# globalroot\systemroot\assembly\temp\U.....



## cinderblock (May 9, 2012)

Greetings All,

First apologies: The computer with the issues is not commected to the net, and therefore I was unable to download the TSG SysInfo tool. Also, Please forgive if this is posted in the incorrect forum, but as I located the post below:

http://forums.techguy.org/virus-other-malware-removal/1021842-norton-system-infected-tidserv-activity.html

(dated: October 12, 2011) in this forum, AND have the following in common with the post:

_when I try to open webpages sometimes, a warning window pops up titled _
_"__Mswinext__.exe - Bad image__" and it says the following:_

_\\.\globalroot\systemroot\assembly\tmp\U\[email protected] is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact yoursystem administrator or the software vendor for support._

I thought this might be the correct place J

I also *thought* Norton was the cause of the problem (as the Warning Window was first noticed when attempting to install Norton from my service provider  Comcast  more about that in paragraph to follow), at which point _Norton_Download_Manager_.exe  Bad Image was contained in the Warning Window header, but as cited above, other programs have appeared in the header as well. For the record, I *believe* the Window Warning header always contains an.exe extention, but am not certain.

These issues are occuring on a Compaq notebook, with the Windows 7 Home Premium, 64-bit Operating System. Yesterday, I ran a computer scan (via F10 and/or F11BIOS?) and was declared healthy  but all errors above still remain.

Heres the more about Comcast part - in their infinite wisdom, they made it next to impossible to download Norton360 alone. They highly recommend installation of Norton along with the Constant Guard product. In one of my futile attempts to return the computer to a healthy state, I downloaded Revo Uninstaller and attempted to eradicate both Constant Guard and Norton, and re-install only Norton. Having done so, many Norton folders that contained Viruses found listings are no available at present, but I do remember Trojan (Gen_2, maybe?) being one of the latest four placed in quarantine.

Im obviously not the most computer savvy type  but I hope someone will choose to reach out and guide me.

Thanks and blessings to you in advance.

Cindy


----------



## cinderblock (May 9, 2012)

Hi!

I've been working with Norton tech's and things *seem* pretty good - BUT, from what I've read here about the ZeroAccess virus, I'm scared that other computers on our secure net might be infected 

*Quick Norton rundown *(again, I'm not very computer savvy...sorry) - things that I noticed while watching the Norton tech work remotely (which, btw; I'm not real comfortable about).

He said it was ZeroAccess and downloaded a ZeroAccess Fix Tool 1.0.1
He noticed "Base Filtering Engine" was missing...and restored it with a boat-load of hexidecimal 'stuff' that he first placed into notepad
I *think* it was during Norton scans that I noticed a couple of Trojan.Gen.2 issues and also a Backdoor Trojan (I never saw anything that "said" ZeroAccess
Once the Norton tech got Norton working - and I did the first scan - the results mentioned a "proxyhostmirrordisplay' found and deleting of c:\windows\system32\Rlouniv.dll
Also mentioned load point keys being repaired
Again, I'm sorry - not too technical, I know.


----------



## kevinf80 (Mar 21, 2006)

Hello Cindy and welcome to TSG,

Without logs we have no way of finding out what is wrong with your system. You mention working with a Norton Tech, did the tech come to your house? or was this done online? there is also a reference to the tech downloading specific tools, how was that done if you have no internet connection.

I need to see the following logs before we can progress:


Download *DDS* by sUBs from one of the following links. Save it to your desktop.
*DDS.com*
*DDS.scr*
*DDS.pif*

Double click on the *DDS* icon, allow it to run.
A small box will open, with an explanation about the tool. 
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
 Save both reports to your desktop.
 The instructions here ask you to attach the Attach.txt.









*Instead of attaching, please copy/past both logs into your next reply.*
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control *HERE*

If this system has no connection you can d/l on a different PC and transfer to the infected one, then save the logs copy to USB stick, CD etc and transfer back and upload that way.

Kevin


----------



## cinderblock (May 9, 2012)

Hi Kevin!

Logs follow....answers to your questions at the bottom :down:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7600.16385
Run by brandon at 22:13:48 on 2012-05-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.547 [GMT -4:00]
.
AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\taskhost.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [<NO NAME>] 
StartupFolder: C:\Users\brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DhcpNameServer = 40.5.1.100
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897}\0757274697 : DhcpNameServer = 10.1.10.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [(Default)] 
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-7 1160824]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-12 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-9 138360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-12 05:56:31 778088 ---ha-w- C:\Windows\System32\HPDiscoPMa011.dll
2012-05-12 05:54:12 -------- d-----w- C:\Program Files\HP
2012-05-12 04:30:18 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-05-12 04:30:18 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-05-12 04:17:44 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-05-12 04:17:44 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-05-12 04:17:44 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-05-12 04:17:44 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-05-12 04:17:44 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-05-12 04:17:44 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-05-12 04:17:44 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-05-12 04:17:44 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-05-12 04:17:44 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-05-12 04:17:44 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-05-12 04:01:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2012-05-12 04:00:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-05-12 03:59:59 2326016 ----a-w- C:\Windows\System32\tquery.dll
2012-05-12 03:45:19 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-05-12 03:45:19 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-05-12 03:45:18 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-05-12 03:45:18 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-05-12 03:45:01 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-05-12 03:45:01 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-05-12 03:44:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-05-12 03:44:54 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-05-12 03:44:47 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-05-12 03:44:47 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-05-12 03:44:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-12 03:40:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-05-12 03:40:27 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-05-12 03:40:26 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-05-12 03:40:26 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-05-12 03:40:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-12 03:40:20 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-12 03:40:19 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-12 03:35:11 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2012-05-12 03:33:19 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-12 03:33:18 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-12 03:32:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-05-12 03:32:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-05-12 03:32:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-05-12 03:32:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-05-12 03:32:32 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-05-12 03:32:32 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-05-12 03:32:31 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-05-12 03:32:31 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-05-12 03:32:31 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-05-12 03:32:30 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-05-12 03:29:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2012-05-12 03:29:54 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-12 03:18:31 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-12 03:18:31 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-12 03:18:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-12 03:18:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-12 03:18:31 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-12 03:15:56 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2012-05-12 03:15:56 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-05-12 03:15:54 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2012-05-12 03:15:54 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-05-12 03:14:20 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-05-12 03:14:20 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-05-12 03:14:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-05-12 03:14:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-05-12 03:14:08 112000 ----a-w- C:\Windows\System32\consent.exe
2012-05-12 03:12:28 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-05-12 03:12:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-05-12 03:12:25 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-05-12 03:12:19 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:19 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-05-12 03:11:51 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-05-12 03:11:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-05-12 03:11:23 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-05-12 03:11:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-05-12 03:11:22 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-05-12 03:11:22 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-05-12 03:11:22 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-05-12 03:11:22 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-05-12 03:11:22 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-05-12 03:11:22 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-05-12 03:11:22 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-05-12 03:11:21 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-05-12 03:02:33 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 03:02:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-05-12 03:02:05 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-05-12 02:58:07 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-12 02:58:06 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-12 02:58:04 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-05-12 02:58:03 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-05-12 02:57:48 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-12 02:57:48 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-12 02:55:19 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-12 02:55:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-12 02:55:19 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-12 02:55:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-12 01:50:44 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-05-12 01:50:44 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-05-12 01:50:44 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-05-12 01:50:44 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-05-12 01:50:44 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-05-12 01:50:44 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-05-12 01:50:27 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
2012-05-10 00:57:30 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-05-10 00:35:43 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Symantec
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-05-10 00:34:52 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-05-10 00:34:50 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-05-10 00:34:42 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-05-10 00:29:52 -------- d-----w- C:\Users\brandon\AppData\Local\LogMeIn Rescue Applet
2012-05-07 04:38:34 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-07 00:51:11 -------- d-----w- C:\Users\brandon\AppData\Local\VS Revo Group
2012-05-07 00:51:07 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-05-07 00:51:06 -------- d-----w- C:\Program Files\VS Revo Group
2012-05-06 23:08:58 -------- d-----w- C:\ProgramData\GID
2012-05-06 19:38:32 -------- d-----w- C:\Windows\pss
2012-04-23 03:07:21 -------- d-----w- C:\ProgramData\Recovery
2012-04-23 02:08:52 -------- d-----w- C:\N360_BACKUP
2012-04-23 01:36:49 -------- d-----w- C:\Users\brandon\AppData\Local\NPE
2012-04-22 21:19:29 -------- d-----w- C:\Users\brandon\AppData\Local\ElevatedDiagnostics
2012-04-13 23:47:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-05-10 00:54:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-06 23:11:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:11:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-26 04:03:12 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2012-03-26 04:03:12 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-03-26 04:03:12 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-03-26 04:03:12 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2012-03-26 04:03:10 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2012-03-26 04:03:10 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-03-26 04:03:10 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-03-26 04:03:10 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2012-03-26 04:03:10 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2012-03-26 04:03:02 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2012-03-26 04:02:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-15 01:29:56 12942400 ----a-w- C:\Users\brandon\HRBlock_DeluxeSE_2011_Update_C.exe
2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:17:02.98 ===============.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2011 2:10:26 AM
System Uptime: 5/12/2012 9:47:10 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1604
Processor: AMD V140 Processor | Socket S1G4 | 782/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 215 GiB total, 149.071 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.491 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP37: 5/6/2012 8:54:57 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP39: 5/6/2012 8:55:26 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP41: 5/6/2012 8:58:25 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP43: 5/6/2012 8:59:32 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP45: 5/6/2012 11:40:46 PM - Revo Uninstaller Pro's restore point - Norton Security Suite
RP47: 5/6/2012 11:44:27 PM - Revo Uninstaller Pro's restore point - Norton Online Backup
RP48: 5/6/2012 11:44:52 PM - Removed Norton Online Backup
RP50: 5/7/2012 12:11:26 AM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP52: 5/7/2012 12:14:46 AM - Revo Uninstaller Pro's restore point - norton
RP54: 5/8/2012 10:34:20 PM - Revo Uninstaller Pro's restore point - Norton Online Backup
RP55: 5/8/2012 10:35:57 PM - Removed Norton Online Backup
RP57: 5/8/2012 10:48:46 PM - Revo Uninstaller Pro's restore point - 
RP59: 5/8/2012 11:03:03 PM - Revo Uninstaller Pro's restore point - 
RP61: 5/8/2012 11:04:31 PM - Revo Uninstaller Pro's restore point - 
RP63: 5/8/2012 11:09:54 PM - Revo Uninstaller Pro's restore point - 
RP65: 5/8/2012 11:32:19 PM - Revo Uninstaller Pro's restore point - 
RP67: 5/9/2012 12:49:02 AM - Revo Uninstaller Pro's restore point - Norton Download Manager
RP69: 5/9/2012 12:49:59 AM - Revo Uninstaller Pro's restore point - Norton Download Manager
RP70: 5/11/2012 10:13:08 PM - HPSF Restore Point
RP71: 5/11/2012 10:24:43 PM - HPSF Restore Point
RP72: 5/11/2012 10:28:13 PM - HPSF Restore Point
RP73: 5/11/2012 10:59:58 PM - Windows Update
RP74: 5/11/2012 11:14:09 PM - Windows Update
RP75: 5/11/2012 11:30:44 PM - Windows Update
RP76: 5/12/2012 12:14:22 AM - Windows Update
RP77: 5/12/2012 1:30:12 AM - Removed HP Deskjet 3050A J611 series Basic Device Software
RP79: 5/12/2012 1:42:12 AM - Revo Uninstaller Pro's restore point - 
RP81: 5/12/2012 1:44:15 AM - Revo Uninstaller Pro's restore point - HP Deskjet 3050A J611 series Basic Device Software
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Reader 9.3 MUI
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Ask Toolbar
Ask Toolbar Updater
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Blackhawk Striker 2
Build-a-lot 2
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Energy Star Digital Logo
erLT
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
FrostWire 5.0.8
GuardedID
H&R Block Deluxe + Efile + State 2011
H&R Block New Jersey 2011
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3050A J611 series Help
HP Documentation
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
ooVoo
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 8:44:17 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/9/2012 8:44:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/6/2012 9:05:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
5/6/2012 8:31:58 PM, Error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2012 7:55:01 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
5/6/2012 7:54:55 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The pipe has been ended.
5/6/2012 4:34:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/6/2012 4:26:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
5/6/2012 3:43:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
5/6/2012 3:43:54 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2012 3:43:54 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2012 3:43:54 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2012 3:30:04 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/6/2012 2:00:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
5/6/2012 11:21:00 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/6/2012 11:20:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/6/2012 11:20:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/6/2012 11:20:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/6/2012 11:20:54 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
5/6/2012 11:20:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/6/2012 11:20:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
5/6/2012 11:20:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/5/2012 1:25:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.
5/5/2012 1:25:50 AM, Error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/12/2012 9:48:27 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
5/12/2012 9:48:06 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/12/2012 9:48:02 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/12/2012 12:42:18 AM, Error: Service Control Manager [7023] - 
.
==== End Of File ===========================

Hope I did that correctly  Now, the promised answers:

The day I typed the first post, I was not at a location from which the infected computer could gain internet access, and I didn't think of your suggestion. For the most part, the internet connection (when available) has been consistent with the infected computer.

The work done by the Norton Tech was done remotely, via the internet, which allowed him to download the tools.

Lastly, I apologize for the delay....was cutting down trees all day. THANK YOU KEVIN for your patience and help


----------



## kevinf80 (Mar 21, 2006)

Thankyou for the logs and update, don`t worry about reply times it is no big issue with me. Just post back when you have the time...

OK the logs do indicate ZeroAccess rootkit infection, do the following:

*Step 1*

Download *Yorkyt.exe* and save to your Desktop.

Double click the *Yorkyt.exe* to run it, Vista or Windows 7 user right click and "Run as Administrator"










Select Yes to restart at the prompt.










Let it restart again when prompted.










Be patient as the tool is working after the 2nd reboot.










When you see the above, test to see if browser redirects are present or not.

Attach the Yorkyt.exe.log to your next message (it should be on your desktop)

*Step 2*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see those two logs in next reply..

Kevin


----------



## cinderblock (May 9, 2012)

What a kind soul you are Kevin  Thanks to both you and your lovely mother (assuming you celebrate Mother's Day in the UK) for your time today 

Logs follow:

2012-05-13 14:15:11: ****************************************************
2012-05-13 14:15:11: Starting UP ... v 0.0.0.220
2012-05-13 14:15:11: ****************************************************
2012-05-13 14:15:11: Stop TPSRV returns: 2
2012-05-13 14:15:27: Listing processes...
2012-05-13 14:15:27: :[System Process]:0
2012-05-13 14:15:27: :System:4
2012-05-13 14:15:27: :smss.exe:276
2012-05-13 14:15:27: :csrss.exe:400
2012-05-13 14:15:27: :wininit.exe:460
2012-05-13 14:15:27: :csrss.exe:472
2012-05-13 14:15:27: :services.exe:520
2012-05-13 14:15:27: :lsass.exe:532
2012-05-13 14:15:27: :lsm.exe:540
2012-05-13 14:15:27: :winlogon.exe:568
2012-05-13 14:15:27: :svchost.exe:692
2012-05-13 14:15:27: :svchost.exe:752
2012-05-13 14:15:27: :atiesrxx.exe:800
2012-05-13 14:15:27: :svchost.exe:892
2012-05-13 14:15:27: :svchost.exe:924
2012-05-13 14:15:27: :svchost.exe:952
2012-05-13 14:15:27: :audiodg.exe:312
2012-05-13 14:15:27: :TrustedInstaller.exe:396
2012-05-13 14:15:27: :svchost.exe:652
2012-05-13 14:15:27: :svchost.exe:1140
2012-05-13 14:15:27: :wlanext.exe:1208
2012-05-13 14:15:27: :conhost.exe:1216
2012-05-13 14:15:27: :spoolsv.exe:1316
2012-05-13 14:15:27: :svchost.exe:1344
2012-05-13 14:15:27: :svchost.exe:1504
2012-05-13 14:15:27: :AERTSr64.exe:1536
2012-05-13 14:15:27: :CinemaNowSvc.exe:1556
2012-05-13 14:15:27: resentationFontCache.exe:1624
2012-05-13 14:15:27: :HPDrvMntSvc.exe:1704
2012-05-13 14:15:27: :HPWMISVC.exe:1740
2012-05-13 14:15:27: :ccsvchst.exe:1776
2012-05-13 14:15:27: :svchost.exe:1824
2012-05-13 14:15:27: :SeaPort.exe:1880
2012-05-13 14:15:27: :svchost.exe:1912
2012-05-13 14:15:27: :WLIDSVC.EXE:1988
2012-05-13 14:15:27: :SearchIndexer.exe:1588
2012-05-13 14:15:27: :WLIDSVCM.EXE:1008
2012-05-13 14:15:27: :WmiPrvSE.exe:2236
2012-05-13 14:15:27: :atieclxx.exe:1688
2012-05-13 14:15:27: :HPSA_Service.exe:1804
2012-05-13 14:15:27: :HPWA_Service.exe:1948
2012-05-13 14:15:27: :RtVOsdService.exe:2160
2012-05-13 14:15:27: :RtVOsd.exe:2144
2012-05-13 14:15:27: :WmiPrvSE.exe:2684
2012-05-13 14:15:27: :hpqWmiEx.exe:2780
2012-05-13 14:15:27: :wmpnetwk.exe:2808
2012-05-13 14:15:27: :ccsvchst.exe:188
2012-05-13 14:15:27: :taskhost.exe:3096
2012-05-13 14:15:27: :dwm.exe:3192
2012-05-13 14:15:27: :explorer.exe:3236
2012-05-13 14:15:27: :SynTPEnh.exe:3540
2012-05-13 14:15:27: :rundll32.exe:3588
2012-05-13 14:15:27:  :SynTPHelper.exe:3888
2012-05-13 14:15:27: :taskeng.exe:3016
2012-05-13 14:15:27: :svchost.exe:3520
2012-05-13 14:15:27: :taskeng.exe:1124
2012-05-13 14:15:27: :taskeng.exe:2108
2012-05-13 14:15:27: :jusched.exe:3616
2012-05-13 14:15:27: :iexplore.exe:1384
2012-05-13 14:15:27: :iexplore.exe:4068
2012-05-13 14:15:27: :mswinext.exe:2292
2012-05-13 14:15:27: :SCServer.exe:3028
2012-05-13 14:15:27: :FlashUtil32_11_2_202_235_ActiveX.exe:1356
2012-05-13 14:15:27: :iexplore.exe:4780
2012-05-13 14:15:27: :SearchProtocolHost.exe:5092
2012-05-13 14:15:27: :SearchFilterHost.exe:5112
2012-05-13 14:15:27: :yorkyt.exe:4592
2012-05-13 14:15:27: 
2012-05-13 14:15:27: Setting restore point
2012-05-13 14:16:19: RUN mode
2012-05-13 14:16:19: Determining autonomous or dropped mode...
2012-05-13 14:16:19: Autonomus mode
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: AeLookupSvc
2012-05-13 14:16:19: Real Path: C:\Windows\System32\aelupsvc.dll
2012-05-13 14:16:19: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-05-13 14:16:19: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-05-13 14:16:19: ServiceDLL: System32\aelupsvc.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: aelupsvc.dll
2012-05-13 14:16:19: Original File Name: aelupsvc.dll.mui
2012-05-13 14:16:19: Company: 
2012-05-13 14:16:19: Mod/Cre/Acc time: 
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: AppIDSvc
2012-05-13 14:16:19: Real Path: C:\Windows\System32\appidsvc.dll
2012-05-13 14:16:19: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-05-13 14:16:19: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-05-13 14:16:19: ServiceDLL: System32\appidsvc.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: appidsvc.dll
2012-05-13 14:16:19: Original File Name: appidsvc.dll.mui
2012-05-13 14:16:19: Company: 
2012-05-13 14:16:19: Mod/Cre/Acc time: 
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: Appinfo
2012-05-13 14:16:19: Real Path: C:\Windows\System32\appinfo.dll
2012-05-13 14:16:19: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-05-13 14:16:19: Description: @%systemroot%\system32\appinfo.dll,-101
2012-05-13 14:16:19: ServiceDLL: System32\appinfo.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: appinfo.dll
2012-05-13 14:16:19: Original File Name: appinfo.dll.mui
2012-05-13 14:16:19: Company: 
2012-05-13 14:16:19: Mod/Cre/Acc time: 
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: AudioEndpointBuilder
2012-05-13 14:16:19: Real Path: C:\Windows\System32\Audiosrv.dll
2012-05-13 14:16:19: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-05-13 14:16:19: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-05-13 14:16:19: ServiceDLL: System32\Audiosrv.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: Audiosrv.dll
2012-05-13 14:16:19: Original File Name: audiosrv.dll.mui
2012-05-13 14:16:19: Company: 
2012-05-13 14:16:19: Mod/Cre/Acc time: 
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: AudioSrv
2012-05-13 14:16:19: Real Path: C:\Windows\System32\Audiosrv.dll
2012-05-13 14:16:19: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-05-13 14:16:19: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-05-13 14:16:19: ServiceDLL: System32\Audiosrv.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: Audiosrv.dll
2012-05-13 14:16:19: Original File Name: audiosrv.dll.mui
2012-05-13 14:16:19: Company: 
2012-05-13 14:16:19: Mod/Cre/Acc time: 
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: AxInstSV
2012-05-13 14:16:20: Real Path: C:\Windows\System32\AxInstSV.dll
2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-05-13 14:16:20: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-05-13 14:16:20: ServiceDLL: System32\AxInstSV.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: AxInstSV.dll
2012-05-13 14:16:20: Original File Name: AxInstSv.dll.mui
2012-05-13 14:16:20: Company: 
2012-05-13 14:16:20: Mod/Cre/Acc time: 
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: BDESVC
2012-05-13 14:16:20: Real Path: C:\Windows\System32\bdesvc.dll
2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-05-13 14:16:20: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-05-13 14:16:20: ServiceDLL: System32\bdesvc.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: bdesvc.dll
2012-05-13 14:16:20: Original File Name: BDESVC.DLL.MUI
2012-05-13 14:16:20: Company: 
2012-05-13 14:16:20: Mod/Cre/Acc time: 
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: BFE
2012-05-13 14:16:20: Real Path: C:\Windows\System32\bfe.dll
2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-05-13 14:16:20: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-05-13 14:16:20: ServiceDLL: System32\bfe.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: bfe.dll
2012-05-13 14:16:20: Original File Name: BFE.DLL.MUI
2012-05-13 14:16:20: Company: 
2012-05-13 14:16:20: Mod/Cre/Acc time: 
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: BITS
2012-05-13 14:16:20: Real Path: C:\Windows\System32\qmgr.dll
2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-05-13 14:16:20: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-05-13 14:16:20: ServiceDLL: System32\qmgr.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: qmgr.dll
2012-05-13 14:16:20: Original File Name: qmgr.dll.mui
2012-05-13 14:16:20: Company: 
2012-05-13 14:16:20: Mod/Cre/Acc time: 
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: Browser
2012-05-13 14:16:20: Real Path: C:\Windows\System32\browser.dll
2012-05-13 14:16:20: Display Name: @%systemroot%\system32\browser.dll,-100
2012-05-13 14:16:20: Description: @%systemroot%\system32\browser.dll,-101
2012-05-13 14:16:20: ServiceDLL: System32\browser.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: browser.dll
2012-05-13 14:16:20: Original File Name: browser.dll.mui
2012-05-13 14:16:20: Company: 
2012-05-13 14:16:20: Mod/Cre/Acc time: 
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: bthserv
2012-05-13 14:16:21: Real Path: C:\Windows\system32\bthserv.dll
2012-05-13 14:16:21: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-05-13 14:16:21: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-05-13 14:16:21: ServiceDLL: system32\bthserv.dll
2012-05-13 14:16:21: File size: 0
2012-05-13 14:16:21: DLL File name: bthserv.dll
2012-05-13 14:16:21: Original File Name: BTHSERV.DLL.MUI
2012-05-13 14:16:21: Company: 
2012-05-13 14:16:21: Mod/Cre/Acc time: 
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: CertPropSvc
2012-05-13 14:16:21: Real Path: C:\Windows\System32\certprop.dll
2012-05-13 14:16:21: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-05-13 14:16:21: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-05-13 14:16:21: ServiceDLL: System32\certprop.dll
2012-05-13 14:16:21: File size: 0
2012-05-13 14:16:21: DLL File name: certprop.dll
2012-05-13 14:16:21: Original File Name: certprop.dll.mui
2012-05-13 14:16:21: Company: 
2012-05-13 14:16:21: Mod/Cre/Acc time: 
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: CryptSvc
2012-05-13 14:16:21: Real Path: C:\Windows\system32\cryptsvc.dll
2012-05-13 14:16:21: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-05-13 14:16:21: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-05-13 14:16:21: ServiceDLL: system32\cryptsvc.dll
2012-05-13 14:16:21: File size: 135680
2012-05-13 14:16:21: DLL File name: cryptsvc.dll
2012-05-13 14:16:21: Original File Name: cryptsvc.dll.mui
2012-05-13 14:16:21: Company: 
2012-05-13 14:16:21: Mod/Cre/Acc time: 20090713211507 20090713193303 20090713193303
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: DcomLaunch
2012-05-13 14:16:21: Real Path: C:\Windows\system32\rpcss.dll
2012-05-13 14:16:21: Display Name: @oleres.dll,-5012
2012-05-13 14:16:21: Description: @oleres.dll,-5013
2012-05-13 14:16:21: ServiceDLL: system32\rpcss.dll
2012-05-13 14:16:21: File size: 0
2012-05-13 14:16:21: DLL File name: rpcss.dll
2012-05-13 14:16:21: Original File Name: rpcss.dll
2012-05-13 14:16:21: Company: 
2012-05-13 14:16:21: Mod/Cre/Acc time: 
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: defragsvc
2012-05-13 14:16:21: Real Path: C:\Windows\System32\defragsvc.dll
2012-05-13 14:16:21: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-05-13 14:16:21: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-05-13 14:16:21: ServiceDLL: System32\defragsvc.dll
2012-05-13 14:16:21: File size: 0
2012-05-13 14:16:21: DLL File name: defragsvc.dll
2012-05-13 14:16:21: Original File Name: defragsvc.dll.mui
2012-05-13 14:16:21: Company: 
2012-05-13 14:16:21: Mod/Cre/Acc time: 
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: Dhcp
2012-05-13 14:16:22: Real Path: C:\Windows\system32\dhcpcore.dll
2012-05-13 14:16:22: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-05-13 14:16:22: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-05-13 14:16:22: ServiceDLL: system32\dhcpcore.dll
2012-05-13 14:16:22: File size: 253440
2012-05-13 14:16:22: DLL File name: dhcpcore.dll
2012-05-13 14:16:22: Original File Name: dhcpcore.dll.mui
2012-05-13 14:16:22: Company: 
2012-05-13 14:16:22: Mod/Cre/Acc time: 20090713211511 20090713191216 20090713191216
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: Dnscache
2012-05-13 14:16:22: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-05-13 14:16:22: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-05-13 14:16:22: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-05-13 14:16:22: ServiceDLL: System32\dnsrslvr.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: dnsrslvr.dll
2012-05-13 14:16:22: Original File Name: dnsrslvr.dll.mui
2012-05-13 14:16:22: Company: 
2012-05-13 14:16:22: Mod/Cre/Acc time: 
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: dot3svc
2012-05-13 14:16:22: Real Path: C:\Windows\System32\dot3svc.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-05-13 14:16:22: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-05-13 14:16:22: ServiceDLL: System32\dot3svc.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: dot3svc.dll
2012-05-13 14:16:22: Original File Name: dot3svc.dll.mui
2012-05-13 14:16:22: Company: 
2012-05-13 14:16:22: Mod/Cre/Acc time: 
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: DPS
2012-05-13 14:16:22: Real Path: C:\Windows\system32\dps.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\dps.dll,-500
2012-05-13 14:16:22: Description: @%systemroot%\system32\dps.dll,-501
2012-05-13 14:16:22: ServiceDLL: system32\dps.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: dps.dll
2012-05-13 14:16:22: Original File Name: dps.dll.mui
2012-05-13 14:16:22: Company: 
2012-05-13 14:16:22: Mod/Cre/Acc time: 
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: EapHost
2012-05-13 14:16:22: Real Path: C:\Windows\System32\eapsvc.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-05-13 14:16:22: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-05-13 14:16:22: ServiceDLL: System32\eapsvc.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: eapsvc.dll
2012-05-13 14:16:22: Original File Name: eapsvc.dll.mui
2012-05-13 14:16:22: Company: 
2012-05-13 14:16:22: Mod/Cre/Acc time: 
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: EventSystem
2012-05-13 14:16:22: Real Path: C:\Windows\system32\es.dll
2012-05-13 14:16:22: Display Name: @comres.dll,-2450
2012-05-13 14:16:22: Description: @comres.dll,-2451
2012-05-13 14:16:22: ServiceDLL: system32\es.dll
2012-05-13 14:16:22: File size: 271360
2012-05-13 14:16:22: DLL File name: es.dll
2012-05-13 14:16:22: Original File Name: ES.DLL
2012-05-13 14:16:22: Company: 
2012-05-13 14:16:22: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: fdPHost
2012-05-13 14:16:22: Real Path: C:\Windows\system32\fdPHost.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-05-13 14:16:22: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-05-13 14:16:22: ServiceDLL: system32\fdPHost.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: fdPHost.dll
2012-05-13 14:16:22: Original File Name: fdPHost.dll.mui
2012-05-13 14:16:22: Company: 
2012-05-13 14:16:22: Mod/Cre/Acc time: 
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: FDResPub
2012-05-13 14:16:22: Real Path: C:\Windows\system32\fdrespub.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-05-13 14:16:22: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-05-13 14:16:22: ServiceDLL: system32\fdrespub.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: fdrespub.dll
2012-05-13 14:16:22: Original File Name: FDResPub.dll.mui
2012-05-13 14:16:22: Company: 
2012-05-13 14:16:22: Mod/Cre/Acc time: 
2012-05-13 14:16:22: !!!!!!!
2012-05-13 14:16:22: Found Service: FontCache
2012-05-13 14:16:22: Real Path: C:\Windows\system32\FntCache.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-05-13 14:16:22: Description: @%systemroot%\system32\FntCache.dll,-101
2012-05-13 14:16:22: ServiceDLL: system32\FntCache.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: FntCache.dll
2012-05-13 14:16:22: Original File Name: FontCacheService
2012-05-13 14:16:22: Company: 
2012-05-13 14:16:22: Mod/Cre/Acc time: 
2012-05-13 14:16:22: !!!!!!!!!
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: gpsvc
2012-05-13 14:16:23: Real Path: C:\Windows\System32\gpsvc.dll
2012-05-13 14:16:23: Display Name: @gpapi.dll,-112
2012-05-13 14:16:23: Description: @gpapi.dll,-113
2012-05-13 14:16:23: ServiceDLL: System32\gpsvc.dll
2012-05-13 14:16:23: File size: 0
2012-05-13 14:16:23: DLL File name: gpsvc.dll
2012-05-13 14:16:23: Original File Name: gpsvc.dll.mui
2012-05-13 14:16:23: Company: 
2012-05-13 14:16:23: Mod/Cre/Acc time: 
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: hidserv
2012-05-13 14:16:23: Real Path: C:\Windows\system32\hidserv.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-05-13 14:16:23: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-05-13 14:16:23: ServiceDLL: system32\hidserv.dll
2012-05-13 14:16:23: File size: 49152
2012-05-13 14:16:23: DLL File name: hidserv.dll
2012-05-13 14:16:23: Original File Name: HIDSERV.DLL.MUI
2012-05-13 14:16:23: Company: 
2012-05-13 14:16:23: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: hkmsvc
2012-05-13 14:16:23: Real Path: C:\Windows\system32\kmsvc.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-05-13 14:16:23: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-05-13 14:16:23: ServiceDLL: system32\kmsvc.dll
2012-05-13 14:16:23: File size: 0
2012-05-13 14:16:23: DLL File name: kmsvc.dll
2012-05-13 14:16:23: Original File Name: KmSvc.DLL.MUI
2012-05-13 14:16:23: Company: 
2012-05-13 14:16:23: Mod/Cre/Acc time: 
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: HomeGroupListener
2012-05-13 14:16:23: Real Path: C:\Windows\system32\ListSvc.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-05-13 14:16:23: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-05-13 14:16:23: ServiceDLL: system32\ListSvc.dll
2012-05-13 14:16:23: File size: 0
2012-05-13 14:16:23: DLL File name: ListSvc.dll
2012-05-13 14:16:23: Original File Name: ListSvc.dll.mui
2012-05-13 14:16:23: Company: 
2012-05-13 14:16:23: Mod/Cre/Acc time: 
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: HomeGroupProvider
2012-05-13 14:16:23: Real Path: C:\Windows\system32\provsvc.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-05-13 14:16:23: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-05-13 14:16:23: ServiceDLL: system32\provsvc.dll
2012-05-13 14:16:23: File size: 165376
2012-05-13 14:16:23: DLL File name: provsvc.dll
2012-05-13 14:16:23: Original File Name: provsvc.dll.mui
2012-05-13 14:16:23: Company: 
2012-05-13 14:16:23: Mod/Cre/Acc time: 20090713211612 20090713193941 20090713193941
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: IKEEXT
2012-05-13 14:16:23: Real Path: C:\Windows\System32\ikeext.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-05-13 14:16:23: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-05-13 14:16:23: ServiceDLL: System32\ikeext.dll
2012-05-13 14:16:23: File size: 0
2012-05-13 14:16:23: DLL File name: ikeext.dll
2012-05-13 14:16:23: Original File Name: IKEEXT.DLL.MUI
2012-05-13 14:16:23: Company: 
2012-05-13 14:16:23: Mod/Cre/Acc time: 
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: IPBusEnum
2012-05-13 14:16:24: Real Path: C:\Windows\system32\ipbusenum.dll
2012-05-13 14:16:24: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-05-13 14:16:24: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-05-13 14:16:24: ServiceDLL: system32\ipbusenum.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: ipbusenum.dll
2012-05-13 14:16:24: Original File Name: IPBusEnum.dll.mui
2012-05-13 14:16:24: Company: 
2012-05-13 14:16:24: Mod/Cre/Acc time: 
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: KtmRm
2012-05-13 14:16:24: Real Path: C:\Windows\system32\msdtckrm.dll
2012-05-13 14:16:24: Display Name: @comres.dll,-2946
2012-05-13 14:16:24: Description: @comres.dll,-2947
2012-05-13 14:16:24: ServiceDLL: system32\msdtckrm.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: msdtckrm.dll
2012-05-13 14:16:24: Original File Name: MSDTCKRM.DLL
2012-05-13 14:16:24: Company: 
2012-05-13 14:16:24: Mod/Cre/Acc time: 
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: LanmanServer
2012-05-13 14:16:24: Real Path: C:\Windows\system32\srvsvc.dll
2012-05-13 14:16:24: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-05-13 14:16:24: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-05-13 14:16:24: ServiceDLL: system32\srvsvc.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: srvsvc.dll
2012-05-13 14:16:24: Original File Name: SRVSVC.DLL.MUI
2012-05-13 14:16:24: Company: 
2012-05-13 14:16:24: Mod/Cre/Acc time: 
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: LanmanWorkstation
2012-05-13 14:16:24: Real Path: C:\Windows\System32\wkssvc.dll
2012-05-13 14:16:24: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-05-13 14:16:24: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-05-13 14:16:24: ServiceDLL: System32\wkssvc.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: wkssvc.dll
2012-05-13 14:16:24: Original File Name: WKSSVC.DLL.MUI
2012-05-13 14:16:24: Company: 
2012-05-13 14:16:24: Mod/Cre/Acc time: 
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: lltdsvc
2012-05-13 14:16:24: Real Path: C:\Windows\System32\lltdsvc.dll
2012-05-13 14:16:24: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-05-13 14:16:24: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-05-13 14:16:24: ServiceDLL: System32\lltdsvc.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: lltdsvc.dll
2012-05-13 14:16:24: Original File Name: LLTDSVC.DLL
2012-05-13 14:16:24: Company: 
2012-05-13 14:16:24: Mod/Cre/Acc time: 
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: lmhosts
2012-05-13 14:16:25: Real Path: C:\Windows\System32\lmhsvc.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-05-13 14:16:25: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-05-13 14:16:25: ServiceDLL: System32\lmhsvc.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: lmhsvc.dll
2012-05-13 14:16:25: Original File Name: lmhsvc.dll.mui
2012-05-13 14:16:25: Company: 
2012-05-13 14:16:25: Mod/Cre/Acc time: 
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: Mcx2Svc
2012-05-13 14:16:25: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-05-13 14:16:25: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-05-13 14:16:25: ServiceDLL: system32\Mcx2Svc.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: Mcx2Svc.dll
2012-05-13 14:16:25: Original File Name: Mcx2Svc.dll
2012-05-13 14:16:25: Company: 
2012-05-13 14:16:25: Mod/Cre/Acc time: 
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: MMCSS
2012-05-13 14:16:25: Real Path: C:\Windows\system32\mmcss.dll
2012-05-13 14:16:25: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-05-13 14:16:25: Description: @%systemroot%\system32\mmcss.dll,-101
2012-05-13 14:16:25: ServiceDLL: system32\mmcss.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: mmcss.dll
2012-05-13 14:16:25: Original File Name: mmcss.dll.mui
2012-05-13 14:16:25: Company: 
2012-05-13 14:16:25: Mod/Cre/Acc time: 
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: MSiSCSI
2012-05-13 14:16:25: Real Path: C:\Windows\system32\iscsiexe.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-05-13 14:16:25: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-05-13 14:16:25: ServiceDLL: system32\iscsiexe.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: iscsiexe.dll
2012-05-13 14:16:25: Original File Name: iscsiexe.exe.mui
2012-05-13 14:16:25: Company: 
2012-05-13 14:16:25: Mod/Cre/Acc time: 
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: napagent
2012-05-13 14:16:25: Real Path: C:\Windows\system32\qagentRT.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-05-13 14:16:25: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-05-13 14:16:25: ServiceDLL: system32\qagentRT.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: qagentRT.dll
2012-05-13 14:16:25: Original File Name: QAgentRT.DLL.MUI
2012-05-13 14:16:25: Company: 
2012-05-13 14:16:25: Mod/Cre/Acc time: 
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: Netman
2012-05-13 14:16:25: Real Path: C:\Windows\System32\netman.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-05-13 14:16:25: Description: @%SystemRoot%\system32\netman.dll,-110
2012-05-13 14:16:25: ServiceDLL: System32\netman.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: netman.dll
2012-05-13 14:16:25: Original File Name: netman.dll.mui
2012-05-13 14:16:25: Company: 
2012-05-13 14:16:25: Mod/Cre/Acc time: 
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: netprofm
2012-05-13 14:16:26: Real Path: C:\Windows\System32\netprofm.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-05-13 14:16:26: ServiceDLL: System32\netprofm.dll
2012-05-13 14:16:26: File size: 360448
2012-05-13 14:16:26: DLL File name: netprofm.dll
2012-05-13 14:16:26: Original File Name: netprofm.dll.mui
2012-05-13 14:16:26: Company: 
2012-05-13 14:16:26: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: NlaSvc
2012-05-13 14:16:26: Real Path: C:\Windows\System32\nlasvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-05-13 14:16:26: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-05-13 14:16:26: ServiceDLL: System32\nlasvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: nlasvc.dll
2012-05-13 14:16:26: Original File Name: nlasvc.dll.mui
2012-05-13 14:16:26: Company: 
2012-05-13 14:16:26: Mod/Cre/Acc time: 
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: nsi
2012-05-13 14:16:26: Real Path: C:\Windows\system32\nsisvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-05-13 14:16:26: ServiceDLL: system32\nsisvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: nsisvc.dll
2012-05-13 14:16:26: Original File Name: nsisvc.dll.mui
2012-05-13 14:16:26: Company: 
2012-05-13 14:16:26: Mod/Cre/Acc time: 
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: p2pimsvc
2012-05-13 14:16:26: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-05-13 14:16:26: ServiceDLL: system32\pnrpsvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: pnrpsvc.dll
2012-05-13 14:16:26: Original File Name: pnrpsvc.dll.mui
2012-05-13 14:16:26: Company: 
2012-05-13 14:16:26: Mod/Cre/Acc time: 
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: p2psvc
2012-05-13 14:16:26: Real Path: C:\Windows\system32\p2psvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-05-13 14:16:26: ServiceDLL: system32\p2psvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: p2psvc.dll
2012-05-13 14:16:26: Original File Name: p2psvc.dll.mui
2012-05-13 14:16:26: Company: 
2012-05-13 14:16:26: Mod/Cre/Acc time: 
2012-05-13 14:16:26: !!!!!!!
2012-05-13 14:16:26: Found Service: PcaSvc
2012-05-13 14:16:26: Real Path: C:\Windows\System32\pcasvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-05-13 14:16:26: ServiceDLL: System32\pcasvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: pcasvc.dll
2012-05-13 14:16:26: Original File Name: 
2012-05-13 14:16:26: Company: 
2012-05-13 14:16:26: Mod/Cre/Acc time: 
2012-05-13 14:16:26: !!!!!!!!!
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: pla
2012-05-13 14:16:27: Real Path: C:\Windows\system32\pla.dll
2012-05-13 14:16:27: Display Name: @%systemroot%\system32\pla.dll,-500
2012-05-13 14:16:27: Description: @%systemroot%\system32\pla.dll,-501
2012-05-13 14:16:27: ServiceDLL: system32\pla.dll
2012-05-13 14:16:27: File size: 1508864
2012-05-13 14:16:27: DLL File name: pla.dll
2012-05-13 14:16:27: Original File Name: PLA.DLL.MUI
2012-05-13 14:16:27: Company: 
2012-05-13 14:16:27: Mod/Cre/Acc time: 20090713211612 20090713192013 20090713192013
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: PlugPlay
2012-05-13 14:16:27: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-05-13 14:16:27: ServiceDLL: system32\umpnpmgr.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: umpnpmgr.dll
2012-05-13 14:16:27: Original File Name: Umpnpmgr.DLL.MUI
2012-05-13 14:16:27: Company: 
2012-05-13 14:16:27: Mod/Cre/Acc time: 
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: PNRPAutoReg
2012-05-13 14:16:27: Real Path: C:\Windows\system32\pnrpauto.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-05-13 14:16:27: ServiceDLL: system32\pnrpauto.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: pnrpauto.dll
2012-05-13 14:16:27: Original File Name: pnrpauto.dll.mui
2012-05-13 14:16:27: Company: 
2012-05-13 14:16:27: Mod/Cre/Acc time: 
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: PNRPsvc
2012-05-13 14:16:27: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-05-13 14:16:27: ServiceDLL: system32\pnrpsvc.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: pnrpsvc.dll
2012-05-13 14:16:27: Original File Name: pnrpsvc.dll.mui
2012-05-13 14:16:27: Company: 
2012-05-13 14:16:27: Mod/Cre/Acc time: 
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: PolicyAgent
2012-05-13 14:16:27: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-05-13 14:16:27: ServiceDLL: System32\ipsecsvc.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: ipsecsvc.dll
2012-05-13 14:16:27: Original File Name: ipsecsvc.dll.mui
2012-05-13 14:16:27: Company: 
2012-05-13 14:16:27: Mod/Cre/Acc time: 
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: Power
2012-05-13 14:16:27: Real Path: C:\Windows\system32\umpo.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-05-13 14:16:27: ServiceDLL: system32\umpo.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: umpo.dll
2012-05-13 14:16:27: Original File Name: Umpo.DLL.MUI
2012-05-13 14:16:27: Company: 
2012-05-13 14:16:27: Mod/Cre/Acc time: 
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: ProfSvc
2012-05-13 14:16:27: Real Path: C:\Windows\system32\profsvc.dll
2012-05-13 14:16:27: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-05-13 14:16:27: Description: @%systemroot%\system32\profsvc.dll,-301
2012-05-13 14:16:27: ServiceDLL: system32\profsvc.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: profsvc.dll
2012-05-13 14:16:27: Original File Name: ProfSvc.dll.mui
2012-05-13 14:16:27: Company: 
2012-05-13 14:16:27: Mod/Cre/Acc time: 
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: QWAVE
2012-05-13 14:16:27: Real Path: C:\Windows\system32\qwave.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-05-13 14:16:27: ServiceDLL: system32\qwave.dll
2012-05-13 14:16:27: File size: 210944
2012-05-13 14:16:27: DLL File name: qwave.dll
2012-05-13 14:16:27: Original File Name: qwave.dll.mui
2012-05-13 14:16:27: Company: 
2012-05-13 14:16:27: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: RasAuto
2012-05-13 14:16:27: Real Path: C:\Windows\System32\rasauto.dll
2012-05-13 14:16:27: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-05-13 14:16:27: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-05-13 14:16:27: ServiceDLL: System32\rasauto.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: rasauto.dll
2012-05-13 14:16:27: Original File Name: rasauto.dll.mui
2012-05-13 14:16:27: Company: 
2012-05-13 14:16:27: Mod/Cre/Acc time: 
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RasMan
2012-05-13 14:16:28: Real Path: C:\Windows\System32\rasmans.dll
2012-05-13 14:16:28: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-05-13 14:16:28: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-05-13 14:16:28: ServiceDLL: System32\rasmans.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: rasmans.dll
2012-05-13 14:16:28: Original File Name: Rasmans.dll.mui
2012-05-13 14:16:28: Company: 
2012-05-13 14:16:28: Mod/Cre/Acc time: 
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RemoteAccess
2012-05-13 14:16:28: Real Path: C:\Windows\System32\mprdim.dll
2012-05-13 14:16:28: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-05-13 14:16:28: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-05-13 14:16:28: ServiceDLL: System32\mprdim.dll
2012-05-13 14:16:28: File size: 75264
2012-05-13 14:16:28: DLL File name: mprdim.dll
2012-05-13 14:16:28: Original File Name: MPRDIM.DLL.MUI
2012-05-13 14:16:28: Company: 
2012-05-13 14:16:28: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RemoteRegistry
2012-05-13 14:16:28: Real Path: C:\Windows\system32\regsvc.dll
2012-05-13 14:16:28: Display Name: @regsvc.dll,-1
2012-05-13 14:16:28: Description: @regsvc.dll,-2
2012-05-13 14:16:28: ServiceDLL: system32\regsvc.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: regsvc.dll
2012-05-13 14:16:28: Original File Name: REGSVC.DLL.MUI
2012-05-13 14:16:28: Company: 
2012-05-13 14:16:28: Mod/Cre/Acc time: 
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RpcEptMapper
2012-05-13 14:16:28: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-05-13 14:16:28: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-05-13 14:16:28: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-05-13 14:16:28: ServiceDLL: System32\RpcEpMap.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: RpcEpMap.dll
2012-05-13 14:16:28: Original File Name: RpcEpMap.dll.mui
2012-05-13 14:16:28: Company: 
2012-05-13 14:16:28: Mod/Cre/Acc time: 
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RpcSs
2012-05-13 14:16:28: Real Path: C:\Windows\system32\rpcss.dll
2012-05-13 14:16:28: Display Name: @oleres.dll,-5010
2012-05-13 14:16:28: Description: @oleres.dll,-5011
2012-05-13 14:16:28: ServiceDLL: system32\rpcss.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: rpcss.dll
2012-05-13 14:16:28: Original File Name: rpcss.dll
2012-05-13 14:16:28: Company: 
2012-05-13 14:16:28: Mod/Cre/Acc time: 
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: SCardSvr
2012-05-13 14:16:28: Real Path: C:\Windows\System32\SCardSvr.dll
2012-05-13 14:16:28: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-05-13 14:16:28: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-05-13 14:16:28: ServiceDLL: System32\SCardSvr.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: SCardSvr.dll
2012-05-13 14:16:28: Original File Name: SCardSvr.exe.mui
2012-05-13 14:16:28: Company: 
2012-05-13 14:16:28: Mod/Cre/Acc time: 
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: Schedule
2012-05-13 14:16:29: Real Path: C:\Windows\system32\schedsvc.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-05-13 14:16:29: ServiceDLL: system32\schedsvc.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: schedsvc.dll
2012-05-13 14:16:29: Original File Name: schedsvc.dll.mui
2012-05-13 14:16:29: Company: 
2012-05-13 14:16:29: Mod/Cre/Acc time: 
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SCPolicySvc
2012-05-13 14:16:29: Real Path: C:\Windows\System32\certprop.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-05-13 14:16:29: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-05-13 14:16:29: ServiceDLL: System32\certprop.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: certprop.dll
2012-05-13 14:16:29: Original File Name: certprop.dll.mui
2012-05-13 14:16:29: Company: 
2012-05-13 14:16:29: Mod/Cre/Acc time: 
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SDRSVC
2012-05-13 14:16:29: Real Path: C:\Windows\System32\SDRSVC.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-05-13 14:16:29: ServiceDLL: System32\SDRSVC.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: SDRSVC.dll
2012-05-13 14:16:29: Original File Name: SDRSVC.DLL.MUI
2012-05-13 14:16:29: Company: 
2012-05-13 14:16:29: Mod/Cre/Acc time: 
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: seclogon
2012-05-13 14:16:29: Real Path: C:\Windows\system32\seclogon.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-05-13 14:16:29: ServiceDLL: system32\seclogon.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: seclogon.dll
2012-05-13 14:16:29: Original File Name: SECLOGON.EXE.MUI
2012-05-13 14:16:29: Company: 
2012-05-13 14:16:29: Mod/Cre/Acc time: 
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SENS
2012-05-13 14:16:29: Real Path: C:\Windows\System32\sens.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-05-13 14:16:29: ServiceDLL: System32\sens.dll
2012-05-13 14:16:29: File size: 49664
2012-05-13 14:16:29: DLL File name: sens.dll
2012-05-13 14:16:29: Original File Name: sens.dll.mui
2012-05-13 14:16:29: Company: 
2012-05-13 14:16:29: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SensrSvc
2012-05-13 14:16:29: Real Path: C:\Windows\system32\sensrsvc.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-05-13 14:16:29: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-05-13 14:16:29: ServiceDLL: system32\sensrsvc.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: sensrsvc.dll
2012-05-13 14:16:29: Original File Name: sensrsvc.dll.mui
2012-05-13 14:16:29: Company: 
2012-05-13 14:16:29: Mod/Cre/Acc time: 
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SessionEnv
2012-05-13 14:16:29: Real Path: C:\Windows\system32\sessenv.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-05-13 14:16:29: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-05-13 14:16:29: ServiceDLL: system32\sessenv.dll
2012-05-13 14:16:29: File size: 99328
2012-05-13 14:16:29: DLL File name: sessenv.dll
2012-05-13 14:16:29: Original File Name: SessEnv.DLL.MUI
2012-05-13 14:16:29: Company: 
2012-05-13 14:16:29: Mod/Cre/Acc time: 20090713211613 20090713200228 20090713200228
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SharedAccess
2012-05-13 14:16:29: Real Path: C:\Windows\System32\ipnathlp.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-05-13 14:16:29: ServiceDLL: System32\ipnathlp.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: ipnathlp.dll
2012-05-13 14:16:29: Original File Name: IPNATHLP.DLL.MUI
2012-05-13 14:16:29: Company: 
2012-05-13 14:16:29: Mod/Cre/Acc time: 
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: ShellHWDetection
2012-05-13 14:16:30: Real Path: C:\Windows\System32\shsvcs.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-05-13 14:16:30: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-05-13 14:16:30: ServiceDLL: System32\shsvcs.dll
2012-05-13 14:16:30: File size: 328192
2012-05-13 14:16:30: DLL File name: shsvcs.dll
2012-05-13 14:16:30: Original File Name: SHSVCS.DLL.MUI
2012-05-13 14:16:30: Company: 
2012-05-13 14:16:30: Mod/Cre/Acc time: 20090713211614 20090713193928 20090713193928
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: sppuinotify
2012-05-13 14:16:30: Real Path: C:\Windows\system32\sppuinotify.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-05-13 14:16:30: ServiceDLL: system32\sppuinotify.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: sppuinotify.dll
2012-05-13 14:16:30: Original File Name: sppuinotify.dll.mui
2012-05-13 14:16:30: Company: 
2012-05-13 14:16:30: Mod/Cre/Acc time: 
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: SSDPSRV
2012-05-13 14:16:30: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-05-13 14:16:30: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-05-13 14:16:30: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-05-13 14:16:30: ServiceDLL: System32\ssdpsrv.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: ssdpsrv.dll
2012-05-13 14:16:30: Original File Name: ssdpsrv.dll.mui
2012-05-13 14:16:30: Company: 
2012-05-13 14:16:30: Mod/Cre/Acc time: 
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: SstpSvc
2012-05-13 14:16:30: Real Path: C:\Windows\system32\sstpsvc.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-05-13 14:16:30: ServiceDLL: system32\sstpsvc.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: sstpsvc.dll
2012-05-13 14:16:30: Original File Name: sstpsvc.dll.mui
2012-05-13 14:16:30: Company: 
2012-05-13 14:16:30: Mod/Cre/Acc time: 
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: stisvc
2012-05-13 14:16:30: Real Path: C:\Windows\System32\wiaservc.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-05-13 14:16:30: ServiceDLL: System32\wiaservc.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: wiaservc.dll
2012-05-13 14:16:30: Original File Name: WIASERVC.DLL.MUI
2012-05-13 14:16:30: Company: 
2012-05-13 14:16:30: Mod/Cre/Acc time: 
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: swprv
2012-05-13 14:16:30: Real Path: C:\Windows\System32\swprv.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-05-13 14:16:30: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-05-13 14:16:30: ServiceDLL: System32\swprv.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: swprv.dll
2012-05-13 14:16:30: Original File Name: SWPRV.DLL.MUI
2012-05-13 14:16:30: Company: 
2012-05-13 14:16:30: Mod/Cre/Acc time: 
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: SysMain
2012-05-13 14:16:30: Real Path: C:\Windows\system32\sysmain.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-05-13 14:16:30: ServiceDLL: system32\sysmain.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: sysmain.dll
2012-05-13 14:16:30: Original File Name: sysmain.dll.mui
2012-05-13 14:16:30: Company: 
2012-05-13 14:16:30: Mod/Cre/Acc time: 
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: TabletInputService
2012-05-13 14:16:30: Real Path: C:\Windows\System32\TabSvc.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-05-13 14:16:30: ServiceDLL: System32\TabSvc.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: TabSvc.dll
2012-05-13 14:16:30: Original File Name: TabSvc.dll.mui
2012-05-13 14:16:30: Company: 
2012-05-13 14:16:30: Mod/Cre/Acc time: 
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: TapiSrv
2012-05-13 14:16:31: Real Path: C:\Windows\System32\tapisrv.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-05-13 14:16:31: ServiceDLL: System32\tapisrv.dll
2012-05-13 14:16:31: File size: 241664
2012-05-13 14:16:31: DLL File name: tapisrv.dll
2012-05-13 14:16:31: Original File Name: TAPISRV.EXE.MUI
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 20090713211615 20090713201955 20090713201955
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: TBS
2012-05-13 14:16:31: Real Path: C:\Windows\System32\tbssvc.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-05-13 14:16:31: ServiceDLL: System32\tbssvc.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: tbssvc.dll
2012-05-13 14:16:31: Original File Name: TBSSVC.DLL.MUI
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: TermService
2012-05-13 14:16:31: Real Path: C:\Windows\System32\termsrv.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-05-13 14:16:31: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-05-13 14:16:31: ServiceDLL: System32\termsrv.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: termsrv.dll
2012-05-13 14:16:31: Original File Name: termsrv.dll.mui
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: Themes
2012-05-13 14:16:31: Real Path: C:\Windows\system32\themeservice.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-05-13 14:16:31: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-05-13 14:16:31: ServiceDLL: system32\themeservice.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: themeservice.dll
2012-05-13 14:16:31: Original File Name: THEMESERVICE.DLL.MUI
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: THREADORDER
2012-05-13 14:16:31: Real Path: C:\Windows\system32\mmcss.dll
2012-05-13 14:16:31: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-05-13 14:16:31: Description: @%systemroot%\system32\mmcss.dll,-103
2012-05-13 14:16:31: ServiceDLL: system32\mmcss.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: mmcss.dll
2012-05-13 14:16:31: Original File Name: mmcss.dll.mui
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: TrkWks
2012-05-13 14:16:31: Real Path: C:\Windows\System32\trkwks.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-05-13 14:16:31: ServiceDLL: System32\trkwks.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: trkwks.dll
2012-05-13 14:16:31: Original File Name: trkwks.dll.mui
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 
2012-05-13 14:16:31: !!!!!!!
2012-05-13 14:16:31: Found Service: upnphost
2012-05-13 14:16:31: Real Path: C:\Windows\System32\upnphost.dll
2012-05-13 14:16:31: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-05-13 14:16:31: Description: @%systemroot%\system32\upnphost.dll,-214
2012-05-13 14:16:31: ServiceDLL: System32\upnphost.dll
2012-05-13 14:16:31: File size: 266752
2012-05-13 14:16:31: DLL File name: upnphost.dll
2012-05-13 14:16:31: Original File Name: unpnhost.dll.mui
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 20090713211617 20090713195541 20090713195541
2012-05-13 14:16:31: !!!!!!!!!
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: UxSms
2012-05-13 14:16:31: Real Path: C:\Windows\System32\uxsms.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-05-13 14:16:31: ServiceDLL: System32\uxsms.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: uxsms.dll
2012-05-13 14:16:31: Original File Name: UxSms.dll
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: W32Time
2012-05-13 14:16:31: Real Path: C:\Windows\system32\w32time.dll
2012-05-13 14:16:31: Display Name: Windows Time
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-05-13 14:16:31: ServiceDLL: system32\w32time.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: w32time.dll
2012-05-13 14:16:31: Original File Name: w32time.dll.mui
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: WbioSrvc
2012-05-13 14:16:31: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-05-13 14:16:31: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-05-13 14:16:31: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-05-13 14:16:31: ServiceDLL: System32\wbiosrvc.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: wbiosrvc.dll
2012-05-13 14:16:31: Original File Name: wbiosrvc.dll.mui
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: wcncsvc
2012-05-13 14:16:31: Real Path: C:\Windows\System32\wcncsvc.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-05-13 14:16:31: ServiceDLL: System32\wcncsvc.dll
2012-05-13 14:16:31: File size: 276992
2012-05-13 14:16:31: DLL File name: wcncsvc.dll
2012-05-13 14:16:31: Original File Name: WCNCSVC.DLL.MUI
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 20100914020714 20120512003018 20120512003018
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: WcsPlugInService
2012-05-13 14:16:31: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-05-13 14:16:31: ServiceDLL: System32\WcsPlugInService.dll
2012-05-13 14:16:31: File size: 32768
2012-05-13 14:16:31: DLL File name: WcsPlugInService.dll
2012-05-13 14:16:31: Original File Name: WcsPlugInService.DLL.MUI
2012-05-13 14:16:31: Company: 
2012-05-13 14:16:31: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513
2012-05-13 14:16:32: ---------------------------------------------------------------------
2012-05-13 14:16:32: Found Service: WdiServiceHost
2012-05-13 14:16:32: Real Path: C:\Windows\system32\wdi.dll
2012-05-13 14:16:32: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-05-13 14:16:32: Description: @%systemroot%\system32\wdi.dll,-503
2012-05-13 14:16:32: ServiceDLL: system32\wdi.dll
2012-05-13 14:16:32: File size: 76288
2012-05-13 14:16:32: DLL File name: wdi.dll
2012-05-13 14:16:32: Original File Name: wdi.dll.mui
2012-05-13 14:16:32: Company: 
2012-05-13 14:16:32: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-05-13 14:16:32: ---------------------------------------------------------------------
2012-05-13 14:16:32: Found Service: WdiSystemHost
2012-05-13 14:16:32: Real Path: C:\Windows\system32\wdi.dll
2012-05-13 14:16:32: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-05-13 14:16:32: Description: @%systemroot%\system32\wdi.dll,-501
2012-05-13 14:16:32: ServiceDLL: system32\wdi.dll
2012-05-13 14:16:32: File size: 76288
2012-05-13 14:16:32: DLL File name: wdi.dll
2012-05-13 14:16:32: Original File Name: wdi.dll.mui
2012-05-13 14:16:32: Company: 
2012-05-13 14:16:32: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-05-13 14:16:32: !!!!!!!
2012-05-13 14:16:32: Found Service: WebClient
2012-05-13 14:16:32: Real Path: C:\Windows\System32\webclnt.dll
2012-05-13 14:16:32: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-05-13 14:16:32: Description: @%systemroot%\system32\webclnt.dll,-101
2012-05-13 14:16:32: ServiceDLL: System32\webclnt.dll
2012-05-13 14:16:32: File size: 204800
2012-05-13 14:16:32: DLL File name: webclnt.dll
2012-05-13 14:16:32: Original File Name: davsvc.dll.mui
2012-05-13 14:16:32: Company: 
2012-05-13 14:16:32: Mod/Cre/Acc time: 20101221013821 20120512000202 20120512000202
2012-05-13 14:16:32: !!!!!!!!!
2012-05-13 14:16:32: ---------------------------------------------------------------------
2012-05-13 14:16:32: Found Service: Wecsvc
2012-05-13 14:16:32: Real Path: C:\Windows\system32\wecsvc.dll
2012-05-13 14:16:32: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-05-13 14:16:32: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-05-13 14:16:32: ServiceDLL: system32\wecsvc.dll
2012-05-13 14:16:32: File size: 0
2012-05-13 14:16:32: DLL File name: wecsvc.dll
2012-05-13 14:16:32: Original File Name: wecsvc.dll.mui
2012-05-13 14:16:32: Company: 
2012-05-13 14:16:32: Mod/Cre/Acc time: 
2012-05-13 14:16:33: !!!!!!!
2012-05-13 14:16:33: Found Service: wercplsupport
2012-05-13 14:16:33: Real Path: C:\Windows\System32\wercplsupport.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-05-13 14:16:33: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-05-13 14:16:33: ServiceDLL: System32\wercplsupport.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: wercplsupport.dll
2012-05-13 14:16:33: Original File Name: ERC
2012-05-13 14:16:33: Company: 
2012-05-13 14:16:33: Mod/Cre/Acc time: 
2012-05-13 14:16:33: !!!!!!!!!
2012-05-13 14:16:33: !!!!!!!
2012-05-13 14:16:33: Found Service: WerSvc
2012-05-13 14:16:33: Real Path: C:\Windows\System32\WerSvc.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-05-13 14:16:33: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-05-13 14:16:33: ServiceDLL: System32\WerSvc.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: WerSvc.dll
2012-05-13 14:16:33: Original File Name: wersvc
2012-05-13 14:16:33: Company: 
2012-05-13 14:16:33: Mod/Cre/Acc time: 
2012-05-13 14:16:33: !!!!!!!!!
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: Winmgmt
2012-05-13 14:16:33: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-05-13 14:16:33: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-05-13 14:16:33: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-05-13 14:16:33: ServiceDLL: system32\wbem\WMIsvc.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: WMIsvc.dll
2012-05-13 14:16:33: Original File Name: wmisvc.dll.mui
2012-05-13 14:16:33: Company: 
2012-05-13 14:16:33: Mod/Cre/Acc time: 
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: WinRM
2012-05-13 14:16:33: Real Path: C:\Windows\system32\WsmSvc.dll
2012-05-13 14:16:33: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-05-13 14:16:33: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-05-13 14:16:33: ServiceDLL: system32\WsmSvc.dll
2012-05-13 14:16:33: File size: 1175040
2012-05-13 14:16:33: DLL File name: WsmSvc.dll
2012-05-13 14:16:33: Original File Name: WsmSvc.dll.mui
2012-05-13 14:16:33: Company: 
2012-05-13 14:16:33: Mod/Cre/Acc time: 20090713211620 20090713193143 20090713193143
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: Wlansvc
2012-05-13 14:16:33: Real Path: C:\Windows\System32\wlansvc.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-05-13 14:16:33: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-05-13 14:16:33: ServiceDLL: System32\wlansvc.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: wlansvc.dll
2012-05-13 14:16:33: Original File Name: wlansvc.dll.mui
2012-05-13 14:16:33: Company: 
2012-05-13 14:16:33: Mod/Cre/Acc time: 
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: WPCSvc
2012-05-13 14:16:33: Real Path: C:\Windows\System32\wpcsvc.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-05-13 14:16:33: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-05-13 14:16:33: ServiceDLL: System32\wpcsvc.dll
2012-05-13 14:16:33: File size: 10752
2012-05-13 14:16:33: DLL File name: wpcsvc.dll
2012-05-13 14:16:33: Original File Name: wpcsvc.exe.mui
2012-05-13 14:16:33: Company: 
2012-05-13 14:16:33: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: WPDBusEnum
2012-05-13 14:16:33: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-05-13 14:16:33: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-05-13 14:16:33: ServiceDLL: system32\wpdbusenum.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: wpdbusenum.dll
2012-05-13 14:16:33: Original File Name: WpdBusEnum.DLL.MUI
2012-05-13 14:16:33: Company: 
2012-05-13 14:16:33: Mod/Cre/Acc time: 
2012-05-13 14:16:34: ---------------------------------------------------------------------
2012-05-13 14:16:34: Found Service: wuauserv
2012-05-13 14:16:34: Real Path: C:\Windows\system32\wuaueng.dll
2012-05-13 14:16:34: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-05-13 14:16:34: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-05-13 14:16:34: ServiceDLL: system32\wuaueng.dll
2012-05-13 14:16:34: File size: 0
2012-05-13 14:16:34: DLL File name: wuaueng.dll
2012-05-13 14:16:34: Original File Name: wuaueng.dll.mui
2012-05-13 14:16:34: Company: 
2012-05-13 14:16:34: Mod/Cre/Acc time: 
2012-05-13 14:16:34: ---------------------------------------------------------------------
2012-05-13 14:16:34: Found Service: wudfsvc
2012-05-13 14:16:34: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-05-13 14:16:34: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-05-13 14:16:34: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-05-13 14:16:34: ServiceDLL: System32\WUDFSvc.dll
2012-05-13 14:16:34: File size: 0
2012-05-13 14:16:34: DLL File name: WUDFSvc.dll
2012-05-13 14:16:34: Original File Name: WUDFSvc.dll.mui
2012-05-13 14:16:34: Company: 
2012-05-13 14:16:34: Mod/Cre/Acc time: 
2012-05-13 14:16:34: ---------------------------------------------------------------------
2012-05-13 14:16:34: Found Service: WwanSvc
2012-05-13 14:16:34: Real Path: C:\Windows\System32\wwansvc.dll
2012-05-13 14:16:34: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-05-13 14:16:34: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-05-13 14:16:34: ServiceDLL: System32\wwansvc.dll
2012-05-13 14:16:34: File size: 0
2012-05-13 14:16:34: DLL File name: wwansvc.dll
2012-05-13 14:16:34: Original File Name: WwanSvc.dll.mui
2012-05-13 14:16:34: Company: 
2012-05-13 14:16:34: Mod/Cre/Acc time: 
2012-05-13 14:16:34: 
2012-05-13 14:16:34: Looking for SHELL key
2012-05-13 14:16:34: Now looking for bad DLL files in system32
2012-05-13 14:17:53: Folder: GAC
2012-05-13 14:17:53: Folder: GAC_32
2012-05-13 14:17:53: Folder: GAC_64
2012-05-13 14:17:53: Folder: GAC_MSIL
2012-05-13 14:17:53: Folder: NativeImages_v2.0.50727_32
2012-05-13 14:17:53: Folder: NativeImages_v2.0.50727_64
2012-05-13 14:17:54: Folder: temp
2012-05-13 14:17:54: Folder: tmp
2012-05-13 14:17:54: Checking for bad folder
2012-05-13 14:17:54: Found 1 folders.
2012-05-13 14:17:54: Checking C:\Windows\assembly\tmp
2012-05-13 14:17:54: ... Folder test returns: 1
2012-05-13 14:17:54: Done with folder list in C:\Windows\assembly\ tmp
2012-05-13 14:17:54: Autonomous mode, clearing out yt folder
2012-05-13 14:17:54: cmd.exe /c start "C:\Users\brandon\Desktop\yorkyt.exe"
2012-05-13 14:18:05: Restarting...
2012-05-13 14:19:55: ****************************************************
2012-05-13 14:19:55: Starting UP ... v 0.0.0.220
2012-05-13 14:19:55: ****************************************************
2012-05-13 14:19:58: Stop TPSRV returns: 2
2012-05-13 14:20:14: Listing processes...
2012-05-13 14:20:14: :[System Process]:0
2012-05-13 14:20:14: :System:4
2012-05-13 14:20:14: :smss.exe:268
2012-05-13 14:20:14: :csrss.exe:400
2012-05-13 14:20:14: :wininit.exe:460
2012-05-13 14:20:14: :csrss.exe:472
2012-05-13 14:20:14: :services.exe:520
2012-05-13 14:20:14: :lsass.exe:532
2012-05-13 14:20:14: :lsm.exe:540
2012-05-13 14:20:14: :winlogon.exe:568
2012-05-13 14:20:14: :svchost.exe:688
2012-05-13 14:20:14: :svchost.exe:756
2012-05-13 14:20:14: :atiesrxx.exe:808
2012-05-13 14:20:14: :svchost.exe:900
2012-05-13 14:20:14: :svchost.exe:940
2012-05-13 14:20:14: :svchost.exe:968
2012-05-13 14:20:14: :audiodg.exe:332
2012-05-13 14:20:14: :svchost.exe:632
2012-05-13 14:20:14: :atieclxx.exe:1040
2012-05-13 14:20:14: :svchost.exe:1144
2012-05-13 14:20:14: :wlanext.exe:1252
2012-05-13 14:20:14: :conhost.exe:1260
2012-05-13 14:20:14: :spoolsv.exe:1360
2012-05-13 14:20:14: :svchost.exe:1392
2012-05-13 14:20:14: :svchost.exe:1500
2012-05-13 14:20:14: :AERTSr64.exe:1528
2012-05-13 14:20:14: :CinemaNowSvc.exe:1548
2012-05-13 14:20:14: resentationFontCache.exe:1612
2012-05-13 14:20:14: :HPDrvMntSvc.exe:1712
2012-05-13 14:20:14: :HPWMISVC.exe:1744
2012-05-13 14:20:14: :ccsvchst.exe:1828
2012-05-13 14:20:14: :svchost.exe:1932
2012-05-13 14:20:14: :SeaPort.exe:1964
2012-05-13 14:20:14: :svchost.exe:2024
2012-05-13 14:20:14: :WLIDSVC.EXE:1124
2012-05-13 14:20:14: :taskhost.exe:2052
2012-05-13 14:20:14: :SearchIndexer.exe:2332
2012-05-13 14:20:14: :WmiPrvSE.exe:2420
2012-05-13 14:20:14: :dwm.exe:2448
2012-05-13 14:20:14: :explorer.exe:2472
2012-05-13 14:20:14: :WLIDSVCM.EXE:2492
2012-05-13 14:20:14: :ccsvchst.exe:2736
2012-05-13 14:20:14: :yorkyt.exe:2608
2012-05-13 14:20:14: :SynTPEnh.exe:2540
2012-05-13 14:20:14: :rundll32.exe:3120
2012-05-13 14:20:14: :SearchProtocolHost.exe:3184
2012-05-13 14:20:15: :SearchFilterHost.exe:3208
2012-05-13 14:20:15: :SynTPHelper.exe:3296
2012-05-13 14:20:15: :wmpnetwk.exe:3592
2012-05-13 14:20:15: :svchost.exe:3636
2012-05-13 14:20:15: :WmiPrvSE.exe:3872
2012-05-13 14:20:15: 
2012-05-13 14:20:15: Starting cleanup mode...
2012-05-13 14:21:14: ... Done with files, now folders
2012-05-13 14:21:51: All DONE

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.13.04
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
brandon :: BRANDON-HP [administrator]
5/13/2012 2:54:25 PM
mbam-log-2012-05-13 (14-54-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198142
Time elapsed: 4 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^Z^ -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Assuming that your expertise has healed (or is in the process of healing) this infected computer, would you recommend running the same logs for other laptops that connect to our secure router? If so, would you be willing to work with me? You are a SUPER TEACHER/TECH 

Look forward to 'seeing' you again, Cindy


----------



## kevinf80 (Mar 21, 2006)

Re-run DDS and post fresh DDS.txt, no need for Attach.txt this time...


----------



## cinderblock (May 9, 2012)

Wowsers! Thanks for that Lightening-fast reply, Kevin!

Here's the (good?) news -

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7600.16385
Run by brandon at 15:22:39 on 2012-05-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.863 [GMT -4:00]
.
AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [<NO NAME>] 
StartupFolder: C:\Users\brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DhcpNameServer = 40.5.1.100
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897}\0757274697 : DhcpNameServer = 10.1.10.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [(Default)] 
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-7 1160824]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-12 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-9 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [2012-5-11 130008]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-9 138360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-13 18:52:37 -------- d-----w- C:\Users\brandon\AppData\Roaming\Malwarebytes
2012-05-13 18:52:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-13 18:52:11 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-13 18:52:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-12 05:56:31 778088 ---ha-w- C:\Windows\System32\HPDiscoPMa011.dll
2012-05-12 05:54:12 -------- d-----w- C:\Program Files\HP
2012-05-12 04:30:18 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-05-12 04:30:18 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-05-12 04:17:44 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-05-12 04:17:44 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-05-12 04:17:44 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-05-12 04:17:44 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-05-12 04:17:44 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-05-12 04:17:44 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-05-12 04:17:44 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-05-12 04:17:44 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-05-12 04:17:44 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-05-12 04:17:44 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-05-12 04:01:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2012-05-12 04:00:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-05-12 03:59:59 2326016 ----a-w- C:\Windows\System32\tquery.dll
2012-05-12 03:45:19 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-05-12 03:45:19 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-05-12 03:45:18 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-05-12 03:45:18 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-05-12 03:45:01 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-05-12 03:45:01 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-05-12 03:44:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-05-12 03:44:54 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-05-12 03:44:47 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-05-12 03:44:47 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-05-12 03:44:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-12 03:40:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-05-12 03:40:27 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-05-12 03:40:26 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-05-12 03:40:26 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-05-12 03:40:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-12 03:40:20 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-12 03:40:19 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-12 03:35:11 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2012-05-12 03:33:19 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-12 03:33:18 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-12 03:32:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-05-12 03:32:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-05-12 03:32:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-05-12 03:32:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-05-12 03:32:32 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-05-12 03:32:32 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-05-12 03:32:31 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-05-12 03:32:31 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-05-12 03:32:31 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-05-12 03:32:30 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-05-12 03:29:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2012-05-12 03:29:54 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-12 03:18:31 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-12 03:18:31 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-12 03:18:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-12 03:18:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-12 03:18:31 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-12 03:15:56 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2012-05-12 03:15:56 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-05-12 03:15:54 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2012-05-12 03:15:54 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-05-12 03:14:20 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-05-12 03:14:20 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-05-12 03:14:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-05-12 03:14:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-05-12 03:14:08 112000 ----a-w- C:\Windows\System32\consent.exe
2012-05-12 03:12:28 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-05-12 03:12:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-05-12 03:12:25 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-05-12 03:12:19 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:19 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-05-12 03:11:51 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-05-12 03:11:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-05-12 03:11:23 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-05-12 03:11:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-05-12 03:11:22 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-05-12 03:11:22 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-05-12 03:11:22 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-05-12 03:11:22 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-05-12 03:11:22 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-05-12 03:11:22 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-05-12 03:11:22 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-05-12 03:11:21 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-05-12 03:02:33 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 03:02:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-05-12 03:02:05 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-05-12 02:58:07 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-12 02:58:06 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-12 02:58:04 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-05-12 02:58:03 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-05-12 02:57:48 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-12 02:57:48 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-12 02:55:19 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-12 02:55:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-12 02:55:19 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-12 02:55:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-12 01:50:44 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-05-12 01:50:44 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-05-12 01:50:44 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-05-12 01:50:44 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-05-12 01:50:44 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-05-12 01:50:44 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-05-12 01:50:27 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
2012-05-10 00:57:30 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-05-10 00:35:43 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Symantec
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-05-10 00:34:52 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-05-10 00:34:50 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-05-10 00:34:42 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-05-10 00:29:52 -------- d-----w- C:\Users\brandon\AppData\Local\LogMeIn Rescue Applet
2012-05-07 04:38:34 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-07 00:51:11 -------- d-----w- C:\Users\brandon\AppData\Local\VS Revo Group
2012-05-07 00:51:07 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-05-07 00:51:06 -------- d-----w- C:\Program Files\VS Revo Group
2012-05-06 23:08:58 -------- d-----w- C:\ProgramData\GID
2012-05-06 19:38:32 -------- d-----w- C:\Windows\pss
2012-04-23 03:07:21 -------- d-----w- C:\ProgramData\Recovery
2012-04-23 02:08:52 -------- d-----w- C:\N360_BACKUP
2012-04-23 01:36:49 -------- d-----w- C:\Users\brandon\AppData\Local\NPE
2012-04-22 21:19:29 -------- d-----w- C:\Users\brandon\AppData\Local\ElevatedDiagnostics
2012-04-13 23:47:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-05-10 00:54:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-06 23:11:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:11:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-26 04:03:12 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2012-03-26 04:03:12 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-03-26 04:03:12 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-03-26 04:03:12 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2012-03-26 04:03:10 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2012-03-26 04:03:10 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-03-26 04:03:10 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-03-26 04:03:10 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2012-03-26 04:03:10 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2012-03-26 04:03:02 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2012-03-26 04:02:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-15 01:29:56 12942400 ----a-w- C:\Users\brandon\HRBlock_DeluxeSE_2011_Update_C.exe
2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 15:24:32.77 ===============


----------



## kevinf80 (Mar 21, 2006)

Continue as follows:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## cinderblock (May 9, 2012)

quick question -

(hope I didn't mess this up but) It's been over twenty minutes since I started the ComboFix scan - and having bumped the computer (NO CLICKS, but the mouse passed over the icon/window that is running ComboFix) AND I am getting occassional notices from Norton stating that 'High CPU usage by: pev.3xe' (even tho I disabled Norton anti-virus for five hours); 

I'm wondering if I need to stop and re-start? It has been on Stage 3 for at least 20 mins. If so, please tell me how to safely stop and re-start.

Sorry


----------



## kevinf80 (Mar 21, 2006)

If Combofix has frozen it could be malware or your security that is interfering. leave another 15 mins, if still frozen do this:

Open Task Manager and look for the following ComboFix related processes (some have a .3XE extension):

*PEV.exe
NirCmd.3XE
PEV.3XE
SED
GREP
any file that has the extension *.3XE*

One at a time, right-click and select End Process. If doing that did not free ComboFix, then you will need to reboot the computer manually.

Let me know what happens...


----------



## cinderblock (May 9, 2012)

I waited till it had run an hour and then clicked the red X to shut it down 

Then I made sure Norton was totally disabled and

Finally, I re-launched and it is on Stage 3 again.

Hey,,,,just moved on to Stage 4.....this could be good news.

I'll post asap


----------



## kevinf80 (Mar 21, 2006)

Do not use your PC as Combofix runs or you will cause it to freeze.....


----------



## cinderblock (May 9, 2012)

I've been sending replies from another computer. 

Does the infected computer need an internet connection?

I have noticed, in both cases, I do not get the "ComboFix has changed your time settings"

In all cases, it has made it to Stage 4 fairly quickly and then hangs up.


----------



## kevinf80 (Mar 21, 2006)

There is no requirement for an internet connection, obviously you will have to transfer tools/logs between the infected no internet PC and a PC with a connection.

Does the sick PC have no internet?


----------



## cinderblock (May 9, 2012)

The internet is working very well on infected computer, but after downloading ComboFix, and disabling Norton, I thought it best to turn it off.

Stage 4 must be doing some heavy lifting :0 -- still there 

May have to depart in about a half hour. Gotta let the kiddie's take me to dinner


----------



## kevinf80 (Mar 21, 2006)

Yep it late for me too, 23:30 local time. If CF is definitely frozen shut it down, then do the following:

Download aswMBR from *Here*
*If it asks to update during the process please allow this to happen.*


 Save aswMBR.exe to your Desktop
 Double click aswMBR.exe to run it
 Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below










Note: Do not take action against any ***Rootkit*** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop.










Copy and paste the contents of aswMBR.txt back here for review

You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Kevin


----------



## cinderblock (May 9, 2012)

Then you best be getting off to bed, Kevin!

I followed your suggestion regarding ComboFix. Sorry to have messed that process up....

I'm sorry to say I'm not smart enough to figure out how to attach the MBR log 

Asw Log follows:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-13 18:54:01
-----------------------------
18:54:01.920 OS Version: Windows x64 6.1.7600 
18:54:01.920 Number of processors: 1 586 0x603
18:54:01.920 ComputerName: BRANDON-HP UserName: brandon
18:54:02.762 Initialize success
18:54:20.220 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
18:54:20.220 Disk 0 Vendor: ST925031 0005 Size: 238475MB BusType: 11
18:54:20.235 Disk 0 MBR read successfully
18:54:20.251 Disk 0 MBR scan
18:54:20.251 Disk 0 unknown MBR code
18:54:20.267 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:54:20.282 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220533 MB offset 409600
18:54:20.313 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17638 MB offset 452061184
18:54:20.329 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
18:54:20.376 Disk 0 scanning C:\Windows\system32\drivers
18:54:31.561 Service scanning
18:54:55.694 Modules scanning
18:54:55.710 Disk 0 trace - called modules:
18:54:55.788 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys 
18:54:56.303 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002598060]
18:54:56.318 3 CLASSPNP.SYS[fffff88001b2d43f] -> nt!IofCallDriver -> [0xfffffa800254f8f0]
18:54:56.318 5 amdxata.sys[fffff880010f37a8] -> nt!IofCallDriver -> \Device\00000061[0xfffffa80023fa130]
18:54:56.334 Scan finished successfully
18:55:39.530 Disk 0 MBR has been saved successfully to "C:\Users\brandon\Desktop\MBR.dat"
18:55:39.530 The log file has been saved successfully to "C:\Users\brandon\Desktop\051312_aswMBR.txt"

*possibly* the MBR log will follow...not sure if I can get it to


----------



## kevinf80 (Mar 21, 2006)

That log and your MBR are clean, OK lets try a different scanner, this is purely diagnostic and will make no changes to your system....

Download







*OTL* from any of the following links and save to your Desktop:

*Link 1*
*Link 2*
*Link 3*

 Double click on the icon







to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Under the Custom Scan box paste this in:


```
activex
netsvcs
/md5start
afd.sys
i8042prt.sys
ipsec.sys
netbt.sys
svchost.exe
tcpip.sys
/md5stop
%windir%\$ntuninstallkb*. /30
%windir%\system32\drivers\*.sys /lockedfiles
%windir%\*.* /mp
%windir%\*.* /rp
%windir%\*.* /sl
```

 Click the







button. Do not change any settings unless otherwise told to do so. The scan wont take long.
 When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
 Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Its very late for me now, i`ll have to pick this thread up later, sleepy time me thinks...

Let me see the two logs, also give me an update on current issues/concerns....

Kevin


----------



## cinderblock (May 9, 2012)

Oh, how I wanted to have a couple of logs for you to view first thing in the morning, ha!....(and certainly hope you got a well deserved good-night's rest) but, alas - I'm a weenie....

When I clicked* Link 1*, and downloaded to desktop, Norton wasn't happy. I received a Warning Window - titled "Download Insight" that cited three different reason for me to not run the application. Here's the reasons:

1) *Very few users* - Fewer than 5 users in the Norton community have used this file
2) *Very new* - This file was released less than 1 week ago (not sure how accurate this opinion is, as the oldtimer site shows reviews for this version - 3.2.43.0 - dated Oct 2010)
3) *Unproven *- There is not enough information about this file to recommend it.

Sooooo, I tried *Link 2*. Norton liked it even less! Told me that a virus (Backdoor.Graybird?) was found?

As I have very little confidence in my computer skills, I am running to you Kevin for your thoughts before I go ahead and hit "Run as Administrator"

sorry to be dragging this out....

About issues/concerns:

One of the on-going concerns I have is the inability to set up a wireless connection with the HP Deskjet 3051k J611 series printer. Serial printing (with the USB cord attachment) IS allowed, but no matter the number of times I've tried it make it happen it continually hangs up.....even though when I print a "HP Network Configration page" everything looks good (Connected and Enabled) and all the other laptops CAN print wirelessly.

I don't know if this is still happening, but did (regularly) before any of these clean-up efforts were undertaken: Sometimes when a link was typed into the address bar, and ENTER pressed - the page that was typed into the address bar would launch and appear, but then another miscalleneous random page would launch on top of the desired page. Most often the second page was an advertisement of some sort.

I'm gonna stop....it's about as late here as when you last wrote, and I'm heading to bed.

I can't thank you enough Kevin!!!!!!!!!!


----------



## kevinf80 (Mar 21, 2006)

OK, OTL is a very trustworthy application, if Norton alerts to it just accept the alert and let it run. Before you do that run the following first.

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.

Doubleclick on







to run the application.

The "Ready to scan" window will open, Click on* "Change parameters"*










Place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.










Select "Start Scan"










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

When TDSSKiller finishes run OTL, so in your reply i`d like the following:


 Log from TDSSKiller
 OTL.txt
 Extras.txt

Kevin...


----------



## cinderblock (May 9, 2012)

Abundant thanks for your patient leading Kevin!

Kapersky didn't find Malicious or Suspicious objects/files - But detected a threat. I chose "Skip" and that log follows:

10:03:20.0708 4492 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:03:21.0785 4492 ============================================================
10:03:21.0785 4492 Current date / time: 2012/05/14 10:03:21.0785
10:03:21.0785 4492 SystemInfo:
10:03:21.0785 4492 
10:03:21.0785 4492 OS Version: 6.1.7600 ServicePack: 0.0
10:03:21.0785 4492 Product type: Workstation
10:03:21.0785 4492 ComputerName: BRANDON-HP
10:03:21.0785 4492 UserName: brandon
10:03:21.0785 4492 Windows directory: C:\Windows
10:03:21.0785 4492 System windows directory: C:\Windows
10:03:21.0785 4492 Running under WOW64
10:03:21.0785 4492 Processor architecture: Intel x64
10:03:21.0785 4492 Number of processors: 1
10:03:21.0785 4492 Page size: 0x1000
10:03:21.0785 4492 Boot type: Normal boot
10:03:21.0785 4492 ============================================================
10:03:23.0704 4492 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:03:23.0704 4492 ============================================================
10:03:23.0704 4492 \Device\Harddisk0\DR0:
10:03:23.0704 4492 MBR partitions:
10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AEBA800
10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1E800, BlocksNum 0x2273000
10:03:23.0704 4492 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
10:03:23.0704 4492 ============================================================
10:03:23.0750 4492 C: <-> \Device\Harddisk0\DR0\Partition1
10:03:23.0797 4492 D: <-> \Device\Harddisk0\DR0\Partition2
10:03:23.0797 4492 ============================================================
10:03:23.0797 4492 Initialize success
10:03:23.0797 4492 ============================================================
10:04:01.0939 4720 ============================================================
10:04:01.0939 4720 Scan started
10:04:01.0939 4720 Mode: Manual; SigCheck; TDLFS; 
10:04:01.0939 4720 ============================================================
10:04:03.0655 4720 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:04:03.0843 4720 1394ohci - ok
10:04:03.0921 4720 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:04:03.0952 4720 ACPI - ok
10:04:03.0999 4720 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:04:04.0279 4720 AcpiPmi - ok
10:04:04.0482 4720 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:04:04.0623 4720 AdobeFlashPlayerUpdateSvc - ok
10:04:04.0732 4720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:04:04.0794 4720 adp94xx - ok
10:04:04.0872 4720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:04:04.0903 4720 adpahci - ok
10:04:04.0950 4720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:04:04.0981 4720 adpu320 - ok
10:04:05.0013 4720 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:04:05.0371 4720 AeLookupSvc - ok
10:04:05.0481 4720 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:04:05.0496 4720 AERTFilters - ok
10:04:05.0621 4720 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
10:04:05.0746 4720 AFD - ok
10:04:05.0808 4720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:04:05.0839 4720 agp440 - ok
10:04:05.0917 4720 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:04:06.0011 4720 ALG - ok
10:04:06.0058 4720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:04:06.0089 4720 aliide - ok
10:04:06.0136 4720 AMD External Events Utility (4609419a19891c706455c1a747431af9) C:\Windows\system32\atiesrxx.exe
10:04:06.0245 4720 AMD External Events Utility - ok
10:04:06.0307 4720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:04:06.0354 4720 amdide - ok
10:04:06.0401 4720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:04:06.0463 4720 AmdK8 - ok
10:04:06.0978 4720 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys
10:04:07.0228 4720 amdkmdag - ok
10:04:07.0431 4720 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys
10:04:07.0509 4720 amdkmdap - ok
10:04:07.0571 4720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:04:07.0618 4720 AmdPPM - ok
10:04:07.0665 4720 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
10:04:07.0711 4720 amdsata - ok
10:04:07.0805 4720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:04:07.0852 4720 amdsbs - ok
10:04:07.0883 4720 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
10:04:07.0914 4720 amdxata - ok
10:04:07.0977 4720 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:04:08.0148 4720 AppID - ok
10:04:08.0179 4720 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:04:08.0273 4720 AppIDSvc - ok
10:04:08.0335 4720 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
10:04:08.0476 4720 Appinfo - ok
10:04:08.0569 4720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:04:08.0601 4720 arc - ok
10:04:08.0632 4720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:04:08.0663 4720 arcsas - ok
10:04:08.0725 4720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:04:08.0803 4720 AsyncMac - ok
10:04:08.0866 4720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:04:08.0897 4720 atapi - ok
10:04:09.0147 4720 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
10:04:09.0427 4720 athr - ok
10:04:09.0630 4720 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:04:09.0677 4720 AtiPcie - ok
10:04:09.0771 4720 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:04:09.0880 4720 AudioEndpointBuilder - ok
10:04:09.0895 4720 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:04:09.0942 4720 AudioSrv - ok
10:04:10.0005 4720 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
10:04:10.0176 4720 AxInstSV - ok
10:04:10.0254 4720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:04:10.0395 4720 b06bdrv - ok
10:04:10.0473 4720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:04:10.0535 4720 b57nd60a - ok
10:04:10.0629 4720 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:04:10.0847 4720 BDESVC - ok
10:04:10.0909 4720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:04:11.0003 4720 Beep - ok
10:04:11.0159 4720 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
10:04:11.0268 4720 BFE - ok
10:04:11.0767 4720 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
10:04:11.0923 4720 BHDrvx64 - ok
10:04:12.0126 4720 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
10:04:12.0235 4720 BITS - ok
10:04:12.0298 4720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:04:12.0376 4720 blbdrive - ok
10:04:12.0407 4720 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:04:12.0610 4720 bowser - ok
10:04:12.0641 4720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:04:12.0688 4720 BrFiltLo - ok
10:04:12.0703 4720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:04:12.0735 4720 BrFiltUp - ok
10:04:12.0797 4720 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:04:12.0859 4720 BridgeMP - ok
10:04:12.0922 4720 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
10:04:12.0984 4720 Browser - ok
10:04:13.0015 4720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:04:13.0093 4720 Brserid - ok
10:04:13.0109 4720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:04:13.0156 4720 BrSerWdm - ok
10:04:13.0187 4720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:04:13.0234 4720 BrUsbMdm - ok
10:04:13.0265 4720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:04:13.0327 4720 BrUsbSer - ok
10:04:13.0359 4720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:04:13.0405 4720 BTHMODEM - ok
10:04:13.0483 4720 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:04:13.0624 4720 bthserv - ok
10:04:13.0671 4720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:04:13.0780 4720 cdfs - ok
10:04:13.0842 4720 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:04:13.0889 4720 cdrom - ok
10:04:13.0951 4720 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:04:14.0029 4720 CertPropSvc - ok
10:04:14.0154 4720 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
10:04:14.0185 4720 CinemaNow Service - ok
10:04:14.0263 4720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:04:14.0310 4720 circlass - ok
10:04:14.0373 4720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:04:14.0419 4720 CLFS - ok
10:04:14.0513 4720 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:04:14.0560 4720 clr_optimization_v2.0.50727_32 - ok
10:04:14.0607 4720 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:04:14.0653 4720 clr_optimization_v2.0.50727_64 - ok
10:04:14.0731 4720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:04:14.0763 4720 CmBatt - ok
10:04:14.0794 4720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:04:14.0809 4720 cmdide - ok
10:04:14.0872 4720 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
10:04:14.0997 4720 CNG - ok
10:04:15.0059 4720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:04:15.0090 4720 Compbatt - ok
10:04:15.0137 4720 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:04:15.0184 4720 CompositeBus - ok
10:04:15.0215 4720 COMSysApp - ok
10:04:15.0246 4720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:04:15.0277 4720 crcdisk - ok
10:04:15.0324 4720 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
10:04:15.0387 4720 CryptSvc - ok
10:04:15.0465 4720 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
10:04:15.0558 4720 DcomLaunch - ok
10:04:15.0605 4720 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:04:15.0730 4720 defragsvc - ok
10:04:15.0792 4720 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:04:15.0855 4720 DfsC - ok
10:04:15.0948 4720 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
10:04:16.0104 4720 Dhcp - ok
10:04:16.0151 4720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:04:16.0229 4720 discache - ok
10:04:16.0276 4720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:04:16.0338 4720 Disk - ok
10:04:16.0416 4720 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
10:04:16.0510 4720 Dnscache - ok
10:04:16.0557 4720 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
10:04:16.0681 4720 dot3svc - ok
10:04:16.0728 4720 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
10:04:16.0791 4720 DPS - ok
10:04:16.0837 4720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:04:16.0869 4720 drmkaud - ok
10:04:16.0962 4720 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:04:17.0040 4720 DXGKrnl - ok
10:04:17.0071 4720 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:04:17.0165 4720 EapHost - ok
10:04:17.0415 4720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:04:17.0649 4720 ebdrv - ok
10:04:17.0836 4720 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:04:17.0914 4720 eeCtrl - ok
10:04:18.0054 4720 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
10:04:18.0132 4720 EFS - ok
10:04:18.0335 4720 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
10:04:18.0507 4720 ehRecvr - ok
10:04:18.0585 4720 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:04:18.0709 4720 ehSched - ok
10:04:18.0803 4720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:04:18.0850 4720 elxstor - ok
10:04:18.0975 4720 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:04:19.0053 4720 EraserUtilRebootDrv - ok
10:04:19.0099 4720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:04:19.0131 4720 ErrDev - ok
10:04:19.0209 4720 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:04:19.0302 4720 EventSystem - ok
10:04:19.0349 4720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:04:19.0427 4720 exfat - ok
10:04:19.0474 4720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:04:19.0536 4720 fastfat - ok
10:04:19.0645 4720 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
10:04:19.0817 4720 Fax - ok
10:04:19.0848 4720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:04:19.0879 4720 fdc - ok
10:04:19.0942 4720 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:04:19.0989 4720 fdPHost - ok
10:04:20.0020 4720 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:04:20.0067 4720 FDResPub - ok
10:04:20.0098 4720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:04:20.0113 4720 FileInfo - ok
10:04:20.0145 4720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:04:20.0207 4720 Filetrace - ok
10:04:20.0238 4720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:04:20.0269 4720 flpydisk - ok
10:04:20.0316 4720 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:04:20.0347 4720 FltMgr - ok
10:04:20.0488 4720 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
10:04:20.0613 4720 FontCache - ok
10:04:20.0706 4720 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:04:20.0722 4720 FontCache3.0.0.0 - ok
10:04:20.0784 4720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:04:20.0831 4720 FsDepends - ok
10:04:20.0878 4720 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
10:04:20.0909 4720 Fs_Rec - ok
10:04:20.0971 4720 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:04:21.0018 4720 fvevol - ok
10:04:21.0049 4720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:04:21.0065 4720 gagp30kx - ok
10:04:21.0205 4720 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:04:21.0283 4720 GamesAppService - ok
10:04:21.0346 4720 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:04:21.0393 4720 GEARAspiWDM - ok
10:04:21.0471 4720 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
10:04:21.0517 4720 GIDv2 - ok
10:04:21.0595 4720 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
10:04:21.0689 4720 gpsvc - ok
10:04:21.0736 4720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:04:21.0845 4720 hcw85cir - ok
10:04:21.0907 4720 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:04:22.0001 4720 HdAudAddService - ok
10:04:22.0048 4720 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:04:22.0095 4720 HDAudBus - ok
10:04:22.0126 4720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:04:22.0157 4720 HidBatt - ok
10:04:22.0204 4720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:04:22.0235 4720 HidBth - ok
10:04:22.0282 4720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:04:22.0313 4720 HidIr - ok
10:04:22.0360 4720 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:04:22.0438 4720 hidserv - ok
10:04:22.0516 4720 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:04:22.0578 4720 HidUsb - ok
10:04:22.0641 4720 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
10:04:22.0719 4720 hkmsvc - ok
10:04:22.0765 4720 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
10:04:22.0953 4720 HomeGroupListener - ok
10:04:22.0999 4720 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
10:04:23.0046 4720 HomeGroupProvider - ok
10:04:23.0171 4720 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:04:23.0202 4720 HP Support Assistant Service - ok
10:04:23.0327 4720 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
10:04:23.0374 4720 HP Wireless Assistant Service - ok
10:04:23.0421 4720 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:04:23.0421 4720 HPDrvMntSvc.exe - ok
10:04:23.0530 4720 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:04:23.0561 4720 hpqwmiex - ok
10:04:23.0655 4720 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:04:23.0686 4720 HpSAMD - ok
10:04:23.0764 4720 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:04:23.0795 4720 HPWMISVC - ok
10:04:23.0873 4720 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:04:23.0935 4720 HTTP - ok
10:04:23.0951 4720 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:04:23.0967 4720 hwpolicy - ok
10:04:24.0029 4720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:04:24.0045 4720 i8042prt - ok
10:04:24.0123 4720 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
10:04:24.0169 4720 iaStorV - ok
10:04:24.0341 4720 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:04:24.0403 4720 idsvc - ok
10:04:24.0715 4720 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSvia64.sys
10:04:24.0747 4720 IDSVia64 - ok
10:04:25.0308 4720 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:04:25.0573 4720 igfx - ok
10:04:25.0729 4720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:04:25.0761 4720 iirsp - ok
10:04:25.0854 4720 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
10:04:25.0948 4720 IKEEXT - ok
10:04:26.0478 4720 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
10:04:26.0603 4720 IntcAzAudAddService - ok
10:04:26.0743 4720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:04:26.0775 4720 intelide - ok
10:04:26.0837 4720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:04:26.0884 4720 intelppm - ok
10:04:26.0946 4720 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:04:27.0040 4720 IPBusEnum - ok
10:04:27.0087 4720 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:04:27.0165 4720 IpFilterDriver - ok
10:04:27.0289 4720 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
10:04:27.0383 4720 iphlpsvc - ok
10:04:27.0414 4720 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:04:27.0461 4720 IPMIDRV - ok
10:04:27.0508 4720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:04:27.0555 4720 IPNAT - ok
10:04:27.0617 4720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:04:27.0633 4720 IRENUM - ok
10:04:27.0664 4720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:04:27.0679 4720 isapnp - ok
10:04:27.0726 4720 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:04:27.0773 4720 iScsiPrt - ok
10:04:27.0820 4720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:04:27.0851 4720 kbdclass - ok
10:04:27.0898 4720 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:04:27.0929 4720 kbdhid - ok
10:04:27.0976 4720 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:27.0991 4720 KeyIso - ok
10:04:28.0023 4720 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
10:04:28.0038 4720 KSecDD - ok
10:04:28.0069 4720 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
10:04:28.0116 4720 KSecPkg - ok
10:04:28.0179 4720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:04:28.0257 4720 ksthunk - ok
10:04:28.0350 4720 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:04:28.0459 4720 KtmRm - ok
10:04:28.0584 4720 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
10:04:28.0693 4720 LanmanServer - ok
10:04:28.0725 4720 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
10:04:28.0787 4720 LanmanWorkstation - ok
10:04:28.0881 4720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:04:28.0959 4720 lltdio - ok
10:04:29.0021 4720 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:04:29.0115 4720 lltdsvc - ok
10:04:29.0161 4720 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:04:29.0193 4720 lmhosts - ok
10:04:29.0255 4720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:04:29.0286 4720 LSI_FC - ok
10:04:29.0317 4720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:04:29.0349 4720 LSI_SAS - ok
10:04:29.0380 4720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:04:29.0395 4720 LSI_SAS2 - ok
10:04:29.0427 4720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:04:29.0442 4720 LSI_SCSI - ok
10:04:29.0473 4720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:04:29.0536 4720 luafv - ok
10:04:29.0770 4720 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
10:04:29.0848 4720 LVRS64 - ok
10:04:29.0926 4720 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
10:04:30.0019 4720 Mcx2Svc - ok
10:04:30.0082 4720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:04:30.0144 4720 megasas - ok
10:04:30.0222 4720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:04:30.0253 4720 MegaSR - ok
10:04:30.0300 4720 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:04:30.0394 4720 MMCSS - ok
10:04:30.0472 4720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:04:30.0597 4720 Modem - ok
10:04:30.0643 4720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:04:30.0690 4720 monitor - ok
10:04:30.0753 4720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:04:30.0768 4720 mouclass - ok
10:04:30.0831 4720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:04:30.0846 4720 mouhid - ok
10:04:30.0877 4720 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:04:30.0909 4720 mountmgr - ok
10:04:30.0924 4720 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:04:30.0955 4720 mpio - ok
10:04:30.0971 4720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:04:31.0018 4720 mpsdrv - ok
10:04:31.0049 4720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:04:31.0096 4720 MRxDAV - ok
10:04:31.0143 4720 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:04:31.0221 4720 mrxsmb - ok
10:04:31.0470 4720 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:04:31.0533 4720 mrxsmb10 - ok
10:04:31.0579 4720 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:04:31.0611 4720 mrxsmb20 - ok
10:04:31.0642 4720 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
10:04:31.0689 4720 msahci - ok
10:04:31.0751 4720 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:04:31.0767 4720 msdsm - ok
10:04:31.0813 4720 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:04:31.0845 4720 MSDTC - ok
10:04:31.0907 4720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:04:31.0938 4720 Msfs - ok
10:04:31.0985 4720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:04:32.0047 4720 mshidkmdf - ok
10:04:32.0079 4720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:04:32.0094 4720 msisadrv - ok
10:04:32.0125 4720 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:04:32.0266 4720 MSiSCSI - ok
10:04:32.0281 4720 msiserver - ok
10:04:32.0344 4720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:04:32.0437 4720 MSKSSRV - ok
10:04:32.0469 4720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:04:32.0515 4720 MSPCLOCK - ok
10:04:32.0531 4720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:04:32.0593 4720 MSPQM - ok
10:04:32.0640 4720 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:04:32.0671 4720 MsRPC - ok
10:04:32.0703 4720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:04:32.0718 4720 mssmbios - ok
10:04:32.0749 4720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:04:32.0796 4720 MSTEE - ok
10:04:32.0827 4720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:04:32.0874 4720 MTConfig - ok
10:04:32.0905 4720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:04:32.0921 4720 Mup - ok
10:04:33.0217 4720 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
10:04:33.0233 4720 N360 - ok
10:04:33.0311 4720 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
10:04:33.0389 4720 napagent - ok
10:04:33.0483 4720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:04:33.0592 4720 NativeWifiP - ok
10:04:33.0841 4720 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120513.007\ENG64.SYS
10:04:33.0873 4720 NAVENG - ok
10:04:34.0044 4720 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120513.007\EX64.SYS
10:04:34.0091 4720 NAVEX15 - ok
10:04:34.0325 4720 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:04:34.0372 4720 NDIS - ok
10:04:34.0419 4720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:04:34.0481 4720 NdisCap - ok
10:04:34.0512 4720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:04:34.0575 4720 NdisTapi - ok
10:04:34.0621 4720 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:04:34.0731 4720 Ndisuio - ok
10:04:34.0762 4720 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:04:34.0824 4720 NdisWan - ok
10:04:34.0840 4720 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:04:34.0887 4720 NDProxy - ok
10:04:34.0933 4720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:04:34.0980 4720 NetBIOS - ok
10:04:35.0027 4720 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:04:35.0089 4720 NetBT - ok
10:04:35.0152 4720 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:35.0183 4720 Netlogon - ok
10:04:35.0245 4720 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:04:35.0323 4720 Netman - ok
10:04:35.0386 4720 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:04:35.0479 4720 netprofm - ok
10:04:35.0589 4720 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:04:35.0651 4720 NetTcpPortSharing - ok
10:04:36.0057 4720 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
10:04:36.0322 4720 netw5v64 - ok
10:04:36.0525 4720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:04:36.0556 4720 nfrd960 - ok
10:04:36.0618 4720 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
10:04:36.0696 4720 NlaSvc - ok
10:04:36.0727 4720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:04:36.0790 4720 Npfs - ok
10:04:36.0837 4720 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:04:36.0868 4720 nsi - ok
10:04:36.0899 4720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:04:36.0930 4720 nsiproxy - ok
10:04:37.0086 4720 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
10:04:37.0180 4720 Ntfs - ok
10:04:37.0273 4720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:04:37.0336 4720 Null - ok
10:04:37.0383 4720 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
10:04:37.0429 4720 nvraid - ok
10:04:37.0476 4720 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
10:04:37.0492 4720 nvstor - ok
10:04:37.0539 4720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:04:37.0554 4720 nv_agp - ok
10:04:37.0585 4720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:04:37.0617 4720 ohci1394 - ok
10:04:37.0663 4720 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:04:37.0804 4720 p2pimsvc - ok
10:04:37.0866 4720 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:04:37.0897 4720 p2psvc - ok
10:04:37.0944 4720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:04:37.0960 4720 Parport - ok
10:04:38.0007 4720 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
10:04:38.0053 4720 partmgr - ok
10:04:38.0116 4720 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:04:38.0163 4720 PcaSvc - ok
10:04:38.0225 4720 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:04:38.0241 4720 pci - ok
10:04:38.0272 4720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:04:38.0287 4720 pciide - ok
10:04:38.0334 4720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:04:38.0365 4720 pcmcia - ok
10:04:38.0397 4720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:04:38.0412 4720 pcw - ok
10:04:38.0475 4720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:04:38.0553 4720 PEAUTH - ok
10:04:38.0662 4720 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:04:38.0693 4720 PerfHost - ok
10:04:38.0880 4720 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
10:04:39.0021 4720 pla - ok
10:04:39.0114 4720 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
10:04:39.0223 4720 PlugPlay - ok
10:04:39.0255 4720 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:04:39.0301 4720 PNRPAutoReg - ok
10:04:39.0348 4720 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:04:39.0364 4720 PNRPsvc - ok
10:04:39.0426 4720 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
10:04:39.0520 4720 PolicyAgent - ok
10:04:39.0582 4720 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:04:39.0629 4720 Power - ok
10:04:39.0754 4720 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:04:39.0863 4720 PptpMiniport - ok
10:04:39.0894 4720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:04:39.0972 4720 Processor - ok
10:04:40.0019 4720 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
10:04:40.0066 4720 ProfSvc - ok
10:04:40.0128 4720 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:40.0144 4720 ProtectedStorage - ok
10:04:40.0191 4720 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:04:40.0237 4720 Psched - ok
10:04:40.0362 4720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:04:40.0425 4720 ql2300 - ok
10:04:40.0549 4720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:04:40.0565 4720 ql40xx - ok
10:04:40.0612 4720 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:04:40.0659 4720 QWAVE - ok
10:04:40.0674 4720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:04:40.0721 4720 QWAVEdrv - ok
10:04:40.0752 4720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:04:40.0815 4720 RasAcd - ok
10:04:40.0861 4720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:04:40.0924 4720 RasAgileVpn - ok
10:04:40.0971 4720 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:04:41.0080 4720 RasAuto - ok
10:04:41.0142 4720 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:04:41.0205 4720 Rasl2tp - ok
10:04:41.0298 4720 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
10:04:41.0361 4720 RasMan - ok
10:04:41.0407 4720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:04:41.0470 4720 RasPppoe - ok
10:04:41.0517 4720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:04:41.0579 4720 RasSstp - ok
10:04:41.0641 4720 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:04:41.0719 4720 rdbss - ok
10:04:41.0782 4720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:04:41.0829 4720 rdpbus - ok
10:04:41.0860 4720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:04:41.0938 4720 RDPCDD - ok
10:04:41.0985 4720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:04:42.0031 4720 RDPENCDD - ok
10:04:42.0063 4720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:04:42.0109 4720 RDPREFMP - ok
10:04:42.0172 4720 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
10:04:42.0328 4720 RDPWD - ok
10:04:42.0390 4720 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:04:42.0406 4720 rdyboost - ok
10:04:42.0484 4720 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:04:42.0577 4720 RemoteAccess - ok
10:04:42.0640 4720 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:04:42.0749 4720 RemoteRegistry - ok
10:04:42.0843 4720 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
10:04:42.0952 4720 Revoflt - ok
10:04:42.0983 4720 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:04:43.0045 4720 RpcEptMapper - ok
10:04:43.0092 4720 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:04:43.0139 4720 RpcLocator - ok
10:04:43.0217 4720 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
10:04:43.0248 4720 RpcSs - ok
10:04:43.0311 4720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:04:43.0373 4720 rspndr - ok
10:04:43.0467 4720 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:04:43.0498 4720 RTL8167 - ok
10:04:43.0623 4720 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
10:04:43.0669 4720 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
10:04:43.0669 4720 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
10:04:43.0716 4720 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:43.0732 4720 SamSs - ok
10:04:43.0779 4720 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:04:43.0794 4720 sbp2port - ok
10:04:43.0857 4720 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:04:44.0059 4720 SCardSvr - ok
10:04:44.0106 4720 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:04:44.0169 4720 scfilter - ok
10:04:44.0262 4720 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
10:04:44.0371 4720 Schedule - ok
10:04:44.0434 4720 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:04:44.0465 4720 SCPolicySvc - ok
10:04:44.0512 4720 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
10:04:44.0543 4720 sdbus - ok
10:04:44.0605 4720 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
10:04:44.0746 4720 SDRSVC - ok
10:04:44.0855 4720 SeaPort (3e0cff5f0a9d23e327703d72cea5253f) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:04:44.0902 4720 SeaPort - ok
10:04:44.0949 4720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:04:45.0011 4720 secdrv - ok
10:04:45.0058 4720 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
10:04:45.0105 4720 seclogon - ok
10:04:45.0151 4720 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:04:45.0214 4720 SENS - ok
10:04:45.0229 4720 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:04:45.0339 4720 SensrSvc - ok
10:04:45.0370 4720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:04:45.0385 4720 Serenum - ok
10:04:45.0432 4720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:04:45.0463 4720 Serial - ok
10:04:45.0495 4720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:04:45.0541 4720 sermouse - ok
10:04:45.0604 4720 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
10:04:45.0729 4720 SessionEnv - ok
10:04:45.0775 4720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:04:45.0885 4720 sffdisk - ok
10:04:45.0931 4720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:04:45.0963 4720 sffp_mmc - ok
10:04:45.0994 4720 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:04:46.0025 4720 sffp_sd - ok
10:04:46.0072 4720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:04:46.0103 4720 sfloppy - ok
10:04:46.0181 4720 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:04:46.0290 4720 SharedAccess - ok
10:04:46.0353 4720 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
10:04:46.0415 4720 ShellHWDetection - ok
10:04:46.0477 4720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:04:46.0509 4720 SiSRaid2 - ok
10:04:46.0540 4720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:04:46.0571 4720 SiSRaid4 - ok
10:04:46.0602 4720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:04:46.0665 4720 Smb - ok
10:04:46.0711 4720 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:04:46.0743 4720 SNMPTRAP - ok
10:04:46.0774 4720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:04:46.0789 4720 spldr - ok
10:04:46.0867 4720 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
10:04:46.0961 4720 Spooler - ok
10:04:47.0211 4720 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
10:04:47.0382 4720 sppsvc - ok
10:04:47.0507 4720 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:04:47.0569 4720 sppuinotify - ok
10:04:47.0741 4720 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
10:04:47.0788 4720 SRTSP - ok
10:04:47.0819 4720 SRTSPX  (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
10:04:47.0819 4720 SRTSPX - ok
10:04:47.0897 4720 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:04:48.0006 4720 srv - ok
10:04:48.0053 4720 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:04:48.0115 4720 srv2 - ok
10:04:48.0193 4720 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:04:48.0256 4720 SrvHsfHDA - ok
10:04:48.0365 4720 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:04:48.0427 4720 SrvHsfV92 - ok
10:04:48.0583 4720 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:04:48.0615 4720 SrvHsfWinac - ok
10:04:48.0693 4720 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:04:48.0755 4720 srvnet - ok
10:04:48.0833 4720 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:04:48.0911 4720 SSDPSRV - ok
10:04:48.0942 4720 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:04:48.0989 4720 SstpSvc - ok
10:04:49.0020 4720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:04:49.0036 4720 stexstor - ok
10:04:49.0098 4720 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:04:49.0129 4720 StillCam - ok
10:04:49.0223 4720 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
10:04:49.0285 4720 stisvc - ok
10:04:49.0332 4720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:04:49.0363 4720 swenum - ok
10:04:49.0426 4720 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:04:49.0519 4720 swprv - ok
10:04:49.0629 4720 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
10:04:49.0675 4720 SymDS - ok
10:04:49.0753 4720 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
10:04:49.0800 4720 SymEFA - ok
10:04:49.0847 4720 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:04:49.0863 4720 SymEvent - ok
10:04:49.0909 4720 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
10:04:49.0941 4720 SymIRON - ok
10:04:49.0987 4720 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
10:04:50.0034 4720 SymNetS - ok
10:04:50.0175 4720 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
10:04:50.0237 4720 SynTP - ok
10:04:50.0471 4720 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
10:04:50.0549 4720 SysMain - ok
10:04:50.0627 4720 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
10:04:50.0674 4720 TabletInputService - ok
10:04:50.0736 4720 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
10:04:50.0783 4720 TapiSrv - ok
10:04:50.0814 4720 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:04:50.0845 4720 TBS - ok
10:04:51.0064 4720 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
10:04:51.0189 4720 Tcpip - ok
10:04:51.0469 4720 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
10:04:51.0516 4720 TCPIP6 - ok
10:04:51.0641 4720 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:04:51.0719 4720 tcpipreg - ok
10:04:51.0750 4720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:04:51.0828 4720 TDPIPE - ok
10:04:51.0891 4720 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
10:04:51.0953 4720 TDTCP - ok
10:04:52.0000 4720 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:04:52.0078 4720 tdx - ok
10:04:52.0125 4720 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:04:52.0140 4720 TermDD - ok
10:04:52.0218 4720 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
10:04:52.0312 4720 TermService - ok
10:04:52.0327 4720 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:04:52.0359 4720 Themes - ok
10:04:52.0405 4720 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:04:52.0437 4720 THREADORDER - ok
10:04:52.0468 4720 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:04:52.0530 4720 TrkWks - ok
10:04:52.0593 4720 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
10:04:52.0671 4720 TrustedInstaller - ok
10:04:52.0702 4720 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:04:52.0749 4720 tssecsrv - ok
10:04:52.0811 4720 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:04:52.0920 4720 tunnel - ok
10:04:52.0983 4720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:04:53.0029 4720 uagp35 - ok
10:04:53.0092 4720 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
10:04:53.0201 4720 udfs - ok
10:04:53.0263 4720 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:04:53.0295 4720 UI0Detect - ok
10:04:53.0326 4720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:04:53.0341 4720 uliagpkx - ok
10:04:53.0404 4720 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:04:53.0451 4720 umbus - ok
10:04:53.0513 4720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:04:53.0560 4720 UmPass - ok
10:04:53.0622 4720 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:04:53.0669 4720 upnphost - ok
10:04:53.0747 4720 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
10:04:53.0841 4720 usbaudio - ok
10:04:53.0872 4720 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\drivers\usbccgp.sys
10:04:53.0965 4720 usbccgp - ok
10:04:54.0012 4720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:04:54.0059 4720 usbcir - ok
10:04:54.0090 4720 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
10:04:54.0121 4720 usbehci - ok
10:04:54.0184 4720 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
10:04:54.0215 4720 usbfilter - ok
10:04:54.0309 4720 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
10:04:54.0355 4720 usbhub - ok
10:04:54.0387 4720 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
10:04:54.0418 4720 usbohci - ok
10:04:54.0496 4720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:04:54.0574 4720 usbprint - ok
10:04:54.0605 4720 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:04:54.0636 4720 usbscan - ok
10:04:54.0683 4720 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
10:04:54.0792 4720 USBSTOR - ok
10:04:54.0823 4720 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
10:04:54.0886 4720 usbuhci - ok
10:04:54.0964 4720 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
10:04:55.0026 4720 usbvideo - ok
10:04:55.0057 4720 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:04:55.0104 4720 UxSms - ok
10:04:55.0167 4720 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:04:55.0167 4720 VaultSvc - ok
10:04:55.0229 4720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:04:55.0245 4720 vdrvroot - ok
10:04:55.0307 4720 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
10:04:55.0369 4720 vds - ok
10:04:55.0432 4720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:04:55.0463 4720 vga - ok
10:04:55.0494 4720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:04:55.0557 4720 VgaSave - ok
10:04:55.0619 4720 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:04:55.0650 4720 vhdmp - ok
10:04:55.0697 4720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:04:55.0713 4720 viaide - ok
10:04:55.0728 4720 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:04:55.0744 4720 volmgr - ok
10:04:55.0806 4720 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:04:55.0837 4720 volmgrx - ok
10:04:55.0869 4720 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:04:55.0931 4720 volsnap - ok
10:04:55.0978 4720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:04:55.0993 4720 vsmraid - ok
10:04:56.0134 4720 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
10:04:56.0290 4720 VSS - ok
10:04:56.0430 4720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:04:56.0461 4720 vwifibus - ok
10:04:56.0493 4720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:04:56.0524 4720 vwififlt - ok
10:04:56.0571 4720 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:04:56.0586 4720 vwifimp - ok
10:04:56.0649 4720 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:04:56.0742 4720 W32Time - ok
10:04:56.0789 4720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:04:56.0820 4720 WacomPen - ok
10:04:56.0883 4720 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:04:56.0945 4720 WANARP - ok
10:04:56.0961 4720 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:04:56.0992 4720 Wanarpv6 - ok
10:04:57.0117 4720 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
10:04:57.0288 4720 wbengine - ok
10:04:57.0397 4720 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:04:57.0429 4720 WbioSrvc - ok
10:04:57.0491 4720 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
10:04:57.0616 4720 wcncsvc - ok
10:04:57.0631 4720 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:04:57.0678 4720 WcsPlugInService - ok
10:04:57.0756 4720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:04:57.0803 4720 Wd - ok
10:04:57.0850 4720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:04:57.0912 4720 Wdf01000 - ok
10:04:57.0943 4720 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:04:57.0990 4720 WdiServiceHost - ok
10:04:58.0006 4720 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:04:58.0021 4720 WdiSystemHost - ok
10:04:58.0068 4720 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
10:04:58.0162 4720 WebClient - ok
10:04:58.0209 4720 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:04:58.0271 4720 Wecsvc - ok
10:04:58.0318 4720 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:04:58.0380 4720 wercplsupport - ok
10:04:58.0427 4720 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:04:58.0474 4720 WerSvc - ok
10:04:58.0536 4720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:04:58.0583 4720 WfpLwf - ok
10:04:58.0614 4720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:04:58.0630 4720 WIMMount - ok
10:04:58.0692 4720 WinDefend - ok
10:04:58.0723 4720 WinHttpAutoProxySvc - ok
10:04:58.0786 4720 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:04:58.0864 4720 Winmgmt - ok
10:04:59.0035 4720 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
10:04:59.0207 4720 WinRM - ok
10:04:59.0425 4720 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
10:04:59.0457 4720 WinUsb - ok
10:04:59.0550 4720 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:04:59.0613 4720 Wlansvc - ok
10:04:59.0893 4720 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:04:59.0987 4720 wlidsvc - ok
10:05:00.0159 4720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:05:00.0190 4720 WmiAcpi - ok
10:05:00.0268 4720 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:05:00.0315 4720 wmiApSrv - ok
10:05:00.0393 4720 WMPNetworkSvc - ok
10:05:00.0439 4720 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:05:00.0502 4720 WPCSvc - ok
10:05:00.0533 4720 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
10:05:00.0642 4720 WPDBusEnum - ok
10:05:00.0673 4720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:05:00.0736 4720 ws2ifsl - ok
10:05:00.0814 4720 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
10:05:00.0923 4720 wscsvc - ok
10:05:00.0923 4720 WSearch - ok
10:05:01.0126 4720 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
10:05:01.0219 4720 wuauserv - ok
10:05:01.0360 4720 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:05:01.0422 4720 WudfPf - ok
10:05:01.0469 4720 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
10:05:01.0531 4720 wudfsvc - ok
10:05:01.0578 4720 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:05:01.0641 4720 WwanSvc - ok
10:05:01.0719 4720 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
10:05:01.0765 4720 yukonw7 - ok
10:05:01.0812 4720 MBR (0x1B8) (4287d1c7c777c7cdd9ab892338678e65) \Device\Harddisk0\DR0
10:05:01.0937 4720 \Device\Harddisk0\DR0 - ok
10:05:01.0984 4720 Boot (0x1200) (f8f93b2a992e9caf3fc590dcac339c5f) \Device\Harddisk0\DR0\Partition0
10:05:01.0999 4720 \Device\Harddisk0\DR0\Partition0 - ok
10:05:02.0015 4720 Boot (0x1200) (07ef4458efa0038db2a13c78e83a9055) \Device\Harddisk0\DR0\Partition1
10:05:02.0015 4720 \Device\Harddisk0\DR0\Partition1 - ok
10:05:02.0062 4720 Boot (0x1200) (c79f6b48554c10b995799d277225ffc6) \Device\Harddisk0\DR0\Partition2
10:05:02.0062 4720 \Device\Harddisk0\DR0\Partition2 - ok
10:05:02.0093 4720 Boot (0x1200) (fa5c85adaadbde681789ae090c4fbbd6) \Device\Harddisk0\DR0\Partition3
10:05:02.0093 4720 \Device\Harddisk0\DR0\Partition3 - ok
10:05:02.0093 4720 ============================================================
10:05:02.0093 4720 Scan finished
10:05:02.0093 4720 ============================================================
10:05:02.0155 4712 Detected object count: 1
10:05:02.0155 4712 Actual detected object count: 1
10:10:56.0208 4712 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
10:10:56.0208 4712 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:18:42.0882 4480 Deinitialize success

About the OTL logs:

I did as requested, and selected "Run anyway" when Norton prompted me to run....but, SONAR swooped in and removed the program 

I'm sorry - I'll try to reinstall and post, but thought I'd send what I had for now.


----------



## cinderblock (May 9, 2012)

Got ComboFix to run  In other words, I finally figured out how to fully disable Norton 

Log follows:

ComboFix 12-05-13.03 - brandon 05/14/2012 10:50:29.4.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.743 [GMT -4:00]
Running from: c:\users\brandon\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\brandon\AppData\Roaming\result.db
c:\users\brandon\HRBlock_DeluxeSE_2011_Update_C.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 15:03 . 2012-05-14 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\users\brandon\AppData\Roaming\Malwarebytes
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\programdata\Malwarebytes
2012-05-13 18:52 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-12 05:56 . 2011-06-08 22:35 778088 ---ha-w- c:\windows\system32\HPDiscoPMa011.dll
2012-05-12 05:54 . 2012-05-12 05:54 -------- d-----w- c:\program files\HP
2012-05-12 04:30 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-05-12 04:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-05-12 04:17 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-05-12 04:17 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-05-12 04:17 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-12 04:17 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-05-12 04:17 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-05-12 04:17 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-05-12 04:17 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-12 04:17 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-05-12 04:17 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-12 04:17 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-05-12 04:01 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-05-12 04:00 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-12 03:59 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll
2012-05-12 03:45 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-05-12 03:45 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-12 03:45 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-05-12 03:45 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-05-12 03:45 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-12 03:45 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-12 03:44 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-12 03:44 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-12 03:44 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-05-12 03:44 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-05-12 03:44 . 2012-05-12 03:44 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-12 03:40 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-12 03:40 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-05-12 03:40 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-05-12 03:40 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-05-12 03:40 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-12 03:40 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-12 03:40 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-12 03:35 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-05-12 03:33 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-12 03:33 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-12 03:32 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-12 03:32 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-12 03:32 . 2011-08-17 04:26 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-05-12 03:32 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-05-12 03:32 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-05-12 03:32 . 2011-08-17 05:27 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-05-12 03:32 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-05-12 03:32 . 2011-08-17 04:22 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-05-12 03:32 . 2011-08-17 04:22 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2012-05-12 03:32 . 2011-08-17 04:22 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-05-12 03:29 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2012-05-12 03:29 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-12 03:29 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-12 03:29 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-12 03:18 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-12 03:18 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-12 03:18 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-12 03:18 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-12 03:18 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-12 03:18 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-12 03:18 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-12 03:15 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2012-05-12 03:15 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-05-12 03:15 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2012-05-12 03:15 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-05-12 03:14 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-12 03:14 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-05-12 03:14 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-05-12 03:14 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-05-12 03:14 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-05-12 03:12 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-05-12 03:12 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-12 03:12 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-12 03:12 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-12 03:12 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-05-12 03:11 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-12 03:11 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-12 03:11 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-05-12 03:11 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-05-12 03:11 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-05-12 03:11 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-05-12 03:11 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-05-12 03:11 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-05-12 03:11 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-05-12 03:11 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-05-12 03:11 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-05-12 03:11 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-05-12 03:02 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 03:02 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-05-12 03:02 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-05-12 02:58 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-05-12 02:58 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-12 02:58 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-05-12 02:58 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-05-12 02:57 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-12 02:57 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-12 02:55 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-12 02:55 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-12 02:55 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-12 02:55 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-10 00:57 . 2012-05-10 00:57 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-10 00:35 . 2012-05-10 00:41 -------- d-----w- c:\program files\Symantec
2012-05-10 00:35 . 2012-05-10 00:41 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-10 00:35 . 2012-05-10 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-05-10 00:34 . 2012-05-12 02:37 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-05-10 00:29 . 2012-05-10 00:59 -------- d-----w- c:\users\brandon\AppData\Local\LogMeIn Rescue Applet
2012-05-07 04:38 . 2012-05-07 04:38 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-05-07 00:51 . 2012-05-07 00:51 -------- d-----w- c:\users\brandon\AppData\Local\VS Revo Group
2012-05-07 00:51 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-07 00:51 . 2012-05-07 00:51 -------- d-----w- c:\program files\VS Revo Group
2012-05-06 23:08 . 2012-05-06 23:08 -------- d-----w- c:\programdata\GID
2012-04-23 03:07 . 2012-05-09 00:00 -------- d-----w- c:\programdata\Recovery
2012-04-23 02:08 . 2012-04-23 02:08 -------- d-----w- C:\N360_BACKUP
2012-04-23 01:36 . 2012-05-12 00:46 -------- d-----w- c:\users\brandon\AppData\Local\NPE
2012-04-22 21:19 . 2012-04-22 21:19 -------- d-----w- c:\users\brandon\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 23:11 . 2012-03-31 14:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:11 . 2012-03-31 14:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 23:11 . 2012-04-13 23:47 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-26 04:03 . 2012-03-26 04:04 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-03-26 04:03 . 2012-03-26 04:04 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-03-26 04:03 . 2012-03-26 04:04 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-03-26 04:03 . 2012-03-26 04:04 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-03-26 04:03 . 2012-03-26 04:04 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2012-03-26 04:03 . 2012-03-26 04:04 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2012-03-26 04:03 . 2012-03-26 04:04 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-03-26 04:03 . 2012-03-26 04:04 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-03-26 04:03 . 2012-03-26 04:04 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2012-03-26 04:03 . 2012-03-26 04:04 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-03-26 04:02 . 2011-04-09 08:45 1251944 ----a-w- c:\windows\RtlExUpd.dll
2012-02-23 14:18 . 2011-08-19 04:05 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 21:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
c:\users\brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-05-07 1160824]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSvia64.sys [2012-05-09 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-10 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:11]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForbrandon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
steamdvr
proxyhostmirrordisplay
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-05-14 11:21:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-14 15:21

.
Pre-Run: 158,958,227,456 bytes free
Post-Run: 158,376,873,984 bytes free
.
- - End Of File - - 4BCCC1164AF3EB405B81BB6C8BF3E16B


----------



## kevinf80 (Mar 21, 2006)

OK do the following, (No sign of za rootkit)

*Step 1*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
ClearJavaCache::
File::
Folder:
c:\program files (x86)\Ask.com
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*Step 2*

Norton must be off for this one to....

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Let me see those two logs, also give an update on current issues/concerns....

Kevin


----------



## cinderblock (May 9, 2012)

Hey Kevin,

Here's Log #1:

ComboFix 12-05-13.03 - brandon 05/14/2012 22:54:18.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.1014 [GMT -4:00]
Running from: c:\users\brandon\Desktop\ComboFix.exe
Command switches used :: c:\users\brandon\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 03:06 . 2012-05-15 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 17:36 . 2012-05-14 17:36 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-14 17:36 . 2012-05-14 17:36 -------- d-----w- c:\windows\system32\Wat
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\users\brandon\AppData\Roaming\Malwarebytes
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\programdata\Malwarebytes
2012-05-13 18:52 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 18:52 . 2012-05-13 18:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-12 05:56 . 2011-06-08 22:35 778088 ---ha-w- c:\windows\system32\HPDiscoPMa011.dll
2012-05-12 05:54 . 2012-05-12 05:54 -------- d-----w- c:\program files\HP
2012-05-12 04:30 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-05-12 04:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-05-12 04:17 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-05-12 04:17 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-05-12 04:17 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-12 04:17 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-05-12 04:17 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-05-12 04:17 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-05-12 04:17 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-12 04:17 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-05-12 04:17 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-12 04:17 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-05-12 04:01 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-05-12 04:00 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-05-12 03:59 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll
2012-05-12 03:45 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-05-12 03:45 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-12 03:45 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-05-12 03:45 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-05-12 03:45 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-12 03:45 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-12 03:44 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-05-12 03:44 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-05-12 03:44 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-05-12 03:44 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-05-12 03:44 . 2012-05-12 03:44 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-05-12 03:40 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-12 03:40 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-05-12 03:40 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-05-12 03:40 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-05-12 03:40 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-12 03:40 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-12 03:40 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-12 03:35 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-05-12 03:33 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-12 03:33 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-12 03:32 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-12 03:32 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-12 03:32 . 2011-08-17 04:26 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-05-12 03:32 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-05-12 03:32 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-05-12 03:32 . 2011-08-17 05:27 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-05-12 03:32 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-05-12 03:32 . 2011-08-17 04:22 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-05-12 03:32 . 2011-08-17 04:22 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2012-05-12 03:32 . 2011-08-17 04:22 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-05-12 03:29 . 2010-08-21 06:29 558592 ----a-w- c:\windows\system32\spoolsv.exe
2012-05-12 03:29 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-12 03:29 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-12 03:29 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-05-12 03:18 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-12 03:18 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-12 03:18 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-12 03:18 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-12 03:18 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-12 03:18 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-12 03:18 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-12 03:16 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-05-12 03:16 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2012-05-12 03:16 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-05-12 03:16 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2012-05-12 03:16 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2012-05-12 03:16 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 03:16 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-05-12 03:16 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-05-12 03:16 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-05-12 03:16 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-05-12 03:16 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-05-12 03:15 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2012-05-12 03:15 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-05-12 03:15 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2012-05-12 03:15 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-05-12 03:14 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-12 03:14 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-05-12 03:14 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-05-12 03:14 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-05-12 03:14 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-05-12 03:12 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-05-12 03:12 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-12 03:12 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-05-12 03:12 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-12 03:12 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-05-12 03:11 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-05-12 03:11 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-05-12 03:11 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-05-12 03:11 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-05-12 03:11 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-05-12 03:11 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-05-12 03:11 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-05-12 03:11 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-05-12 03:11 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-05-12 03:11 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-05-12 03:11 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-05-12 03:11 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-05-12 03:02 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 03:02 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-05-12 03:02 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-05-12 02:58 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-05-12 02:58 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-12 02:58 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-05-12 02:58 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-05-12 02:57 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-12 02:57 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-12 02:55 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-12 02:55 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-12 02:55 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-12 02:55 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-10 00:57 . 2012-05-10 00:57 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-10 00:35 . 2012-05-10 00:41 -------- d-----w- c:\program files\Symantec
2012-05-10 00:35 . 2012-05-10 00:41 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-10 00:35 . 2012-05-10 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-05-10 00:34 . 2012-05-12 02:37 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-05-10 00:34 . 2012-05-10 00:34 -------- d-----w- c:\program files (x86)\NortonInstaller
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 23:11 . 2012-03-31 14:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:11 . 2012-03-31 14:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 23:11 . 2012-04-13 23:47 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-26 04:03 . 2012-03-26 04:04 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-03-26 04:03 . 2012-03-26 04:04 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-03-26 04:03 . 2012-03-26 04:04 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-03-26 04:03 . 2012-03-26 04:04 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-03-26 04:03 . 2012-03-26 04:04 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2012-03-26 04:03 . 2012-03-26 04:04 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2012-03-26 04:03 . 2012-03-26 04:04 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-03-26 04:03 . 2012-03-26 04:04 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-03-26 04:03 . 2012-03-26 04:04 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2012-03-26 04:03 . 2012-03-26 04:04 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-03-26 04:02 . 2011-04-09 08:45 1251944 ----a-w- c:\windows\RtlExUpd.dll
2012-02-23 14:18 . 2011-08-19 04:05 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( [email protected]_15.07.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-15 02:16 . 2012-05-15 02:16 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 66048 c:\windows\SysWOW64\icardie.dll
+ 2010-07-11 01:39 . 2012-05-15 03:11 60148 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-15 03:12 51534 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-18 06:12 . 2012-05-15 03:12 20644 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-554974647-341856259-1591196108-1000_UserData.bin
+ 2012-05-15 02:16 . 2012-05-15 02:16 91648 c:\windows\system64\SetIEInstalledDate.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system64\RegisterIEPKEYs.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 65024 c:\windows\system64\pngfilt.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 48640 c:\windows\system64\mshtmler.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 96256 c:\windows\system64\mshtmled.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 12288 c:\windows\system64\mshta.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 10752 c:\windows\system64\msfeedssync.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 55296 c:\windows\system64\msfeedsbs.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 86528 c:\windows\system64\migration\WininetPlugin.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 30720 c:\windows\system64\licmgr10.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system64\jsproxy.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 49664 c:\windows\system64\imgutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system64\iesetup.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 39936 c:\windows\system64\iernonce.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system64\ie4uinit.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 82432 c:\windows\system64\icardie.dll
- 2011-06-18 10:08 . 2012-05-13 18:08 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-18 10:08 . 2012-05-15 02:24 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-18 10:08 . 2012-05-15 02:24 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-18 10:08 . 2012-05-13 18:08 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-13 18:08 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 02:24 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-11 01:39 . 2012-05-15 02:23 59992 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-15 02:23 51510 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-18 06:12 . 2012-05-15 02:04 20470 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-554974647-341856259-1591196108-1000_UserData.bin
+ 2012-05-15 02:16 . 2012-05-15 02:16 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 65024 c:\windows\system32\pngfilt.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 48640 c:\windows\system32\mshtmler.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 96256 c:\windows\system32\mshtmled.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 12288 c:\windows\system32\mshta.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 10752 c:\windows\system32\msfeedssync.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 30720 c:\windows\system32\licmgr10.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system32\jsproxy.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 49664 c:\windows\system32\imgutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 85504 c:\windows\system32\iesetup.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 39936 c:\windows\system32\iernonce.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 89088 c:\windows\system32\ie4uinit.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 82432 c:\windows\system32\icardie.dll
+ 2011-06-18 10:08 . 2012-05-15 02:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-18 10:08 . 2012-05-13 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-18 10:08 . 2012-05-13 18:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-18 10:08 . 2012-05-15 02:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 02:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-13 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-18 17:24 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-18 17:24 . 2012-05-14 13:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-05-15 02:23 78344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-06-18 17:24 . 2012-05-14 13:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-18 17:24 . 2012-05-15 02:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-18 17:24 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-18 17:24 . 2012-05-14 13:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-18 06:13 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-18 06:13 . 2012-05-14 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-18 06:13 . 2012-05-14 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-18 06:13 . 2012-05-15 02:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-14 15:05 . 2012-05-14 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-15 03:08 . 2012-05-15 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-15 03:08 . 2012-05-15 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-14 15:05 . 2012-05-14 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 231936 c:\windows\SysWOW64\url.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 123392 c:\windows\SysWOW64\occache.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 580608 c:\windows\SysWOW64\msfeeds.dll
- 2012-05-12 03:30 . 2011-10-14 04:42 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 176640 c:\windows\SysWOW64\ieui.dll
- 2012-05-12 03:30 . 2012-02-28 05:37 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system64\wextract.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 249344 c:\windows\system64\webcheck.dll
+ 2011-06-18 17:43 . 2012-05-14 17:31 264066 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-05-14 17:36 . 2012-05-14 17:36 152888 c:\windows\system64\Wat\WatWeb.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 249656 c:\windows\system64\Wat\WatUX.exe
+ 2012-05-14 17:36 . 2012-05-14 17:36 138664 c:\windows\system64\Wat\npWatWeb.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 603648 c:\windows\system64\vbscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 237056 c:\windows\system64\url.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 149504 c:\windows\system64\occache.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 197120 c:\windows\system64\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system64\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 222208 c:\windows\system64\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 697344 c:\windows\system64\msfeeds.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 818688 c:\windows\system64\jscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 103936 c:\windows\system64\inseng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 165888 c:\windows\system64\iexpress.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 173056 c:\windows\system64\ieUnatt.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 248320 c:\windows\system64\ieui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 111616 c:\windows\system64\iesysprep.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 145920 c:\windows\system64\iepeers.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 403248 c:\windows\system64\iedkcs32.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 534528 c:\windows\system64\ieapfltr.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 163840 c:\windows\system64\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system64\ieakui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 267776 c:\windows\system64\ieaksie.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system64\ieaksie.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system64\ieakeng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 135168 c:\windows\system64\IEAdvpack.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 282112 c:\windows\system64\dxtrans.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 452608 c:\windows\system64\dxtmsft.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 114176 c:\windows\system64\admparse.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system32\wextract.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 249344 c:\windows\system32\webcheck.dll
+ 2011-06-18 17:43 . 2012-05-14 17:31 264066 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-05-14 17:36 . 2012-05-14 17:36 152888 c:\windows\system32\Wat\WatWeb.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 249656 c:\windows\system32\Wat\WatUX.exe
+ 2012-05-14 17:36 . 2012-05-14 17:36 138664 c:\windows\system32\Wat\npWatWeb.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 603648 c:\windows\system32\vbscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 237056 c:\windows\system32\url.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 149504 c:\windows\system32\occache.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 197120 c:\windows\system32\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 222208 c:\windows\system32\msls31.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 697344 c:\windows\system32\msfeeds.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 818688 c:\windows\system32\jscript.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 103936 c:\windows\system32\inseng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 165888 c:\windows\system32\iexpress.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 173056 c:\windows\system32\ieUnatt.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 248320 c:\windows\system32\ieui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 111616 c:\windows\system32\iesysprep.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 145920 c:\windows\system32\iepeers.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 403248 c:\windows\system32\iedkcs32.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 267776 c:\windows\system32\ieaksie.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 160256 c:\windows\system32\ieakeng.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 282112 c:\windows\system32\dxtrans.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 452608 c:\windows\system32\dxtmsft.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 114176 c:\windows\system32\admparse.dll
- 2009-07-14 05:01 . 2012-05-14 15:04 261972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-15 03:07 261972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-18 03:22 . 2012-05-15 03:07 262740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-554974647-341856259-1591196108-1000-8192.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 1390080 c:\windows\system64\wininet.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 1255736 c:\windows\system64\Wat\WatAdminSvc.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 1345536 c:\windows\system64\urlmon.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 2308096 c:\windows\system64\jscript9.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 2144256 c:\windows\system64\iertutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 3695416 c:\windows\system64\ieapfltr.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 1390080 c:\windows\system32\wininet.dll
+ 2012-05-14 17:36 . 2012-05-14 17:36 1255736 c:\windows\system32\Wat\WatAdminSvc.exe
+ 2012-05-15 02:16 . 2012-05-15 02:16 1345536 c:\windows\system32\urlmon.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 2308096 c:\windows\system32\jscript9.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 2144256 c:\windows\system32\iertutil.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 3695416 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2012-05-15 02:23 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-05-13 18:09 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-09 09:28 . 2012-05-15 03:07 1434328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-09 09:28 . 2012-05-14 15:04 1434328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 12282368 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-05-14 03:49 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-15 02:35 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 17790464 c:\windows\system64\mshtml.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 10887168 c:\windows\system64\ieframe.dll
- 2009-07-14 02:34 . 2012-05-14 03:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-15 02:35 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-05-15 02:16 . 2012-05-15 02:16 17790464 c:\windows\system32\mshtml.dll
+ 2012-05-15 02:16 . 2012-05-15 02:16 10887168 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
.
c:\users\brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-05-07 1160824]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120512.001\IDSvia64.sys [2012-05-09 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-10 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:11]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForbrandon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
steamdvr
proxyhostmirrordisplay
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-05-14 23:26:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 03:26
ComboFix2.txt 2012-05-14 15:21
.
Pre-Run: 158,679,093,248 bytes free
Post-Run: 158,323,388,416 bytes free
.
- - End Of File - - E956E4CEE45B9C6BEE23A575317E0E20

Log #2 to follow.....


----------



## cinderblock (May 9, 2012)

C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Windows\assembly\temp\U\[email protected] Win64/Sirefef.W trojan
C:\Windows\system64\SE2Dmdm.dll Win64/Sirefef.W trojan

did you want this one too?

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


----------



## cinderblock (May 9, 2012)

Only took a couple hours 

I did notice when the computer was first turned on (after running ComboFix earlier today) There were a ridiculous number of Windows updates loaded (like 30K ... or maybe only 3K ++). Also, spell check no longer works in Word . When the internet was launched, it took about 45 seconds to load, but seems to be pretty speedy now. Oh, and - it loaded with IE9 (had IE8, I think). I didn't know what to answer when it asked if I wanted to use the recommended security settings...

It's going on 2am so I'm heading to bed. Talk soon - and, as always, THANK YOU !!!! :up: KEVIN :up:


----------



## kevinf80 (Mar 21, 2006)

Not sure about word spell checker, we`ll have a look at that later. The reason for large amount of windows updates will be down to the infection stopping them previously.

Regarding recommended security settings for IE 9, if offered accept them. If you do not like IE 9 you can UNinstall and it will roll back to the previous version...

There a couple of baddies still on your system (identified by ESET) also a lot of dross/cookies and general build up of temporary files, we`ll get rid now.

OK do the following:

Please download *OTM by OldTimer*.
*Alternative Mirror 1*
*Alternative Mirror 2* 
Save it to your desktop. 
Double click *OTM.exe* to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)
C:\ProgramData\Tarma Installer
C:\Users\All Users\Tarma Installer
C:\Windows\assembly\temp\U\[email protected]
C:\Windows\system64\SE2Dmdm.dll

:Commands
[EmptyTemp]
[RestHosts]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see the log from OTM, give update on ANY remaining issues.... what version of "Word" are you using, is it part of MS Office; if so what version eg MS 2010

Kevin


----------



## cinderblock (May 9, 2012)

Kevin - Me thinks the first line is a good one  You too?

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\brandon\Desktop\cmd.bat deleted successfully.
C:\Users\brandon\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals) folder moved successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
File/Folder C:\Users\All Users\Tarma Installer not found.
C:\Windows\assembly\temp\U\[email protected] moved successfully.
LoadLibrary failed for C:\Windows\system64\SE2Dmdm.dll
C:\Windows\system64\SE2Dmdm.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: brandon
->Temp folder emptied: 151 bytes
->Temporary Internet Files folder emptied: 52422956 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 27676 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9164 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028370 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 84.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 05152012_103703
Files moved on Reboot...
C:\Users\brandon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...

I did notice a pop-up (or two) while on-line today....which I don't really get at all on the computer I usually use.

Looks like Word is 2002  I now see Office Suite 2010 under All Programs, but it will require installation and I don't have much time right now....

Quick question - I've noticed there are two Program files on C: - one titled "Program Files" and the other "Program Files (x86). I'm accustomed to working with XP and this computer is Win7, so maybe this is normal for Win7. Was just wondering why both folders are required...or are they?

Also along the XP-Win7 lines, under Start "All programs" looks sooooo different. It's hard to find things (for me anyway). Is there anyway to make it look more like XP?

I'll try to report later tonight. ENJOY YOUR DAY


----------



## kevinf80 (Mar 21, 2006)

Is your Popup blocker actually turned on? for IE explorer select > tools > popup blocker, if it shows as turned OFF, turn it on.

If it is already ON, select > popup blocker settings > what is the "Blocking Level" setting, should be either "Medium" or "High" depending on your personal preferences...

Your version of windows is 64 bit. Most programs for your system will be 64 bit. Program Files is for 64 bit applications. Some programs are only available in 32 bit format, Your OS can still run those and will configure itself to do it.

Program Files x86 is for 32 bit applications. Windows is smart enough to know which one they got into, so don`t worry about them...

Let me know how your system is responding, apart from spell checker. that will probably right itself if you install the MS office 2010 suite.

Not sure how to configure W7 to run like XP, you may have to take that up with the Technical guys over at the Operating System section when we`re done here...Okey dokey....

Kevin


----------



## cinderblock (May 9, 2012)

Hey Kevin!

*thought* I checked in last night, but see here that I didn't. I thought I had typed that I changed the pop-up settings to high, and am compiling 'remaining issues'. Will say I had GREAT SUCCESS (at 4 am my time last night!) in FINALLY getting the wireless printer to produce a Test Page 

Am going to do some browsing and typing now....will be back soon. 

Oh, and did I tell you lately: YOU ARE THE BEST!!!!!


----------



## kevinf80 (Mar 21, 2006)

OK, thanks for the update, let me know how your system is responding and if you have any remaining issues or concerns. If all is OK we`ll clean up and set you free.

Its 30 after midnight for me, apologies for not replying sooner, been a busy day (and night) sleepy time for me now.... Catch up later....

Kevin.....zzzzzz


----------



## cinderblock (May 9, 2012)

G'morning Kevin! Hope your sleep was good  as these items I'm gonna type out will probably be quite a bore, in comparison to solving virus riddles 

I'll start with what_ I thought_ might be an issue last night, that was noticed PRIOR to finally getting a good install of Microsoft Office 2010. At that time, also resident was older versions of some of the Office elements; in particular Access 2003. I had launched the program, and within the "recent files" list, appeared these two files:

End%200'%20Life-revised[1]
Informed%20Consent[1]

I knew of the existence of two saved files that were titled "End Life" and "Informed Consent" and thought it very strange that the proper file names now appeared with percent signs and "20"s intersperced.

However, today, I can no longer launch any of the Office 2003 programs. I'm guessing somewhere along the way, Office 2010 wiped them out. I say "somewhere along the way" as I purposely chose a "Customized" install the first time through - but, somehow I didn't have success and had to cycle through the process a number of times before I achieved success. Mixing late hours, little sleep and general incompentence can do that...

Revisiting *Windows updates*....the computer was still receiving and processing GALLONS of them all throughout the night (read: between all the 'gotta restart your computer' sequences, generated by my continual inept Office installs). Once, I was prompted with a Windows Update window that prompted for installation of*Office XP Service Pack 3*. As this is a Win7, I did not accept. *Should I have?*

Also, somewhere along the way I *think* I told Java it could finally update (it's been trying this entire diagnostic time and I kept denying it), but when I said 'go ahead' it gave an error message of some sort. All the Java folders (under c:\Program Files) are dated 7/10/10 - soooo I'm guessing no update was processed. Also, it's not hounding me to take action anymore. *Can you recommend any action?*

*For the most part, I believe (s)he's healed * But, I'm wondering if (s)he shared an infection of some sort with other laptops in our wireless router, as also last night, one of those laptops had this Norton Report Window apprear:

*Fake App Atttack: Fake AV Redirect 21 - An intrusion attempt by wreckedtectminimizer.in blocked*

I'm gonna stop (sorry, I know I'm windy).

As always, THANK YOU KEVIN 

ps. NO WORRIES on quickness of reply - which was actually fast, as always. Take your time with this....you deserve a break!


----------



## kevinf80 (Mar 21, 2006)

I`m not really sure about MS Office, just not my field. I`d have thought if you were installing MS Office 2010, MSOffice 2003 would have to be UNinstalled. 
Maybe worthwhile UNinstalling them both and then re-install the version of choice. MS office is quite expensive, if you already had 2003 I do not see any reason to go to the expense of buying another version.

Regarding Java, run the following so I can see what is on your system, it will also check your security set up:

Download Security Check by screen317 from *HERE* or *HERE*.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin


----------



## cinderblock (May 9, 2012)

Happy Friday Kevin!

The computer was moving mighty s-l-o-w-l-y today; and just happened to be flashing to accept a Java update. Soooo, right after I had downloaded the Security Check software, I went ahead and did the Java update.

Now, I don't have recent memory of doing a Java update, but this one seemed unusual. Like, when I checked "sure, go ahead" it just disappeared for about five minutes, and then told me there were a couple of Java programs (javaw.exe was one of them) running, and I needed to save my work, and then click "close the programs down"....which I did probably four times before being prompted (another five minutes later) that Java would be updating. Eventually I got the final prompt that it was done. Anyway - here's the log you asked for:

Results of screen317's Security Check version 0.99.32 
Windows 7 x64 (UAC is enabled) 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
ESET Online Scanner v3 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Java(TM) 6 Update 32 
Adobe Reader 9 *Adobe Reader out of date!* 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Norton ccSvcHst.exe 
*``````````End of Log````````````*

Also, not that you asked but thought I'd share. While waiting the 1/2 it took for Java to do it's thing, I was keeping an eye on the Task Manager applications that were running. OFTEN - and even tho nothing Java related was doing anything - the CPU usage would be 80% or above. AND - I spotted this:

*RtVOsd.exe* under the processes list. It's CPU usage never changed from 00, but there is 416K Memory (Private Working Set) associated with it.

Let me know your thoughts oh Great and Mighty Oz


----------



## kevinf80 (Mar 21, 2006)

The file you quote *RtVOsd.exe* is driver for Realtek Audio, it should be OK, the amount of memory it is using is negligible. I see you have Java updated, that is good. Adobe is outdated, do the following:

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

*Adobe Reader* Untick the Free McAfee® Security Scan Plus (optional) *Not required{/b]

Can you recall what was using all of the CPU when it was at 80%.... Can you post a screen shot of TM..

Make sure to turn Norton back on when we`re not running specific tools etc..

Kevin*


----------



## cinderblock (May 9, 2012)

real quick - I signed on to follow the Adobe link (even though, believe it or not I had updated it myself, but only to 9.3) and was prompted with a Windows Update for Office XP Service Pack 3....shall I accept?

*Edited to say:* I went ahead and accepted the XP Service Pack 3 update, and purposely watched Task Manager. It primarily appears that *Trusted Installer.exe, **svchost.exe* and *mscorsvw.exe* are the big CPU users. In this case, guess that's to be expected, huh?

In the earlier case, *Possibly* - taken from some cryptic notes - I believe it was *Windows Installer* that was using most of the CPU time then.


----------



## kevinf80 (Mar 21, 2006)

Did those entries subside when update was complete?


----------



## cinderblock (May 9, 2012)

No 

The Trusted Installer remained at 98-100% until the dreaded prompt came that stated one update was successful and one failed. Looking at the log, the one that failed was *Office XP SP3.* It also failed on the 16th and 17th, and I have a sneaking suspicion this is what was using all the CPUs when I first mentioned the issue.

The good news is that the one update that was successful was: Win 7 SP1 for 64x(KB976932). There may be a slight chance that XP SP3 made it after the shut down (which the prompt explained was required to complete something). It's been ten-fifteen now, and is 32% complete in Configuring Service Pack.

Another bit of sad news is that while I was waiting for the one laptop, I tried the same thing on the one I'm typing from now (which is an XP OS), and SP3 failed here as well...in an even worse way (I think). I received a dialog box with heading "Access Denied" Partially updated and may not work properly. So far, tho, things seem pretty normal.

Up to 70% complete now. I'll write back if-when I have success with Adobe.

THANKS KEVIN


----------



## cinderblock (May 9, 2012)

SUCCESS !!! with Adobe, that is.

Not success getting print screen to work as it does in XP, but I can tell you more often than not is it the mscorsvw.exe (.NET Runtime Optimization Service) that is the heavy CPU user.

Sadly, I'm not able to even update Adobe on my other laptop....think it's time to run dds on that puppy? If so, would it be best to start a new post?


----------



## cinderblock (May 9, 2012)

ugh....correction

I GOT ADOBE to Download on the other computer !! Had to do it unconventionally, but darn-it, it worked!! The unconventional install required specifics on the OS, and when I checked the properties of 'My computer" (fully expecting to find SP2 -32 bit, or SP2 - 64 bit) I found SP 3....which was cited to have failed a couple of posts back.

Have to get ready for work. Will check back later in day....


----------



## kevinf80 (Mar 21, 2006)

I `m getting lost here, I do not want to get involved with Microsoft Office, I do not have any experience with it. I`m only interested in the malware issue with the system we started with.

If you have other systems and they are having problems we`ll deal with those later. We need to get this one clean first...

Tell me how this one is responding and what issues you have. If MS office is causing problems UNinstall it for now, then run TFC:

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Let me know how this system is responding....

Kevin


----------



## cinderblock (May 9, 2012)

Sorry for straying there Kevin....


I ran TFC and things seem to be going pretty well. I am not accustomed to Win7, and most of what seems unusual to me is probably just the way it works. 


Let me know if there is anything in particular that I should be looking for. If I have guardrails maybe I'd be less inclined to dive off the ramp  

With my most sincere thanks and gratitude, cindy


----------



## kevinf80 (Mar 21, 2006)

Hiya Cindy,

It is very easy to get side tracked, we need to stay focussed until this system is confirmed clean. When we are confident that is complete we clean up and move on.

OK, here`s what i`d like to do:

1. Re-run DDS, if that is clean we remove all tools and finish up.

2. Disconnect this one from the network and start on the next PC, run new scans; get that one clean. Move to next one.

If you are OK with that do the following on the current system...

Run DDS and post fresh set of logs. Give me a concise update relating to the malware issue we started with, also any odd behavior, re-directs etc...

Kevin


----------



## cinderblock (May 9, 2012)

will do Kevin,

had an out of state graduation today and a family birthday tomorrow. Will hopefully get to logs by tomorrow eve.

Enjoy the rest of your weekend! cidny


----------



## kevinf80 (Mar 21, 2006)

OK, just reply when you can. I have no issues with late replies. We all have lives to lead and there is always something to do, one of the pitfalls of having a family I guess...

Enjoy tour celebrations and have fun...

Kevin


----------



## cinderblock (May 9, 2012)

I've said it before, and it's worth saying again:  YOU ARE A KIND SOUL KEVIN 

Here is the first of what I believe to be a squeaky-clean log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by brandon at 15:04:50 on 2012-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.795 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [HP Deskjet 3050A J611 series (NET) #2] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN189480YF05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET) #2" -AutoStart 1
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DhcpNameServer = 40.5.1.100
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897}\0757274697 : DhcpNameServer = 10.1.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-7 1160824]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120518.001\IDSviA64.sys [2012-5-18 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-9 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [2012-5-11 130008]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-9 138360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-19 01:32:20 -------- d-----w- C:\Users\brandon\AppData\Roaming\ieSpell
2012-05-19 01:27:57 -------- d-----w- C:\Program Files (x86)\ieSpell
2012-05-18 09:44:34 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-18 09:44:34 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-18 08:30:12 -------- d-----w- C:\Windows\System32\SPReview
2012-05-18 08:28:28 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-18 03:11:08 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-05-18 03:11:08 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-05-18 03:09:59 1753088 ----a-w- C:\Windows\System32\vssapi.dll
2012-05-18 03:08:59 800256 ----a-w- C:\Windows\System32\usp10.dll
2012-05-18 03:07:57 412160 ----a-w- C:\Windows\System32\aepdu.dll
2012-05-18 03:06:59 41472 ----a-w- C:\Windows\System32\mimefilt.dll
2012-05-18 03:05:59 840192 ----a-w- C:\Windows\System32\blackbox.dll
2012-05-18 03:04:59 8192 ----a-w- C:\Windows\System32\kbdlk41a.dll
2012-05-18 03:03:35 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-05-18 03:03:35 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-05-18 03:03:34 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-05-18 02:58:02 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-05-18 02:58:02 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-05-18 02:57:45 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-05-16 08:10:55 -------- d-----w- C:\Techguy
2012-05-16 07:40:03 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-05-16 07:21:35 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-05-16 04:51:55 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-05-16 04:51:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-16 04:51:54 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-16 04:04:56 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-16 04:00:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-16 03:58:58 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-05-16 03:58:25 -------- d-----w- C:\Users\brandon\AppData\Local\Microsoft Help
2012-05-15 14:37:03 -------- d-----w- C:\_OTM
2012-05-15 03:37:39 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-15 03:09:56 -------- d-----w- C:\$RECYCLE.BIN
2012-05-14 17:36:59 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-14 17:36:58 -------- d-----w- C:\Windows\System32\Wat
2012-05-13 20:13:33 98816 ----a-w- C:\Windows\sed.exe
2012-05-13 20:13:33 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-13 20:13:33 256000 ----a-w- C:\Windows\PEV.exe
2012-05-13 20:13:33 208896 ----a-w- C:\Windows\MBR.exe
2012-05-13 18:52:37 -------- d-----w- C:\Users\brandon\AppData\Roaming\Malwarebytes
2012-05-13 18:52:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-13 18:52:11 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-13 18:52:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-12 05:56:31 778088 ---ha-w- C:\Windows\System32\HPDiscoPMa011.dll
2012-05-12 05:54:12 -------- d-----w- C:\Program Files\HP
2012-05-12 04:02:30 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-05-12 04:02:29 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-05-12 04:00:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-05-12 04:00:54 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-05-12 04:00:50 2871808 ----a-w- C:\Windows\explorer.exe
2012-05-12 04:00:50 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-05-12 04:00:09 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-05-12 04:00:09 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-05-12 04:00:01 2315776 ----a-w- C:\Windows\System32\tquery.dll
2012-05-12 04:00:00 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2012-05-12 03:45:19 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-05-12 03:45:19 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-05-12 03:45:19 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-05-12 03:45:18 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-05-12 03:45:01 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-05-12 03:45:01 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-05-12 03:44:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-05-12 03:44:54 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-05-12 03:44:47 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-05-12 03:44:47 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-05-12 03:44:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-12 03:40:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-05-12 03:40:27 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-05-12 03:40:26 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-05-12 03:40:26 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-05-12 03:40:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-12 03:33:19 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-12 03:33:19 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-12 03:32:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-05-12 03:32:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-05-12 03:32:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-05-12 03:32:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-05-12 03:32:32 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-05-12 03:32:32 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-05-12 03:32:31 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-05-12 03:32:31 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-05-12 03:32:31 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-05-12 03:32:30 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-05-12 03:29:54 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-12 03:18:31 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-12 03:18:31 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-12 03:18:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-12 03:18:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-12 03:18:31 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-12 03:16:23 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 03:16:05 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-05-12 03:16:05 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2012-05-12 03:16:05 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-05-12 03:16:04 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-05-12 03:16:03 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-05-12 03:16:03 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-05-12 03:14:20 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-05-12 03:14:20 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-05-12 03:14:20 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-05-12 03:14:20 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-05-12 03:12:28 974336 ----a-w- C:\Windows\System32\WFS.exe
2012-05-12 03:12:28 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-05-12 03:12:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-05-12 03:12:25 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-05-12 03:12:19 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:19 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-05-12 03:11:51 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-05-12 03:11:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-05-12 03:02:33 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-05-12 03:02:33 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 02:58:07 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-12 02:58:07 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-12 02:57:48 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-12 02:57:48 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-12 02:55:19 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-12 02:55:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-12 02:55:19 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-12 02:55:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-12 01:50:44 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-05-12 01:50:44 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-05-12 01:50:44 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-05-12 01:50:44 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-05-12 01:50:44 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-05-12 01:50:44 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-05-12 01:50:27 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
2012-05-10 00:57:30 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-05-10 00:35:43 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Symantec
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-05-10 00:34:52 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-05-10 00:34:50 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-05-10 00:34:42 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-05-10 00:29:52 -------- d-----w- C:\Users\brandon\AppData\Local\LogMeIn Rescue Applet
2012-05-07 04:38:34 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-07 00:51:11 -------- d-----w- C:\Users\brandon\AppData\Local\VS Revo Group
2012-05-07 00:51:07 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-05-07 00:51:06 -------- d-----w- C:\Program Files\VS Revo Group
2012-05-06 23:08:58 -------- d-----w- C:\ProgramData\GID
2012-05-06 19:38:32 -------- d-----w- C:\Windows\pss
2012-04-23 03:07:21 -------- d-----w- C:\ProgramData\Recovery
2012-04-23 02:08:52 -------- d-----w- C:\N360_BACKUP
2012-04-23 01:36:49 -------- d-----w- C:\Users\brandon\AppData\Local\NPE
2012-04-22 21:19:29 -------- d-----w- C:\Users\brandon\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2012-05-18 08:44:41 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-18 08:44:41 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-05-18 03:10:01 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-18 03:10:01 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-06 23:11:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:11:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 23:11:06 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-26 04:03:12 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2012-03-26 04:03:12 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-03-26 04:03:12 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-03-26 04:03:12 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2012-03-26 04:03:10 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2012-03-26 04:03:10 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-03-26 04:03:10 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-03-26 04:03:10 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2012-03-26 04:03:10 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2012-03-26 04:03:02 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2012-03-26 04:02:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 15:07:24.78 ===============

And now the second:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2011 2:10:26 AM
System Uptime: 5/20/2012 2:12:10 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1604
Processor: AMD V140 Processor | Socket S1G4 | 782/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 215 GiB total, 145.712 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.491 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP98: 5/18/2012 4:30:03 AM - Windows 7 Service Pack 1
RP99: 5/18/2012 6:18:22 AM - Windows Update
RP100: 5/18/2012 10:40:45 PM - Windows Update
RP101: 5/20/2012 2:18:27 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Ask Toolbar
Ask Toolbar Updater
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Build-a-lot 2
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Energy Star Digital Logo
erLT
Escape Rosecliff Island
ESET Online Scanner v3
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
FrostWire 5.0.8
GuardedID
H&R Block Deluxe + Efile + State 2011
H&R Block New Jersey 2011
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3050A J611 series Help
HP Documentation
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
ieSpell
Java Auto Updater
Java(TM) 6 Update 32
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
ooVoo
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/20/2012 2:21:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
5/18/2012 8:57:27 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
5/18/2012 5:26:47 AM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/3347303928/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
5/18/2012 5:26:47 AM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
5/18/2012 12:51:16 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
5/17/2012 1:15:46 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/15/2012 10:37:03 AM, Error: Service Control Manager [7034] - The CinemaNow Service service terminated unexpectedly. It has done this 1 time(s).
5/14/2012 9:40:03 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
5/14/2012 9:39:26 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/14/2012 11:11:34 PM, Error: Service Control Manager [7000] - The RtVOsdService Installer service failed to start due to the following error: A device attached to the system is not functioning.
5/14/2012 11:11:34 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
5/14/2012 11:11:34 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
5/14/2012 11:09:00 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
5/14/2012 11:07:11 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/14/2012 10:53:57 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/14/2012 10:37:19 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/13/2012 11:39:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.125.1635.0).
.
==== End Of File ===========================

Concisely, I have NOT seen any Window Warning boxes with "globalroot\systemroot\...." and-or "Bad Image" within the past week to week and a half. No re-directs, no odd behavior that cannot be traced to operator error, sooooo

 * THANK YOU - THANK YOU - THANK YOU - THANK YOU - THANK YOU* 

Please let me know the best way to proceed for the 'next customer'  (_Again!_, he thinks to himself)

Cindy


----------



## kevinf80 (Mar 21, 2006)

Hiya Cindy,

Ok do the following :-

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.

*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*

Remove ESET online scanner:


 Click Start, type *Uninstall a Program* into the Search programs and files box, and then press ENTER.
 Click to select *ESET Online Scanner* from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall *ESETonline Scanner*, only re-boot if prompted.

*Step 3*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

*Any tools/logs remaining on the Desktop can be deleted.*

*Step 4*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Let me know if those steps complete OK....

Kevin


----------



## cinderblock (May 9, 2012)

TOTAL SUCCESS with all 4 steps!

Aside from logs, I also still have these programs on Desktop:

*Yorkyt*
*FixZeroAccess*
*aswMBR*
*MalwareBytes*

should they be uninstalled? If there's no risk in keeping them, I'd kinda like them to hang around....we're like friends, now 

I think I'll take the rest of the night off (and would suggest YOU DO THE SAME....do you EVER get a break??!?) but plan to run scans on the other laptops, and post a follow-up on a new thread, in the near future.

I have enjoyed this journey with you Kevin. Thank you for your patience, your expertise and your ability to direct this non-malicious code-thinking type.


----------



## kevinf80 (Mar 21, 2006)

Hiya Cindy,

*Yorkyt* <--------------------- Delete, this is only updated at source by developer so has to be d/l each time needed
*FixZeroAccess* <--------- Nothing to do with me, not sure where you got that one
*aswMBR* <-------------------- Delete, this is only updated at source by developer so has to be d/l each time needed
*MalwareBytes* <--------------- Keep that one, best all round Anti-malware program available (IMHO) always remember to update before a run.

For the next system open a new thread, give it the header *For Attention kevinf80 PC 2*.

If no more issues on PC 1 here are some tips to reduce the potential for malware infection in the future

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin


----------



## Cookiegal (Aug 27, 2003)

I'll close this now just to avoid any confusion with your new thread. I understand the new one involves a different computer so it's not a duplicate or continuation of this thread. If, for any reason regarding this PC, you need this thread to be reopened please feel free to send me a PM and I will do that.


----------

