Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

UNKNOWN VIRUS - CANNOT OPEN PROGRAMS [Solved]


  • This topic is locked This topic is locked

#16
JaySmiley77

JaySmiley77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the results on Quick Scan on OTL:









OTL logfile created on: 1/18/2012 10:55:28 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jay\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 63.10% Memory free
8.09 Gb Paging File | 6.58 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.04 Gb Total Space | 142.70 Gb Free Space | 49.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.76 Gb Free Space | 27.57% Space Free | Partition Type: NTFS
Drive E: | 702.81 Mb Total Space | 520.54 Mb Free Space | 74.07% Space Free | Partition Type: UDF

Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 17:16:08 | 006,055,875 | ---- | M] (LIGHTNING UK!) -- E:\SetupImgBurn_2.5.6.0.exe
PRC - [2012/01/16 16:46:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.com
PRC - [2011/10/15 18:09:09 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/11 11:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/09/05 12:04:58 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/04/12 15:14:32 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 22:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/18 22:55:26 | 000,014,848 | ---- | M] () -- C:\Users\Jay\AppData\Local\Temp\nsr6C4B.tmp\InstallOptions.dll
MOD - [2012/01/18 22:55:26 | 000,011,264 | ---- | M] () -- C:\Users\Jay\AppData\Local\Temp\nsr6C4B.tmp\System.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/13 01:29:42 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010/07/13 01:28:42 | 000,856,064 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010/07/13 01:26:12 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
MOD - [2010/07/13 01:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
MOD - [2010/07/13 01:25:50 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
MOD - [2010/07/13 01:25:42 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010/07/13 01:22:36 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
MOD - [2010/07/13 01:22:02 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
MOD - [2010/07/13 01:16:16 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
MOD - [2010/07/13 01:15:58 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
MOD - [2010/07/13 01:15:52 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
MOD - [2010/07/13 01:13:42 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
MOD - [2010/07/13 01:10:56 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll
MOD - [2010/04/02 21:23:36 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
MOD - [2010/04/02 20:44:16 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/12/22 04:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/22 04:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV - [2011/10/01 12:48:21 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/30 13:40:07 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 19:39:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/09 00:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 14:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/22 04:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/22 04:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/11/24 03:29:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/08/19 03:56:20 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/19 03:49:30 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/19 03:37:58 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/08/19 00:39:36 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/08/19 00:39:34 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/08/19 00:39:32 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2012/01/08 18:05:31 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\VirusDefs\20120116.002\EX64.SYS -- (NAVEX15)
DRV - [2012/01/08 18:05:31 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/08 18:05:31 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\VirusDefs\20120116.002\ENG64.SYS -- (NAVENG)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 18:07:13 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/28 14:28:46 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\IPSDefs\20120113.002\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jay\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HBLite\bin\11.0.181.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\IPSFFPlgn\ [2011/11/05 11:56:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\coFFPlgn_2011_7_4_3 [2012/01/18 22:51:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/27 20:20:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/16 10:16:19 | 000,000,000 | ---D | M]

[2012/01/14 11:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\Mozilla\Extensions
[2012/01/16 21:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\ux12qu6l.default\extensions
[2012/01/16 09:39:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\ux12qu6l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 09:39:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\ux12qu6l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/16 21:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\ux12qu6l.default\extensions\{a6f5497f-3985-43e6-8e26-642e496a9a7c}
[2012/01/16 09:39:32 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\ux12qu6l.default\extensions\[email protected]
[2012/01/14 11:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/10 19:51:22 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/26 14:18:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/01 18:06:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/08 16:45:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/16 19:02:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.75\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [FileZilla Server Interface] "C:\Users\Jay\Desktop\Fall 2010\FileZilla Server\FileZilla Server Interface.exe" File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe File not found
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.game...apWebPlayer.cab (GameTap Player)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{986105F2-75F6-45A1-9A61-78E59B572073}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\16.0.912.75\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jay\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jay\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 19:29:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/16 19:29:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/16 19:29:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/16 19:29:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/16 19:29:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 19:28:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/16 19:28:28 | 004,386,017 | R--- | C] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2012/01/16 18:56:34 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\My Books
[2012/01/16 18:32:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 17:12:46 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2012/01/16 16:46:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.com
[2012/01/16 09:53:14 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2012/01/14 13:21:02 | 000,000,000 | R--D | C] -- C:\Users\Jay\Pictures
[2012/01/14 12:09:09 | 000,000,000 | R--D | C] -- C:\Users\Jay\Documents\LAPTOP
[2011/12/30 11:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011/12/30 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Garmin
[2011/12/30 10:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/12/30 10:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2011/12/30 10:23:58 | 000,000,000 | ---D | C] -- C:\Garmin
[2011/12/23 19:54:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\N360_BACKUP

========== Files - Modified Within 30 Days ==========

[2012/01/18 22:51:24 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/18 22:51:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 22:51:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 22:51:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/18 22:50:59 | 4251,811,840 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 22:50:52 | 451,699,546 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/16 21:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 19:28:31 | 004,386,017 | R--- | M] (Swearware) -- C:\Users\Jay\Desktop\ComboFix.exe
[2012/01/16 19:16:57 | 000,000,935 | ---- | M] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2012/01/16 18:25:39 | 000,000,512 | ---- | M] () -- C:\Users\Jay\Desktop\MBR.dat
[2012/01/16 17:12:54 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Jay\Desktop\aswMBR.exe
[2012/01/16 16:46:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.com
[2012/01/16 16:42:55 | 000,228,864 | ---- | M] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/16 10:13:18 | 000,000,600 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\winscp.rnd
[2012/01/14 16:06:57 | 000,704,382 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/14 16:06:57 | 000,605,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/14 16:06:57 | 000,104,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/14 13:04:32 | 000,000,732 | ---- | M] () -- C:\Users\Jay\AppData\Local\d3d9caps64.dat
[2012/01/14 12:13:59 | 000,001,356 | ---- | M] () -- C:\Users\Jay\AppData\Local\d3d9caps.dat
[2012/01/11 16:15:32 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

========== Files Created - No Company Name ==========

[2012/01/16 19:29:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/16 19:29:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/16 19:29:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/16 19:29:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/16 19:29:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/16 19:16:57 | 000,000,935 | ---- | C] () -- C:\Users\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
[2012/01/16 18:25:39 | 000,000,512 | ---- | C] () -- C:\Users\Jay\Desktop\MBR.dat
[2012/01/16 15:42:01 | 4251,811,840 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/14 13:04:32 | 000,000,732 | ---- | C] () -- C:\Users\Jay\AppData\Local\d3d9caps64.dat
[2012/01/11 16:15:32 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2011/11/01 21:11:29 | 000,000,600 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\winscp.rnd
[2011/10/30 11:18:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/21 15:56:40 | 000,148,195 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2011/05/18 16:31:08 | 000,001,940 | ---- | C] () -- C:\Users\Jay\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/02/02 17:10:01 | 000,000,600 | ---- | C] () -- C:\Users\Jay\AppData\Local\PUTTY.RND
[2011/01/02 18:59:33 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010/12/20 21:14:07 | 000,001,356 | ---- | C] () -- C:\Users\Jay\AppData\Local\d3d9caps.dat
[2010/12/05 19:49:58 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/12 15:22:36 | 000,001,456 | ---- | C] () -- C:\Users\Jay\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/09/17 22:40:18 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/17 22:40:18 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E2AAB8935E.sys
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/08 19:39:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/30 11:17:42 | 000,000,171 | ---- | C] () -- C:\Users\Jay\AppData\Local\RAExpertHistory.xml
[2010/07/19 20:04:21 | 000,000,171 | ---- | C] () -- C:\Users\Jay\AppData\Local\rahistory.xml
[2010/05/26 17:06:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/16 18:31:38 | 000,228,864 | ---- | C] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 12:03:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/05/15 12:02:38 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/05/15 12:02:15 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/04/12 14:50:46 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/04/24 22:58:05 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2012/01/16 10:16:02 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Canon
[2010/10/21 21:30:55 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/26 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\FileZilla
[2011/12/21 21:55:31 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\FrostWire
[2011/12/30 10:35:56 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Garmin
[2012/01/16 09:39:17 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\GetRightToGo
[2012/01/16 09:39:17 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\gtk-2.0
[2010/06/30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Leadertech
[2012/01/16 09:39:39 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\muvee Technologies
[2012/01/16 09:39:39 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Notepad++
[2010/08/08 19:56:11 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\ooVoo Details
[2010/12/25 18:17:38 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\SoftGrid Client
[2010/11/01 22:34:50 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/18 10:41:56 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Tific
[2010/12/05 19:59:45 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TP
[2012/01/16 21:36:37 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK is your computer set to CD as the first drive device in the BIOS ?

If you do not know how to set your computer to boot from CD follow the steps here

Once the CD is set as first device, then with the cd in the drive as you boot you will see the following :

Press any key to boot from CD

Press a key and the CD should load
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

\\.\globalroot\systemroot\svchost.exe

I still have some concerns about this blighter

So I will use a different tool to hopefully achieve the same aim


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#19
JaySmiley77

JaySmiley77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the TDSSKiller...report




16:06:10.0926 1148 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
16:06:11.0394 1148 ============================================================
16:06:11.0394 1148 Current date / time: 2012/01/21 16:06:11.0394
16:06:11.0394 1148 SystemInfo:
16:06:11.0394 1148
16:06:11.0394 1148 OS Version: 6.0.6002 ServicePack: 2.0
16:06:11.0394 1148 Product type: Workstation
16:06:11.0394 1148 ComputerName: JAY-PC
16:06:11.0394 1148 UserName: Jay
16:06:11.0394 1148 Windows directory: C:\Windows
16:06:11.0394 1148 System windows directory: C:\Windows
16:06:11.0394 1148 Running under WOW64
16:06:11.0394 1148 Processor architecture: Intel x64
16:06:11.0394 1148 Number of processors: 2
16:06:11.0394 1148 Page size: 0x1000
16:06:11.0394 1148 Boot type: Normal boot
16:06:11.0394 1148 ============================================================
16:06:11.0769 1148 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:06:11.0847 1148 Initialize success
16:06:17.0681 0480 ============================================================
16:06:17.0681 0480 Scan started
16:06:17.0681 0480 Mode: Manual; SigCheck; TDLFS;
16:06:17.0681 0480 ============================================================
16:06:18.0680 0480 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:06:18.0851 0480 ACPI - ok
16:06:19.0023 0480 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:06:19.0054 0480 adp94xx - ok
16:06:19.0194 0480 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:06:19.0226 0480 adpahci - ok
16:06:19.0319 0480 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:06:19.0335 0480 adpu160m - ok
16:06:19.0428 0480 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:06:19.0460 0480 adpu320 - ok
16:06:19.0506 0480 Afc - ok
16:06:19.0631 0480 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
16:06:19.0678 0480 AFD - ok
16:06:19.0818 0480 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:06:19.0834 0480 agp440 - ok
16:06:19.0974 0480 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:06:20.0006 0480 aic78xx - ok
16:06:20.0130 0480 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
16:06:20.0146 0480 aliide - ok
16:06:20.0240 0480 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:06:20.0255 0480 amdide - ok
16:06:20.0380 0480 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:06:20.0442 0480 AmdK8 - ok
16:06:20.0583 0480 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:06:20.0630 0480 ApfiltrService - ok
16:06:20.0770 0480 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:06:20.0786 0480 arc - ok
16:06:20.0910 0480 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:06:20.0926 0480 arcsas - ok
16:06:21.0051 0480 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:06:21.0113 0480 AsyncMac - ok
16:06:21.0222 0480 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:06:21.0238 0480 atapi - ok
16:06:21.0503 0480 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
16:06:21.0550 0480 BHDrvx64 - ok
16:06:21.0675 0480 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:06:21.0722 0480 blbdrive - ok
16:06:21.0831 0480 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:06:21.0862 0480 bowser - ok
16:06:22.0002 0480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:06:22.0049 0480 BrFiltLo - ok
16:06:22.0158 0480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:06:22.0190 0480 BrFiltUp - ok
16:06:22.0330 0480 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:06:22.0424 0480 Brserid - ok
16:06:22.0533 0480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:06:22.0611 0480 BrSerWdm - ok
16:06:22.0736 0480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:06:22.0829 0480 BrUsbMdm - ok
16:06:22.0845 0480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:06:22.0938 0480 BrUsbSer - ok
16:06:23.0079 0480 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:06:23.0172 0480 BTHMODEM - ok
16:06:23.0328 0480 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:06:23.0422 0480 cdfs - ok
16:06:23.0562 0480 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:06:23.0609 0480 cdrom - ok
16:06:23.0734 0480 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
16:06:23.0796 0480 circlass - ok
16:06:23.0906 0480 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:06:23.0937 0480 CLFS - ok
16:06:24.0093 0480 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
16:06:24.0155 0480 CmBatt - ok
16:06:24.0249 0480 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:06:24.0280 0480 cmdide - ok
16:06:24.0374 0480 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
16:06:24.0389 0480 Compbatt - ok
16:06:24.0498 0480 cpuz132 - ok
16:06:24.0592 0480 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:06:24.0608 0480 crcdisk - ok
16:06:24.0779 0480 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:06:24.0810 0480 DfsC - ok
16:06:24.0966 0480 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:06:24.0998 0480 disk - ok
16:06:25.0154 0480 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:06:25.0200 0480 drmkaud - ok
16:06:25.0341 0480 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:06:25.0403 0480 DXGKrnl - ok
16:06:25.0559 0480 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
16:06:25.0637 0480 e1express - ok
16:06:25.0809 0480 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:06:25.0871 0480 E1G60 - ok
16:06:25.0996 0480 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:06:26.0012 0480 Ecache - ok
16:06:26.0183 0480 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:06:26.0214 0480 eeCtrl - ok
16:06:26.0339 0480 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:06:26.0370 0480 elxstor - ok
16:06:26.0511 0480 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:06:26.0526 0480 EraserUtilRebootDrv - ok
16:06:26.0636 0480 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
16:06:26.0667 0480 ErrDev - ok
16:06:26.0792 0480 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:06:26.0807 0480 exfat - ok
16:06:26.0932 0480 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:06:26.0979 0480 fastfat - ok
16:06:27.0104 0480 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:06:27.0166 0480 fdc - ok
16:06:27.0306 0480 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:06:27.0322 0480 FileInfo - ok
16:06:27.0431 0480 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:06:27.0494 0480 Filetrace - ok
16:06:27.0603 0480 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:06:27.0665 0480 flpydisk - ok
16:06:27.0774 0480 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:06:27.0806 0480 FltMgr - ok
16:06:27.0962 0480 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:06:28.0008 0480 Fs_Rec - ok
16:06:28.0118 0480 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:06:28.0133 0480 gagp30kx - ok
16:06:28.0274 0480 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:06:28.0289 0480 GEARAspiWDM - ok
16:06:28.0430 0480 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
16:06:28.0445 0480 grmnusb - ok
16:06:28.0648 0480 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:06:28.0757 0480 HDAudBus - ok
16:06:28.0866 0480 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:06:28.0976 0480 HidBth - ok
16:06:29.0069 0480 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
16:06:29.0116 0480 HidIr - ok
16:06:29.0256 0480 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:06:29.0303 0480 HidUsb - ok
16:06:29.0428 0480 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:06:29.0444 0480 HpCISSs - ok
16:06:29.0568 0480 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:06:29.0600 0480 HTTP - ok
16:06:29.0693 0480 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:06:29.0724 0480 i2omp - ok
16:06:29.0834 0480 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:06:29.0880 0480 i8042prt - ok
16:06:30.0021 0480 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:06:30.0052 0480 iaStorV - ok
16:06:30.0317 0480 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\IPSDefs\20120120.002\IDSvia64.sys
16:06:30.0348 0480 IDSVia64 - ok
16:06:30.0754 0480 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:06:31.0222 0480 igfx - ok
16:06:31.0331 0480 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:06:31.0347 0480 iirsp - ok
16:06:31.0503 0480 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
16:06:31.0518 0480 IntcHdmiAddService - ok
16:06:31.0628 0480 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:06:31.0643 0480 intelide - ok
16:06:31.0752 0480 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:06:31.0815 0480 intelppm - ok
16:06:31.0940 0480 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:06:31.0986 0480 IpFilterDriver - ok
16:06:32.0064 0480 IpInIp - ok
16:06:32.0096 0480 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:06:32.0158 0480 IPMIDRV - ok
16:06:32.0252 0480 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:06:32.0314 0480 IPNAT - ok
16:06:32.0439 0480 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:06:32.0501 0480 IRENUM - ok
16:06:32.0626 0480 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:06:32.0642 0480 isapnp - ok
16:06:32.0782 0480 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:06:32.0813 0480 iScsiPrt - ok
16:06:32.0922 0480 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:06:32.0938 0480 iteatapi - ok
16:06:33.0063 0480 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
16:06:33.0078 0480 itecir - ok
16:06:33.0203 0480 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:06:33.0219 0480 iteraid - ok
16:06:33.0328 0480 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:06:33.0359 0480 k57nd60a - ok
16:06:33.0453 0480 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:06:33.0468 0480 kbdclass - ok
16:06:33.0578 0480 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:06:33.0624 0480 kbdhid - ok
16:06:33.0734 0480 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
16:06:33.0765 0480 KSecDD - ok
16:06:33.0874 0480 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:06:33.0936 0480 ksthunk - ok
16:06:34.0046 0480 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:06:34.0108 0480 lltdio - ok
16:06:34.0202 0480 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:06:34.0233 0480 LSI_FC - ok
16:06:34.0342 0480 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:06:34.0373 0480 LSI_SAS - ok
16:06:34.0467 0480 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:06:34.0482 0480 LSI_SCSI - ok
16:06:34.0607 0480 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:06:34.0670 0480 luafv - ok
16:06:34.0810 0480 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:06:34.0826 0480 megasas - ok
16:06:34.0982 0480 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:06:35.0013 0480 MegaSR - ok
16:06:35.0122 0480 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:06:35.0184 0480 Modem - ok
16:06:35.0278 0480 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:06:35.0340 0480 monitor - ok
16:06:35.0450 0480 motccgp - ok
16:06:35.0465 0480 motccgpfl - ok
16:06:35.0465 0480 MotoSwitchService - ok
16:06:35.0512 0480 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:06:35.0528 0480 mouclass - ok
16:06:35.0652 0480 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:06:35.0715 0480 mouhid - ok
16:06:35.0808 0480 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:06:35.0824 0480 MountMgr - ok
16:06:35.0949 0480 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:06:35.0980 0480 mpio - ok
16:06:36.0074 0480 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:06:36.0120 0480 mpsdrv - ok
16:06:36.0230 0480 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:06:36.0245 0480 Mraid35x - ok
16:06:36.0354 0480 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:06:36.0370 0480 MRxDAV - ok
16:06:36.0495 0480 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:06:36.0510 0480 mrxsmb - ok
16:06:36.0635 0480 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:06:36.0651 0480 mrxsmb10 - ok
16:06:36.0760 0480 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:06:36.0791 0480 mrxsmb20 - ok
16:06:36.0900 0480 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
16:06:36.0932 0480 msahci - ok
16:06:37.0025 0480 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:06:37.0056 0480 msdsm - ok
16:06:37.0166 0480 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:06:37.0244 0480 Msfs - ok
16:06:37.0400 0480 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:06:37.0415 0480 msisadrv - ok
16:06:37.0524 0480 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:06:37.0587 0480 MSKSSRV - ok
16:06:37.0680 0480 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:06:37.0743 0480 MSPCLOCK - ok
16:06:37.0868 0480 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:06:37.0930 0480 MSPQM - ok
16:06:38.0039 0480 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:06:38.0070 0480 MsRPC - ok
16:06:38.0180 0480 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:06:38.0195 0480 mssmbios - ok
16:06:38.0336 0480 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:06:38.0398 0480 MSTEE - ok
16:06:38.0492 0480 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:06:38.0523 0480 Mup - ok
16:06:38.0663 0480 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:06:38.0694 0480 NativeWifiP - ok
16:06:38.0928 0480 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\VirusDefs\20120120.035\ENG64.SYS
16:06:38.0944 0480 NAVENG - ok
16:06:39.0240 0480 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\VirusDefs\20120120.035\EX64.SYS
16:06:39.0318 0480 NAVEX15 - ok
16:06:39.0474 0480 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:06:39.0537 0480 NDIS - ok
16:06:39.0662 0480 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:06:39.0740 0480 NdisTapi - ok
16:06:39.0896 0480 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:06:39.0974 0480 Ndisuio - ok
16:06:40.0067 0480 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:06:40.0114 0480 NdisWan - ok
16:06:40.0239 0480 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:06:40.0286 0480 NDProxy - ok
16:06:40.0395 0480 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:06:40.0457 0480 NetBIOS - ok
16:06:40.0566 0480 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:06:40.0613 0480 netbt - ok
16:06:40.0910 0480 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
16:06:41.0050 0480 NETw5v64 - ok
16:06:41.0175 0480 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:06:41.0190 0480 nfrd960 - ok
16:06:41.0300 0480 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:06:41.0346 0480 Npfs - ok
16:06:41.0471 0480 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:06:41.0534 0480 nsiproxy - ok
16:06:41.0674 0480 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:06:41.0752 0480 Ntfs - ok
16:06:41.0861 0480 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:06:41.0939 0480 Null - ok
16:06:42.0064 0480 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:06:42.0111 0480 nvraid - ok
16:06:42.0204 0480 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:06:42.0236 0480 nvstor - ok
16:06:42.0345 0480 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:06:42.0392 0480 nv_agp - ok
16:06:42.0470 0480 NwlnkFlt - ok
16:06:42.0485 0480 NwlnkFwd - ok
16:06:42.0641 0480 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
16:06:42.0672 0480 OA001Ufd - ok
16:06:42.0828 0480 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
16:06:42.0860 0480 OA001Vid - ok
16:06:43.0000 0480 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
16:06:43.0047 0480 ohci1394 - ok
16:06:43.0187 0480 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:06:43.0281 0480 Parport - ok
16:06:43.0390 0480 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:06:43.0406 0480 partmgr - ok
16:06:43.0515 0480 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:06:43.0546 0480 pci - ok
16:06:43.0655 0480 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
16:06:43.0671 0480 pciide - ok
16:06:43.0780 0480 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:06:43.0811 0480 pcmcia - ok
16:06:43.0936 0480 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:06:44.0045 0480 PEAUTH - ok
16:06:44.0232 0480 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:06:44.0279 0480 PptpMiniport - ok
16:06:44.0373 0480 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:06:44.0435 0480 Processor - ok
16:06:44.0607 0480 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:06:44.0654 0480 PSched - ok
16:06:44.0825 0480 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:06:44.0888 0480 ql2300 - ok
16:06:45.0012 0480 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:06:45.0028 0480 ql40xx - ok
16:06:45.0153 0480 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:06:45.0184 0480 QWAVEdrv - ok
16:06:45.0387 0480 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
16:06:45.0543 0480 R300 - ok
16:06:45.0699 0480 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:06:45.0746 0480 RasAcd - ok
16:06:45.0902 0480 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:06:45.0948 0480 Rasl2tp - ok
16:06:46.0042 0480 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:06:46.0089 0480 RasPppoe - ok
16:06:46.0182 0480 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:06:46.0214 0480 RasSstp - ok
16:06:46.0323 0480 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:06:46.0370 0480 rdbss - ok
16:06:46.0479 0480 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:06:46.0541 0480 RDPCDD - ok
16:06:46.0650 0480 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:06:46.0713 0480 rdpdr - ok
16:06:46.0822 0480 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:06:46.0869 0480 RDPENCDD - ok
16:06:46.0978 0480 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:06:47.0025 0480 RDPWD - ok
16:06:47.0181 0480 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
16:06:47.0196 0480 rimmptsk - ok
16:06:47.0337 0480 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
16:06:47.0352 0480 rimsptsk - ok
16:06:47.0446 0480 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
16:06:47.0477 0480 rismxdp - ok
16:06:47.0571 0480 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:06:47.0633 0480 rspndr - ok
16:06:47.0758 0480 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:06:47.0774 0480 sbp2port - ok
16:06:47.0930 0480 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
16:06:47.0976 0480 sdbus - ok
16:06:48.0070 0480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:06:48.0148 0480 secdrv - ok
16:06:48.0210 0480 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:06:48.0288 0480 Serenum - ok
16:06:48.0382 0480 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:06:48.0476 0480 Serial - ok
16:06:48.0585 0480 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:06:48.0632 0480 sermouse - ok
16:06:48.0788 0480 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
16:06:48.0834 0480 sffdisk - ok
16:06:48.0928 0480 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:06:48.0990 0480 sffp_mmc - ok
16:06:49.0100 0480 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:06:49.0146 0480 sffp_sd - ok
16:06:49.0240 0480 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:06:49.0334 0480 sfloppy - ok
16:06:49.0474 0480 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
16:06:49.0521 0480 Sftfs - ok
16:06:49.0661 0480 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:06:49.0692 0480 Sftplay - ok
16:06:49.0833 0480 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:06:49.0848 0480 Sftredir - ok
16:06:49.0973 0480 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
16:06:50.0004 0480 Sftvol - ok
16:06:50.0114 0480 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:06:50.0129 0480 SiSRaid2 - ok
16:06:50.0238 0480 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:06:50.0254 0480 SiSRaid4 - ok
16:06:50.0379 0480 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:06:50.0426 0480 Smb - ok
16:06:50.0582 0480 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:06:50.0613 0480 spldr - ok
16:06:50.0800 0480 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSP64.SYS
16:06:50.0878 0480 SRTSP - ok
16:06:51.0065 0480 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
16:06:51.0081 0480 SRTSPX - ok
16:06:51.0190 0480 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:06:51.0221 0480 srv - ok
16:06:51.0346 0480 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:06:51.0362 0480 srv2 - ok
16:06:51.0471 0480 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:06:51.0502 0480 srvnet - ok
16:06:51.0658 0480 STHDA (3281204b2e6049100d0ff04270c2aea5) C:\Windows\system32\DRIVERS\stwrt64.sys
16:06:51.0689 0480 STHDA - ok
16:06:51.0798 0480 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:06:51.0814 0480 swenum - ok
16:06:51.0923 0480 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:06:51.0939 0480 Symc8xx - ok
16:06:52.0095 0480 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
16:06:52.0126 0480 SymDS - ok
16:06:52.0282 0480 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
16:06:52.0329 0480 SymEFA - ok
16:06:52.0454 0480 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:06:52.0469 0480 SymEvent - ok
16:06:52.0625 0480 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
16:06:52.0641 0480 SymIRON - ok
16:06:52.0875 0480 SYMTDIv (6cb70a5d30e4322bab4ad52866b0a4b8) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMTDIV.SYS
16:06:52.0890 0480 SYMTDIv - ok
16:06:53.0000 0480 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:06:53.0015 0480 Sym_hi - ok
16:06:53.0124 0480 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:06:53.0140 0480 Sym_u3 - ok
16:06:53.0312 0480 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
16:06:53.0374 0480 Tcpip - ok
16:06:53.0514 0480 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
16:06:53.0624 0480 Tcpip6 - ok
16:06:53.0748 0480 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:06:53.0764 0480 tcpipreg - ok
16:06:53.0873 0480 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:06:53.0920 0480 TDPIPE - ok
16:06:54.0029 0480 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:06:54.0092 0480 TDTCP - ok
16:06:54.0201 0480 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:06:54.0248 0480 tdx - ok
16:06:54.0341 0480 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:06:54.0372 0480 TermDD - ok
16:06:54.0482 0480 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:06:54.0544 0480 tssecsrv - ok
16:06:54.0653 0480 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:06:54.0669 0480 tunmp - ok
16:06:54.0794 0480 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:06:54.0825 0480 tunnel - ok
16:06:54.0918 0480 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:06:54.0934 0480 uagp35 - ok
16:06:55.0028 0480 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:06:55.0090 0480 udfs - ok
16:06:55.0184 0480 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:06:55.0215 0480 uliagpkx - ok
16:06:55.0308 0480 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:06:55.0340 0480 uliahci - ok
16:06:55.0449 0480 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:06:55.0480 0480 UlSata - ok
16:06:55.0574 0480 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:06:55.0589 0480 ulsata2 - ok
16:06:55.0698 0480 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:06:55.0761 0480 umbus - ok
16:06:55.0839 0480 USBAAPL64 - ok
16:06:55.0995 0480 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
16:06:56.0042 0480 usbaudio - ok
16:06:56.0166 0480 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:06:56.0213 0480 usbccgp - ok
16:06:56.0307 0480 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:06:56.0400 0480 usbcir - ok
16:06:56.0541 0480 usbehci (b1c7edb07f61bdee587831b440fc7656) C:\Windows\system32\DRIVERS\usbehci.sys
16:06:56.0556 0480 usbehci - ok
16:06:56.0666 0480 usbhub (697c45d6cea9ad978f90636be7c93229) C:\Windows\system32\DRIVERS\usbhub.sys
16:06:56.0697 0480 usbhub - ok
16:06:56.0790 0480 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
16:06:56.0884 0480 usbohci - ok
16:06:56.0962 0480 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
16:06:57.0056 0480 usbprint - ok
16:06:57.0212 0480 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:06:57.0258 0480 usbscan - ok
16:06:57.0430 0480 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:06:57.0477 0480 USBSTOR - ok
16:06:57.0602 0480 usbuhci (c8d88a2a3587a8424b4b17a6f7eb67fa) C:\Windows\system32\DRIVERS\usbuhci.sys
16:06:57.0617 0480 usbuhci - ok
16:06:57.0773 0480 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
16:06:57.0836 0480 usbvideo - ok
16:06:57.0945 0480 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:06:57.0992 0480 vga - ok
16:06:58.0101 0480 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:06:58.0148 0480 VgaSave - ok
16:06:58.0257 0480 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:06:58.0272 0480 viaide - ok
16:06:58.0366 0480 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:06:58.0382 0480 volmgr - ok
16:06:58.0506 0480 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:06:58.0538 0480 volmgrx - ok
16:06:58.0631 0480 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:06:58.0662 0480 volsnap - ok
16:06:58.0772 0480 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:06:58.0787 0480 vsmraid - ok
16:06:58.0881 0480 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:06:58.0974 0480 WacomPen - ok
16:06:59.0099 0480 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:06:59.0146 0480 Wanarp - ok
16:06:59.0146 0480 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:06:59.0193 0480 Wanarpv6 - ok
16:06:59.0411 0480 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:06:59.0442 0480 Wd - ok
16:06:59.0536 0480 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:06:59.0583 0480 Wdf01000 - ok
16:06:59.0723 0480 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:06:59.0754 0480 WmiAcpi - ok
16:06:59.0910 0480 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
16:06:59.0942 0480 WpdUsb - ok
16:07:00.0066 0480 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:07:00.0113 0480 ws2ifsl - ok
16:07:00.0254 0480 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:07:00.0316 0480 WUDFRd - ok
16:07:00.0347 0480 X4HSX32 - ok
16:07:00.0488 0480 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
16:07:00.0503 0480 xusb21 - ok
16:07:00.0550 0480 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
16:07:00.0581 0480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:07:00.0581 0480 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:07:01.0096 0480 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:07:01.0096 0480 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:07:01.0096 0480 Boot (0x1200) (c558bd916247e568e01b9d1786507646) \Device\Harddisk0\DR0\Partition0
16:07:01.0096 0480 \Device\Harddisk0\DR0\Partition0 - ok
16:07:01.0112 0480 Boot (0x1200) (0590a2e2ce6880a9ce8ef3e2e08176ae) \Device\Harddisk0\DR0\Partition1
16:07:01.0112 0480 \Device\Harddisk0\DR0\Partition1 - ok
16:07:01.0112 0480 ============================================================
16:07:01.0112 0480 Scan finished
16:07:01.0112 0480 ============================================================
16:07:01.0127 2724 Detected object count: 2
16:07:01.0127 2724 Actual detected object count: 2
16:08:12.0528 2724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:08:12.0528 2724 \Device\Harddisk0\DR0 - ok
16:08:12.0528 2724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:08:12.0528 2724 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:08:12.0528 2724 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:08:39.0516 1568 Deinitialize success
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK thats got it - we will need one more run with tdsskiller to clear the inactive file system

Re-run TDSSKiller on completion select delete for this item only

16:08:12.0528 2724 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:08:12.0528 2724 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



Once done can you let me know what problems remain
  • 0

#21
JaySmiley77

JaySmiley77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am not understanding you sorry. I ran tdsskiller and the only 1 threat found was:

TDSS File System
Physical drive: \Device\Harddisk0\DR0
Suspicious object, medium risk

The only 3 options are: Skip, Copy to quarantee, Delete.
What should I do?
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Select delete for that item please

How is the computer behaving now ?
  • 0

#23
JaySmiley77

JaySmiley77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The only error I receive starting up is a Apple error. Something about it couldn't find itunes. etc. no biggie.

Thank you soooooooooooooooooo very much.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
ITunes was updated today - so a reinstall will fix that

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP