Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirecting Virus, Please Help!


  • This topic is locked This topic is locked

#1
derek1024

derek1024

    Member

  • Member
  • PipPip
  • 35 posts
Hi, my name is Derek and I own a Sony VAIO laptop. I just bought this product this year and it has been working perfectly. I have the latest version of Norton (360) installed and operational. However, it has been apparant that I have a virus on my computer due to my blunders.

The symptoms are:

Redirecting every search result in every search engine I try on my Mozilla Firefox (Google, Yahoo, Bing, Ask.com, etc)
Slowing down of the computer

According to many similar posts on the Internet, this virus seems to be TDSS, so I tried various things to eliminate this problem.

Here's what I have tried and done:

Ran a full scan on Norton 360 and found nothing.
Ran a full scan on Norton Power Eraser, found a malware called "hosts" and deleted it.
Ran TDSSkiller and found no threats.
Deleted cache, history, etc on Mozilla Firefox.
Cleared my disk using Disk Cleanup.

The problem still persists and I am left with no other options than to ask for assistance. I have noticed that it is recommended to analyze my computer with a software called "HijackThis" and leave it with the experts to solve my problem. To save time, I have done so and I will copy and paste it below. I have also ran a OTL scan in addition to HijackThis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:27:05 PM, on 01/06/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Users\Derek\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14421 bytes

OTL logfile created on: 01/06/2011 4:34:20 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Derek\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 57.10% Memory free
7.49 Gb Paging File | 5.62 Gb Available in Paging File | 75.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.48 Gb Total Space | 418.84 Gb Free Space | 71.42% Space Free | Partition Type: NTFS

Computer Name: COMMONER | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/01 16:33:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Derek\Downloads\OTL.exe
PRC - [2011/06/01 16:26:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Derek\Downloads\HijackThis.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2011/04/14 11:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/14 15:34:16 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2011/02/28 15:39:36 | 000,506,824 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/10/12 15:52:48 | 000,423,280 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2010/09/27 15:12:36 | 000,864,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010/09/10 08:47:30 | 000,108,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2010/09/10 08:47:30 | 000,067,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2010/08/12 15:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/07/15 11:07:40 | 000,184,816 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2010/07/15 11:07:40 | 000,040,952 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2010/07/15 11:07:40 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2010/07/15 11:07:40 | 000,022,504 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2010/05/18 13:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/05/14 14:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/03/02 16:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/02/19 19:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
PRC - [2010/02/19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2010/02/09 14:54:22 | 000,081,328 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
PRC - [2010/01/21 20:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/01/20 14:24:12 | 000,087,408 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/07/13 20:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (SafeList) ==========

MOD - [2011/06/01 16:33:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Derek\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/27 15:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/15 20:05:13 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/12 15:15:34 | 000,257,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/06/09 13:00:34 | 001,223,024 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2010/03/25 14:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010/02/19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/02/19 19:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/02/19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/09/04 13:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/22 22:23:49 | 003,275,864 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/05/09 16:45:09 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/03/14 15:34:16 | 000,047,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/10/12 15:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/09/27 15:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010/09/27 15:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/09/10 08:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/09/10 08:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/05/14 14:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/30 20:48:58 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/08 18:51:04 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 19:39:49 | 000,382,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/15 20:05:23 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/09/15 20:05:15 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/15 20:05:14 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/20 22:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/30 22:10:30 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/06/30 22:10:30 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/16 22:29:44 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/04/06 23:08:44 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/22 06:21:21 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/09 03:59:23 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/03/09 02:56:08 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/03/09 01:09:24 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/09 01:09:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/08 22:23:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/05/30 22:40:35 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110601.002\EX64.SYS -- (NAVEX15)
DRV - [2011/05/30 22:40:35 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/30 22:40:35 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/30 22:40:35 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110601.002\ENG64.SYS -- (NAVENG)
DRV - [2011/04/18 19:35:53 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/14 21:29:00 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110527.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle.ca/vaio [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sonystyle.ca/vaio [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ca"

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/05/30 20:49:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\ [2011/05/30 20:48:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/11 21:59:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/08 17:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Extensions
[2011/05/25 18:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\byzvkc1o.default\extensions
[2011/05/31 17:16:22 | 000,002,469 | ---- | M] () -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\byzvkc1o.default\searchplugins\safesearch.xml
[2011/05/23 21:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/23 21:31:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/30 20:48:31 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN
[2011/05/30 20:49:55 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
() (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BYZVKC1O.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BYZVKC1O.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BYZVKC1O.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 11:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 03:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 03:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/31 17:11:54 | 000,000,054 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ee8d3d83-7b6d-11e0-8b12-78843c2fa794}\Shell - "" = AutoRun
O33 - MountPoints2\{ee8d3d83-7b6d-11e0-8b12-78843c2fa794}\Shell\AutoRun\command - "" = D:\blank.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 17:06:05 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\NPE
[2011/05/30 20:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/30 20:48:41 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.sys
[2011/05/30 20:48:41 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/05/30 20:48:41 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.sys
[2011/05/30 20:48:41 | 000,382,584 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/05/30 20:48:41 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.sys
[2011/05/30 20:48:41 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/05/30 20:48:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/05/30 20:48:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/05/30 20:48:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/05/30 20:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2011/05/30 20:34:39 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/30 20:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/05/30 20:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/05/30 20:26:31 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/05/30 20:02:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/30 19:59:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/30 19:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/05/30 18:49:40 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Symantec
[2011/05/30 18:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/30 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\QuickScan
[2011/05/24 21:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/05/23 21:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/05/22 22:47:59 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2011/05/22 22:45:26 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2011/05/22 22:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2011/05/18 19:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/05/17 22:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Avago-HP
[2011/05/17 22:12:26 | 000,403,968 | ---- | C] (Software 2000 Limited) -- C:\Windows\SysNative\HP1006LM.DLL
[2011/05/17 22:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/05/17 20:38:46 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Red Alert 3 Uprising
[2011/05/17 19:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/05/15 15:08:44 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Fallout3
[2011/05/15 13:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2011/05/15 13:43:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/05/15 13:04:40 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\GPUMonitor
[2011/05/15 00:14:00 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Diagnostics
[2011/05/13 18:58:52 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\ApplicationHistory
[2011/05/13 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/13 16:51:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2011/05/13 16:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2011/05/13 16:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2011/05/13 16:10:19 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\InstallShield
[2011/05/11 21:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/11 21:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/05/11 21:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/11 21:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/11 21:58:07 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Apple
[2011/05/11 21:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/05/11 21:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/11 19:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/05/11 19:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/05/11 19:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/05/11 19:24:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/05/11 19:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/11 19:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/05/11 19:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/05/11 19:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/05/11 19:19:34 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/05/10 23:04:21 | 000,000,000 | ---D | C] -- C:\c46c34977b5b5dbdfc31be9fee
[2011/05/10 22:53:38 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/05/10 22:51:07 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/05/10 22:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/05/10 22:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo II
[2011/05/10 21:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/05/10 21:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/10 21:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/05/10 21:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/05/10 21:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/05/10 21:14:44 | 000,000,000 | ---D | C] -- C:\Adobe Photoshop CS5 Extended Edition
[2011/05/10 20:48:34 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Sony PMB
[2011/05/10 20:47:47 | 000,000,000 | ---D | C] -- C:\VAIO Entertainment
[2011/05/10 20:44:48 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Sony Corporation
[2011/05/10 17:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger
[2011/05/10 17:57:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
[2011/05/09 22:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/05/09 20:54:59 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\The Creative Assembly
[2011/05/09 20:30:55 | 000,000,000 | ---D | C] -- C:\Games
[2011/05/09 19:00:04 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\My Games
[2011/05/09 19:00:02 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\My Games
[2011/05/09 18:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2011/05/09 18:30:29 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Amnesia
[2011/05/09 18:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2011/05/09 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2011/05/09 16:51:02 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Tific
[2011/05/09 16:51:02 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Symantec
[2011/05/09 16:38:34 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/05/09 16:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011/05/09 16:25:15 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\BitTorrent
[2011/05/09 16:14:00 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\StarCraft II
[2011/05/09 16:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011/05/09 16:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2011/05/09 16:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/05/09 16:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/05/09 16:10:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/05/09 16:10:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/05/09 07:56:39 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Microsoft Games
[2011/05/08 21:40:11 | 000,000,000 | ---D | C] -- C:\DJMAX
[2011/05/08 21:29:22 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Red Alert 3
[2011/05/08 21:20:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/05/08 19:25:50 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Adobe
[2011/05/08 19:25:49 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Guild Wars
[2011/05/08 19:25:17 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/05/08 19:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011/05/08 19:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars
[2011/05/08 19:14:23 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Microsoft Help
[2011/05/08 19:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/08 18:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/05/08 18:51:04 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/05/08 18:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/05/08 18:50:05 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\DAEMON Tools Lite
[2011/05/08 18:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/05/08 18:48:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2011/05/08 18:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/05/08 17:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ESTsoft
[2011/05/08 17:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESTsoft
[2011/05/08 17:57:57 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\ESTsoft
[2011/05/08 17:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESTsoft
[2011/05/08 17:56:02 | 000,000,000 | ---D | C] -- C:\Update
[2011/05/08 17:48:19 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Mozilla
[2011/05/08 17:48:19 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Mozilla
[2011/05/08 17:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/05/08 17:44:26 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\CrashDumps
[2011/05/08 17:43:41 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Macromedia
[2011/05/08 17:43:35 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Adobe
[2011/05/08 17:41:09 | 000,000,000 | ---D | C] -- C:\DK Downloads
[2011/05/08 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\ATI
[2011/05/08 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\ATI
[2011/05/08 17:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/08 17:07:06 | 000,000,000 | R--D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/08 17:07:06 | 000,000,000 | R--D | C] -- C:\Users\Derek\Searches
[2011/05/08 17:07:06 | 000,000,000 | R--D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/08 17:07:06 | 000,000,000 | -H-D | C] -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/08 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Identities
[2011/05/08 17:06:57 | 000,000,000 | R--D | C] -- C:\Users\Derek\Contacts
[2011/05/08 17:06:55 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\VirtualStore
[2011/05/08 17:03:05 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Sony Corporation
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\AppData\Local\Temporary Internet Files
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Templates
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Start Menu
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\SendTo
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Recent
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\PrintHood
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\NetHood
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Documents\My Videos
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Documents\My Pictures
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Documents\My Music
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\My Documents
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Local Settings
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\AppData\Local\History
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Cookies
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\Application Data
[2011/05/08 17:02:42 | 000,000,000 | -HSD | C] -- C:\Users\Derek\AppData\Local\Application Data
[2011/05/08 17:02:41 | 000,000,000 | --SD | C] -- C:\Users\Derek\AppData\Roaming\Microsoft
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\Videos
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\Saved Games
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\Pictures
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\Music
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\Links
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\Favorites
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\Downloads
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\My Documents
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\Desktop
[2011/05/08 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/08 17:02:41 | 000,000,000 | -H-D | C] -- C:\Users\Derek\AppData
[2011/05/08 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Temp
[2011/05/08 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Microsoft
[2011/05/08 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Media Center Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/01 16:22:43 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/01 16:22:43 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/01 16:11:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/01 16:11:46 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/31 17:11:54 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/31 17:11:53 | 000,000,864 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011/05/30 20:49:32 | 001,306,492 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/05/30 20:48:58 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/30 20:48:58 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/30 20:48:58 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/30 19:03:46 | 000,000,000 | ---- | M] () -- C:\Windows\WinInit.ini
[2011/05/30 18:01:31 | 000,079,266 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/05/24 21:02:03 | 000,733,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/24 21:02:03 | 000,632,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/24 21:02:03 | 000,113,762 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/18 07:51:34 | 000,075,648 | ---- | M] () -- C:\Users\Derek\Documents\Learning_Objectives_Theme_2011.pdf
[2011/05/17 16:52:28 | 000,000,677 | ---- | M] () -- C:\Users\Derek\Documents\Derek - Shortcut.lnk
[2011/05/13 16:52:04 | 000,741,484 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/12 22:05:05 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/05/12 22:05:05 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/05/12 22:05:05 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/05/11 21:51:05 | 004,992,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/10 22:53:39 | 000,038,292 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/05/10 22:51:07 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/05/10 22:51:07 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2011/05/09 18:24:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/09 16:45:09 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
[2011/05/09 16:23:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/05/08 18:51:04 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/05/08 17:48:15 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/08 17:43:05 | 000,001,437 | ---- | M] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/08 17:06:50 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCEE43FD.mrk
[2011/05/08 17:06:50 | 000,000,000 | RH-- | M] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCEE43FD.mrk
[2011/05/08 14:00:34 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/05/08 14:00:34 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/30 20:49:28 | 001,306,492 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/05/30 20:48:41 | 000,000,000 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS64.cat
[2011/05/30 20:48:32 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/05/30 20:48:32 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/05/30 20:48:32 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA64.cat
[2011/05/30 20:48:32 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/05/30 20:48:32 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/05/30 20:48:32 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymEFA.inf
[2011/05/30 20:48:32 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymDS.inf
[2011/05/30 20:48:32 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SymNet.inf
[2011/05/30 20:48:32 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/05/30 20:48:32 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/05/30 20:48:32 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Iron.inf
[2011/05/30 20:48:32 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/05/30 20:34:39 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/30 20:34:39 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/30 19:03:46 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2011/05/30 17:35:40 | 000,079,266 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/05/18 07:51:34 | 000,075,648 | ---- | C] () -- C:\Users\Derek\Documents\Learning_Objectives_Theme_2011.pdf
[2011/05/17 22:12:26 | 000,064,512 | ---- | C] () -- C:\Windows\SysNative\HPPLVS.dll
[2011/05/17 16:52:28 | 000,000,677 | ---- | C] () -- C:\Users\Derek\Documents\Derek - Shortcut.lnk
[2011/05/13 16:52:00 | 000,741,484 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/11 21:58:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/10 22:56:09 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/05/10 22:56:09 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/05/10 22:56:09 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/05/10 22:51:10 | 000,038,292 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/05/10 22:51:07 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2011/05/10 21:37:19 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2011/05/10 21:36:45 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/05/10 21:35:06 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/05/10 21:34:50 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/05/10 21:33:22 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/05/10 21:33:16 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/05/10 21:32:49 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/05/09 18:24:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/09 16:47:21 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/05/09 16:23:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/05/08 18:48:38 | 000,001,944 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2011/05/08 18:47:12 | 000,002,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer Support.lnk
[2011/05/08 17:57:34 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2011/05/08 17:48:14 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/08 17:48:11 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/08 17:43:05 | 000,001,437 | ---- | C] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/08 17:07:11 | 000,001,409 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/05/08 17:07:07 | 000,001,443 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/08 17:06:50 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCEE43FD.mrk
[2011/05/08 17:06:50 | 000,000,000 | RH-- | C] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCEE43FD.mrk
[2011/05/08 17:02:42 | 000,000,290 | ---- | C] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/08 17:02:42 | 000,000,272 | ---- | C] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/08 13:58:54 | 3015,884,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/02 18:04:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/15 19:43:17 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2011/05/30 22:32:08 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\BitTorrent
[2011/05/13 18:11:13 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/10 22:49:15 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\DAEMON Tools Lite
[2011/05/30 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\QuickScan
[2011/05/08 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Red Alert 3
[2011/05/17 20:38:47 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Red Alert 3 Uprising
[2011/05/09 20:54:59 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\The Creative Assembly
[2011/05/09 16:51:02 | 000,000,000 | ---D | M] -- C:\Users\Derek\AppData\Roaming\Tific
[2009/07/14 00:08:49 | 000,019,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Please eliminate this problem and save my computer.

Thank you sincerely,

Derek

Edited by derek1024, 01 June 2011 - 03:39 PM.

  • 0

Advertisements


#2
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.





Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image





Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

    Click me

    If you can't disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
derek1024

derek1024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I've ran all of the software you have instructed me to use.

On TDSSKiller, I couldn't find any suspicious files or malwares. Here is the report for the TDSSKiller.

2011/06/03 15:54:05.0214 2876 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 15:54:05.0558 2876 ================================================================================
2011/06/03 15:54:05.0558 2876 SystemInfo:
2011/06/03 15:54:05.0558 2876
2011/06/03 15:54:05.0558 2876 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/03 15:54:05.0558 2876 Product type: Workstation
2011/06/03 15:54:05.0573 2876 ComputerName: COMMONER
2011/06/03 15:54:05.0573 2876 UserName: Derek
2011/06/03 15:54:05.0573 2876 Windows directory: C:\Windows
2011/06/03 15:54:05.0573 2876 System windows directory: C:\Windows
2011/06/03 15:54:05.0573 2876 Running under WOW64
2011/06/03 15:54:05.0573 2876 Processor architecture: Intel x64
2011/06/03 15:54:05.0573 2876 Number of processors: 2
2011/06/03 15:54:05.0573 2876 Page size: 0x1000
2011/06/03 15:54:05.0573 2876 Boot type: Normal boot
2011/06/03 15:54:05.0573 2876 ================================================================================
2011/06/03 15:54:07.0383 2876 Initialize success
2011/06/03 15:54:16.0306 2340 ================================================================================
2011/06/03 15:54:16.0306 2340 Scan started
2011/06/03 15:54:16.0306 2340 Mode: Manual;
2011/06/03 15:54:16.0306 2340 ================================================================================
2011/06/03 15:54:17.0710 2340 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys
2011/06/03 15:54:17.0866 2340 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
2011/06/03 15:54:17.0975 2340 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2011/06/03 15:54:18.0303 2340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/06/03 15:54:18.0443 2340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/06/03 15:54:18.0584 2340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/06/03 15:54:18.0724 2340 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/03 15:54:18.0833 2340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/03 15:54:19.0020 2340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/03 15:54:19.0130 2340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/03 15:54:19.0239 2340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/06/03 15:54:19.0504 2340 amdkmdag (2d597c853db5ea1b1f6d98610039bb50) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/06/03 15:54:19.0722 2340 amdkmdap (04d770537e5ac5c4676b9a83cb21ec0a) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/03 15:54:19.0832 2340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/06/03 15:54:19.0941 2340 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/06/03 15:54:20.0081 2340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/06/03 15:54:20.0190 2340 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/06/03 15:54:20.0300 2340 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\drivers\amd_sata.sys
2011/06/03 15:54:20.0424 2340 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\drivers\amd_xata.sys
2011/06/03 15:54:20.0549 2340 ApfiltrService (2672a9dbaa6a8deea7ec8c7892e32a03) C:\Windows\system32\drivers\Apfiltr.sys
2011/06/03 15:54:20.0658 2340 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/03 15:54:20.0830 2340 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/06/03 15:54:20.0955 2340 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/06/03 15:54:21.0111 2340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/03 15:54:21.0220 2340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/03 15:54:21.0376 2340 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
2011/06/03 15:54:21.0501 2340 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\drivers\AtiPcie.sys
2011/06/03 15:54:21.0657 2340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/06/03 15:54:21.0782 2340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/03 15:54:21.0891 2340 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/03 15:54:22.0156 2340 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110518.001\BHDrvx64.sys
2011/06/03 15:54:22.0328 2340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
2011/06/03 15:54:22.0608 2340 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/03 15:54:22.0827 2340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/06/03 15:54:23.0014 2340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/06/03 15:54:23.0170 2340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/03 15:54:23.0326 2340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/03 15:54:23.0451 2340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/03 15:54:23.0607 2340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/03 15:54:23.0763 2340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/06/03 15:54:23.0950 2340 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
2011/06/03 15:54:24.0168 2340 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\drivers\btwrchid.sys
2011/06/03 15:54:24.0387 2340 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/03 15:54:24.0652 2340 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/03 15:54:24.0792 2340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/06/03 15:54:24.0902 2340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/03 15:54:25.0011 2340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/06/03 15:54:25.0245 2340 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/03 15:54:25.0354 2340 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/03 15:54:25.0479 2340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/06/03 15:54:25.0572 2340 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/03 15:54:25.0682 2340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/06/03 15:54:25.0822 2340 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
2011/06/03 15:54:25.0947 2340 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/03 15:54:26.0072 2340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/03 15:54:26.0243 2340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/06/03 15:54:26.0415 2340 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/03 15:54:26.0571 2340 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/06/03 15:54:26.0680 2340 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/03 15:54:26.0852 2340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/06/03 15:54:27.0070 2340 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/06/03 15:54:27.0210 2340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/06/03 15:54:27.0382 2340 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/03 15:54:27.0507 2340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/03 15:54:27.0632 2340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/03 15:54:27.0725 2340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/03 15:54:27.0850 2340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/06/03 15:54:27.0959 2340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/03 15:54:28.0068 2340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/03 15:54:28.0162 2340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/06/03 15:54:28.0271 2340 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/03 15:54:28.0396 2340 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/03 15:54:28.0552 2340 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/03 15:54:28.0677 2340 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/03 15:54:28.0802 2340 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/03 15:54:28.0911 2340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/03 15:54:29.0051 2340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/03 15:54:29.0223 2340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/03 15:54:29.0348 2340 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/03 15:54:29.0457 2340 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/03 15:54:29.0566 2340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/06/03 15:54:29.0722 2340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/06/03 15:54:29.0831 2340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/06/03 15:54:29.0956 2340 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/03 15:54:30.0128 2340 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/03 15:54:30.0221 2340 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/03 15:54:30.0393 2340 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/03 15:54:30.0642 2340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/03 15:54:30.0783 2340 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/06/03 15:54:31.0001 2340 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110531.001\IDSvia64.sys
2011/06/03 15:54:31.0110 2340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/06/03 15:54:31.0313 2340 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/03 15:54:31.0422 2340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/03 15:54:31.0532 2340 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
2011/06/03 15:54:31.0688 2340 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/03 15:54:31.0828 2340 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/03 15:54:31.0937 2340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/03 15:54:32.0062 2340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/03 15:54:32.0202 2340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/03 15:54:32.0374 2340 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
2011/06/03 15:54:32.0499 2340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/03 15:54:32.0624 2340 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/03 15:54:32.0748 2340 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/03 15:54:32.0873 2340 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/03 15:54:32.0982 2340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/03 15:54:33.0138 2340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/03 15:54:33.0279 2340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/03 15:54:33.0388 2340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/03 15:54:33.0513 2340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/06/03 15:54:33.0638 2340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/03 15:54:33.0809 2340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/03 15:54:34.0043 2340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/06/03 15:54:34.0215 2340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/06/03 15:54:34.0355 2340 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/03 15:54:34.0480 2340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/03 15:54:34.0589 2340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/03 15:54:34.0714 2340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/03 15:54:34.0792 2340 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/03 15:54:34.0886 2340 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2011/06/03 15:54:35.0042 2340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/03 15:54:35.0213 2340 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/03 15:54:35.0354 2340 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/03 15:54:35.0463 2340 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/03 15:54:35.0588 2340 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/03 15:54:35.0697 2340 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
2011/06/03 15:54:35.0806 2340 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2011/06/03 15:54:35.0915 2340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/03 15:54:36.0102 2340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/03 15:54:36.0321 2340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/03 15:54:36.0446 2340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/03 15:54:36.0570 2340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/03 15:54:36.0680 2340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/03 15:54:36.0804 2340 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/03 15:54:36.0929 2340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/03 15:54:37.0070 2340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/03 15:54:37.0194 2340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/06/03 15:54:37.0350 2340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/03 15:54:37.0522 2340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/03 15:54:37.0725 2340 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110602.001\ENG64.SYS
2011/06/03 15:54:38.0006 2340 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110602.001\EX64.SYS
2011/06/03 15:54:38.0177 2340 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/03 15:54:38.0302 2340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/03 15:54:38.0427 2340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/03 15:54:38.0552 2340 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/03 15:54:38.0661 2340 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/03 15:54:38.0770 2340 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/03 15:54:38.0879 2340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/03 15:54:38.0910 2340 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/03 15:54:39.0035 2340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/06/03 15:54:39.0176 2340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/03 15:54:39.0285 2340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/03 15:54:39.0441 2340 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/06/03 15:54:39.0581 2340 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/03 15:54:39.0706 2340 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/06/03 15:54:39.0800 2340 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/06/03 15:54:39.0924 2340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/03 15:54:40.0049 2340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/03 15:54:40.0236 2340 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/06/03 15:54:40.0346 2340 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/03 15:54:40.0471 2340 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
2011/06/03 15:54:40.0580 2340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/03 15:54:40.0673 2340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/06/03 15:54:40.0798 2340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/03 15:54:40.0923 2340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/03 15:54:41.0126 2340 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/03 15:54:41.0235 2340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/06/03 15:54:41.0375 2340 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/03 15:54:41.0500 2340 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/03 15:54:41.0656 2340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/06/03 15:54:41.0765 2340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/06/03 15:54:41.0890 2340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/03 15:54:41.0999 2340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/03 15:54:42.0109 2340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/03 15:54:42.0233 2340 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/03 15:54:42.0374 2340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/03 15:54:42.0483 2340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/03 15:54:42.0592 2340 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/03 15:54:42.0701 2340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2011/06/03 15:54:42.0795 2340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/03 15:54:42.0920 2340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/03 15:54:43.0029 2340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/03 15:54:43.0138 2340 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/03 15:54:43.0263 2340 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/06/03 15:54:43.0435 2340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/03 15:54:43.0575 2340 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/03 15:54:43.0684 2340 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/06/03 15:54:43.0809 2340 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/03 15:54:43.0965 2340 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2011/06/03 15:54:44.0090 2340 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/03 15:54:44.0215 2340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/03 15:54:44.0371 2340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/06/03 15:54:44.0480 2340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/06/03 15:54:44.0620 2340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/06/03 15:54:44.0761 2340 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
2011/06/03 15:54:44.0870 2340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/03 15:54:44.0963 2340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/03 15:54:45.0073 2340 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/03 15:54:45.0275 2340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/06/03 15:54:45.0431 2340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/06/03 15:54:45.0541 2340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/06/03 15:54:45.0665 2340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/03 15:54:45.0837 2340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/03 15:54:46.0024 2340 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS
2011/06/03 15:54:46.0180 2340 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
2011/06/03 15:54:46.0305 2340 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/03 15:54:46.0430 2340 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/03 15:54:46.0555 2340 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/03 15:54:46.0695 2340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/06/03 15:54:46.0757 2340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/03 15:54:46.0929 2340 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
2011/06/03 15:54:47.0101 2340 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
2011/06/03 15:54:47.0241 2340 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/06/03 15:54:47.0459 2340 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
2011/06/03 15:54:47.0662 2340 SymNetS (81d134628a98a22b6e054e971af525dc) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS
2011/06/03 15:54:47.0974 2340 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/03 15:54:48.0364 2340 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/03 15:54:48.0536 2340 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/03 15:54:48.0645 2340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/03 15:54:48.0754 2340 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/03 15:54:48.0863 2340 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/03 15:54:48.0973 2340 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
2011/06/03 15:54:49.0129 2340 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/03 15:54:49.0253 2340 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/03 15:54:49.0378 2340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/06/03 15:54:49.0487 2340 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/03 15:54:49.0659 2340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/03 15:54:49.0768 2340 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/03 15:54:49.0877 2340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/06/03 15:54:50.0002 2340 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/03 15:54:50.0111 2340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/03 15:54:50.0221 2340 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
2011/06/03 15:54:50.0330 2340 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/06/03 15:54:50.0392 2340 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
2011/06/03 15:54:50.0517 2340 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/06/03 15:54:50.0689 2340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/03 15:54:51.0032 2340 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/03 15:54:51.0172 2340 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/03 15:54:51.0281 2340 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/06/03 15:54:51.0391 2340 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/03 15:54:51.0562 2340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/03 15:54:51.0687 2340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/03 15:54:51.0796 2340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/03 15:54:51.0905 2340 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2011/06/03 15:54:52.0030 2340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/03 15:54:52.0139 2340 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2011/06/03 15:54:52.0249 2340 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/03 15:54:52.0373 2340 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
2011/06/03 15:54:52.0483 2340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/06/03 15:54:52.0717 2340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/03 15:54:52.0826 2340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/03 15:54:52.0951 2340 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/03 15:54:52.0997 2340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/06/03 15:54:53.0200 2340 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 15:54:53.0263 2340 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 15:54:53.0497 2340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/06/03 15:54:53.0606 2340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/03 15:54:53.0793 2340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/03 15:54:53.0887 2340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/03 15:54:54.0058 2340 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/03 15:54:54.0230 2340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/03 15:54:54.0448 2340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/03 15:54:54.0589 2340 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/03 15:54:54.0667 2340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/03 15:54:54.0682 2340 ================================================================================
2011/06/03 15:54:54.0682 2340 Scan finished
2011/06/03 15:54:54.0682 2340 ================================================================================
2011/06/03 15:54:54.0698 5852 Detected object count: 0
2011/06/03 15:54:54.0698 5852 Actual detected object count: 0

Then I ran aswMBR. The following is the report of the scan.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-03 15:55:57
-----------------------------
15:55:57.988 OS Version: Windows x64 6.1.7600
15:55:57.988 Number of processors: 2 586 0x603
15:55:57.988 ComputerName: COMMONER UserName: Derek
15:55:59.673 Initialize success
15:56:05.429 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
15:56:05.429 Disk 0 Vendor: TOSHIBA_ GH01 Size: 610480MB BusType: 11
15:56:07.457 Disk 0 MBR read successfully
15:56:07.457 Disk 0 MBR scan
15:56:07.457 Disk 0 Windows 7 default MBR code
15:56:07.473 Service scanning
15:56:09.360 Disk 0 trace - called modules:
15:56:09.376 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006e75010]<<
15:56:09.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004300060]
15:56:09.376 Scan finished successfully
15:58:23.271 Disk 0 MBR has been saved successfully to "C:\Users\Derek\Downloads\MBR.dat"
15:58:23.271 The log file has been saved successfully to "C:\Users\Derek\Downloads\aswMBR.txt"

After completing the two software listed above, I ran Combofix. Here's the combofix log.

ComboFix 11-06-04.02 - Derek 03/06/2011 18:33:49.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3835.2705 [GMT -5:00]
Running from: c:\users\Derek\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://buy-download.norton.com
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 23:38 . 2011-06-03 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 21:50 . 2011-06-02 21:57 -------- d-----w- c:\program files (x86)\Free Window Registry Repair
2011-06-02 21:35 . 2011-06-02 21:35 -------- d-----w- c:\programdata\Symantec
2011-05-31 01:48 . 2011-05-31 01:49 -------- d-----w- c:\program files\Symantec
2011-05-31 01:48 . 2011-05-31 01:48 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-05-31 01:48 . 2011-05-31 01:48 -------- d-----w- c:\program files (x86)\Norton 360
2011-05-31 01:34 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-31 01:34 . 2011-05-31 01:48 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-05-31 01:31 . 2011-05-31 01:31 -------- d-----w- c:\programdata\PCSettings
2011-05-31 01:31 . 2011-05-31 01:31 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-05-31 00:05 . 2007-03-22 01:39 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL
2011-05-31 00:05 . 2007-03-22 01:33 503808 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2011-05-31 00:05 . 2007-03-22 01:33 348160 ----a-w- c:\windows\SysWow64\MSVCR71.DLL
2011-05-31 00:03 . 2011-05-31 00:03 -------- d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2011-05-31 00:03 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-05-31 00:03 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-05-30 23:37 . 2011-05-31 01:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-30 22:58 . 2011-05-25 00:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADCB602F-D60A-4E64-9232-AC01474C2341}\mpengine.dll
2011-05-30 22:58 . 2011-05-25 00:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-30 22:35 . 2011-05-30 23:01 79266 ----a-w- c:\programdata\bdinstall.bin
2011-05-25 02:01 . 2011-05-25 02:01 -------- d-----w- c:\programdata\Hewlett-Packard
2011-05-25 02:01 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-05-24 02:31 . 2011-05-24 02:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-23 03:45 . 2011-06-02 21:16 -------- d-----w- C:\AeriaGames
2011-05-23 03:23 . 2011-06-03 21:58 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2011-05-19 00:28 . 2011-05-19 00:31 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-05-18 03:12 . 2011-05-18 03:12 -------- d-----w- c:\program files\Avago-HP
2011-05-18 03:12 . 2010-06-29 20:22 373760 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HP1006S.DLL
2011-05-18 03:12 . 2010-06-29 20:22 403968 ----a-w- c:\windows\system32\HP1006LM.DLL
2011-05-18 03:12 . 2010-01-13 17:41 64512 ----a-w- c:\windows\system32\HPPLVS.dll
2011-05-18 03:12 . 2011-05-18 03:12 -------- d-----w- c:\program files\HP
2011-05-18 00:53 . 2011-05-18 00:53 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-05-16 23:18 . 2011-05-16 23:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-15 18:46 . 2011-05-15 18:46 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-05-15 18:43 . 2011-05-15 18:43 -------- d-----w- c:\windows\SysWow64\xlive
2011-05-15 18:42 . 2005-04-04 04:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-05-15 18:42 . 2005-04-04 04:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-05-15 18:42 . 2005-04-04 04:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-05-15 18:42 . 2005-04-04 04:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-05-15 18:42 . 2005-04-04 04:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-05-15 18:42 . 2005-04-04 03:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-05-15 18:42 . 2011-05-15 18:42 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-05-15 18:42 . 2011-05-15 18:42 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-05-13 21:51 . 2011-05-13 21:51 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-05-13 21:11 . 2011-05-13 21:11 -------- d-----w- c:\program files (x86)\SEGA
2011-05-12 02:59 . 2011-05-12 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-12 02:59 . 2011-05-12 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-12 02:59 . 2011-05-12 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-12 02:59 . 2011-05-12 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-12 02:59 . 2011-05-12 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-12 02:59 . 2011-05-12 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-12 02:59 . 2011-05-12 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-05-12 02:59 . 2011-05-12 02:59 -------- d-----w- c:\program files (x86)\QuickTime
2011-05-12 02:59 . 2011-05-12 02:59 -------- d-----w- c:\programdata\Apple Computer
2011-05-12 02:58 . 2011-05-12 02:58 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-05-12 02:58 . 2011-05-12 02:58 -------- d-----w- c:\programdata\Apple
2011-05-12 02:58 . 2011-05-12 02:58 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-05-12 00:24 . 2011-05-12 00:24 -------- d-----w- c:\windows\PCHEALTH
2011-05-12 00:24 . 2011-05-12 00:24 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-05-12 00:24 . 2011-05-12 00:24 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-05-12 00:22 . 2011-05-12 00:22 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-05-12 00:21 . 2011-05-12 00:21 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-05-12 00:19 . 2011-05-12 00:19 -------- d-----r- C:\MSOCache
2011-05-11 04:04 . 2011-05-11 04:04 -------- d-----w- C:\c46c34977b5b5dbdfc31be9fee
2011-05-11 03:56 . 2011-05-13 03:05 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-05-11 03:56 . 2011-05-13 03:05 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-05-11 03:56 . 2011-05-13 03:05 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-05-11 03:51 . 2011-05-11 03:51 94208 ----a-w- c:\windows\DIIUnin.exe
2011-05-11 03:51 . 2011-05-11 03:51 2829 ----a-w- c:\windows\DIIUnin.pif
2011-05-11 03:49 . 2011-05-13 03:05 -------- d-----w- c:\program files (x86)\Diablo II
2011-05-11 02:35 . 2011-05-11 02:37 -------- d-----w- c:\program files\Common Files\Adobe
2011-05-11 02:34 . 2011-05-11 02:34 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-05-11 02:32 . 2011-05-11 02:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-05-11 02:14 . 2010-04-30 20:37 -------- d-----w- C:\Adobe Photoshop CS5 Extended Edition
2011-05-11 01:51 . 2011-05-11 01:51 -------- d-----w- c:\users\Default\AppData\Local\Sony Corporation
2011-05-11 01:47 . 2011-05-11 01:47 -------- d-----w- C:\VAIO Entertainment
2011-05-10 22:57 . 2011-05-10 22:57 -------- dc-h--w- c:\programdata\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-05-10 03:12 . 2011-05-10 03:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-05-10 01:30 . 2011-05-10 01:30 -------- d-----w- C:\Games
2011-05-09 23:57 . 2008-10-15 11:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-05-09 23:57 . 2008-10-15 11:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-05-09 23:57 . 2008-10-15 11:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-05-09 23:57 . 2008-10-15 11:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-05-09 23:57 . 2008-10-15 11:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-05-09 23:57 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-05-09 23:51 . 2011-05-09 23:59 -------- d-----w- c:\program files (x86)\Sid Meier's Civilization V
2011-05-09 23:25 . 2011-05-09 23:29 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent
2011-05-09 21:47 . 2011-05-09 21:45 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2011-05-09 21:26 . 2011-05-09 21:26 -------- d-----w- c:\program files (x86)\BitTorrent
2011-05-09 21:13 . 2011-05-28 23:37 -------- d-----w- c:\program files (x86)\StarCraft II
2011-05-09 21:13 . 2011-05-09 23:18 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-05-09 21:13 . 2011-05-09 21:37 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-05-09 21:10 . 2011-05-09 21:10 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-09 21:10 . 2011-05-09 21:10 -------- d-----w- c:\windows\system32\Wat
2011-05-09 02:40 . 2011-05-09 02:42 -------- d-----w- C:\DJMAX
2011-05-09 02:24 . 2010-02-04 15:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-05-09 02:20 . 2011-05-10 01:53 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-09 00:25 . 2011-05-09 00:25 -------- d-----w- c:\programdata\Media Center Programs
2011-05-09 00:25 . 2011-05-09 00:25 -------- d-----w- c:\program files (x86)\Guild Wars
2011-05-09 00:14 . 2011-05-12 00:28 -------- d-----w- c:\programdata\Microsoft Help
2011-05-08 23:51 . 2011-05-08 23:51 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-08 23:50 . 2011-05-08 23:51 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-05-08 23:50 . 2011-05-08 23:50 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-05-08 23:36 . 2011-06-02 21:35 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-05-08 22:57 . 2011-05-08 22:58 -------- d-----w- c:\programdata\ESTsoft
2011-05-08 22:57 . 2011-05-08 22:58 -------- d-----w- c:\program files (x86)\ESTsoft
2011-05-08 22:56 . 2011-05-08 23:57 -------- d-----w- C:\Update
2011-05-08 22:41 . 2011-05-10 02:58 -------- d-----w- C:\DK Downloads
2011-05-08 22:34 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-08 22:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-05-08 22:33 . 2011-05-08 22:33 -------- d-----w- c:\programdata\ATI
2011-05-08 22:24 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-08 22:24 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-08 22:24 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-08 22:24 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-08 22:24 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-08 22:24 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-08 22:24 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-08 22:24 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-08 22:24 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-08 22:24 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-08 22:20 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-08 22:20 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-05-08 22:18 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
2011-05-08 22:16 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-08 22:03 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-14 10:07 . 2010-12-02 23:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-12 18:01 . 2011-04-12 18:01 52632 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-04-09 04:00 . 2011-04-09 04:00 465920 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-09 04:00 . 2011-04-09 04:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-02-09 81328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-22 597792]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-04-19 1127032]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110531.001\IDSvia64.sys [2011-03-15 476792]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 257936]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-31 136824]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-03-25 574320]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 1223024]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHLPA64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\byzvkc1o.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_8832f4b.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_8832f4b.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-03 18:40:21
ComboFix-quarantined-files.txt 2011-06-03 23:40
.
Pre-Run: 450,085,289,984 bytes free
Post-Run: 449,850,277,888 bytes free
.
- - End Of File - - FF42411A1628D720E0A5AAAB17DC596D

Again, I cannot thank you enough for taking a look at my system.

Sincerely,

Derek
  • 0

#4
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Open notepad by going to Start > Run and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following:

@echo off
>Router_Log_Gammo.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Router_Log_Gammo.txt
del %0


In Notepad click on the "File" menu > Save As...
Under "File name" type Router_Gammo.bat
Change "Save as type" to All Files
Save it to your Desktop

Double click on Router_Gammo.bat. It will open a notepad windows. Please post the contents of this file in your next reply.
  • 0

#5
derek1024

derek1024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I followed every step and have made Router_Log_Gammo.txt.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Commoner
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 4A-0F-6E-E2-90-66
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 78-84-3C-2F-A7-94
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 4C-0F-6E-E2-90-66
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::13e:e358:45ff:2202%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : June-05-11 1:29:42 PM
Lease Expires . . . . . . . . . . : June-12-11 1:39:22 PM
Default Gateway . . . . . . . . . : fe80::226:5aff:febb:1fd1%11
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{557D507A-D028-48D9-92AE-AA9D63539F84}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E386BBCC-12A6-4B15-96DE-471C81BCFFCA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A35F455B-5668-4676-9BE3-74A32BB9A2C8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18f3:2c07:b527:a6cf(Preferred)
Link-local IPv6 Address . . . . . : fe80::18f3:2c07:b527:a6cf%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Pinging google.com [74.125.93.105] with 32 bytes of data:
Reply from 74.125.93.105: bytes=32 time=105ms TTL=54
Reply from 74.125.93.105: bytes=32 time=83ms TTL=54

Ping statistics for 74.125.93.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 83ms, Maximum = 105ms, Average = 94ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=139ms TTL=56
Reply from 98.137.149.56: bytes=32 time=87ms TTL=56

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 87ms, Maximum = 139ms, Average = 113ms
===========================================================================
Interface List
14...4a 0f 6e e2 90 66 ......Microsoft Virtual WiFi Miniport Adapter
12...78 84 3c 2f a7 94 ......Realtek PCIe GBE Family Controller
11...4c 0f 6e e2 90 66 ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.15 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.15 281
192.168.0.15 255.255.255.255 On-link 192.168.0.15 281
192.168.0.255 255.255.255.255 On-link 192.168.0.15 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.15 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.15 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
11 281 ::/0 fe80::226:5aff:febb:1fd1
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:18f3:2c07:b527:a6cf/128
On-link
11 281 fe80::/64 On-link
15 306 fe80::/64 On-link
11 281 fe80::13e:e358:45ff:2202/128
On-link
15 306 fe80::18f3:2c07:b527:a6cf/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
  • 0

#6
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done with your internet connection disabled, so you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

It sounds like a case of Zlob/DNSchanger that change the router's DNS settings.

1. Very important: First disconnect your computer from the internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

3. Reset the IP/DNS settings of your interent connection:
  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
  • Under General tab:
  • Select "Obtain an IP address automatically".
  • Select "Obtain DNS server address automatically".

[*]Click OK twice to save the settings.
[*]Reboot if you had to change any setting.[/list]4. Flush the DNS cache:
  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:

    ipconfig /flushdns
  • Then hit enter.
  • Exit the command window.
5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the Internet.

Does this fix the redirection problem?
  • 0

#7
derek1024

derek1024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I followed your steps in the following order but the redirecting of the search engine has not stopped.

1) Disconnected my laptop from the router
2) Reset the router to factory setting and reinstalled it
3) Cleared all of my internet files on all browsers
4) Checked my IP/DNS settings but I didn't have to change anything.
5) Flushed DNS using the command prompt.

The pictures I uploaded below are the live symptoms still persisting when I try to get on any site through a search engine.

The thing I have below is an addon for Firefox called Noscript. I got it after my computer got infected to prevent further viruses while surfing.

Now, I use the internet by going on google, searching it up, clicking the link, copying and pasting the url before going into the odd redirect to access it properly.

Attached Thumbnails

  • Capture.PNG

  • 0

#8
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Question: Are there any other computers connected to the router? If so, are they having the same redirecting problem as well?



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#9
derek1024

derek1024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I ran them and here's what I got:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6790

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

06/06/2011 5:15:55 PM
mbam-log-2011-06-06 (17-15-55).txt

Scan type: Quick scan
Objects scanned: 165211
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e00bd7efdc25c244930d18ba8d180afb
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-06 10:43:25
# local_time=2011-06-06 05:43:25 (-0600, Central Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777213 100 80 0 57975097 0 0
# compatibility_mode=5893 16776574 100 94 194447 58942451 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=3054
# found=0
# cleaned=0
# scan_time=1203
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e00bd7efdc25c244930d18ba8d180afb
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-07 12:21:34
# local_time=2011-06-06 07:21:34 (-0600, Central Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777213 100 80 0 57976468 0 0
# compatibility_mode=5893 16776574 100 52 195818 58945138 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73352
# found=0
# cleaned=0
# scan_time=5715

By the way, the symptoms still persist but here's what I found:

It seems that the virus only redirects some links instead of everything. On the sites that does not redirect, it still redirects half of the time and it can be accessed without any redirects once in a while.

It redirects to:
http://cdn.apture.com/
http://consumersurveygroup.org/

The pictures attached below are cases where the same website gets redirected half of the time.

Attached Thumbnails

  • Capture.PNG
  • Capture1.PNG

  • 0

#10
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).




Download FoxScan to your desktop
  • Run the FoxScan file
  • A window will open up and give you an option for what language to use. Press 2 and then Enter, let the program run unhindered.
  • The message "Press any key to continue..." will appear, do what it says and press any key you want
  • The program will then open its report in a Notepad file, it will also be saved to your C:\ drive
  • Post this log on the forum

  • 0

Advertisements


#11
derek1024

derek1024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I finally got rid of the "virus" and found the root of all my problems! It turns out that when I disable my addons for firefox, it doesn't redirect anymore. I found this out when running my Firefox in safe mode.

Thank you for your dedicated work and being patient with me.

Sincerely,

Derek.

P.S. I had an addon named Apture Highlights and that was probably what redirected me to its partner sites.

Edited by derek1024, 07 June 2011 - 02:38 PM.

  • 0

#12
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Have you uninstalled the malicious Firefox extension? If so, your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :)
  • 0

#13
derek1024

derek1024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Sorry to bother you again but the redirects have returned. Instead of getting redirected to apture sites, I get redirected to dating sites. I'm afraid I have to ask for more help. I ran GooredFix and here's the log. I also tried FoxScan but whenever I press 2 and press enter, it automatically shuts off on its own. I looked online and tried to run Firefox on safe mode and shut it off for a while but no luck.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:39 on 08/06/2011 (Derek)
Firefox version 4.0.1 (en-GB)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:48 08/05/2011]
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [02:31 24/05/2011]

C:\Users\Derek\Application Data\Mozilla\Firefox\Profiles\byzvkc1o.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\" [01:49 31/05/2011]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\" [01:48 31/05/2011]

-=E.O.F=-
  • 0

#14
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Just to clarify: are you getting the redirects in Firefox' safe mode as well?
  • 0

#15
derek1024

derek1024

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Yes it still redirects on safemode with every add-on disabled.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP