printing (with the USB cord attachment) IS allowed, but no matter the number of times I've tried it make it happen it continually hangs up.....even though when I print a "HP Network Configration page" everything looks good (Connected and Enabled) and all the other laptops CAN print wirelessly.

I don't know if this is still happening, but did (regularly) before any of these clean-up efforts were undertaken: Sometimes when a link was typed into the address bar, and ENTER pressed - the page that was typed into the address bar would launch and appear, but then another miscalleneous random page would launch on top of the desired page. Most often the second page was an advertisement of some sort.

I'm gonna stop....it's about as late here as when you last wrote, and I'm heading to bed.

I can't thank you enough Kevin!!!!!!!!!!

kevinf80 · 14-May-2012, 03:07 AM **#21**

OK, OTL is a very trustworthy application, if Norton alerts to it just accept the alert and let it run. Before you do that run the following first.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Doubleclick on to run the application.
The "Ready to scan" window will open, Click on "Change parameters"
Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.
Select "Start Scan"
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

When TDSSKiller finishes run OTL, so in your reply i`d like the following:

Log from TDSSKiller
OTL.txt
Extras.txt

Kevin...

cinderblock · 14-May-2012, 10:34 AM **#22**

Abundant thanks for your patient leading Kevin!

Kapersky didn't find Malicious or Suspicious objects/files - But detected a threat. I chose "Skip" and that log follows:

10:03:20.0708 4492 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:03:21.0785 4492 ============================================================
10:03:21.0785 4492 Current date / time: 2012/05/14 10:03:21.0785
10:03:21.0785 4492 SystemInfo:
10:03:21.0785 4492
10:03:21.0785 4492 OS Version: 6.1.7600 ServicePack: 0.0
10:03:21.0785 4492 Product type: Workstation
10:03:21.0785 4492 ComputerName: BRANDON-HP
10:03:21.0785 4492 UserName: brandon
10:03:21.0785 4492 Windows directory: C:\Windows
10:03:21.0785 4492 System windows directory: C:\Windows
10:03:21.0785 4492 Running under WOW64
10:03:21.0785 4492 Processor architecture: Intel x64
10:03:21.0785 4492 Number of processors: 1
10:03:21.0785 4492 Page size: 0x1000
10:03:21.0785 4492 Boot type: Normal boot
10:03:21.0785 4492 ============================================================
10:03:23.0704 4492 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:03:23.0704 4492 ============================================================
10:03:23.0704 4492 \Device\Harddisk0\DR0:
10:03:23.0704 4492 MBR partitions:
10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AEBA800
10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1E800, BlocksNum 0x2273000
10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
10:03:23.0704 4492 ============================================================
10:03:23.0750 4492 C: <-> \Device\Harddisk0\DR0\Partition1
10:03:23.0797 4492 D: <-> \Device\Harddisk0\DR0\Partition2
10:03:23.0797 4492 ============================================================
10:03:23.0797 4492 Initialize success
10:03:23.0797 4492 ============================================================
10:04:01.0939 4720 ============================================================
10:04:01.0939 4720 Scan started
10:04:01.0939 4720 Mode: Manual; SigCheck; TDLFS;
10:04:01.0939 4720 ============================================================
10:04:03.0655 4720 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:04:03.0843 4720 1394ohci - ok
10:04:03.0921 4720 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:04:03.0952 4720 ACPI - ok
10:04:03.0999 4720 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:04:04.0279 4720 AcpiPmi - ok
10:04:04.0482 4720 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:04:04.0623 4720 AdobeFlashPlayerUpdateSvc - ok
10:04:04.0732 4720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:04:04.0794 4720 adp94xx - ok
10:04:04.0872 4720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:04:04.0903 4720 adpahci - ok
10:04:04.0950 4720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:04:04.0981 4720 adpu320 - ok
10:04:05.0013 4720 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:04:05.0371 4720 AeLookupSvc - ok
10:04:05.0481 4720 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:04:05.0496 4720 AERTFilters - ok
10:04:05.0621 4720 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
10:04:05.0746 4720 AFD - ok
10:04:05.0808 4720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:04:05.0839 4720 agp440 - ok
10:04:05.0917 4720 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:04:06.0011 4720 ALG - ok
10:04:06.0058 4720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:04:06.0089 4720 aliide - ok
10:04:06.0136 4720 AMD External Events Utility (4609419a19891c706455c1a747431af9) C:\Windows\system32\atiesrxx.exe
10:04:06.0245 4720 AMD External Events Utility - ok
10:04:06.0307 4720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:04:06.0354 4720 amdide - ok
10:04:06.0401 4720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:04:06.0463 4720 AmdK8 - ok
10:04:06.0978 4720 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys
10:04:07.0228 4720 amdkmdag - ok
10:04:07.0431 4720 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys
10:04:07.0509 4720 amdkmdap - ok
10:04:07.0571 4720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:04:07.0618 4720 AmdPPM - ok
10:04:07.0665 4720 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
10:04:07.0711 4720 amdsata - ok
10:04:07.0805 4720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:04:07.0852 4720 amdsbs - ok
10:04:07.0883 4720 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
10:04:07.0914 4720 amdxata - ok
10:04:07.0977 4720 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:04:08.0148 4720 AppID - ok
10:04:08.0179 4720 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:04:08.0273 4720 AppIDSvc - ok
10:04:08.0335 4720 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
10:04:08.0476 4720 Appinfo - ok
10:04:08.0569 4720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:04:08.0601 4720 arc - ok
10:04:08.0632 4720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:04:08.0663 4720 arcsas - ok
10:04:08.0725 4720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:04:08.0803 4720 AsyncMac - ok
10:04:08.0866 4720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:04:08.0897 4720 atapi - ok
10:04:09.0147 4720 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
10:04:09.0427 4720 athr - ok
10:04:09.0630 4720 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:04:09.0677 4720 AtiPcie - ok
10:04:09.0771 4720 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:04:09.0880 4720 AudioEndpointBuilder - ok
10:04:09.0895 4720 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:04:09.0942 4720 AudioSrv - ok
10:04:10.0005 4720 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
10:04:10.0176 4720 AxInstSV - ok
10:04:10.0254 4720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:04:10.0395 4720 b06bdrv - ok
10:04:10.0473 4720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:04:10.0535 4720 b57nd60a - ok
10:04:10.0629 4720 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:04:10.0847 4720 BDESVC - ok
10:04:10.0909 4720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:04:11.0003 4720 Beep - ok
10:04:11.0159 4720 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
10:04:11.0268 4720 BFE - ok
10:04:11.0767 4720 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
10:04:11.0923 4720 BHDrvx64 - ok
10:04:12.0126 4720 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
10:04:12.0235 4720 BITS - ok
10:04:12.0298 4720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:04:12.0376 4720 blbdrive - ok
10:04:12.0407 4720 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:04:12.0610 4720 bowser - ok
10:04:12.0641 4720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:04:12.0688 4720 BrFiltLo - ok
10:04:12.0703 4720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:04:12.0735 4720 BrFiltUp - ok
10:04:12.0797 4720 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:04:12.0859 4720 BridgeMP - ok
10:04:12.0922 4720 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
10:04:12.0984 4720 Browser - ok
10:04:13.0015 4720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:04:13.0093 4720 Brserid - ok
10:04:13.0109 4720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:04:13.0156 4720 BrSerWdm - ok
10:04:13.0187 4720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:04:13.0234 4720 BrUsbMdm - ok
10:04:13.0265 4720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:04:13.0327 4720 BrUsbSer - ok
10:04:13.0359 4720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:04:13.0405 4720 BTHMODEM - ok
10:04:13.0483 4720 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:04:13.0624 4720 bthserv - ok
10:04:13.0671 4720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:04:13.0780 4720 cdfs - ok
10:04:13.0842 4720 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:04:13.0889 4720 cdrom - ok
10:04:13.0951 4720 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:04:14.0029 4720 CertPropSvc - ok
10:04:14.0154 4720 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
10:04:14.0185 4720 CinemaNow Service - ok
10:04:14.0263 4720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:04:14.0310 4720 circlass - ok
10:04:14.0373 4720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:04:14.0419 4720 CLFS - ok
10:04:14.0513 4720 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:04:14.0560 4720 clr_optimization_v2.0.50727_32 - ok
10:04:14.0607 4720 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:04:14.0653 4720 clr_optimization_v2.0.50727_64 - ok
10:04:14.0731 4720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:04:14.0763 4720 CmBatt - ok
10:04:14.0794 4720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:04:14.0809 4720 cmdide - ok
10:04:14.0872 4720 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
10:04:14.0997 4720 CNG - ok
10:04:15.0059 4720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:04:15.0090 4720 Compbatt - ok
10:04:15.0137 4720 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:04:15.0184 4720 CompositeBus - ok
10:04:15.0215 4720 COMSysApp - ok
10:04:15.0246 4720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:04:15.0277 4720 crcdisk - ok
10:04:15.0324 4720 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
10:04:15.0387 4720 CryptSvc - ok
10:04:15.0465 4720 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
10:04:15.0558 4720 DcomLaunch - ok
10:04:15.0605 4720 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:04:15.0730 4720 defragsvc - ok
10:04:15.0792 4720 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:04:15.0855 4720 DfsC - ok
10:04:15.0948 4720 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
10:04:16.0104 4720 Dhcp - ok
10:04:16.0151 4720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:04:16.0229 4720 discache - ok
10:04:16.0276 4720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:04:16.0338 4720 Disk - ok
10:04:16.0416 4720 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
10:04:16.0510 4720 Dnscache - ok
10:04:16.0557 4720 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
10:04:16.0681 4720 dot3svc - ok
10:04:16.0728 4720 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
10:04:16.0791 4720 DPS - ok
10:04:16.0837 4720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:04:16.0869 4720 drmkaud - ok
10:04:16.0962 4720 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:04:17.0040 4720 DXGKrnl - ok
10:04:17.0071 4720 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:04:17.0165 4720 EapHost - ok
10:04:17.0415 4720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:04:17.0649 4720 ebdrv - ok
10:04:17.0836 4720 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:04:17.0914 4720 eeCtrl - ok
10:04:18.0054 4720 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
10:04:18.0132 4720 EFS - ok
10:04:18.0335 4720 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
10:04:18.0507 4720 ehRecvr - ok
10:04:18.0585 4720 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:04:18.0709 4720 ehSched - ok
10:04:18.0803 4720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:04:18.0850 4720 elxstor - ok
10:04:18.0975 4720 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:04:19.0053 4720 EraserUtilRebootDrv - ok
10:04:19.0099 4720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:04:19.0131 4720 ErrDev - ok
10:04:19.0209 4720 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:04:19.0302 4720 EventSystem - ok
10:04:19.0349 4720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:04:19.0427 4720 exfat - ok
10:04:19.0474 4720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:04:19.0536 4720 fastfat - ok
10:04:19.0645 4720 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
10:04:19.0817 4720 Fax - ok
10:04:19.0848 4720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:04:19.0879 4720 fdc - ok
10:04:19.0942 4720 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:04:19.0989 4720 fdPHost - ok
10:04:20.0020 4720 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:04:20.0067 4720 FDResPub - ok
10:04:20.0098 4720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:04:20.0113 4720 FileInfo - ok
10:04:20.0145 4720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:04:20.0207 4720 Filetrace - ok
10:04:20.0238 4720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:04:20.0269 4720 flpydisk - ok
10:04:20.0316 4720 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:04:20.0347 4720 FltMgr - ok
10:04:20.0488 4720 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
10:04:20.0613 4720 FontCache - ok
10:04:20.0706 4720 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:04:20.0722 4720 FontCache3.0.0.0 - ok
10:04:20.0784 4720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:04:20.0831 4720 FsDepends - ok
10:04:20.0878 4720 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
10:04:20.0909 4720 Fs_Rec - ok
10:04:20.0971 4720 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:04:21.0018 4720 fvevol - ok
10:04:21.0049 4720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:04:21.0065 4720 gagp30kx - ok
10:04:21.0205 4720 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:04:21.0283 4720 GamesAppService - ok
10:04:21.0346 4720 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:04:21.0393 4720 GEARAspiWDM - ok
10:04:21.0471 4720 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
10:04:21.0517 4720 GIDv2 - ok
10:04:21.0595 4720 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
10:04:21.0689 4720 gpsvc - ok
10:04:21.0736 4720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:04:21.0845 4720 hcw85cir - ok
10:04:21.0907 4720 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:04:22.0001 4720 HdAudAddService - ok
10:04:22.0048 4720 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:04:22.0095 4720 HDAudBus - ok
10:04:22.0126 4720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:04:22.0157 4720 HidBatt - ok
10:04:22.0204 4720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:04:22.0235 4720 HidBth - ok
10:04:22.0282 4720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:04:22.0313 4720 HidIr - ok
10:04:22.0360 4720 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:04:22.0438 4720 hidserv - ok
10:04:22.0516 4720 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:04:22.0578 4720 HidUsb - ok
10:04:22.0641 4720 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
10:04:22.0719 4720 hkmsvc - ok
10:04:22.0765 4720 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
10:04:22.0953 4720 HomeGroupListener - ok
10:04:22.0999 4720 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
10:04:23.0046 4720 HomeGroupProvider - ok
10:04:23.0171 4720 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:04:23.0202 4720 HP Support Assistant Service - ok
10:04:23.0327 4720 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
10:04:23.0374 4720 HP Wireless Assistant Service - ok
10:04:23.0421 4720 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:04:23.0421 4720 HPDrvMntSvc.exe - ok
10:04:23.0530 4720 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:04:23.0561 4720 hpqwmiex - ok
10:04:23.0655 4720 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:04:23.0686 4720 HpSAMD - ok
10:04:23.0764 4720 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:04:23.0795 4720 HPWMISVC - ok
10:04:23.0873 4720 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:04:23.0935 4720 HTTP - ok
10:04:23.0951 4720 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:04:23.0967 4720 hwpolicy - ok
10:04:24.0029 4720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:04:24.0045 4720 i8042prt - ok
10:04:24.0123 4720 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
10:04:24.0169 4720 iaStorV - ok
10:04:24.0341 4720 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:04:24.0403 4720 idsvc - ok
10:04:24.0715 4720 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSvia64.sys
10:04:24.0747 4720 IDSVia64 - ok
10:04:25.0308 4720 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:04:25.0573 4720 igfx - ok
10:04:25.0729 4720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:04:25.0761 4720 iirsp - ok
10:04:25.0854 4720 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
10:04:25.0948 4720 IKEEXT - ok
10:04:26.0478 4720 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
10:04:26.0603 4720 IntcAzAudAddService - ok
10:04:26.0743 4720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:04:26.0775 4720 intelide - ok
10:04:26.0837 4720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:04:26.0884 4720 intelppm - ok
10:04:26.0946 4720 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:04:27.0040 4720 IPBusEnum - ok
10:04:27.0087 4720 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:04:27.0165 4720 IpFilterDriver - ok
10:04:27.0289 4720 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
10:04:27.0383 4720 iphlpsvc - ok
10:04:27.0414 4720 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:04:27.0461 4720 IPMIDRV - ok
10:04:27.0508 4720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:04:27.0555 4720 IPNAT - ok
10:04:27.0617 4720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:04:27.0633 4720 IRENUM - ok
10:04:27.0664 4720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:04:27.0679 4720 isapnp - ok
10:04:27.0726 4720 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:04:27.0773 4720 iScsiPrt - ok
10:04:27.0820 4720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:04:27.0851 4720 kbdclass - ok
10:04:27.0898 4720 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:04:27.0929 4720 kbdhid - ok
10:04:27.0976 4720 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:27.0991 4720 KeyIso - ok
10:04:28.0023 4720 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
10:04:28.0038 4720 KSecDD - ok
10:04:28.0069 4720 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
10:04:28.0116 4720 KSecPkg - ok
10:04:28.0179 4720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:04:28.0257 4720 ksthunk - ok
10:04:28.0350 4720 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:04:28.0459 4720 KtmRm - ok
10:04:28.0584 4720 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
10:04:28.0693 4720 LanmanServer - ok
10:04:28.0725 4720 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
10:04:28.0787 4720 LanmanWorkstation - ok
10:04:28.0881 4720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:04:28.0959 4720 lltdio - ok
10:04:29.0021 4720 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:04:29.0115 4720 lltdsvc - ok
10:04:29.0161 4720 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:04:29.0193 4720 lmhosts - ok
10:04:29.0255 4720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:04:29.0286 4720 LSI_FC - ok
10:04:29.0317 4720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:04:29.0349 4720 LSI_SAS - ok
10:04:29.0380 4720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:04:29.0395 4720 LSI_SAS2 - ok
10:04:29.0427 4720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:04:29.0442 4720 LSI_SCSI - ok
10:04:29.0473 4720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:04:29.0536 4720 luafv - ok
10:04:29.0770 4720 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
10:04:29.0848 4720 LVRS64 - ok
10:04:29.0926 4720 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
10:04:30.0019 4720 Mcx2Svc - ok
10:04:30.0082 4720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:04:30.0144 4720 megasas - ok
10:04:30.0222 4720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:04:30.0253 4720 MegaSR - ok
10:04:30.0300 4720 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:04:30.0394 4720 MMCSS - ok
10:04:30.0472 4720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:04:30.0597 4720 Modem - ok
10:04:30.0643 4720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:04:30.0690 4720 monitor - ok
10:04:30.0753 4720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:04:30.0768 4720 mouclass - ok
10:04:30.0831 4720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:04:30.0846 4720 mouhid - ok
10:04:30.0877 4720 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:04:30.0909 4720 mountmgr - ok
10:04:30.0924 4720 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:04:30.0955 4720 mpio - ok
10:04:30.0971 4720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:04:31.0018 4720 mpsdrv - ok
10:04:31.0049 4720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:04:31.0096 4720 MRxDAV - ok
10:04:31.0143 4720 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:04:31.0221 4720 mrxsmb - ok
10:04:31.0470 4720 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:04:31.0533 4720 mrxsmb10 - ok
10:04:31.0579 4720 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:04:31.0611 4720 mrxsmb20 - ok
10:04:31.0642 4720 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
10:04:31.0689 4720 msahci - ok
10:04:31.0751 4720 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:04:31.0767 4720 msdsm - ok
10:04:31.0813 4720 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:04:31.0845 4720 MSDTC - ok
10:04:31.0907 4720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:04:31.0938 4720 Msfs - ok
10:04:31.0985 4720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:04:32.0047 4720 mshidkmdf - ok
10:04:32.0079 4720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:04:32.0094 4720 msisadrv - ok
10:04:32.0125 4720 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:04:32.0266 4720 MSiSCSI - ok
10:04:32.0281 4720 msiserver - ok
10:04:32.0344 4720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:04:32.0437 4720 MSKSSRV - ok
10:04:32.0469 4720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:04:32.0515 4720 MSPCLOCK - ok
10:04:32.0531 4720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:04:32.0593 4720 MSPQM - ok
10:04:32.0640 4720 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:04:32.0671 4720 MsRPC - ok
10:04:32.0703 4720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:04:32.0718 4720 mssmbios - ok
10:04:32.0749 4720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:04:32.0796 4720 MSTEE - ok
10:04:32.0827 4720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:04:32.0874 4720 MTConfig - ok
10:04:32.0905 4720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:04:32.0921 4720 Mup - ok
10:04:33.0217 4720 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
10:04:33.0233 4720 N360 - ok
10:04:33.0311 4720 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
10:04:33.0389 4720 napagent - ok
10:04:33.0483 4720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:04:33.0592 4720 NativeWifiP - ok
10:04:33.0841 4720 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120513.007\ENG64.SYS
10:04:33.0873 4720 NAVENG - ok
10:04:34.0044 4720 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120513.007\EX64.SYS
10:04:34.0091 4720 NAVEX15 - ok
10:04:34.0325 4720 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:04:34.0372 4720 NDIS - ok
10:04:34.0419 4720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:04:34.0481 4720 NdisCap - ok
10:04:34.0512 4720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:04:34.0575 4720 NdisTapi - ok
10:04:34.0621 4720 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:04:34.0731 4720 Ndisuio - ok
10:04:34.0762 4720 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:04:34.0824 4720 NdisWan - ok
10:04:34.0840 4720 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:04:34.0887 4720 NDProxy - ok
10:04:34.0933 4720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:04:34.0980 4720 NetBIOS - ok
10:04:35.0027 4720 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:04:35.0089 4720 NetBT - ok
10:04:35.0152 4720 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:35.0183 4720 Netlogon - ok
10:04:35.0245 4720 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:04:35.0323 4720 Netman - ok
10:04:35.0386 4720 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:04:35.0479 4720 netprofm - ok
10:04:35.0589 4720 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:04:35.0651 4720 NetTcpPortSharing - ok
10:04:36.0057 4720 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
10:04:36.0322 4720 netw5v64 - ok
10:04:36.0525 4720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:04:36.0556 4720 nfrd960 - ok
10:04:36.0618 4720 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
10:04:36.0696 4720 NlaSvc - ok
10:04:36.0727 4720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:04:36.0790 4720 Npfs - ok
10:04:36.0837 4720 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:04:36.0868 4720 nsi - ok
10:04:36.0899 4720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:04:36.0930 4720 nsiproxy - ok
10:04:37.0086 4720 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
10:04:37.0180 4720 Ntfs - ok
10:04:37.0273 4720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:04:37.0336 4720 Null - ok
10:04:37.0383 4720 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
10:04:37.0429 4720 nvraid - ok
10:04:37.0476 4720 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
10:04:37.0492 4720 nvstor - ok
10:04:37.0539 4720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:04:37.0554 4720 nv_agp - ok
10:04:37.0585 4720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:04:37.0617 4720 ohci1394 - ok
10:04:37.0663 4720 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:04:37.0804 4720 p2pimsvc - ok
10:04:37.0866 4720 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:04:37.0897 4720 p2psvc - ok
10:04:37.0944 4720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:04:37.0960 4720 Parport - ok
10:04:38.0007 4720 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
10:04:38.0053 4720 partmgr - ok
10:04:38.0116 4720 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:04:38.0163 4720 PcaSvc - ok
10:04:38.0225 4720 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:04:38.0241 4720 pci - ok
10:04:38.0272 4720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:04:38.0287 4720 pciide - ok
10:04:38.0334 4720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:04:38.0365 4720 pcmcia - ok
10:04:38.0397 4720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:04:38.0412 4720 pcw - ok
10:04:38.0475 4720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:04:38.0553 4720 PEAUTH - ok
10:04:38.0662 4720 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:04:38.0693 4720 PerfHost - ok
10:04:38.0880 4720 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
10:04:39.0021 4720 pla - ok
10:04:39.0114 4720 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
10:04:39.0223 4720 PlugPlay - ok
10:04:39.0255 4720 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:04:39.0301 4720 PNRPAutoReg - ok
10:04:39.0348 4720 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:04:39.0364 4720 PNRPsvc - ok
10:04:39.0426 4720 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
10:04:39.0520 4720 PolicyAgent - ok
10:04:39.0582 4720 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:04:39.0629 4720 Power - ok
10:04:39.0754 4720 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:04:39.0863 4720 PptpMiniport - ok
10:04:39.0894 4720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:04:39.0972 4720 Processor - ok
10:04:40.0019 4720 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
10:04:40.0066 4720 ProfSvc - ok
10:04:40.0128 4720 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:40.0144 4720 ProtectedStorage - ok
10:04:40.0191 4720 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:04:40.0237 4720 Psched - ok
10:04:40.0362 4720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:04:40.0425 4720 ql2300 - ok
10:04:40.0549 4720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:04:40.0565 4720 ql40xx - ok
10:04:40.0612 4720 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:04:40.0659 4720 QWAVE - ok
10:04:40.0674 4720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:04:40.0721 4720 QWAVEdrv - ok
10:04:40.0752 4720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:04:40.0815 4720 RasAcd - ok
10:04:40.0861 4720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:04:40.0924 4720 RasAgileVpn - ok
10:04:40.0971 4720 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:04:41.0080 4720 RasAuto - ok
10:04:41.0142 4720 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:04:41.0205 4720 Rasl2tp - ok
10:04:41.0298 4720 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
10:04:41.0361 4720 RasMan - ok
10:04:41.0407 4720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:04:41.0470 4720 RasPppoe - ok
10:04:41.0517 4720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:04:41.0579 4720 RasSstp - ok
10:04:41.0641 4720 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:04:41.0719 4720 rdbss - ok
10:04:41.0782 4720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:04:41.0829 4720 rdpbus - ok
10:04:41.0860 4720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:04:41.0938 4720 RDPCDD - ok
10:04:41.0985 4720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:04:42.0031 4720 RDPENCDD - ok
10:04:42.0063 4720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:04:42.0109 4720 RDPREFMP - ok
10:04:42.0172 4720 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
10:04:42.0328 4720 RDPWD - ok
10:04:42.0390 4720 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:04:42.0406 4720 rdyboost - ok
10:04:42.0484 4720 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:04:42.0577 4720 RemoteAccess - ok
10:04:42.0640 4720 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:04:42.0749 4720 RemoteRegistry - ok
10:04:42.0843 4720 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
10:04:42.0952 4720 Revoflt - ok
10:04:42.0983 4720 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:04:43.0045 4720 RpcEptMapper - ok
10:04:43.0092 4720 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:04:43.0139 4720 RpcLocator - ok
10:04:43.0217 4720 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
10:04:43.0248 4720 RpcSs - ok
10:04:43.0311 4720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:04:43.0373 4720 rspndr - ok
10:04:43.0467 4720 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:04:43.0498 4720 RTL8167 - ok
10:04:43.0623 4720 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
10:04:43.0669 4720 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
10:04:43.0669 4720 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
10:04:43.0716 4720 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:43.0732 4720 SamSs - ok
10:04:43.0779 4720 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:04:43.0794 4720 sbp2port - ok
10:04:43.0857 4720 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:04:44.0059 4720 SCardSvr - ok
10:04:44.0106 4720 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:04:44.0169 4720 scfilter - ok
10:04:44.0262 4720 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
10:04:44.0371 4720 Schedule - ok
10:04:44.0434 4720 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:04:44.0465 4720 SCPolicySvc - ok
10:04:44.0512 4720 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
10:04:44.0543 4720 sdbus - ok
10:04:44.0605 4720 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
10:04:44.0746 4720 SDRSVC - ok
10:04:44.0855 4720 SeaPort (3e0cff5f0a9d23e327703d72cea5253f) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:04:44.0902 4720 SeaPort - ok
10:04:44.0949 4720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:04:45.0011 4720 secdrv - ok
10:04:45.0058 4720 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
10:04:45.0105 4720 seclogon - ok
10:04:45.0151 4720 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:04:45.0214 4720 SENS - ok
10:04:45.0229 4720 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:04:45.0339 4720 SensrSvc - ok
10:04:45.0370 4720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:04:45.0385 4720 Serenum - ok
10:04:45.0432 4720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:04:45.0463 4720 Serial - ok
10:04:45.0495 4720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:04:45.0541 4720 sermouse - ok
10:04:45.0604 4720 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
10:04:45.0729 4720 SessionEnv - ok
10:04:45.0775 4720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:04:45.0885 4720 sffdisk - ok
10:04:45.0931 4720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:04:45.0963 4720 sffp_mmc - ok
10:04:45.0994 4720 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:04:46.0025 4720 sffp_sd - ok
10:04:46.0072 4720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:04:46.0103 4720 sfloppy - ok
10:04:46.0181 4720 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:04:46.0290 4720 SharedAccess - ok
10:04:46.0353 4720 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
10:04:46.0415 4720 ShellHWDetection - ok
10:04:46.0477 4720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:04:46.0509 4720 SiSRaid2 - ok
10:04:46.0540 4720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:04:46.0571 4720 SiSRaid4 - ok
10:04:46.0602 4720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:04:46.0665 4720 Smb - ok
10:04:46.0711 4720 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:04:46.0743 4720 SNMPTRAP - ok
10:04:46.0774 4720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:04:46.0789 4720 spldr - ok
10:04:46.0867 4720 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
10:04:46.0961 4720 Spooler - ok
10:04:47.0211 4720 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
10:04:47.0382 4720 sppsvc - ok
10:04:47.0507 4720 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:04:47.0569 4720 sppuinotify - ok
10:04:47.0741 4720 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
10:04:47.0788 4720 SRTSP - ok
10:04:47.0819 4720 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
10:04:47.0819 4720 SRTSPX - ok
10:04:47.0897 4720 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:04:48.0006 4720 srv - ok
10:04:48.0053 4720 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:04:48.0115 4720 srv2 - ok
10:04:48.0193 4720 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:04:48.0256 4720 SrvHsfHDA - ok
10:04:48.0365 4720 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:04:48.0427 4720 SrvHsfV92 - ok
10:04:48.0583 4720 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:04:48.0615 4720 SrvHsfWinac - ok
10:04:48.0693 4720 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:04:48.0755 4720 srvnet - ok
10:04:48.0833 4720 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:04:48.0911 4720 SSDPSRV - ok
10:04:48.0942 4720 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:04:48.0989 4720 SstpSvc - ok
10:04:49.0020 4720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:04:49.0036 4720 stexstor - ok
10:04:49.0098 4720 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:04:49.0129 4720 StillCam - ok
10:04:49.0223 4720 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
10:04:49.0285 4720 stisvc - ok
10:04:49.0332 4720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:04:49.0363 4720 swenum - ok
10:04:49.0426 4720 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:04:49.0519 4720 swprv - ok
10:04:49.0629 4720 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
10:04:49.0675 4720 SymDS - ok
10:04:49.0753 4720 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
10:04:49.0800 4720 SymEFA - ok
10:04:49.0847 4720 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:04:49.0863 4720 SymEvent - ok
10:04:49.0909 4720 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
10:04:49.0941 4720 SymIRON - ok
10:04:49.0987 4720 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
10:04:50.0034 4720 SymNetS - ok
10:04:50.0175 4720 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
10:04:50.0237 4720 SynTP - ok
10:04:50.0471 4720 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
10:04:50.0549 4720 SysMain - ok
10:04:50.0627 4720 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
10:04:50.0674 4720 TabletInputService - ok
10:04:50.0736 4720 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
10:04:50.0783 4720 TapiSrv - ok
10:04:50.0814 4720 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:04:50.0845 4720 TBS - ok
10:04:51.0064 4720 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
10:04:51.0189 4720 Tcpip - ok
10:04:51.0469 4720 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
10:04:51.0516 4720 TCPIP6 - ok
10:04:51.0641 4720 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:04:51.0719 4720 tcpipreg - ok
10:04:51.0750 4720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:04:51.0828 4720 TDPIPE - ok
10:04:51.0891 4720 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
10:04:51.0953 4720 TDTCP - ok
10:04:52.0000 4720 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:04:52.0078 4720 tdx - ok
10:04:52.0125 4720 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:04:52.0140 4720 TermDD - ok
10:04:52.0218 4720 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
10:04:52.0312 4720 TermService - ok
10:04:52.0327 4720 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:04:52.0359 4720 Themes - ok
10:04:52.0405 4720 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:04:52.0437 4720 THREADORDER - ok
10:04:52.0468 4720 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:04:52.0530 4720 TrkWks - ok
10:04:52.0593 4720 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
10:04:52.0671 4720 TrustedInstaller - ok
10:04:52.0702 4720 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:04:52.0749 4720 tssecsrv - ok
10:04:52.0811 4720 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:04:52.0920 4720 tunnel - ok
10:04:52.0983 4720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:04:53.0029 4720 uagp35 - ok
10:04:53.0092 4720 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
10:04:53.0201 4720 udfs - ok
10:04:53.0263 4720 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:04:53.0295 4720 UI0Detect - ok
10:04:53.0326 4720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:04:53.0341 4720 uliagpkx - ok
10:04:53.0404 4720 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:04:53.0451 4720 umbus - ok
10:04:53.0513 4720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:04:53.0560 4720 UmPass - ok
10:04:53.0622 4720 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:04:53.0669 4720 upnphost - ok
10:04:53.0747 4720 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
10:04:53.0841 4720 usbaudio - ok
10:04:53.0872 4720 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\drivers\usbccgp.sys
10:04:53.0965 4720 usbccgp - ok
10:04:54.0012 4720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:04:54.0059 4720 usbcir - ok
10:04:54.0090 4720 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
10:04:54.0121 4720 usbehci - ok
10:04:54.0184 4720 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
10:04:54.0215 4720 usbfilter - ok
10:04:54.0309 4720 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
10:04:54.0355 4720 usbhub - ok
10:04:54.0387 4720 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
10:04:54.0418 4720 usbohci - ok
10:04:54.0496 4720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:04:54.0574 4720 usbprint - ok
10:04:54.0605 4720 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:04:54.0636 4720 usbscan - ok
10:04:54.0683 4720 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
10:04:54.0792 4720 USBSTOR - ok
10:04:54.0823 4720 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
10:04:54.0886 4720 usbuhci - ok
10:04:54.0964 4720 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
10:04:55.0026 4720 usbvideo - ok
10:04:55.0057 4720 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:04:55.0104 4720 UxSms - ok
10:04:55.0167 4720 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:55.0167 4720 VaultSvc - ok
10:04:55.0229 4720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:04:55.0245 4720 vdrvroot - ok
10:04:55.0307 4720 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
10:04:55.0369 4720 vds - ok
10:04:55.0432 4720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:04:55.0463 4720 vga - ok
10:04:55.0494 4720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:04:55.0557 4720 VgaSave - ok
10:04:55.0619 4720 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:04:55.0650 4720 vhdmp - ok
10:04:55.0697 4720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:04:55.0713 4720 viaide - ok
10:04:55.0728 4720 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:04:55.0744 4720 volmgr - ok
10:04:55.0806 4720 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:04:55.0837 4720 volmgrx - ok
10:04:55.0869 4720 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:04:55.0931 4720 volsnap - ok
10:04:55.0978 4720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:04:55.0993 4720 vsmraid - ok
10:04:56.0134 4720 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
10:04:56.0290 4720 VSS - ok
10:04:56.0430 4720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:04:56.0461 4720 vwifibus - ok
10:04:56.0493 4720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:04:56.0524 4720 vwififlt - ok
10:04:56.0571 4720 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:04:56.0586 4720 vwifimp - ok
10:04:56.0649 4720 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:04:56.0742 4720 W32Time - ok
10:04:56.0789 4720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:04:56.0820 4720 WacomPen - ok
10:04:56.0883 4720 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:04:56.0945 4720 WANARP - ok
10:04:56.0961 4720 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:04:56.0992 4720 Wanarpv6 - ok
10:04:57.0117 4720 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
10:04:57.0288 4720 wbengine - ok
10:04:57.0397 4720 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:04:57.0429 4720 WbioSrvc - ok
10:04:57.0491 4720 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
10:04:57.0616 4720 wcncsvc - ok
10:04:57.0631 4720 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:04:57.0678 4720 WcsPlugInService - ok
10:04:57.0756 4720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:04:57.0803 4720 Wd - ok
10:04:57.0850 4720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:04:57.0912 4720 Wdf01000 - ok
10:04:57.0943 4720 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:04:57.0990 4720 WdiServiceHost - ok
10:04:58.0006 4720 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:04:58.0021 4720 WdiSystemHost - ok
10:04:58.0068 4720 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
10:04:58.0162 4720 WebClient - ok
10:04:58.0209 4720 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:04:58.0271 4720 Wecsvc - ok
10:04:58.0318 4720 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:04:58.0380 4720 wercplsupport - ok
10:04:58.0427 4720 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:04:58.0474 4720 WerSvc - ok
10:04:58.0536 4720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:04:58.0583 4720 WfpLwf - ok
10:04:58.0614 4720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:04:58.0630 4720 WIMMount - ok
10:04:58.0692 4720 WinDefend - ok
10:04:58.0723 4720 WinHttpAutoProxySvc - ok
10:04:58.0786 4720 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:04:58.0864 4720 Winmgmt - ok
10:04:59.0035 4720 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
10:04:59.0207 4720 WinRM - ok
10:04:59.0425 4720 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
10:04:59.0457 4720 WinUsb - ok
10:04:59.0550 4720 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:04:59.0613 4720 Wlansvc - ok
10:04:59.0893 4720 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:04:59.0987 4720 wlidsvc - ok
10:05:00.0159 4720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:05:00.0190 4720 WmiAcpi - ok
10:05:00.0268 4720 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:05:00.0315 4720 wmiApSrv - ok
10:05:00.0393 4720 WMPNetworkSvc - ok
10:05:00.0439 4720 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:05:00.0502 4720 WPCSvc - ok
10:05:00.0533 4720 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
10:05:00.0642 4720 WPDBusEnum - ok
10:05:00.0673 4720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:05:00.0736 4720 ws2ifsl - ok
10:05:00.0814 4720 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
10:05:00.0923 4720 wscsvc - ok
10:05:00.0923 4720 WSearch - ok
10:05:01.0126 4720 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
10:05:01.0219 4720 wuauserv - ok
10:05:01.0360 4720 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:05:01.0422 4720 WudfPf - ok
10:05:01.0469 4720 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
10:05:01.0531 4720 wudfsvc - ok
10:05:01.0578 4720 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:05:01.0641 4720 WwanSvc - ok
10:05:01.0719 4720 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
10:05:01.0765 4720 yukonw7 - ok
10:05:01.0812 4720 MBR (0x1B8) (4287d1c7c777c7cdd9ab892338678e65) \Device\Harddisk0\DR0
10:05:01.0937 4720 \Device\Harddisk0\DR0 - ok
10:05:01.0984 4720 Boot (0x1200) (f8f93b2a992e9caf3fc590dcac339c5f) \Device\Harddisk0\DR0\Partition0
10:05:01.0999 4720 \Device\Harddisk0\DR0\Partition0 - ok
10:05:02.0015 4720 Boot (0x1200) (07ef4458efa0038db2a13c78e83a9055) \Device\Harddisk0\DR0\Partition1
10:05:02.0015 4720 \Device\Harddisk0\DR0\Partition1 - ok
10:05:02.0062 4720 Boot (0x1200) (c79f6b48554c10b995799d277225ffc6) \Device\Harddisk0\DR0\Partition2
10:05:02.0062 4720 \Device\Harddisk0\DR0\Partition2 - ok
10:05:02.0093 4720 Boot (0x1200) (fa5c85adaadbde681789ae090c4fbbd6) \Device\Harddisk0\DR0\Partition3
10:05:02.0093 4720 \Device\Harddisk0\DR0\Partition3 - ok
10:05:02.0093 4720 ============================================================
10:05:02.0093 4720 Scan finished
10:05:02.0093 4720 ============================================================
10:05:02.0155 4712 Detected object count: 1
10:05:02.0155 4712 Actual detected object count: 1
10:10:56.0208 4712 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
10:10:56.0208 4712 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:42.0882 4480 Deinitialize success

About the OTL logs:

I did as requested, and selected "Run anyway" when Norton prompted me to run....but, SONAR swooped in and removed the program

I'm sorry - I'll try to reinstall and post, but thought I'd send what I had for now.

cinderblock · 11:35 AM

Got ComboFix to run

In other words, I finally figured out how to fully disable Norton

Log follows:

ComboFix 12-05-13.03 - brandon 05/14/2012 10:50:29.4.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.743 [GMT -4:00]
Running from: c:\users\brandon\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\brandon\AppData\Roaming\result.db
c:\users\brandon\HRBlock_DeluxeSE_2011_Update_C.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 15:03 . 2012-05-14 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\users\brandon\AppData\Roaming\Malwarebytes
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\programdata\Malwarebytes
2012-05-13 18:52 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-12 05:56 . 2011-06-08 22:35 778088 ---ha-w- c:\windows\system32\HPDiscoPMa011.dll
2012-05-12 05:54 . 2012-05-12 05:54 -------- d-----w- c:\program files\HP
2012-05-12 04:30 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-05-12 04:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-05-12 04:17 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-05-12 04:17 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-05-12 04:17 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-12 04:17 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-05-12 04:17 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-05-12 04:17 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-05-12 04:17 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-12 04:17 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-05-12 04:17 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-12 04:17 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-05-12 04:01 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-05-12 04:00 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-12 03:59 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll
2012-05-12 03:45 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-05-12 03:45 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-12 03:45 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-05-12 03:45 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-05-12 03:45 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-12 03:45 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-12 03:44 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-12 03:44 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-12 03:44 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-05-12 03:44 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-05-12 03:44 . 2012-05-12 03:44 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-12 03:40 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-12 03:40 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-05-12 03:40 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-05-12 03:40 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-05-12 03:40 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-12 03:40 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-12 03:40 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-12 03:35 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-05-12 03:33 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-12 03:33 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-12 03:32 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-12 03:32 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-12 03:32 . 2011-08-17 04:26 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-05-12 03:32 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-05-12 03:32 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-05-12 03:32 . 2011-08-17 05:27 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-05-12 03:32 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-05-12 03:32 . 2011-08-17 04:22 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-05-12 03:32 . 2011-08-17 04:22 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2012-05-12 03:32 . 2011-08-17 04:22 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-05-12 03:29 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2012-05-12 03:29 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-12 03:29 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-12 03:29 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-12 03:18 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-12 03:18 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-12 03:18 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-12 03:18 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-12 03:18 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-12 03:18 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-12 03:18 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-12 03:15 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2012-05-12 03:15 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-05-12 03:15 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2012-05-12 03:15 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-05-12 03:14 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-12 03:14 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-05-12 03:14 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-05-12 03:14 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-05-12 03:14 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-05-12 03:12 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-05-12 03:12 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-12 03:12 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-12 03:12 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-12 03:12 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-05-12 03:11 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-12 03:11 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-12 03:11 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-05-12 03:11 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-05-12 03:11 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-05-12 03:11 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-05-12 03:11 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-05-12 03:11 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-05-12 03:11 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-05-12 03:11 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-05-12 03:11 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-05-12 03:11 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-05-12 03:02 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 03:02 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-05-12 03:02 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-05-12 02:58 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-05-12 02:58 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-12 02:58 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-05-12 02:58 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-05-12 02:57 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-12 02:57 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-12 02:55 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-12 02:55 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-12 02:55 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-12 02:55 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-10 00:57 . 2012-05-10 00:57 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-10 00:35 . 2012-05-10 00:41 -------- d-----w- c:\program files\Symantec
2012-05-10 00:35 . 2012-05-10 00:41 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-10 00:35 . 2012-05-10 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-05-10 00:34 . 2012-05-12 02:37 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-05-10 00:29 . 2012-05-10 00:59 -------- d-----w- c:\users\brandon\AppData\Local\LogMeIn Rescue Applet
2012-05-07 04:38 . 2012-05-07 04:38 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-07 00:51 . 2012-05-07 00:51 -------- d-----w- c:\users\brandon\AppData\Local\VS Revo Group
2012-05-07 00:51 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-07 00:51 . 2012-05-07 00:51 -------- d-----w- c:\program files\VS Revo Group
2012-05-06 23:08 . 2012-05-06 23:08 -------- d-----w- c:\programdata\GID
2012-04-23 03:07 . 2012-05-09 00:00 -------- d-----w- c:\programdata\Recovery
2012-04-23 02:08 . 2012-04-23 02:08 -------- d-----w- C:\N360_BACKUP
2012-04-23 01:36 . 2012-05-12 00:46 -------- d-----w- c:\users\brandon\AppData\Local\NPE
2012-04-22 21:19 . 2012-04-22 21:19 -------- d-----w- c:\users\brandon\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 23:11 . 2012-03-31 14:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:11 . 2012-03-31 14:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 23:11 . 2012-04-13 23:47 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-26 04:03 . 2012-03-26 04:04 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-03-26 04:03 . 2012-03-26 04:04 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-03-26 04:03 . 2012-03-26 04:04 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-03-26 04:03 . 2012-03-26 04:04 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-03-26 04:03 . 2012-03-26 04:04 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2012-03-26 04:03 . 2012-03-26 04:04 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2012-03-26 04:03 . 2012-03-26 04:04 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-03-26 04:03 . 2012-03-26 04:04 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-03-26 04:03 . 2012-03-26 04:04 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2012-03-26 04:03 . 2012-03-26 04:04 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-03-26 04:02 . 2011-04-09 08:45 1251944 ----a-w- c:\windows\RtlExUpd.dll
2012-02-23 14:18 . 2011-08-19 04:05 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 21:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
c:\users\brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-05-07 1160824]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSvia64.sys [2012-05-09 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-10 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:11]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForbrandon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
steamdvr
proxyhostmirrordisplay
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-05-14 11:21:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-14 15:21

.
Pre-Run: 158,958,227,456 bytes free
Post-Run: 158,376,873,984 bytes free
.
- - End Of File - - 4BCCC1164AF3EB405B81BB6C8BF3E16B

kevinf80 · 14-May-2012, 03:16 PM **#24**

OK do the following, (No sign of za rootkit

)

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:

KillAll::
ClearJavaCache::
File::
Folder:
c:\program files (x86)\Ask.com
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Norton must be off for this one to....

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Leave the tick out of remove found threats
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see those two logs, also give an update on current issues/concerns....

Kevin

cinderblock · 14-May-2012, 11:35 PM **#25**

Hey Kevin,

Here's Log #1:

ComboFix 12-05-13.03 - brandon 05/14/2012 22:54:18.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.1014 [GMT -4:00]
Running from: c:\users\brandon\Desktop\ComboFix.exe
Command switches used :: c:\users\brandon\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 03:06 . 2012-05-15 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 17:36 . 2012-05-14 17:36 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-14 17:36 . 2012-05-14 17:36 -------- d-----w- c:\windows\system32\Wat
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\users\brandon\AppData\Roaming\Malwarebytes
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\programdata\Malwarebytes
2012-05-13 18:52 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-12 05:56 . 2011-06-08 22:35 778088 ---ha-w- c:\windows\system32\HPDiscoPMa011.dll
2012-05-12 05:54 . 2012-05-12 05:54 -------- d-----w- c:\program files\HP
2012-05-12 04:30 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-05-12 04:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-05-12 04:17 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-05-12 04:17 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-05-12 04:17 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-12 04:17 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-05-12 04:17 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-05-12 04:17 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-05-12 04:17 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-12 04:17 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-05-12 04:17 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-12 04:17 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-05-12 04:01 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-05-12 04:00 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-12 03:59 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll
2012-05-12 03:45 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-05-12 03:45 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-12 03:45 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-05-12 03:45 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-05-12 03:45 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-12 03:45 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-12 03:44 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-12 03:44 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-12 03:44 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-05-12 03:44 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-05-12 03:44 . 2012-05-12 03:44 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-12 03:40 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-12 03:40 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-05-12 03:40 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-05-12 03:40 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-05-12 03:40 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-12 03:40 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-12 03:40 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-12 03:35 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-05-12 03:33 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-12 03:33 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-12 03:32 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-12 03:32 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-12 03:32 . 2011-08-17 04:26 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-05-12 03:32 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-05-12 03:32 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-05-12 03:32 . 2011-08-17 05:27 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-05-12 03:32 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-05-12 03:32 . 2011-08-17 04:22 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-05-12 03:32 . 2011-08-17 04:22 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2012-05-12 03:32 . 2011-08-17 04:22 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-05-12 03:29 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2012-05-12 03:29 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-12 03:29 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-12 03:29 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-12 03:18 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-12 03:18 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-12 03:18 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-12 03:18 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-12 03:18 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-12 03:18 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-12 03:18 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-12 03:16 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-05-12 03:16 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2012-05-12 03:16 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-05-12 03:16 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-05-12 03:16 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-05-12 03:16 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 03:16 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-05-12 03:16 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-05-12 03:16 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-05-12 03:16 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-05-12 03:16 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-05-12 03:15 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2012-05-12 03:15 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-05-12 03:15 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2012-05-12 03:15 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-05-12 03:14 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-12 03:14 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-05-12 03:14 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-05-12 03:14 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-05-12 03:14 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-05-12 03:12 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-05-12 03:12 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-12 03:12 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-12 03:12 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-12 03:12 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-05-12 03:11 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-12 03:11 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-12 03:11 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-05-12 03:11 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-05-12 03:11 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-05-12 03:11 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-05-12 03:11 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-05-12 03:11 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-05-12 03:11 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-05-12 03:11 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-05-12 03:11 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-05-12 03:11 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-05-12 03:02 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 03:02 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-05-12 03:02 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-05-12 02:58 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-05-12 02:58 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-12 02:58 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-05-12 02:58 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-05-12 02:57 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-12 02:57 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-12 02:55 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-12 02:55 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-12 02:55 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-12 02:55 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-10 00:57 . 2012-05-10 00:57 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-10 00:35 . 2012-05-10 00:41 -------- d-----w- c:\program files\Symantec
2012-05-10 00:35 . 2012-05-10 00:41 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-10 00:35 . 2012-05-10 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-05-10 00:34 . 2012-05-12 02:37 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\NortonInstaller
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 23:11 . 2012-03-31 14:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:11 . 2012-03-31 14:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 23:11 . 2012-04-13 23:47 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-26 04:03 . 2012-03-26 04:04 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-03-26 04:03 . 2012-03-26 04:04 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-03-26 04:03 . 2012-03-26 04:04 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-03-26 04:03 . 2012-03-26 04:04 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-03-26 04:03 . 2012-03-26 04:04 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2012-03-26 04:03 . 2012-03-26 04:04 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2012-03-26 04:03 . 2012-03-26 04:04 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-03-26 04:03 . 2012-03-26 04:04 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-03-26 04:03 . 2012-03-26 04:04 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2012-03-26 04:03 . 2012-03-26 04:04 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-03-26 04:02 . 2011-04-09 08:45 1251944 ----a-w- c:\windows\RtlExUpd.dll
2012-02-23 14:18 . 2011-08-19 04:05 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-14_15.07.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-15 02:16 . 2012-05-15 02:16 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 66048 c:\windows\SysWOW64\icardie.dll
+ 2010-07-11 01:39 . 2012-05-15 03:11 60148 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-15 03:12 51534 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-18 06:12 . 2012-05-15 03:12 20644 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-554974647-341856259-1591196108-1000_UserData.bin
+ 2012-05-15 02:16 . 2012-05-15 02:16 91648 c:\windows\system64\SetIEInstalledDate.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system64\RegisterIEPKEYs.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 65024 c:\windows\system64\pngfilt.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 48640 c:\windows\system64\mshtmler.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 96256 c:\windows\system64\mshtmled.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 12288 c:\windows\system64\mshta.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 10752 c:\windows\system64\msfeedssync.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 55296 c:\windows\system64\msfeedsbs.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 86528 c:\windows\system64\migration\WininetPlugin.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 30720 c:\windows\system64\licmgr10.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system64\jsproxy.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 49664 c:\windows\system64\imgutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system64\iesetup.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 39936 c:\windows\system64\iernonce.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system64\ie4uinit.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 82432 c:\windows\system64\icardie.dll
- 2011-06-18 10:08 . 2012-05-13 18:08 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-06-18 10:08 . 2012-05-15 02:24 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-06-18 10:08 . 2012-05-15 02:24 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2011-06-18 10:08 . 2012-05-13 18:08 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-13 18:08 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 02:24 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2010-07-11 01:39 . 2012-05-15 02:23 59992 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-15 02:23 51510 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-18 06:12 . 2012-05-15 02:04 20470 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-554974647-341856259-1591196108-1000_UserData.bin
+ 2012-05-15 02:16 . 2012-05-15 02:16 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 65024 c:\windows\system32\pngfilt.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 48640 c:\windows\system32\mshtmler.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 96256 c:\windows\system32\mshtmled.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 12288 c:\windows\system32\mshta.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 10752 c:\windows\system32\msfeedssync.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 30720 c:\windows\system32\licmgr10.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system32\jsproxy.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 49664 c:\windows\system32\imgutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system32\iesetup.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 39936 c:\windows\system32\iernonce.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system32\ie4uinit.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 82432 c:\windows\system32\icardie.dll
+ 2011-06-18 10:08 . 2012-05-15 02:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2011-06-18 10:08 . 2012-05-13 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2011-06-18 10:08 . 2012-05-13 18:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2011-06-18 10:08 . 2012-05-15 02:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 02:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-13 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2011-06-18 17:24 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
- 2011-06-18 17:24 . 2012-05-14 13:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2009-07-14 04:46 . 2012-05-15 02:23 78344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\Cache\cache.dat
- 2011-06-18 17:24 . 2012-05-14 13:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
+ 2011-06-18 17:24 . 2012-05-15 02:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
+ 2011-06-18 17:24 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
- 2011-06-18 17:24 . 2012-05-14 13:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
+ 2011-06-18 06:13 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2011-06-18 06:13 . 2012-05-14 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2011-06-18 06:13 . 2012-05-14 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2011-06-18 06:13 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
- 2012-05-14 15:05 . 2012-05-14 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-15 03:08 . 2012-05-15 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-15 03:08 . 2012-05-15 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-14 15:05 . 2012-05-14 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 231936 c:\windows\SysWOW64\url.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 123392 c:\windows\SysWOW64\occache.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 580608 c:\windows\SysWOW64\msfeeds.dll
- 2012-05-12 03:30 . 2011-10-14 04:42 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 176640 c:\windows\SysWOW64\ieui.dll
- 2012-05-12 03:30 . 2012-02-28 05:37 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system64\wextract.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 249344 c:\windows\system64\webcheck.dll
+ 2011-06-18 17:43 . 2012-05-14 17:31 264066 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-05-14 17:36 . 2012-05-14 17:36 152888 c:\windows\system64\Wat\WatWeb.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 249656 c:\windows\system64\Wat\WatUX.exe
+ 2012-05-14 17:36 . 2012-05-14 17:36 138664 c:\windows\system64\Wat\npWatWeb.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 603648 c:\windows\system64\vbscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 237056 c:\windows\system64\url.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 149504 c:\windows\system64\occache.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 197120 c:\windows\system64\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system64\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 222208 c:\windows\system64\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 697344 c:\windows\system64\msfeeds.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 818688 c:\windows\system64\jscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 103936 c:\windows\system64\inseng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 165888 c:\windows\system64\iexpress.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 173056 c:\windows\system64\ieUnatt.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 248320 c:\windows\system64\ieui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 111616 c:\windows\system64\iesysprep.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 145920 c:\windows\system64\iepeers.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 403248 c:\windows\system64\iedkcs32.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 534528 c:\windows\system64\ieapfltr.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 163840 c:\windows\system64\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system64\ieakui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 267776 c:\windows\system64\ieaksie.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system64\ieaksie.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system64\ieakeng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 135168 c:\windows\system64\IEAdvpack.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 282112 c:\windows\system64\dxtrans.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 452608 c:\windows\system64\dxtmsft.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 114176 c:\windows\system64\admparse.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system32\wextract.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 249344 c:\windows\system32\webcheck.dll
+ 2011-06-18 17:43 . 2012-05-14 17:31 264066 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-05-14 17:36 . 2012-05-14 17:36 152888 c:\windows\system32\Wat\WatWeb.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 249656 c:\windows\system32\Wat\WatUX.exe
+ 2012-05-14 17:36 . 2012-05-14 17:36 138664 c:\windows\system32\Wat\npWatWeb.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 603648 c:\windows\system32\vbscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 237056 c:\windows\system32\url.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 149504 c:\windows\system32\occache.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 197120 c:\windows\system32\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 222208 c:\windows\system32\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 697344 c:\windows\system32\msfeeds.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 818688 c:\windows\system32\jscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 103936 c:\windows\system32\inseng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 165888 c:\windows\system32\iexpress.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 173056 c:\windows\system32\ieUnatt.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 248320 c:\windows\system32\ieui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 111616 c:\windows\system32\iesysprep.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 145920 c:\windows\system32\iepeers.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 403248 c:\windows\system32\iedkcs32.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 267776 c:\windows\system32\ieaksie.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system32\ieakeng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 282112 c:\windows\system32\dxtrans.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 452608 c:\windows\system32\dxtmsft.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 114176 c:\windows\system32\admparse.dll
- 2009-07-14 05:01 . 2012-05-14 15:04 261972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-15 03:07 261972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-18 03:22 . 2012-05-15 03:07 262740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-554974647-341856259-1591196108-1000-8192.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 1390080 c:\windows\system64\wininet.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 1255736 c:\windows\system64\Wat\WatAdminSvc.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 1345536 c:\windows\system64\urlmon.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 2308096 c:\windows\system64\jscript9.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 2144256 c:\windows\system64\iertutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 3695416 c:\windows\system64\ieapfltr.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 1390080 c:\windows\system32\wininet.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 1255736 c:\windows\system32\Wat\WatAdminSvc.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 1345536 c:\windows\system32\urlmon.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 2308096 c:\windows\system32\jscript9.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 2144256 c:\windows\system32\iertutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 3695416 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2012-05-15 02:23 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-05-13 18:09 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat
+ 2011-04-09 09:28 . 2012-05-15 03:07 1434328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-09 09:28 . 2012-05-14 15:04 1434328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 12282368 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-05-14 03:49 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-15 02:35 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 17790464 c:\windows\system64\mshtml.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 10887168 c:\windows\system64\ieframe.dll
- 2009-07-14 02:34 . 2012-05-14 03:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-15 02:35 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 17790464 c:\windows\system32\mshtml.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 10887168 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
c:\users\brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-05-07 1160824]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120512.001\IDSvia64.sys [2012-05-09 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-10 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:11]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForbrandon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
steamdvr
proxyhostmirrordisplay
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-05-14 23:26:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 03:26
ComboFix2.txt 2012-05-14 15:21
.
Pre-Run: 158,679,093,248 bytes free
Post-Run: 158,323,388,416 bytes free
.
- - End Of File - - E956E4CEE45B9C6BEE23A575317E0E20

Log #2 to follow.....

cinderblock · 15-May-2012, 01:39 AM **#26**

C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows\assembly\temp\U\80000000.@ Win64/Sirefef.W trojan
C:\Windows\system64\SE2Dmdm.dll Win64/Sirefef.W trojan

did you want this one too?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

cinderblock · 15-May-2012, 01:50 AM **#27**

Only took a couple hours

I did notice when the computer was first turned on (after running ComboFix earlier today) There were a ridiculous number of Windows updates loaded (like 30K ... or maybe only 3K ++). Also, spell check no longer works in Word

. When the internet was launched, it took about 45 seconds to load, but seems to be pretty speedy now. Oh, and - it loaded with IE9 (had IE8, I think). I didn't know what to answer when it asked if I wanted to use the recommended security settings...

It's going on 2am so I'm heading to bed. Talk soon - and, as always, THANK YOU !!!!

KEVIN

kevinf80 · 15-May-2012, 04:34 AM **#28**

Not sure about word spell checker, we`ll have a look at that later. The reason for large amount of windows updates will be down to the infection stopping them previously.

Regarding recommended security settings for IE 9, if offered accept them. If you do not like IE 9 you can UNinstall and it will roll back to the previous version...

There a couple of baddies still on your system (identified by ESET) also a lot of dross/cookies and general build up of temporary files, we`ll get rid now.

OK do the following:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)
C:\ProgramData\Tarma Installer
C:\Users\All Users\Tarma Installer
C:\Windows\assembly\temp\U\80000000.@
C:\Windows\system64\SE2Dmdm.dll

:Commands
[EmptyTemp]
[RestHosts]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see the log from OTM, give update on ANY remaining issues.... what version of "Word" are you using, is it part of MS Office; if so what version eg MS 2010

Kevin

cinderblock · 15-May-2012, 10:57 AM **#29**

Kevin - Me thinks the first line is a good one

You too?

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\brandon\Desktop\cmd.bat deleted successfully.
C:\Users\brandon\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals) folder moved successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
File/Folder C:\Users\All Users\Tarma Installer not found.
C:\Windows\assembly\temp\U\80000000.@ moved successfully.
LoadLibrary failed for C:\Windows\system64\SE2Dmdm.dll
C:\Windows\system64\SE2Dmdm.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: brandon
->Temp folder emptied: 151 bytes
->Temporary Internet Files folder emptied: 52422956 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 27676 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9164 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 36028370 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 84.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 05152012_103703
Files moved on Reboot...
C:\Users\brandon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...

I did notice a pop-up (or two) while on-line today....which I don't really get at all on the computer I usually use.

Looks like Word is 2002

I now see Office Suite 2010 under All Programs, but it will require installation and I don't have much time right now....

Quick question - I've noticed there are two Program files on C: - one titled "Program Files" and the other "Program Files (x86). I'm accustomed to working with XP and this computer is Win7, so maybe this is normal for Win7. Was just wondering why both folders are required...or are they?

Also along the XP-Win7 lines, under Start "All programs" looks sooooo different. It's hard to find things (for me anyway). Is there anyway to make it look more like XP?

I'll try to report later tonight. ENJOY YOUR DAY

kevinf80 · 15-May-2012, 11:37 AM **#30**

Is your Popup blocker actually turned on? for IE explorer select > tools > popup blocker, if it shows as turned OFF, turn it on.

If it is already ON, select > popup blocker settings > what is the "Blocking Level" setting, should be either "Medium" or "High" depending on your personal preferences...

Your version of windows is 64 bit. Most programs for your system will be 64 bit. Program Files is for 64 bit applications. Some programs are only available in 32 bit format, Your OS can still run those and will configure itself to do it.

Program Files x86 is for 32 bit applications. Windows is smart enough to know which one they got into, so don`t worry about them...

Let me know how your system is responding, apart from spell checker. that will probably right itself if you install the MS office 2010 suite.

Not sure how to configure W7 to run like XP, you may have to take that up with the Technical guys over at the Operating System section when we`re done here...Okey dokey....

Kevin

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Solved: globalroot\systemroot\assembly\temp\U.....

Find the solution to your computer problem!

Find the solution to your
computer problem!