Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Virus, Trojan Horses, IE shutdowns, etc

  1. #1
    Junior Member
    Join Date
    Apr 2006
    Posts
    29

    Default

    I have been having issues the last couple days. I keep getting a file on my desktop titles pljtxaetzk.tmp. I keep deleting and it keeps coming back, it says it is 0 kb. My Norton Internet Security keeps popping up with files and such that it finds as problems and I have to restart. Some of the files are microsoftdata.dll, mousenotifierbackup.dll, conduitdata.dll and slp7162874015064228029.tmp. There are probally a few more, but just wanted to list a couple. I had also been having to shutdown IE alot, but since running spybot S&D it has not happened again. Every once in awhile I do get full IE windows opening up for various websites.

    Here is the dds log.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
    Run by Brian at 15:39:58 on 2011-12-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4791.2538 [GMT -6:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
    C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\msiexec.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://manuals.info.apple.com/en_US/iphone_user_guide.pdf
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [winupd] C:\Users\Brian\AppData\Local\Temp:winupd.exe
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
    mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Users\Brian\AppData\Local\Temp\YahooWidgets.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: cinemanow.com
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: sonic.com\redirect
    Trusted Zone: sonic.com\redirect2
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{2AE834AC-9CD1-4140-B188-7725B5817292} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{50B7350A-D023-42FE-8124-23FED783F6A6} : DhcpNameServer = 192.168.0.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
    mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\eq4u3k7t.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\eq4u3k7t.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216]
    R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20111223.001\IDSviA64.sys [2011-12-23 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-11 126400]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-20 1153368]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-11 138360]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-12-24 19:47:13 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2011-12-24 19:47:13 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2011-12-24 19:47:13 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2011-12-24 19:47:13 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-24 19:45:59 -------- d-----w- C:\Users\Brian\AppData\Local\{13A24111-64BE-4A3C-9C2F-B30DCA8B3C47}
    2011-12-24 04:08:24 -------- d-----w- C:\Users\Brian\AppData\Local\{67FBAD34-E2C8-43C3-B958-5866076D9A72}
    2011-12-24 03:53:53 -------- d-----w- C:\Users\Brian\AppData\Local\{8C3F97E5-FBBE-4F01-A56D-DAB068BE2108}
    2011-12-24 03:35:22 -------- d-----w- C:\Users\Brian\AppData\Local\{10516534-CE20-4BCD-AB94-BB195B0ACD34}
    2011-12-23 13:31:58 -------- d-----w- C:\Users\Brian\AppData\Local\{21DFFD81-C6CD-4C84-BB1B-7EB000EE8BEC}
    2011-12-23 13:22:51 -------- d-----w- C:\Users\Brian\AppData\Local\{3DB1FC43-1FF4-4238-9508-5910F28A655B}
    2011-12-22 05:24:04 -------- d-----w- C:\Users\Brian\AppData\Local\{1FBBE902-0E63-4F1C-898A-4DE7275EDE34}
    2011-12-22 05:19:39 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2011-12-22 05:09:43 -------- d-----w- C:\Users\Brian\AppData\Local\{0323A6C2-5401-4730-BFF0-FC59090C619F}
    2011-12-22 04:15:46 -------- d-----w- C:\Users\Brian\AppData\Local\{615644A4-EF1E-450D-8DD5-D231BCA684F3}
    2011-12-22 04:08:52 -------- d-----w- C:\Users\Brian\AppData\Local\{7F4EA752-DBD9-4C2E-BB68-96CB44DF4D46}
    2011-12-21 00:41:46 -------- d-----w- C:\Users\Brian\AppData\Local\{F688EEAB-249F-4A65-93EE-79A10636AA61}
    2011-12-20 23:37:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-12-20 23:37:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-12-20 23:33:31 -------- d-----w- C:\Users\Brian\AppData\Local\{A93B86BC-9614-40E0-9387-EEEECC8EB676}
    2011-12-20 23:17:02 -------- d-----w- C:\Users\Brian\AppData\Local\{A6BDDB56-B167-4049-9C31-0FD4286FF071}
    2011-12-19 10:18:20 -------- d-----w- C:\Users\Brian\AppData\Local\{92575ECC-CC2B-42E1-9925-DDB1B414DDEC}
    2011-12-19 03:13:49 -------- d-----w- C:\Users\Brian\AppData\Local\{6B0DF4CA-76AF-410F-81EB-5308C93011B0}
    2011-12-19 03:05:56 -------- d-----w- C:\Users\Brian\AppData\Local\{5D8E5A8D-7FEB-4604-921C-A540BF7494DB}
    2011-12-19 01:45:12 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-12-19 01:45:12 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-12-19 01:45:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-19 01:45:01 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-19 01:45:00 1013248 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2011-12-19 01:43:10 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-12-19 01:43:10 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-12-19 01:43:10 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-12-19 01:43:10 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-12-18 21:19:24 -------- d-----w- C:\Users\Brian\AppData\Local\{2B929096-C597-4558-BD70-BDE9B1481A50}
    2011-12-18 19:02:04 -------- d-----w- C:\Users\Brian\AppData\Local\{171FDA0A-96D9-4889-8E04-12990CDA81F4}
    2011-12-18 15:01:54 -------- d-----w- C:\Users\Brian\AppData\Local\{114C2693-6C2B-45AA-86DA-AB0E607DB0F2}
    2011-12-18 01:47:10 -------- d-----w- C:\Users\Brian\AppData\Local\{61027C6A-5F76-46A1-8B21-1BE0862A2541}
    2011-12-17 18:07:36 115712 ----a-w- C:\Windows\SysWow64\srrstr.dll
    2011-12-17 14:55:48 -------- d-----w- C:\Users\Brian\AppData\Local\{B00317C2-9A96-4944-9C32-7D8C4C0FAEAD}
    2011-12-17 14:43:23 -------- d-----w- C:\Users\Brian\AppData\Local\{D9D6C1A9-A143-4F66-9358-C394FFBBF8BB}
    2011-12-17 14:18:55 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-12-17 14:18:55 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-12-17 14:18:55 121816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-12-17 14:18:54 97240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2011-12-17 14:18:54 814040 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-12-17 14:18:54 486360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-12-17 14:18:54 2124760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2011-12-17 14:18:54 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2011-12-17 13:26:48 -------- d-----w- C:\Users\Brian\AppData\Local\{8F77286C-F4EF-44D0-8B0D-1EF32DDC4436}
    2011-12-17 05:40:38 -------- d-----w- C:\Users\Brian\AppData\Local\{29F3492F-83DD-40E6-8E37-2A18A36DBD5A}
    2011-12-16 00:33:38 -------- d-----w- C:\Users\Brian\AppData\Local\{EE621C8A-7869-4A69-8098-6B0BE8F035F0}
    2011-12-14 23:46:35 -------- d-----w- C:\Users\Brian\AppData\Local\{B5511260-4D64-4EFE-BE23-E3CF344AFF2E}
    2011-12-14 04:10:23 -------- d-----w- C:\Users\Brian\AppData\Local\{9B3289EB-B654-4EA0-8FC1-E98F4BFB8464}
    2011-12-12 23:21:38 -------- d-----w- C:\Users\Brian\AppData\Local\{47365A9A-F5F6-4DBE-B8CA-D49B830CC84F}
    2011-12-11 05:02:52 -------- d-----w- C:\Users\Brian\AppData\Local\{EB6E08F8-B728-4E55-AB26-7A706219D863}
    2011-12-10 15:07:51 -------- d-----w- C:\Users\Brian\AppData\Local\{A9DE6F97-0504-43A4-AC3F-6C08DBF059CD}
    2011-12-09 15:48:16 -------- d-----w- C:\Users\Brian\AppData\Local\{6871A0C2-7CF5-497C-82A5-60744AE1BCE1}
    2011-12-09 00:59:38 -------- d-----w- C:\Users\Brian\AppData\Local\{88937DC2-3EAA-4104-8B69-CCF9C736BF18}
    2011-12-07 23:31:32 -------- d-----w- C:\Users\Brian\AppData\Local\{B0F52AC8-FCA4-482C-BE91-E60ABD4F391B}
    2011-12-07 04:26:35 -------- d-----w- C:\Users\Brian\AppData\Local\{3D691AAA-82EE-427D-BD84-5C1ACCCD2767}
    2011-12-05 23:39:56 -------- d-----w- C:\Users\Brian\AppData\Local\{C39335D9-84EE-483D-97AF-A2DC26B6CFFF}
    2011-12-03 14:58:43 -------- d-----w- C:\Users\Brian\AppData\Local\{2C164740-84CE-4CB6-8373-6BF9504B66D7}
    2011-12-03 14:36:50 -------- d-----w- C:\Users\Brian\AppData\Local\{29086474-E78B-4486-9BDF-4DCBCB08914F}
    2011-12-02 04:00:44 -------- d-----w- C:\Users\Brian\AppData\Local\{25376C85-FB6D-4584-88C4-1B6AA0D9BDFA}
    2011-12-01 16:23:08 -------- d-----w- C:\Users\Brian\AppData\Local\{CFE4861A-27F9-49CE-A198-1438B34AE5E2}
    2011-12-01 01:16:50 -------- d-----w- C:\Users\Brian\AppData\Local\{9B3E72D0-D94C-4EC3-8165-B6802ABCCE56}
    2011-11-30 10:10:06 -------- d-----w- C:\Users\Brian\AppData\Local\{1B91010A-0C78-4051-91C8-5C80A08CF3AC}
    2011-11-29 01:21:49 -------- d-----w- C:\Users\Brian\AppData\Local\{55EB4050-BB4D-48A6-BC7D-8C4895059E95}
    .
    ==================== Find3M ====================
    .
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 15:40:47.53 ===============

    I forgot to mention that I am having problems with adobe. I have Adobe reader 9.4.5 and canot update or remove because it says there is already a instalation in progress.

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi photographer,

    If you still need help:

    1)  Please download TDSS Killer.exe and save it to your desktop
    Double click to launch the utility. After it initializes click the start scan button.

    Once the scan completes you can click the continue button.

    "The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

    "After clicking Next, the utility applies selected actions and outputs the result."

    "A reboot might require after disinfection."

    A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)

    2) Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Apr 2006
    Posts
    29

    Default Things are worse

    Yes I am still having issues, as a matter of fact it will not boot. I get the HP splash screen then the screen from bios showing hard drives then all I have is a blinking cursor. I was talking to a buddy of mine and he had me get the Hirens boot cd and try booting with that. I did boot into mini xp and then accidently booted to hard drive and it did. I did run malware bytes and it did find 11 trojans. In telling him the problems he thinks it is Win7 antispyware 2012 that I got. I will run TDSS killer and see what happens. Thank you for response.

  4. #4
    Junior Member
    Join Date
    Apr 2006
    Posts
    29

    Default Ran TDSS Killer

    It found a file Rootkit.boot.Pihar.b, location Physical drive:\Device\harddisk0\DR0. It is described as malware object, high risk. I try to "cure" it, but I get message "Can't cure MBR. Write standard boot code?". At this point I can chose yes or no and I chose no as I do not know what yes will do. Looking for more guidance.

  5. #5
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Could be because you have a custom MBR. Is the machine a commercially purchased computer like HP, Acer Dell etc. Sure it dosnt say non-standard boot code.
    How Can I Reduce My Risk?

  6. #6
    Junior Member
    Join Date
    Apr 2006
    Posts
    29

    Default Mbr

    Yes it is an HP. No it does say standard boot code.

  7. #7
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Lets run combofix first. There is a guide to read first, read the guide then apply the directions on your own machine. Post the combofix log in your reply:

    Guide to using Combofix
    How Can I Reduce My Risk?

  8. #8
    Junior Member
    Join Date
    Apr 2006
    Posts
    29

    Default Combofix Log

    First let me say that I can no longer open programs such as internet explorer or anything that is on the taskbar. I get message "Illegal operation attempted on a registry key that has been marked for deletion." That being said here is the log.

    ComboFix 12-01-07.03 - Brian 01/07/2012 21:17:03.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4791.3271 [GMT -6:00]
    Running from: c:\users\Brian\Documents\Drivers\combofix\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Brian\AppData\Local\Microsoft\MicrosoftData
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\eq4u3k7t.default\extensions\{039b084a-3f51-4f8e-aec1-205e5f1c5c1f}
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\eq4u3k7t.default\extensions\{039b084a-3f51-4f8e-aec1-205e5f1c5c1f}\chrome\xulcache.jar
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\eq4u3k7t.default\extensions\{039b084a-3f51-4f8e-aec1-205e5f1c5c1f}\defaults\preferences\xulcache.js
    c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\eq4u3k7t.default\extensions\{039b084a-3f51-4f8e-aec1-205e5f1c5c1f}\install.rdf
    c:\users\Brian\Documents\DPE.DUS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-08 03:41 . 2012-01-08 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-04 02:18 . 2012-01-04 02:18 -------- d-----w- c:\program files (x86)\ESET
    2012-01-04 01:58 . 2012-01-04 01:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-01-03 01:24 . 2012-01-03 01:24 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
    2012-01-03 01:24 . 2012-01-03 01:24 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-03 01:24 . 2012-01-03 01:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-03 01:24 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-25 04:50 . 2011-12-25 04:50 -------- d-----w- C:\MATS
    2011-12-25 04:24 . 2011-12-26 02:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-25 01:32 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
    2011-12-25 01:32 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
    2011-12-25 01:32 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-12-25 01:32 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-12-25 01:32 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-12-25 01:32 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-12-25 01:32 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-12-25 01:32 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-12-25 01:32 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-12-25 01:32 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
    2011-12-25 01:32 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
    2011-12-25 01:31 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2011-12-25 01:31 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
    2011-12-25 01:31 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-12-25 01:31 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-12-25 01:31 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-12-25 01:31 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-12-25 01:31 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-12-25 01:31 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-12-25 01:31 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-12-25 01:31 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-12-25 01:31 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2011-12-24 21:34 . 2011-12-24 21:34 -------- d-----w- c:\program files (x86)\ERUNT
    2011-12-24 19:47 . 2011-12-24 19:47 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2011-12-24 19:47 . 2011-12-24 19:47 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2011-12-24 19:47 . 2011-12-24 19:47 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2011-12-24 19:47 . 2011-12-24 19:47 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-22 05:19 . 2011-12-22 05:19 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2011-12-20 23:37 . 2011-12-20 23:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-12-20 23:37 . 2011-12-20 23:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-12-19 01:45 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-12-19 01:45 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-12-19 01:45 . 2011-11-05 05:41 1188864 ----a-w- c:\windows\system32\wininet.dll
    2011-12-19 01:45 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-12-19 01:45 . 2011-11-05 05:37 1013248 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2011-12-19 01:43 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-12-19 01:43 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-12-19 01:43 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-12-19 01:43 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-12-17 14:18 . 2011-12-24 19:47 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-12-17 14:18 . 2011-12-24 19:47 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-12-17 14:18 . 2011-12-24 19:47 121816 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-12-17 14:18 . 2011-12-24 19:47 97240 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-12-17 14:18 . 2011-12-24 19:47 486360 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-12-17 14:18 . 2011-12-24 19:47 2124760 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-12-17 14:18 . 2011-12-24 19:47 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-12-17 14:18 . 2011-12-24 19:47 814040 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-24 20:57 . 2010-10-10 03:16 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
    "CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2010-12-31 274608]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    .
    c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    yahoo! widgets.lnk - c:\users\Brian\AppData\Local\Temp\YahooWidgets.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-21 113664]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-11-14 1156216]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120106.002\IDSvia64.sys [2011-08-23 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:44]
    .
    2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:44]
    .
    2011-12-14 c:\windows\Tasks\HPCeeScheduleForBrian.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
    .
    2011-11-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-08 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-08 390168]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-08 408600]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
    "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://manuals.info.apple.com/en_US/iphone_user_guide.pdf
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    Trusted Zone: cinemanow.com
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: sonic.com\redirect
    Trusted Zone: sonic.com\redirect2
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\eq4u3k7t.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
    Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
    AddRemove-YInstHelper - c:\windows\system32\regsvr32
    AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\windows\SysWOW64\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-07 21:49:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-08 03:49
    .
    Pre-Run: 501,603,041,280 bytes free
    Post-Run: 506,880,221,184 bytes free
    .
    - - End Of File - - D5A455F1A66838CB5789DC9709B05B83

  9. #9
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Illegal operation attempted on a registry key that has been marked for deletion
    Reboot your machine, then run tdsskiller once more and post the log.
    How Can I Reduce My Risk?

  10. #10
    Junior Member
    Join Date
    Apr 2006
    Posts
    29

    Default TDSS Killer log

    First, I want to thank you shelf life for your time in helping try to resolve this issue.
    Second upon reboot I can now open those programs, sorry it was late from a very long day I should have rebooted rightaway.
    Here is the log.

    08:53:48.0390 5444 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    08:53:48.0827 5444 ============================================================
    08:53:48.0827 5444 Current date / time: 2012/01/08 08:53:48.0827
    08:53:48.0827 5444 SystemInfo:
    08:53:48.0827 5444
    08:53:48.0827 5444 OS Version: 6.1.7601 ServicePack: 1.0
    08:53:48.0827 5444 Product type: Workstation
    08:53:48.0827 5444 ComputerName: BALD_EAGLE
    08:53:48.0827 5444 UserName: Brian
    08:53:48.0827 5444 Windows directory: C:\Windows
    08:53:48.0827 5444 System windows directory: C:\Windows
    08:53:48.0827 5444 Running under WOW64
    08:53:48.0827 5444 Processor architecture: Intel x64
    08:53:48.0827 5444 Number of processors: 4
    08:53:48.0827 5444 Page size: 0x1000
    08:53:48.0827 5444 Boot type: Normal boot
    08:53:48.0827 5444 ============================================================
    08:53:49.0170 5444 Initialize success
    08:53:53.0163 4652 ============================================================
    08:53:53.0163 4652 Scan started
    08:53:53.0163 4652 Mode: Manual;
    08:53:53.0163 4652 ============================================================
    08:53:53.0678 4652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    08:53:53.0678 4652 1394ohci - ok
    08:53:53.0709 4652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    08:53:53.0725 4652 ACPI - ok
    08:53:53.0756 4652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    08:53:53.0772 4652 AcpiPmi - ok
    08:53:53.0850 4652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    08:53:53.0881 4652 adp94xx - ok
    08:53:53.0897 4652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    08:53:53.0912 4652 adpahci - ok
    08:53:53.0928 4652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    08:53:53.0943 4652 adpu320 - ok
    08:53:54.0006 4652 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    08:53:54.0021 4652 AFD - ok
    08:53:54.0084 4652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    08:53:54.0099 4652 agp440 - ok
    08:53:54.0131 4652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    08:53:54.0146 4652 aliide - ok
    08:53:54.0177 4652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    08:53:54.0177 4652 amdide - ok
    08:53:54.0209 4652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    08:53:54.0209 4652 AmdK8 - ok
    08:53:54.0240 4652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    08:53:54.0240 4652 AmdPPM - ok
    08:53:54.0287 4652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    08:53:54.0302 4652 amdsata - ok
    08:53:54.0349 4652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    08:53:54.0349 4652 amdsbs - ok
    08:53:54.0380 4652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    08:53:54.0396 4652 amdxata - ok
    08:53:54.0443 4652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    08:53:54.0458 4652 AppID - ok
    08:53:54.0521 4652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    08:53:54.0521 4652 arc - ok
    08:53:54.0536 4652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    08:53:54.0552 4652 arcsas - ok
    08:53:54.0567 4652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    08:53:54.0583 4652 AsyncMac - ok
    08:53:54.0630 4652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    08:53:54.0645 4652 atapi - ok
    08:53:54.0692 4652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    08:53:54.0723 4652 b06bdrv - ok
    08:53:54.0770 4652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    08:53:54.0786 4652 b57nd60a - ok
    08:53:54.0817 4652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    08:53:54.0817 4652 Beep - ok
    08:53:54.0973 4652 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20111221.003\BHDrvx64.sys
    08:53:54.0989 4652 BHDrvx64 - ok
    08:53:55.0035 4652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    08:53:55.0035 4652 blbdrive - ok
    08:53:55.0113 4652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    08:53:55.0113 4652 bowser - ok
    08:53:55.0145 4652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    08:53:55.0160 4652 BrFiltLo - ok
    08:53:55.0176 4652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    08:53:55.0176 4652 BrFiltUp - ok
    08:53:55.0238 4652 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    08:53:55.0238 4652 BridgeMP - ok
    08:53:55.0269 4652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    08:53:55.0285 4652 Brserid - ok
    08:53:55.0332 4652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    08:53:55.0332 4652 BrSerWdm - ok
    08:53:55.0347 4652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    08:53:55.0347 4652 BrUsbMdm - ok
    08:53:55.0379 4652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    08:53:55.0379 4652 BrUsbSer - ok
    08:53:55.0394 4652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    08:53:55.0394 4652 BTHMODEM - ok
    08:53:55.0425 4652 catchme - ok
    08:53:55.0535 4652 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
    08:53:55.0535 4652 ccHP - ok
    08:53:55.0566 4652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    08:53:55.0566 4652 cdfs - ok
    08:53:55.0613 4652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    08:53:55.0613 4652 cdrom - ok
    08:53:55.0675 4652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    08:53:55.0675 4652 circlass - ok
    08:53:55.0706 4652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    08:53:55.0706 4652 CLFS - ok
    08:53:55.0753 4652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    08:53:55.0753 4652 CmBatt - ok
    08:53:55.0769 4652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    08:53:55.0769 4652 cmdide - ok
    08:53:55.0815 4652 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    08:53:55.0831 4652 CNG - ok
    08:53:55.0847 4652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    08:53:55.0847 4652 Compbatt - ok
    08:53:55.0893 4652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    08:53:55.0909 4652 CompositeBus - ok
    08:53:55.0925 4652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    08:53:55.0925 4652 crcdisk - ok
    08:53:55.0987 4652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    08:53:56.0003 4652 DfsC - ok
    08:53:56.0018 4652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    08:53:56.0018 4652 discache - ok
    08:53:56.0049 4652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    08:53:56.0049 4652 Disk - ok
    08:53:56.0112 4652 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    08:53:56.0127 4652 Dot4 - ok
    08:53:56.0174 4652 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    08:53:56.0190 4652 Dot4Print - ok
    08:53:56.0221 4652 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    08:53:56.0237 4652 dot4usb - ok
    08:53:56.0283 4652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    08:53:56.0283 4652 drmkaud - ok
    08:53:56.0346 4652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    08:53:56.0346 4652 DXGKrnl - ok
    08:53:56.0439 4652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    08:53:56.0517 4652 ebdrv - ok
    08:53:56.0611 4652 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    08:53:56.0627 4652 eeCtrl - ok
    08:53:56.0689 4652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    08:53:56.0705 4652 elxstor - ok
    08:53:56.0798 4652 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    08:53:56.0798 4652 EraserUtilRebootDrv - ok
    08:53:56.0829 4652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    08:53:56.0829 4652 ErrDev - ok
    08:53:56.0876 4652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    08:53:56.0907 4652 exfat - ok
    08:53:56.0923 4652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    08:53:56.0939 4652 fastfat - ok
    08:53:56.0970 4652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    08:53:56.0985 4652 fdc - ok
    08:53:57.0017 4652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    08:53:57.0017 4652 FileInfo - ok
    08:53:57.0032 4652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    08:53:57.0032 4652 Filetrace - ok
    08:53:57.0063 4652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    08:53:57.0063 4652 flpydisk - ok
    08:53:57.0110 4652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    08:53:57.0110 4652 FltMgr - ok
    08:53:57.0126 4652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    08:53:57.0141 4652 FsDepends - ok
    08:53:57.0219 4652 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    08:53:57.0235 4652 fssfltr - ok
    08:53:57.0266 4652 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    08:53:57.0266 4652 Fs_Rec - ok
    08:53:57.0313 4652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    08:53:57.0313 4652 fvevol - ok
    08:53:57.0344 4652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    08:53:57.0344 4652 gagp30kx - ok
    08:53:57.0407 4652 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    08:53:57.0407 4652 GEARAspiWDM - ok
    08:53:57.0453 4652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    08:53:57.0453 4652 hcw85cir - ok
    08:53:57.0500 4652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    08:53:57.0500 4652 HDAudBus - ok
    08:53:57.0516 4652 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    08:53:57.0516 4652 HECIx64 - ok
    08:53:57.0531 4652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    08:53:57.0531 4652 HidBatt - ok
    08:53:57.0563 4652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    08:53:57.0563 4652 HidBth - ok
    08:53:57.0578 4652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    08:53:57.0594 4652 HidIr - ok
    08:53:57.0625 4652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    08:53:57.0625 4652 HidUsb - ok
    08:53:57.0688 4652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    08:53:57.0703 4652 HpSAMD - ok
    08:53:57.0750 4652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    08:53:57.0766 4652 HTTP - ok
    08:53:57.0812 4652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    08:53:57.0812 4652 hwpolicy - ok
    08:53:57.0844 4652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    08:53:57.0844 4652 i8042prt - ok
    08:53:57.0875 4652 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
    08:53:57.0890 4652 iaStor - ok
    08:53:57.0922 4652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    08:53:57.0968 4652 iaStorV - ok
    08:53:58.0140 4652 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120106.002\IDSvia64.sys
    08:53:58.0140 4652 IDSVia64 - ok
    08:53:58.0312 4652 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
    08:53:58.0452 4652 igfx - ok
    08:53:58.0499 4652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    08:53:58.0514 4652 iirsp - ok
    08:53:58.0546 4652 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
    08:53:58.0577 4652 Impcd - ok
    08:53:58.0670 4652 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
    08:53:58.0686 4652 IntcAzAudAddService - ok
    08:53:58.0717 4652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    08:53:58.0733 4652 intelide - ok
    08:53:58.0764 4652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    08:53:58.0764 4652 intelppm - ok
    08:53:58.0795 4652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    08:53:58.0811 4652 IpFilterDriver - ok
    08:53:58.0858 4652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    08:53:58.0873 4652 IPMIDRV - ok
    08:53:58.0889 4652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    08:53:58.0904 4652 IPNAT - ok
    08:53:58.0951 4652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    08:53:58.0951 4652 IRENUM - ok
    08:53:58.0982 4652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    08:53:58.0982 4652 isapnp - ok
    08:53:59.0029 4652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    08:53:59.0029 4652 iScsiPrt - ok
    08:53:59.0060 4652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    08:53:59.0060 4652 kbdclass - ok
    08:53:59.0107 4652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    08:53:59.0107 4652 kbdhid - ok
    08:53:59.0123 4652 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    08:53:59.0123 4652 KSecDD - ok
    08:53:59.0154 4652 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    08:53:59.0154 4652 KSecPkg - ok
    08:53:59.0201 4652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    08:53:59.0201 4652 ksthunk - ok
    08:53:59.0248 4652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    08:53:59.0248 4652 lltdio - ok
    08:53:59.0279 4652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    08:53:59.0279 4652 LSI_FC - ok
    08:53:59.0310 4652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    08:53:59.0326 4652 LSI_SAS - ok
    08:53:59.0326 4652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    08:53:59.0326 4652 LSI_SAS2 - ok
    08:53:59.0357 4652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    08:53:59.0357 4652 LSI_SCSI - ok
    08:53:59.0388 4652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    08:53:59.0388 4652 luafv - ok
    08:53:59.0419 4652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    08:53:59.0419 4652 megasas - ok
    08:53:59.0450 4652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    08:53:59.0450 4652 MegaSR - ok
    08:53:59.0482 4652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    08:53:59.0482 4652 Modem - ok
    08:53:59.0528 4652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    08:53:59.0528 4652 monitor - ok
    08:53:59.0560 4652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    08:53:59.0560 4652 mouclass - ok
    08:53:59.0591 4652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    08:53:59.0591 4652 mouhid - ok
    08:53:59.0622 4652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    08:53:59.0622 4652 mountmgr - ok
    08:53:59.0669 4652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    08:53:59.0669 4652 mpio - ok
    08:53:59.0700 4652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    08:53:59.0700 4652 mpsdrv - ok
    08:53:59.0747 4652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    08:53:59.0762 4652 MRxDAV - ok
    08:53:59.0794 4652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    08:53:59.0809 4652 mrxsmb - ok
    08:53:59.0840 4652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    08:53:59.0856 4652 mrxsmb10 - ok
    08:53:59.0887 4652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    08:53:59.0887 4652 mrxsmb20 - ok
    08:53:59.0918 4652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    08:53:59.0918 4652 msahci - ok
    08:53:59.0965 4652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    08:53:59.0965 4652 msdsm - ok
    08:54:00.0012 4652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    08:54:00.0012 4652 Msfs - ok
    08:54:00.0043 4652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    08:54:00.0059 4652 mshidkmdf - ok
    08:54:00.0090 4652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    08:54:00.0090 4652 msisadrv - ok
    08:54:00.0106 4652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    08:54:00.0121 4652 MSKSSRV - ok
    08:54:00.0137 4652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    08:54:00.0137 4652 MSPCLOCK - ok
    08:54:00.0152 4652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    08:54:00.0168 4652 MSPQM - ok
    08:54:00.0199 4652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    08:54:00.0199 4652 MsRPC - ok
    08:54:00.0230 4652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    08:54:00.0230 4652 mssmbios - ok
    08:54:00.0246 4652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    08:54:00.0246 4652 MSTEE - ok
    08:54:00.0262 4652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    08:54:00.0277 4652 MTConfig - ok
    08:54:00.0293 4652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    08:54:00.0293 4652 Mup - ok
    08:54:00.0324 4652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    08:54:00.0340 4652 NativeWifiP - ok
    08:54:00.0464 4652 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120107.009\ENG64.SYS
    08:54:00.0496 4652 NAVENG - ok
    08:54:00.0558 4652 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120107.009\EX64.SYS
    08:54:00.0589 4652 NAVEX15 - ok
    08:54:00.0652 4652 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    08:54:00.0667 4652 NDIS - ok
    08:54:00.0698 4652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    08:54:00.0698 4652 NdisCap - ok
    08:54:00.0730 4652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    08:54:00.0730 4652 NdisTapi - ok
    08:54:00.0792 4652 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    08:54:00.0792 4652 Ndisuio - ok
    08:54:00.0839 4652 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    08:54:00.0839 4652 NdisWan - ok
    08:54:00.0886 4652 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    08:54:00.0886 4652 NDProxy - ok
    08:54:00.0932 4652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    08:54:00.0932 4652 NetBIOS - ok
    08:54:00.0979 4652 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    08:54:00.0995 4652 NetBT - ok
    08:54:01.0026 4652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    08:54:01.0026 4652 nfrd960 - ok
    08:54:01.0073 4652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    08:54:01.0073 4652 Npfs - ok
    08:54:01.0088 4652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    08:54:01.0088 4652 nsiproxy - ok
    08:54:01.0151 4652 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    08:54:01.0166 4652 Ntfs - ok
    08:54:01.0182 4652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    08:54:01.0182 4652 Null - ok
    08:54:01.0229 4652 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    08:54:01.0260 4652 nvraid - ok
    08:54:01.0307 4652 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    08:54:01.0322 4652 nvstor - ok
    08:54:01.0369 4652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    08:54:01.0369 4652 nv_agp - ok
    08:54:01.0432 4652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    08:54:01.0432 4652 ohci1394 - ok
    08:54:01.0494 4652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    08:54:01.0510 4652 Parport - ok
    08:54:01.0541 4652 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    08:54:01.0541 4652 partmgr - ok
    08:54:01.0556 4652 PcdrNdisuio - ok
    08:54:01.0588 4652 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    08:54:01.0588 4652 pci - ok
    08:54:01.0603 4652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    08:54:01.0603 4652 pciide - ok
    08:54:01.0650 4652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    08:54:01.0650 4652 pcmcia - ok
    08:54:01.0666 4652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    08:54:01.0681 4652 pcw - ok
    08:54:01.0697 4652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    08:54:01.0712 4652 PEAUTH - ok
    08:54:01.0806 4652 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    08:54:01.0806 4652 PptpMiniport - ok
    08:54:01.0822 4652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    08:54:01.0837 4652 Processor - ok
    08:54:01.0884 4652 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    08:54:01.0884 4652 Psched - ok
    08:54:01.0946 4652 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    08:54:01.0962 4652 PxHlpa64 - ok
    08:54:02.0009 4652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    08:54:02.0071 4652 ql2300 - ok
    08:54:02.0102 4652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    08:54:02.0102 4652 ql40xx - ok
    08:54:02.0134 4652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    08:54:02.0134 4652 QWAVEdrv - ok
    08:54:02.0149 4652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    08:54:02.0149 4652 RasAcd - ok
    08:54:02.0196 4652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    08:54:02.0196 4652 RasAgileVpn - ok
    08:54:02.0243 4652 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    08:54:02.0243 4652 Rasl2tp - ok
    08:54:02.0258 4652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    08:54:02.0258 4652 RasPppoe - ok
    08:54:02.0274 4652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    08:54:02.0274 4652 RasSstp - ok
    08:54:02.0321 4652 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    08:54:02.0321 4652 rdbss - ok
    08:54:02.0352 4652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    08:54:02.0368 4652 rdpbus - ok
    08:54:02.0383 4652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    08:54:02.0383 4652 RDPCDD - ok
    08:54:02.0414 4652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    08:54:02.0414 4652 RDPENCDD - ok
    08:54:02.0430 4652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    08:54:02.0430 4652 RDPREFMP - ok
    08:54:02.0461 4652 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    08:54:02.0508 4652 RDPWD - ok
    08:54:02.0539 4652 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    08:54:02.0539 4652 rdyboost - ok
    08:54:02.0602 4652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    08:54:02.0602 4652 rspndr - ok
    08:54:02.0648 4652 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
    08:54:02.0664 4652 RTL8167 - ok
    08:54:02.0711 4652 RTL8192su (356961bc29734eb2e9882b544dcd07bc) C:\Windows\system32\DRIVERS\RTL8192su.sys
    08:54:02.0773 4652 RTL8192su - ok
    08:54:02.0804 4652 SANDRA - ok
    08:54:02.0851 4652 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    08:54:02.0851 4652 sbp2port - ok
    08:54:02.0929 4652 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    08:54:02.0960 4652 scfilter - ok
    08:54:03.0007 4652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    08:54:03.0007 4652 secdrv - ok
    08:54:03.0023 4652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    08:54:03.0038 4652 Serenum - ok
    08:54:03.0070 4652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    08:54:03.0070 4652 Serial - ok
    08:54:03.0101 4652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    08:54:03.0116 4652 sermouse - ok
    08:54:03.0163 4652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    08:54:03.0163 4652 sffdisk - ok
    08:54:03.0179 4652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    08:54:03.0179 4652 sffp_mmc - ok
    08:54:03.0194 4652 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    08:54:03.0194 4652 sffp_sd - ok
    08:54:03.0210 4652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    08:54:03.0210 4652 sfloppy - ok
    08:54:03.0241 4652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    08:54:03.0241 4652 SiSRaid2 - ok
    08:54:03.0272 4652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    08:54:03.0272 4652 SiSRaid4 - ok
    08:54:03.0304 4652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    08:54:03.0304 4652 Smb - ok
    08:54:03.0350 4652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    08:54:03.0350 4652 spldr - ok
    08:54:03.0444 4652 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
    08:54:03.0460 4652 SRTSP - ok
    08:54:03.0491 4652 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
    08:54:03.0506 4652 SRTSPX - ok
    08:54:03.0553 4652 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    08:54:03.0569 4652 srv - ok
    08:54:03.0616 4652 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    08:54:03.0616 4652 srv2 - ok
    08:54:03.0662 4652 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    08:54:03.0662 4652 srvnet - ok
    08:54:03.0694 4652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    08:54:03.0709 4652 stexstor - ok
    08:54:03.0740 4652 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    08:54:03.0740 4652 StillCam - ok
    08:54:03.0787 4652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    08:54:03.0787 4652 swenum - ok
    08:54:03.0818 4652 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
    08:54:03.0834 4652 SymDS - ok
    08:54:03.0881 4652 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
    08:54:03.0881 4652 SymEFA - ok
    08:54:03.0928 4652 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    08:54:03.0959 4652 SymEvent - ok
    08:54:04.0006 4652 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
    08:54:04.0021 4652 SymIRON - ok
    08:54:04.0052 4652 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
    08:54:04.0052 4652 SYMTDIv - ok
    08:54:04.0146 4652 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    08:54:04.0177 4652 Tcpip - ok
    08:54:04.0240 4652 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    08:54:04.0255 4652 TCPIP6 - ok
    08:54:04.0302 4652 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    08:54:04.0302 4652 tcpipreg - ok
    08:54:04.0333 4652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    08:54:04.0349 4652 TDPIPE - ok
    08:54:04.0364 4652 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    08:54:04.0380 4652 TDTCP - ok
    08:54:04.0411 4652 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    08:54:04.0411 4652 tdx - ok
    08:54:04.0458 4652 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    08:54:04.0458 4652 TermDD - ok
    08:54:04.0520 4652 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    08:54:04.0536 4652 tssecsrv - ok
    08:54:04.0598 4652 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    08:54:04.0598 4652 TsUsbFlt - ok
    08:54:04.0661 4652 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    08:54:04.0661 4652 tunnel - ok
    08:54:04.0676 4652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    08:54:04.0692 4652 uagp35 - ok
    08:54:04.0723 4652 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    08:54:04.0739 4652 udfs - ok
    08:54:04.0770 4652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    08:54:04.0770 4652 uliagpkx - ok
    08:54:04.0832 4652 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    08:54:04.0832 4652 umbus - ok
    08:54:04.0848 4652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    08:54:04.0848 4652 UmPass - ok
    08:54:04.0895 4652 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    08:54:04.0910 4652 USBAAPL64 - ok
    08:54:04.0957 4652 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    08:54:04.0957 4652 usbccgp - ok
    08:54:04.0973 4652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    08:54:04.0973 4652 usbcir - ok
    08:54:05.0020 4652 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    08:54:05.0020 4652 usbehci - ok
    08:54:05.0051 4652 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    08:54:05.0051 4652 usbhub - ok
    08:54:05.0082 4652 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    08:54:05.0098 4652 usbohci - ok
    08:54:05.0129 4652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    08:54:05.0144 4652 usbprint - ok
    08:54:05.0176 4652 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    08:54:05.0176 4652 usbscan - ok
    08:54:05.0222 4652 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    08:54:05.0222 4652 USBSTOR - ok
    08:54:05.0238 4652 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    08:54:05.0238 4652 usbuhci - ok
    08:54:05.0285 4652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    08:54:05.0285 4652 vdrvroot - ok
    08:54:05.0316 4652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    08:54:05.0332 4652 vga - ok
    08:54:05.0347 4652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    08:54:05.0347 4652 VgaSave - ok
    08:54:05.0378 4652 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    08:54:05.0394 4652 vhdmp - ok
    08:54:05.0410 4652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    08:54:05.0410 4652 viaide - ok
    08:54:05.0456 4652 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    08:54:05.0456 4652 volmgr - ok
    08:54:05.0503 4652 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    08:54:05.0503 4652 volmgrx - ok
    08:54:05.0519 4652 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    08:54:05.0534 4652 volsnap - ok
    08:54:05.0566 4652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    08:54:05.0566 4652 vsmraid - ok
    08:54:05.0581 4652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    08:54:05.0581 4652 vwifibus - ok
    08:54:05.0628 4652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    08:54:05.0628 4652 WacomPen - ok
    08:54:05.0659 4652 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    08:54:05.0659 4652 WANARP - ok
    08:54:05.0675 4652 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    08:54:05.0675 4652 Wanarpv6 - ok
    08:54:05.0722 4652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    08:54:05.0722 4652 Wd - ok
    08:54:05.0737 4652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    08:54:05.0768 4652 Wdf01000 - ok
    08:54:05.0800 4652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    08:54:05.0815 4652 WfpLwf - ok
    08:54:05.0831 4652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    08:54:05.0846 4652 WIMMount - ok
    08:54:05.0909 4652 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    08:54:05.0909 4652 WinUsb - ok
    08:54:05.0924 4652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    08:54:05.0924 4652 WmiAcpi - ok
    08:54:05.0956 4652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    08:54:05.0956 4652 ws2ifsl - ok
    08:54:06.0002 4652 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    08:54:06.0002 4652 WudfPf - ok
    08:54:06.0034 4652 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    08:54:06.0034 4652 WUDFRd - ok
    08:54:06.0065 4652 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
    08:54:06.0096 4652 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    08:54:06.0096 4652 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    08:54:06.0096 4652 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
    08:54:06.0533 4652 \Device\Harddisk1\DR1 - ok
    08:54:06.0564 4652 Boot (0x1200) (78f6f5ad76995c048ac6a36dcce9d6ce) \Device\Harddisk0\DR0\Partition0
    08:54:06.0564 4652 \Device\Harddisk0\DR0\Partition0 - ok
    08:54:06.0564 4652 Boot (0x1200) (e8bfda4e52fdaf69cdae728cc02fa64c) \Device\Harddisk0\DR0\Partition1
    08:54:06.0564 4652 \Device\Harddisk0\DR0\Partition1 - ok
    08:54:06.0595 4652 Boot (0x1200) (767df1c74c401d2c852b4a6ede5e5ad0) \Device\Harddisk0\DR0\Partition2
    08:54:06.0595 4652 \Device\Harddisk0\DR0\Partition2 - ok
    08:54:06.0595 4652 Boot (0x1200) (a649ecd71f4d54c1e301e8dc050cfe66) \Device\Harddisk1\DR1\Partition0
    08:54:06.0595 4652 \Device\Harddisk1\DR1\Partition0 - ok
    08:54:06.0595 4652 ============================================================
    08:54:06.0595 4652 Scan finished
    08:54:06.0595 4652 ============================================================
    08:54:06.0611 5492 Detected object count: 1
    08:54:06.0611 5492 Actual detected object count: 1
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0846 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0862 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0862 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0862 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0862 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0862 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0862 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0862 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0862 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    08:54:15.0862 5492 \Device\Harddisk0\DR0 - processing error
    08:54:19.0730 5492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    08:54:21.0680 5548 Deinitialize success

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •