15 replies to this topic

[winpain4]

Test post without certain keywords

[winpain4]

Broni, I started this post to see if it would work if I didn't include logs with certain keywords and it does.

[Broni]

Go ahead and complete as many steps as you can from here: http://www.smartestc...ease-read-this/

[Broni]

We posted at the same time, so make sure you read my previous reply.

[winpain4]

Step 1 - MBAM LOG

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7919

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/10/2011 9:01:27 PM
mbam-log-2011-10-10 (21-01-27).txt

Scan type: Quick scan
Objects scanned: 176076
Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[winpain4]

I am currently working on step 2 GMER. However only the following clickable items are checked off: services, registry, files, and ADS. I am disconnected from the Internet and have no active antivirus on. Should I be able to click the other items? They are shaded out. )posted from iPhone)

[Broni]

Skip GMER for now and go with other logs (aswMBR, DDS).

[winpain4]

Step 3 - MBR log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-10 21:17:46
-----------------------------
21:17:46.202 OS Version: Windows x64 6.1.7601 Service Pack 1
21:17:46.202 Number of processors: 2 586 0x170A
21:17:46.202 ComputerName: NATE-PC UserName: Nate
21:17:47.185 Initialize success
21:18:50.449 AVAST engine defs: 11101002
21:19:04.645 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:19:04.645 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 3
21:19:04.661 Disk 0 MBR read successfully
21:19:04.661 Disk 0 MBR scan
21:19:04.676 Disk 0 Windows VISTA default MBR code
21:19:04.676 Service scanning
21:19:05.846 Modules scanning
21:19:05.846 Disk 0 trace - called modules:
21:19:05.877 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:19:05.877 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005792060]
21:19:05.877 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046b1050]
21:19:11.213 AVAST engine scan C:\windows
21:19:12.897 AVAST engine scan C:\windows\system32
21:21:27.385 AVAST engine scan C:\windows\system32\drivers
21:21:36.870 AVAST engine scan C:\Users\Nate
21:26:33.536 AVAST engine scan C:\ProgramData
21:27:26.794 Scan finished successfully
21:28:11.878 Disk 0 MBR has been saved successfully to "C:\Users\Nate\Desktop\MBR.dat"
21:28:11.878 The log file has been saved successfully to "C:\Users\Nate\Desktop\aswMBRlog.txt"

[winpain4]

STEP 4 - DDS Attach.log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2011 7:32:10 PM
System Uptime: 10/10/2011 8:57:50 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 204.834 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP14: 9/12/2011 6:20:26 AM - Device Driver Package Install: MagicISO, Inc. Storage controllers
RP15: 9/20/2011 7:56:20 PM - Scheduled Checkpoint
RP16: 9/30/2011 9:31:56 PM - Scheduled Checkpoint
RP17: 10/10/2011 6:38:59 PM - Windows Update
.
==== Installed Programs ======================
.
ActiveState Komodo Edit 6.1.2
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X MUI
AIM 7
Apple Application Support
Apple Software Update
Aptana Studio 3
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Best Buy pc app
BitTorrent
Cake Poker 2.0
Canon IJ Network Scan Utility
Canon IJ Network Tool
D3DX10
DAEMON Tools Pro
Download Updater (AOL LLC)
ESET Online Scanner v3
Evernote v. 4.4.2
Fantapper Browser Plugin
FileZilla Client 3.0.9.3
Google Chrome
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 17
Junk Mail filter update
Label@Once 1.0
Magic Online
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Norton Internet Security
PDF Settings CS5
PlayReady PC Runtime x86
QuickTime
Realtek USB 2.0 Card Reader
Skype™ 5.5
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
WampServer 2.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
10/10/2011 9:16:46 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/10/2011 8:58:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
10/10/2011 8:58:10 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
10/10/2011 8:58:10 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
10/10/2011 8:57:51 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/10/2011 7:38:49 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/10/2011 7:38:49 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
10/10/2011 7:38:49 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

[winpain4]

STEP 4 - DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Nate at 21:29:56 on 2011-10-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.1477 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Nate\Desktop\aswMBR.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Fantapper: {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
uRun: [Best Buy pc app] C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Nate\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Nate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Nate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{163346A4-28AF-43CA-9DFA-FE7196C52A69} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{163346A4-28AF-43CA-9DFA-FE7196C52A69}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{957AD79B-7B7A-4CD2-A207-AD729A7C8F46} : NameServer = 192.168.0.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Fantapper: {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll
BHO-X64: 0x1 - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\j9er166n.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Nate\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110913.030\IDSviA64.sys [2011-9-13 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-8-14 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-22 136824]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-26 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-11 04:23:11 0 ----a-w- C:\windows\SysWow64\0.901373672960915.exe
2011-10-11 04:00:44 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{410BF81C-6EF4-490E-A5DF-F456D972AF4E}\offreg.dll
2011-10-11 03:58:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-11 02:49:17 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-11 01:39:49 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-11 01:39:41 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{410BF81C-6EF4-490E-A5DF-F456D972AF4E}\mpengine.dll
2011-10-09 11:10:56 -------- d-----w- C:\Users\Nate\AppData\Roaming\Malwarebytes
2011-10-09 11:10:15 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-09 11:10:11 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-10-09 11:04:36 -------- d-----w- C:\Users\Nate\AppData\Roaming\n7RL9gTXqkVz
2011-10-09 11:04:36 -------- d-----w- C:\Users\Nate\AppData\Roaming\hNtxA0ucS
2011-10-09 11:02:26 -------- d-----w- C:\Users\Nate\AppData\Roaming\qW7EgZqYV
2011-10-09 11:02:25 -------- d-----w- C:\Users\Nate\AppData\Roaming\llBxySi3o
2011-10-09 11:02:14 -------- d-----w- C:\Users\Nate\AppData\Roaming\SaH6W7EL9TqCI
2011-10-09 11:02:13 -------- d-----w- C:\Users\Nate\AppData\Roaming\FzNAuSbpnQdKR9T
2011-10-09 10:57:51 -------- d-----we C:\windows\system64
2011-09-23 20:56:51 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-14 05:04:52 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2011-09-12 13:20:19 255552 ----a-w- C:\windows\SysWow64\drivers\mcdbus.sys
2011-09-12 13:20:19 255552 ----a-w- C:\windows\System32\drivers\mcdbus.sys
2011-09-12 13:20:19 -------- d-----w- C:\Program Files (x86)\MagicDisc
.
==================== Find3M ====================
.
2011-08-23 05:28:09 271424 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2011-08-23 05:25:18 761592 ----a-w- C:\windows\System32\drivers\sptd.sys
2011-08-23 05:25:18 171392 ----a-w- C:\windows\System32\drivers\sptddrv1.sys
2011-08-14 21:28:56 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 21:30:49.27 ===============

[Broni]

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

[winpain4]

21:38:43.0515 1512 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
21:38:44.0295 1512 ============================================================
21:38:44.0295 1512 Current date / time: 2011/10/10 21:38:44.0295
21:38:44.0295 1512 SystemInfo:
21:38:44.0295 1512
21:38:44.0295 1512 OS Version: 6.1.7601 ServicePack: 1.0
21:38:44.0295 1512 Product type: Workstation
21:38:44.0295 1512 ComputerName: NATE-PC
21:38:44.0311 1512 UserName: Nate
21:38:44.0311 1512 Windows directory: C:\windows
21:38:44.0311 1512 System windows directory: C:\windows
21:38:44.0311 1512 Running under WOW64
21:38:44.0311 1512 Processor architecture: Intel x64
21:38:44.0311 1512 Number of processors: 2
21:38:44.0311 1512 Page size: 0x1000
21:38:44.0311 1512 Boot type: Normal boot
21:38:44.0311 1512 ============================================================
21:38:44.0763 1512 Initialize success
21:38:47.0275 5440 ============================================================
21:38:47.0275 5440 Scan started
21:38:47.0275 5440 Mode: Manual;
21:38:47.0275 5440 ============================================================
21:38:47.0774 5440 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:38:47.0774 5440 1394ohci - ok
21:38:47.0899 5440 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:38:47.0899 5440 ACPI - ok
21:38:47.0993 5440 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:38:47.0993 5440 AcpiPmi - ok
21:38:48.0102 5440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:38:48.0117 5440 adp94xx - ok
21:38:48.0273 5440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:38:48.0273 5440 adpahci - ok
21:38:48.0414 5440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:38:48.0414 5440 adpu320 - ok
21:38:48.0570 5440 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\windows\system32\drivers\afd.sys
21:38:48.0585 5440 AFD - ok
21:38:48.0695 5440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:38:48.0695 5440 agp440 - ok
21:38:48.0819 5440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:38:48.0819 5440 aliide - ok
21:38:48.0929 5440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:38:48.0929 5440 amdide - ok
21:38:49.0038 5440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:38:49.0038 5440 AmdK8 - ok
21:38:49.0053 5440 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
21:38:49.0053 5440 AmdPPM - ok
21:38:49.0085 5440 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\windows\system32\drivers\amdsata.sys
21:38:49.0085 5440 amdsata - ok
21:38:49.0178 5440 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:38:49.0178 5440 amdsbs - ok
21:38:49.0225 5440 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\windows\system32\drivers\amdxata.sys
21:38:49.0225 5440 amdxata - ok
21:38:49.0319 5440 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:38:49.0319 5440 AppID - ok
21:38:49.0459 5440 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:38:49.0459 5440 arc - ok
21:38:49.0506 5440 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:38:49.0506 5440 arcsas - ok
21:38:49.0615 5440 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:38:49.0615 5440 AsyncMac - ok
21:38:49.0724 5440 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:38:49.0724 5440 atapi - ok
21:38:49.0849 5440 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
21:38:49.0880 5440 athr - ok
21:38:50.0021 5440 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:38:50.0021 5440 b06bdrv - ok
21:38:50.0145 5440 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:38:50.0145 5440 b57nd60a - ok
21:38:50.0270 5440 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:38:50.0270 5440 Beep - ok
21:38:50.0489 5440 BHDrvx64 (440eee1cf57ed22e8838df6e60c8c45d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx64.sys
21:38:50.0504 5440 BHDrvx64 - ok
21:38:50.0629 5440 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:38:50.0629 5440 blbdrive - ok
21:38:50.0785 5440 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
21:38:50.0785 5440 bowser - ok
21:38:50.0894 5440 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:38:50.0894 5440 BrFiltLo - ok
21:38:50.0894 5440 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:38:50.0894 5440 BrFiltUp - ok
21:38:50.0941 5440 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:38:50.0957 5440 Brserid - ok
21:38:51.0050 5440 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:38:51.0050 5440 BrSerWdm - ok
21:38:51.0206 5440 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:38:51.0206 5440 BrUsbMdm - ok
21:38:51.0284 5440 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:38:51.0284 5440 BrUsbSer - ok
21:38:51.0378 5440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:38:51.0378 5440 BTHMODEM - ok
21:38:51.0440 5440 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:38:51.0456 5440 cdfs - ok
21:38:51.0565 5440 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:38:51.0565 5440 cdrom - ok
21:38:51.0705 5440 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:38:51.0721 5440 circlass - ok
21:38:51.0799 5440 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:38:51.0815 5440 CLFS - ok
21:38:51.0986 5440 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:38:51.0986 5440 CmBatt - ok
21:38:52.0002 5440 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:38:52.0002 5440 cmdide - ok
21:38:52.0142 5440 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
21:38:52.0142 5440 CNG - ok
21:38:52.0314 5440 CnxtHdAudService (66d12b53e117ef951d5e1ced03b4cc1b) C:\windows\system32\drivers\CHDRT64.sys
21:38:52.0329 5440 CnxtHdAudService - ok
21:38:52.0439 5440 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
21:38:52.0439 5440 Compbatt - ok
21:38:52.0563 5440 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
21:38:52.0563 5440 CompositeBus - ok
21:38:52.0704 5440 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:38:52.0704 5440 crcdisk - ok
21:38:52.0829 5440 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:38:52.0829 5440 DfsC - ok
21:38:52.0875 5440 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:38:52.0875 5440 discache - ok
21:38:52.0938 5440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:38:52.0938 5440 Disk - ok
21:38:53.0000 5440 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:38:53.0016 5440 drmkaud - ok
21:38:53.0078 5440 dtsoftbus01 (821bf177a24172f5f0ee9b322f58516c) C:\windows\system32\DRIVERS\dtsoftbus01.sys
21:38:53.0094 5440 dtsoftbus01 - ok
21:38:53.0172 5440 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:38:53.0187 5440 DXGKrnl - ok
21:38:53.0359 5440 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:38:53.0406 5440 ebdrv - ok
21:38:53.0499 5440 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:38:53.0499 5440 eeCtrl - ok
21:38:53.0655 5440 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:38:53.0655 5440 elxstor - ok
21:38:53.0749 5440 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:38:53.0749 5440 EraserUtilRebootDrv - ok
21:38:53.0843 5440 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:38:53.0843 5440 ErrDev - ok
21:38:53.0952 5440 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:38:53.0952 5440 exfat - ok
21:38:53.0967 5440 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:38:53.0967 5440 fastfat - ok
21:38:54.0108 5440 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:38:54.0108 5440 fdc - ok
21:38:54.0264 5440 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:38:54.0264 5440 FileInfo - ok
21:38:54.0311 5440 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:38:54.0311 5440 Filetrace - ok
21:38:54.0342 5440 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:38:54.0342 5440 flpydisk - ok
21:38:54.0420 5440 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:38:54.0420 5440 FltMgr - ok
21:38:54.0513 5440 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:38:54.0513 5440 FsDepends - ok
21:38:54.0529 5440 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
21:38:54.0529 5440 Fs_Rec - ok
21:38:54.0560 5440 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:38:54.0560 5440 fvevol - ok
21:38:54.0669 5440 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
21:38:54.0669 5440 FwLnk - ok
21:38:54.0716 5440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:38:54.0716 5440 gagp30kx - ok
21:38:54.0825 5440 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:38:54.0841 5440 GEARAspiWDM - ok
21:38:54.0872 5440 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:38:54.0872 5440 hcw85cir - ok
21:38:54.0997 5440 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:38:54.0997 5440 HdAudAddService - ok
21:38:55.0122 5440 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:38:55.0122 5440 HDAudBus - ok
21:38:55.0153 5440 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:38:55.0153 5440 HidBatt - ok
21:38:55.0418 5440 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:38:55.0574 5440 HidBth - ok
21:38:55.0637 5440 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:38:55.0637 5440 HidIr - ok
21:38:55.0761 5440 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
21:38:55.0761 5440 HidUsb - ok
21:38:55.0808 5440 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:38:55.0808 5440 HpSAMD - ok
21:38:55.0855 5440 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:38:55.0871 5440 HTTP - ok
21:38:55.0949 5440 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:38:55.0949 5440 hwpolicy - ok
21:38:56.0011 5440 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:38:56.0011 5440 i8042prt - ok
21:38:56.0105 5440 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
21:38:56.0105 5440 iaStor - ok
21:38:56.0229 5440 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\windows\system32\drivers\iaStorV.sys
21:38:56.0229 5440 iaStorV - ok
21:38:56.0385 5440 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110913.030\IDSvia64.sys
21:38:56.0401 5440 IDSVia64 - ok
21:38:56.0760 5440 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
21:38:56.0994 5440 igfx - ok
21:38:57.0165 5440 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:38:57.0165 5440 iirsp - ok
21:38:57.0181 5440 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:38:57.0181 5440 intelide - ok
21:38:57.0306 5440 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:38:57.0306 5440 intelppm - ok
21:38:57.0337 5440 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:38:57.0337 5440 IpFilterDriver - ok
21:38:57.0431 5440 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:38:57.0431 5440 IPMIDRV - ok
21:38:57.0602 5440 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:38:57.0602 5440 IPNAT - ok
21:38:57.0727 5440 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:38:57.0727 5440 IRENUM - ok
21:38:57.0821 5440 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:38:57.0821 5440 isapnp - ok
21:38:57.0914 5440 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:38:57.0914 5440 iScsiPrt - ok
21:38:57.0961 5440 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:38:57.0961 5440 kbdclass - ok
21:38:58.0023 5440 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
21:38:58.0023 5440 kbdhid - ok
21:38:58.0086 5440 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
21:38:58.0086 5440 KSecDD - ok
21:38:58.0133 5440 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
21:38:58.0148 5440 KSecPkg - ok
21:38:58.0179 5440 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:38:58.0179 5440 ksthunk - ok
21:38:58.0289 5440 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
21:38:58.0289 5440 L1C - ok
21:38:58.0413 5440 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:38:58.0413 5440 lltdio - ok
21:38:58.0491 5440 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:38:58.0507 5440 LSI_FC - ok
21:38:58.0554 5440 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:38:58.0554 5440 LSI_SAS - ok
21:38:58.0616 5440 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:38:58.0632 5440 LSI_SAS2 - ok
21:38:58.0694 5440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:38:58.0694 5440 LSI_SCSI - ok
21:38:58.0741 5440 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:38:58.0741 5440 luafv - ok
21:38:58.0819 5440 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys
21:38:58.0835 5440 mcdbus - ok
21:38:58.0913 5440 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:38:58.0913 5440 megasas - ok
21:38:59.0006 5440 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:38:59.0006 5440 MegaSR - ok
21:38:59.0084 5440 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:38:59.0084 5440 Modem - ok
21:38:59.0147 5440 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:38:59.0147 5440 monitor - ok
21:38:59.0225 5440 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:38:59.0225 5440 mouclass - ok
21:38:59.0256 5440 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
21:38:59.0256 5440 mouhid - ok
21:38:59.0334 5440 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:38:59.0334 5440 mountmgr - ok
21:38:59.0349 5440 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:38:59.0365 5440 mpio - ok
21:38:59.0443 5440 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:38:59.0443 5440 mpsdrv - ok
21:38:59.0474 5440 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:38:59.0474 5440 MRxDAV - ok
21:38:59.0505 5440 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\windows\system32\DRIVERS\mrxsmb.sys
21:38:59.0521 5440 mrxsmb - ok
21:38:59.0521 5440 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:38:59.0537 5440 mrxsmb10 - ok
21:38:59.0568 5440 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:38:59.0568 5440 mrxsmb20 - ok
21:38:59.0599 5440 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
21:38:59.0599 5440 msahci - ok
21:38:59.0630 5440 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:38:59.0630 5440 msdsm - ok
21:38:59.0677 5440 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:38:59.0677 5440 Msfs - ok
21:38:59.0724 5440 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:38:59.0724 5440 mshidkmdf - ok
21:38:59.0771 5440 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:38:59.0771 5440 msisadrv - ok
21:38:59.0833 5440 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:38:59.0833 5440 MSKSSRV - ok
21:38:59.0880 5440 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:38:59.0880 5440 MSPCLOCK - ok
21:38:59.0895 5440 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:38:59.0895 5440 MSPQM - ok
21:38:59.0927 5440 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:38:59.0927 5440 MsRPC - ok
21:38:59.0958 5440 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:38:59.0973 5440 mssmbios - ok
21:39:00.0020 5440 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:39:00.0020 5440 MSTEE - ok
21:39:00.0036 5440 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:39:00.0036 5440 MTConfig - ok
21:39:00.0051 5440 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:39:00.0051 5440 Mup - ok
21:39:00.0129 5440 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:39:00.0145 5440 NativeWifiP - ok
21:39:00.0285 5440 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110913.017\ENG64.SYS
21:39:00.0301 5440 NAVENG - ok
21:39:00.0457 5440 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110913.017\EX64.SYS
21:39:00.0488 5440 NAVEX15 - ok
21:39:00.0644 5440 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:39:00.0644 5440 NDIS - ok
21:39:00.0738 5440 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:39:00.0738 5440 NdisCap - ok
21:39:00.0816 5440 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:39:00.0816 5440 NdisTapi - ok
21:39:00.0909 5440 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:39:00.0909 5440 Ndisuio - ok
21:39:00.0925 5440 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:39:00.0925 5440 NdisWan - ok
21:39:00.0941 5440 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:39:00.0941 5440 NDProxy - ok
21:39:01.0019 5440 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:39:01.0019 5440 NetBIOS - ok
21:39:01.0034 5440 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:39:01.0034 5440 NetBT - ok
21:39:01.0097 5440 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:39:01.0097 5440 nfrd960 - ok
21:39:01.0175 5440 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:39:01.0175 5440 Npfs - ok
21:39:01.0190 5440 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:39:01.0190 5440 nsiproxy - ok
21:39:01.0221 5440 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\windows\system32\drivers\Ntfs.sys
21:39:01.0237 5440 Ntfs - ok
21:39:01.0315 5440 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:39:01.0331 5440 Null - ok
21:39:01.0346 5440 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\windows\system32\drivers\nvraid.sys
21:39:01.0346 5440 nvraid - ok
21:39:01.0424 5440 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\windows\system32\drivers\nvstor.sys
21:39:01.0424 5440 nvstor - ok
21:39:01.0455 5440 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:39:01.0455 5440 nv_agp - ok
21:39:01.0455 5440 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:39:01.0455 5440 ohci1394 - ok
21:39:01.0565 5440 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:39:01.0565 5440 Parport - ok
21:39:01.0596 5440 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
21:39:01.0596 5440 partmgr - ok
21:39:01.0611 5440 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:39:01.0611 5440 pci - ok
21:39:01.0689 5440 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:39:01.0689 5440 pciide - ok
21:39:01.0721 5440 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:39:01.0721 5440 pcmcia - ok
21:39:01.0736 5440 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:39:01.0736 5440 pcw - ok
21:39:01.0830 5440 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:39:01.0845 5440 PEAUTH - ok
21:39:01.0970 5440 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
21:39:01.0970 5440 PGEffect - ok
21:39:02.0064 5440 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:39:02.0064 5440 PptpMiniport - ok
21:39:02.0111 5440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:39:02.0111 5440 Processor - ok
21:39:02.0204 5440 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:39:02.0220 5440 Psched - ok
21:39:02.0267 5440 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:39:02.0282 5440 ql2300 - ok
21:39:02.0360 5440 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:39:02.0376 5440 ql40xx - ok
21:39:02.0407 5440 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:39:02.0423 5440 QWAVEdrv - ok
21:39:02.0423 5440 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:39:02.0423 5440 RasAcd - ok
21:39:02.0501 5440 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:39:02.0501 5440 RasAgileVpn - ok
21:39:02.0594 5440 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:39:02.0594 5440 Rasl2tp - ok
21:39:02.0657 5440 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:39:02.0672 5440 RasPppoe - ok
21:39:02.0719 5440 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:39:02.0735 5440 RasSstp - ok
21:39:02.0735 5440 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:39:02.0750 5440 rdbss - ok
21:39:02.0766 5440 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:39:02.0766 5440 rdpbus - ok
21:39:02.0828 5440 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:39:02.0828 5440 RDPCDD - ok
21:39:02.0906 5440 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:39:02.0922 5440 RDPENCDD - ok
21:39:02.0937 5440 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:39:02.0937 5440 RDPREFMP - ok
21:39:03.0015 5440 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
21:39:03.0015 5440 RDPWD - ok
21:39:03.0125 5440 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:39:03.0125 5440 rdyboost - ok
21:39:03.0249 5440 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:39:03.0249 5440 rspndr - ok
21:39:03.0374 5440 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
21:39:03.0374 5440 RSUSBSTOR - ok
21:39:03.0468 5440 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:39:03.0468 5440 sbp2port - ok
21:39:03.0499 5440 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:39:03.0499 5440 scfilter - ok
21:39:03.0577 5440 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:39:03.0577 5440 secdrv - ok
21:39:03.0608 5440 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:39:03.0608 5440 Serenum - ok
21:39:03.0717 5440 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:39:03.0717 5440 Serial - ok
21:39:03.0717 5440 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:39:03.0733 5440 sermouse - ok
21:39:03.0749 5440 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:39:03.0749 5440 sffdisk - ok
21:39:03.0764 5440 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:39:03.0764 5440 sffp_mmc - ok
21:39:03.0780 5440 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:39:03.0780 5440 sffp_sd - ok
21:39:03.0780 5440 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:39:03.0780 5440 sfloppy - ok
21:39:03.0795 5440 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:39:03.0811 5440 SiSRaid2 - ok
21:39:03.0811 5440 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:39:03.0811 5440 SiSRaid4 - ok
21:39:03.0905 5440 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:39:03.0905 5440 Smb - ok
21:39:03.0936 5440 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:39:03.0936 5440 spldr - ok
21:39:04.0061 5440 sptd (04611ff9be3b40cdfe3da2bf16c694dc) C:\windows\system32\Drivers\sptd.sys
21:39:04.0061 5440 sptd - ok
21:39:04.0185 5440 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
21:39:04.0201 5440 SRTSP - ok
21:39:04.0310 5440 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
21:39:04.0310 5440 SRTSPX - ok
21:39:04.0451 5440 srv (2098b8556d1cec2aca9a29cd479e3692) C:\windows\system32\DRIVERS\srv.sys
21:39:04.0451 5440 srv - ok
21:39:04.0466 5440 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\windows\system32\DRIVERS\srv2.sys
21:39:04.0482 5440 srv2 - ok
21:39:04.0482 5440 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\windows\system32\DRIVERS\srvnet.sys
21:39:04.0482 5440 srvnet - ok
21:39:04.0575 5440 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:39:04.0575 5440 stexstor - ok
21:39:04.0622 5440 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:39:04.0622 5440 swenum - ok
21:39:04.0731 5440 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
21:39:04.0731 5440 SymDS - ok
21:39:04.0856 5440 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
21:39:04.0872 5440 SymEFA - ok
21:39:04.0981 5440 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:39:04.0981 5440 SymEvent - ok
21:39:05.0075 5440 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
21:39:05.0075 5440 SymIRON - ok
21:39:05.0184 5440 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
21:39:05.0199 5440 SymNetS - ok
21:39:05.0309 5440 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
21:39:05.0309 5440 SynTP - ok
21:39:05.0433 5440 Tcpip (509383e505c973ed7534a06b3d19688d) C:\windows\system32\drivers\tcpip.sys
21:39:05.0465 5440 Tcpip - ok
21:39:05.0574 5440 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\windows\system32\DRIVERS\tcpip.sys
21:39:05.0589 5440 TCPIP6 - ok
21:39:05.0652 5440 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:39:05.0652 5440 tcpipreg - ok
21:39:05.0683 5440 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:39:05.0683 5440 tdcmdpst - ok
21:39:05.0730 5440 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:39:05.0745 5440 TDPIPE - ok
21:39:05.0777 5440 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
21:39:05.0777 5440 TDTCP - ok
21:39:05.0839 5440 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:39:05.0839 5440 tdx - ok
21:39:05.0839 5440 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
21:39:05.0839 5440 TermDD - ok
21:39:05.0948 5440 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:39:05.0948 5440 tssecsrv - ok
21:39:06.0026 5440 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:39:06.0026 5440 TsUsbFlt - ok
21:39:06.0042 5440 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:39:06.0042 5440 TsUsbGD - ok
21:39:06.0151 5440 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:39:06.0151 5440 tunnel - ok
21:39:06.0245 5440 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:39:06.0245 5440 TVALZ - ok
21:39:06.0276 5440 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:39:06.0276 5440 uagp35 - ok
21:39:06.0369 5440 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:39:06.0385 5440 udfs - ok
21:39:06.0447 5440 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:39:06.0447 5440 uliagpkx - ok
21:39:06.0541 5440 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:39:06.0541 5440 umbus - ok
21:39:06.0588 5440 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:39:06.0588 5440 UmPass - ok
21:39:06.0681 5440 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
21:39:06.0681 5440 USBAAPL64 - ok
21:39:06.0728 5440 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\windows\system32\DRIVERS\usbccgp.sys
21:39:06.0728 5440 usbccgp - ok
21:39:06.0791 5440 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:39:06.0791 5440 usbcir - ok
21:39:06.0837 5440 usbehci (74ee782b1d9c241efe425565854c661c) C:\windows\system32\DRIVERS\usbehci.sys
21:39:06.0837 5440 usbehci - ok
21:39:06.0900 5440 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\windows\system32\DRIVERS\usbhub.sys
21:39:06.0900 5440 usbhub - ok
21:39:06.0947 5440 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\drivers\usbohci.sys
21:39:06.0947 5440 usbohci - ok
21:39:07.0009 5440 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
21:39:07.0009 5440 usbprint - ok
21:39:07.0056 5440 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:39:07.0056 5440 USBSTOR - ok
21:39:07.0103 5440 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
21:39:07.0103 5440 usbuhci - ok
21:39:07.0165 5440 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
21:39:07.0165 5440 usbvideo - ok
21:39:07.0243 5440 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:39:07.0243 5440 vdrvroot - ok
21:39:07.0368 5440 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:39:07.0368 5440 vga - ok
21:39:07.0415 5440 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:39:07.0415 5440 VgaSave - ok
21:39:07.0477 5440 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:39:07.0477 5440 vhdmp - ok
21:39:07.0524 5440 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:39:07.0524 5440 viaide - ok
21:39:07.0586 5440 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:39:07.0586 5440 volmgr - ok
21:39:07.0633 5440 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:39:07.0633 5440 volmgrx - ok
21:39:07.0695 5440 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
21:39:07.0695 5440 volsnap - ok
21:39:07.0758 5440 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:39:07.0758 5440 vsmraid - ok
21:39:07.0820 5440 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:39:07.0820 5440 vwifibus - ok
21:39:07.0914 5440 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:39:07.0914 5440 vwififlt - ok
21:39:08.0007 5440 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:39:08.0007 5440 WacomPen - ok
21:39:08.0132 5440 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:39:08.0132 5440 WANARP - ok
21:39:08.0148 5440 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:39:08.0148 5440 Wanarpv6 - ok
21:39:08.0241 5440 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:39:08.0241 5440 Wd - ok
21:39:08.0273 5440 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:39:08.0273 5440 Wdf01000 - ok
21:39:08.0429 5440 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:39:08.0429 5440 WfpLwf - ok
21:39:08.0444 5440 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:39:08.0444 5440 WIMMount - ok
21:39:08.0585 5440 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
21:39:08.0585 5440 WinUsb - ok
21:39:08.0694 5440 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:39:08.0709 5440 WmiAcpi - ok
21:39:08.0741 5440 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:39:08.0741 5440 ws2ifsl - ok
21:39:08.0850 5440 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:39:08.0850 5440 WudfPf - ok
21:39:08.0959 5440 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:39:08.0959 5440 WUDFRd - ok
21:39:08.0990 5440 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:39:09.0006 5440 \Device\Harddisk0\DR0 - ok
21:39:09.0021 5440 Boot (0x1200) (b1a4c95213feda0df655a63c625fadd7) \Device\Harddisk0\DR0\Partition0
21:39:09.0021 5440 \Device\Harddisk0\DR0\Partition0 - ok
21:39:09.0021 5440 ============================================================
21:39:09.0021 5440 Scan finished
21:39:09.0021 5440 ============================================================
21:39:09.0037 5464 Detected object count: 0
21:39:09.0037 5464 Actual detected object count: 0

[Broni]

Good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  
  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  
• Do not reboot until instructed.
  
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[winpain4]

ComboFix 11-10-10.04 - Nate 10/10/2011 21:54:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.1681 [GMT -7:00]
Running from: c:\users\Nate\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
c:\users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
c:\users\Nate\Desktop\Guard Online .lnk
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\0.901373672960915.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 05:08 . 2011-10-11 05:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-11 04:20 . 2011-10-11 04:20 -------- d-----w- c:\windows\Sun
2011-10-11 03:58 . 2011-10-11 03:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-11 02:49 . 2011-10-11 02:49 -------- d-----w- c:\program files (x86)\ESET
2011-10-11 01:39 . 2011-09-21 16:00 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{410BF81C-6EF4-490E-A5DF-F456D972AF4E}\mpengine.dll
2011-10-09 11:10 . 2011-10-09 11:10 -------- d-----w- c:\users\Nate\AppData\Roaming\Malwarebytes
2011-10-09 11:10 . 2011-10-09 11:10 -------- d-----w- c:\programdata\Malwarebytes
2011-10-09 11:10 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 11:04 . 2011-10-09 11:04 -------- d-----w- c:\users\Nate\AppData\Roaming\hNtxA0ucS
2011-10-09 11:04 . 2011-10-09 11:04 -------- d-----w- c:\users\Nate\AppData\Roaming\n7RL9gTXqkVz
2011-10-09 11:02 . 2011-10-09 11:02 -------- d-----w- c:\users\Nate\AppData\Roaming\qW7EgZqYV
2011-10-09 11:02 . 2011-10-09 11:02 -------- d-----w- c:\users\Nate\AppData\Roaming\llBxySi3o
2011-10-09 11:02 . 2011-10-09 11:05 -------- d-----w- c:\users\Nate\AppData\Roaming\SaH6W7EL9TqCI
2011-10-09 11:02 . 2011-10-09 11:02 -------- d-----w- c:\users\Nate\AppData\Roaming\FzNAuSbpnQdKR9T
2011-09-23 20:56 . 2011-09-23 20:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-14 05:04 . 2011-09-14 05:04 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-09-14 04:20 . 2011-09-14 04:22 -------- d-----w- c:\program files\Common Files\Adobe
2011-09-14 04:19 . 2011-09-14 04:19 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-09-12 13:20 . 2011-09-12 13:21 -------- d-----w- c:\program files (x86)\MagicDisc
2011-09-12 13:20 . 2009-02-25 01:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2011-09-12 13:20 . 2009-02-25 01:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 05:28 . 2011-08-23 05:28 271424 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-23 05:25 . 2011-08-23 05:22 761592 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-23 05:25 . 2011-08-23 05:22 171392 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2011-08-14 21:28 . 2011-06-26 11:00 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-14 21:06 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a0447a65-66aa-4dc3-9869-e574e5de2d5e}]
2011-07-25 17:29 497472 ----a-w- c:\program files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-6-28 974848]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-9-12 576000]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-09-09 1152632]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110913.030\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-14 136824]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2541882724-21598371-551205861-1000Core.job
- c:\users\Nate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09 19:08]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2541882724-21598371-551205861-1000UA.job
- c:\users\Nate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09 19:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0447a65-66aa-4dc3-9869-e574e5de2d5e}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF14082.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {{48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - c:\program files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{957AD79B-7B7A-4CD2-A207-AD729A7C8F46}: NameServer = 192.168.0.3
FF - ProfilePath - c:\users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\j9er166n.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-10-10 22:15:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-11 05:15
.
Pre-Run: 219,616,604,160 bytes free
Post-Run: 219,444,490,240 bytes free
.
- - End Of File - - CB01B769247FEF7FD1AD65D57B9E9ADD

[winpain4]

I can access localhost again while using wampserver. MBAM is no longer giving me ping.exe warnings. So far everything seems to be working!

[Broni]

It looks much better.

How is computer doing?

Bed time is coming here so I'll check on you tomorrow...

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
c:\users\Nate\AppData\Roaming\hNtxA0ucS
c:\users\Nate\AppData\Roaming\n7RL9gTXqkVz
c:\users\Nate\AppData\Roaming\qW7EgZqYV
c:\users\Nate\AppData\Roaming\llBxySi3o
c:\users\Nate\AppData\Roaming\SaH6W7EL9TqCI
c:\users\Nate\AppData\Roaming\FzNAuSbpnQdKR9T


DDS::
uInternet Settings,ProxyOverride = <local>;*.local

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt