soccer1127
-
Posts
22 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by soccer1127
-
-
Yeah the update fails everytime
-
Alright Installed it. Everything seems to working well, only problem now is that I still can't install microsoft office sp3 or sp2.
-
Alright heres the log
Status: Disinfected (events: 2)
7/5/2012 10:38:39 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.mx C:\Documents and Settings\Marty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3c0ee589-29fbb242 High
7/5/2012 10:38:39 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.mx C:\Documents and Settings\Marty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3c0ee589-29fbb242/FcPred.class High
-
And heres the other log, it found two things, but the log file seems too small...
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Computer does seem to be working better
-
Alright heres the TDS log file
02:18:28.0820 4436 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
02:18:29.0351 4436 ============================================================
02:18:29.0351 4436 Current date / time: 2012/07/05 02:18:29.0351
02:18:29.0351 4436 SystemInfo:
02:18:29.0351 4436
02:18:29.0351 4436 OS Version: 6.1.7601 ServicePack: 1.0
02:18:29.0351 4436 Product type: Workstation
02:18:29.0351 4436 ComputerName: MARTY-PC
02:18:29.0351 4436 UserName: Marty
02:18:29.0351 4436 Windows directory: C:\Windows
02:18:29.0351 4436 System windows directory: C:\Windows
02:18:29.0351 4436 Running under WOW64
02:18:29.0351 4436 Processor architecture: Intel x64
02:18:29.0351 4436 Number of processors: 2
02:18:29.0351 4436 Page size: 0x1000
02:18:29.0351 4436 Boot type: Normal boot
02:18:29.0351 4436 ============================================================
02:18:31.0348 4436 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:18:31.0348 4436 ============================================================
02:18:31.0348 4436 \Device\Harddisk0\DR0:
02:18:31.0348 4436 MBR partitions:
02:18:31.0348 4436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23CCF800
02:18:31.0348 4436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23CD0000, BlocksNum 0x175D000
02:18:31.0348 4436 ============================================================
02:18:31.0457 4436 C: <-> \Device\Harddisk0\DR0\Partition0
02:18:31.0504 4436 D: <-> \Device\Harddisk0\DR0\Partition1
02:18:31.0504 4436 ============================================================
02:18:31.0504 4436 Initialize success
02:18:31.0504 4436 ============================================================
02:18:46.0620 5000 ============================================================
02:18:46.0620 5000 Scan started
02:18:46.0620 5000 Mode: Manual; TDLFS;
02:18:46.0620 5000 ============================================================
02:18:48.0180 5000 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:18:48.0196 5000 1394ohci - ok
02:18:48.0242 5000 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
02:18:48.0242 5000 Accelerometer - ok
02:18:48.0305 5000 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:18:48.0305 5000 ACPI - ok
02:18:48.0367 5000 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:18:48.0367 5000 AcpiPmi - ok
02:18:48.0445 5000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:18:48.0461 5000 adp94xx - ok
02:18:48.0539 5000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:18:48.0554 5000 adpahci - ok
02:18:48.0586 5000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:18:48.0586 5000 adpu320 - ok
02:18:48.0617 5000 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:18:48.0632 5000 AeLookupSvc - ok
02:18:48.0960 5000 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
02:18:48.0960 5000 AESTFilters - ok
02:18:49.0069 5000 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:18:49.0100 5000 AFD - ok
02:18:49.0210 5000 AgereModemAudio (734088cb57aea704ca716c1c6bc5e0e6) C:\Program Files\LSI SoftModem\agr64svc.exe
02:18:49.0210 5000 AgereModemAudio - ok
02:18:49.0288 5000 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
02:18:49.0319 5000 AgereSoftModem - ok
02:18:49.0412 5000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:18:49.0412 5000 agp440 - ok
02:18:49.0459 5000 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:18:49.0459 5000 ALG - ok
02:18:49.0506 5000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:18:49.0506 5000 aliide - ok
02:18:49.0506 5000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:18:49.0522 5000 amdide - ok
02:18:49.0568 5000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:18:49.0568 5000 AmdK8 - ok
02:18:49.0584 5000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:18:49.0584 5000 AmdPPM - ok
02:18:49.0646 5000 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:18:49.0646 5000 amdsata - ok
02:18:49.0709 5000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:18:49.0709 5000 amdsbs - ok
02:18:49.0709 5000 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:18:49.0709 5000 amdxata - ok
02:18:49.0787 5000 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\Windows\system32\DRIVERS\Apfiltr.sys
02:18:49.0787 5000 ApfiltrService - ok
02:18:49.0990 5000 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:18:50.0005 5000 AppID - ok
02:18:50.0036 5000 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:18:50.0036 5000 AppIDSvc - ok
02:18:50.0114 5000 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:18:50.0114 5000 Appinfo - ok
02:18:50.0270 5000 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:18:50.0270 5000 Apple Mobile Device - ok
02:18:50.0348 5000 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
02:18:50.0348 5000 AppMgmt - ok
02:18:50.0426 5000 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:18:50.0426 5000 arc - ok
02:18:50.0442 5000 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:18:50.0442 5000 arcsas - ok
02:18:50.0489 5000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:18:50.0489 5000 AsyncMac - ok
02:18:50.0567 5000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:18:50.0567 5000 atapi - ok
02:18:50.0676 5000 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:18:50.0707 5000 AudioEndpointBuilder - ok
02:18:50.0723 5000 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:18:50.0723 5000 AudioSrv - ok
02:18:50.0785 5000 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:18:50.0785 5000 AxInstSV - ok
02:18:50.0879 5000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:18:50.0910 5000 b06bdrv - ok
02:18:50.0972 5000 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:18:50.0972 5000 b57nd60a - ok
02:18:51.0784 5000 BCM43XX (2c91205c43ea45cfe14e9e14e05601ae) C:\Windows\system32\DRIVERS\bcmwl664.sys
02:18:51.0784 5000 BCM43XX - ok
02:18:52.0392 5000 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:18:52.0408 5000 BDESVC - ok
02:18:52.0486 5000 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:18:52.0486 5000 Beep - ok
02:18:52.0595 5000 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:18:52.0626 5000 BFE - ok
02:18:53.0328 5000 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
02:18:53.0328 5000 BHDrvx64 - ok
02:18:54.0389 5000 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
02:18:54.0389 5000 BITS - ok
02:18:54.0467 5000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:18:54.0467 5000 blbdrive - ok
02:18:54.0592 5000 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:18:54.0592 5000 Bonjour Service - ok
02:18:54.0654 5000 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:18:54.0654 5000 bowser - ok
02:18:54.0670 5000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:18:54.0685 5000 BrFiltLo - ok
02:18:54.0701 5000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:18:54.0701 5000 BrFiltUp - ok
02:18:54.0763 5000 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:18:54.0763 5000 BridgeMP - ok
02:18:54.0826 5000 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:18:54.0841 5000 Browser - ok
02:18:55.0044 5000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:18:55.0075 5000 Brserid - ok
02:18:55.0106 5000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:18:55.0106 5000 BrSerWdm - ok
02:18:55.0122 5000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:18:55.0122 5000 BrUsbMdm - ok
02:18:55.0138 5000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:18:55.0138 5000 BrUsbSer - ok
02:18:55.0153 5000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:18:55.0153 5000 BTHMODEM - ok
02:18:55.0200 5000 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:18:55.0200 5000 bthserv - ok
02:18:55.0262 5000 catchme - ok
02:18:55.0309 5000 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:18:55.0309 5000 cdfs - ok
02:18:55.0403 5000 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
02:18:55.0418 5000 cdrom - ok
02:18:55.0481 5000 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:18:55.0481 5000 CertPropSvc - ok
02:18:55.0528 5000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:18:55.0528 5000 circlass - ok
02:18:55.0590 5000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:18:55.0590 5000 CLFS - ok
02:18:55.0808 5000 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:18:55.0824 5000 clr_optimization_v2.0.50727_32 - ok
02:18:55.0996 5000 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:18:55.0996 5000 clr_optimization_v2.0.50727_64 - ok
02:18:56.0074 5000 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:18:56.0074 5000 clr_optimization_v4.0.30319_32 - ok
02:18:56.0105 5000 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:18:56.0120 5000 clr_optimization_v4.0.30319_64 - ok
02:18:56.0167 5000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:18:56.0183 5000 CmBatt - ok
02:18:56.0214 5000 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:18:56.0214 5000 cmdide - ok
02:18:56.0276 5000 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:18:56.0292 5000 CNG - ok
02:18:56.0698 5000 Com4QLBEx (2f27104f5d6ed63fdac38cacb9d19dfd) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
02:18:56.0729 5000 Com4QLBEx - ok
02:18:56.0807 5000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:18:56.0807 5000 Compbatt - ok
02:18:57.0025 5000 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:18:57.0025 5000 CompositeBus - ok
02:18:57.0057 5000 COMSysApp - ok
02:18:57.0088 5000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:18:57.0088 5000 crcdisk - ok
02:18:57.0197 5000 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
02:18:57.0197 5000 CryptSvc - ok
02:18:57.0291 5000 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
02:18:57.0306 5000 CSC - ok
02:18:57.0337 5000 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
02:18:57.0369 5000 CscService - ok
02:18:57.0447 5000 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:18:57.0462 5000 DcomLaunch - ok
02:18:57.0525 5000 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:18:57.0525 5000 defragsvc - ok
02:18:57.0649 5000 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:18:57.0649 5000 DfsC - ok
02:18:57.0712 5000 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:18:57.0712 5000 Dhcp - ok
02:18:57.0759 5000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:18:57.0759 5000 discache - ok
02:18:57.0805 5000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:18:57.0805 5000 Disk - ok
02:18:57.0852 5000 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:18:57.0852 5000 Dnscache - ok
02:18:57.0868 5000 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:18:57.0883 5000 dot3svc - ok
02:18:57.0961 5000 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:18:57.0961 5000 DPS - ok
02:18:58.0024 5000 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:18:58.0024 5000 drmkaud - ok
02:18:59.0287 5000 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:18:59.0287 5000 DXGKrnl - ok
02:18:59.0350 5000 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:18:59.0350 5000 EapHost - ok
02:19:01.0300 5000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:19:01.0393 5000 ebdrv - ok
02:19:01.0705 5000 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
02:19:01.0705 5000 eeCtrl - ok
02:19:02.0454 5000 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:19:02.0454 5000 EFS - ok
02:19:03.0312 5000 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:19:03.0343 5000 ehRecvr - ok
02:19:03.0406 5000 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:19:03.0421 5000 ehSched - ok
02:19:04.0045 5000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:19:04.0077 5000 elxstor - ok
02:19:04.0139 5000 enecir (cd0c80e5e9a9bf8dd145f43713d77993) C:\Windows\system32\DRIVERS\enecir.sys
02:19:04.0139 5000 enecir - ok
02:19:04.0248 5000 EraserUtilDrv11010 - ok
02:19:04.0279 5000 EraserUtilRebootDrv - ok
02:19:04.0342 5000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:19:04.0342 5000 ErrDev - ok
02:19:04.0435 5000 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:19:04.0435 5000 EventSystem - ok
02:19:04.0560 5000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:19:04.0560 5000 exfat - ok
02:19:04.0591 5000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:19:04.0591 5000 fastfat - ok
02:19:04.0997 5000 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:19:05.0044 5000 Fax - ok
02:19:05.0122 5000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:19:05.0122 5000 fdc - ok
02:19:05.0153 5000 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:19:05.0153 5000 fdPHost - ok
02:19:05.0169 5000 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:19:05.0169 5000 FDResPub - ok
02:19:05.0200 5000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:19:05.0200 5000 FileInfo - ok
02:19:05.0231 5000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:19:05.0231 5000 Filetrace - ok
02:19:05.0247 5000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:19:05.0247 5000 flpydisk - ok
02:19:05.0325 5000 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:19:05.0325 5000 FltMgr - ok
02:19:05.0481 5000 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:19:05.0481 5000 FontCache - ok
02:19:05.0715 5000 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:19:05.0715 5000 FontCache3.0.0.0 - ok
02:19:05.0933 5000 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:19:05.0933 5000 FsDepends - ok
02:19:05.0980 5000 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
02:19:05.0980 5000 Fs_Rec - ok
02:19:06.0042 5000 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:19:06.0042 5000 fvevol - ok
02:19:06.0105 5000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:19:06.0105 5000 gagp30kx - ok
02:19:06.0167 5000 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:19:06.0167 5000 GEARAspiWDM - ok
02:19:06.0339 5000 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:19:06.0354 5000 gpsvc - ok
02:19:06.0432 5000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:19:06.0448 5000 hcw85cir - ok
02:19:06.0557 5000 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:19:06.0588 5000 HdAudAddService - ok
02:19:06.0651 5000 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:19:06.0651 5000 HDAudBus - ok
02:19:06.0697 5000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:19:06.0697 5000 HidBatt - ok
02:19:06.0729 5000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:19:06.0729 5000 HidBth - ok
02:19:06.0853 5000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:19:06.0869 5000 HidIr - ok
02:19:06.0916 5000 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:19:06.0916 5000 hidserv - ok
02:19:06.0978 5000 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
02:19:06.0978 5000 HidUsb - ok
02:19:07.0009 5000 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:19:07.0025 5000 hkmsvc - ok
02:19:07.0087 5000 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:19:07.0087 5000 HomeGroupListener - ok
02:19:07.0103 5000 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:19:07.0103 5000 HomeGroupProvider - ok
02:19:07.0290 5000 HP Health Check Service (158ddac4aa0dfcf2e33b4f53cb5a20b9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
02:19:07.0290 5000 HP Health Check Service - ok
02:19:07.0353 5000 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
02:19:07.0353 5000 hpdskflt - ok
02:19:07.0368 5000 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
02:19:07.0368 5000 HpqKbFiltr - ok
02:19:07.0540 5000 hpqwmiex (3e1cb5c4affa06b4b29e8ff12544cf23) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
02:19:07.0540 5000 hpqwmiex - ok
02:19:07.0602 5000 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:19:07.0633 5000 HpSAMD - ok
02:19:07.0633 5000 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
02:19:07.0633 5000 hpsrv - ok
02:19:07.0743 5000 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:19:07.0743 5000 HTTP - ok
02:19:07.0774 5000 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:19:07.0774 5000 hwpolicy - ok
02:19:07.0914 5000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:19:07.0914 5000 i8042prt - ok
02:19:08.0008 5000 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:19:08.0023 5000 iaStorV - ok
02:19:08.0211 5000 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
02:19:08.0211 5000 IDriverT - ok
02:19:09.0162 5000 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:19:09.0209 5000 idsvc - ok
02:19:09.0989 5000 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSvia64.sys
02:19:10.0005 5000 IDSVia64 - ok
02:19:18.0319 5000 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:19:18.0585 5000 igfx - ok
02:19:18.0772 5000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:19:18.0772 5000 iirsp - ok
02:19:18.0850 5000 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:19:18.0881 5000 IKEEXT - ok
02:19:18.0975 5000 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\Windows\system32\drivers\IntcHdmi.sys
02:19:18.0975 5000 IntcHdmiAddService - ok
02:19:19.0193 5000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:19:19.0193 5000 intelide - ok
02:19:19.0302 5000 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:19:19.0302 5000 intelppm - ok
02:19:19.0489 5000 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:19:19.0489 5000 IPBusEnum - ok
02:19:19.0692 5000 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:19:19.0708 5000 IpFilterDriver - ok
02:19:19.0957 5000 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:19:19.0957 5000 iphlpsvc - ok
02:19:19.0989 5000 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:19:19.0989 5000 IPMIDRV - ok
02:19:20.0035 5000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:19:20.0035 5000 IPNAT - ok
02:19:20.0191 5000 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
02:19:20.0191 5000 iPod Service - ok
02:19:20.0254 5000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:19:20.0254 5000 IRENUM - ok
02:19:20.0285 5000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:19:20.0285 5000 isapnp - ok
02:19:20.0332 5000 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:19:20.0347 5000 iScsiPrt - ok
02:19:20.0425 5000 JMCR (b33736b29d70dbd275b099bcd4f5c1ba) C:\Windows\system32\DRIVERS\jmcr.sys
02:19:20.0425 5000 JMCR - ok
02:19:20.0457 5000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
02:19:20.0457 5000 kbdclass - ok
02:19:20.0519 5000 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:19:20.0519 5000 kbdhid - ok
02:19:20.0550 5000 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:19:20.0550 5000 KeyIso - ok
02:19:20.0581 5000 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:19:20.0581 5000 KSecDD - ok
02:19:20.0613 5000 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:19:20.0613 5000 KSecPkg - ok
02:19:20.0659 5000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:19:20.0659 5000 ksthunk - ok
02:19:20.0706 5000 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:19:20.0722 5000 KtmRm - ok
02:19:20.0800 5000 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
02:19:20.0800 5000 LanmanServer - ok
02:19:20.0847 5000 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:19:20.0862 5000 LanmanWorkstation - ok
02:19:20.0925 5000 Lavasoft Kernexplorer - ok
02:19:20.0956 5000 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
02:19:20.0956 5000 Lbd - ok
02:19:21.0018 5000 LightScribeService (9188d073cd14f886790d6037d1986063) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
02:19:21.0018 5000 LightScribeService - ok
02:19:21.0096 5000 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:19:21.0096 5000 lltdio - ok
02:19:21.0159 5000 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:19:21.0159 5000 lltdsvc - ok
02:19:21.0190 5000 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:19:21.0190 5000 lmhosts - ok
02:19:21.0237 5000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:19:21.0252 5000 LSI_FC - ok
02:19:21.0283 5000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:19:21.0283 5000 LSI_SAS - ok
02:19:21.0330 5000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:19:21.0330 5000 LSI_SAS2 - ok
02:19:21.0346 5000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:19:21.0346 5000 LSI_SCSI - ok
02:19:21.0424 5000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:19:21.0424 5000 luafv - ok
02:19:21.0471 5000 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:19:21.0471 5000 Mcx2Svc - ok
02:19:21.0486 5000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:19:21.0486 5000 megasas - ok
02:19:21.0517 5000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:19:21.0517 5000 MegaSR - ok
02:19:21.0658 5000 Microsoft Office Groove Audit Service (033b947af4a997820e86fcb070b1f450) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
02:19:21.0658 5000 Microsoft Office Groove Audit Service - ok
02:19:21.0705 5000 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:19:21.0705 5000 MMCSS - ok
02:19:21.0751 5000 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:19:21.0751 5000 Modem - ok
02:19:21.0814 5000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:19:21.0814 5000 monitor - ok
02:19:21.0876 5000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
02:19:21.0876 5000 mouclass - ok
02:19:21.0907 5000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:19:21.0907 5000 mouhid - ok
02:19:21.0954 5000 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:19:21.0954 5000 mountmgr - ok
02:19:22.0032 5000 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:19:22.0032 5000 MozillaMaintenance - ok
02:19:22.0095 5000 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:19:22.0095 5000 mpio - ok
02:19:22.0110 5000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:19:22.0110 5000 mpsdrv - ok
02:19:22.0188 5000 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:19:22.0204 5000 MpsSvc - ok
02:19:22.0251 5000 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:19:22.0251 5000 MRxDAV - ok
02:19:22.0297 5000 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:19:22.0313 5000 mrxsmb - ok
02:19:22.0360 5000 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:19:22.0375 5000 mrxsmb10 - ok
02:19:22.0391 5000 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:19:22.0391 5000 mrxsmb20 - ok
02:19:22.0453 5000 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:19:22.0453 5000 msahci - ok
02:19:22.0469 5000 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:19:22.0485 5000 msdsm - ok
02:19:22.0531 5000 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:19:22.0531 5000 MSDTC - ok
02:19:22.0578 5000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:19:22.0578 5000 Msfs - ok
02:19:22.0609 5000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:19:22.0609 5000 mshidkmdf - ok
02:19:22.0625 5000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:19:22.0625 5000 msisadrv - ok
02:19:22.0703 5000 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:19:22.0703 5000 MSiSCSI - ok
02:19:22.0719 5000 msiserver - ok
02:19:22.0765 5000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:19:22.0765 5000 MSKSSRV - ok
02:19:22.0812 5000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:19:22.0812 5000 MSPCLOCK - ok
02:19:22.0828 5000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:19:22.0828 5000 MSPQM - ok
02:19:22.0875 5000 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:19:22.0875 5000 MsRPC - ok
02:19:22.0921 5000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:19:22.0921 5000 mssmbios - ok
02:19:22.0937 5000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:19:22.0937 5000 MSTEE - ok
02:19:22.0953 5000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:19:22.0953 5000 MTConfig - ok
02:19:23.0015 5000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:19:23.0015 5000 Mup - ok
02:19:23.0077 5000 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:19:23.0093 5000 napagent - ok
02:19:23.0171 5000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:19:23.0171 5000 NativeWifiP - ok
02:19:23.0421 5000 NAV (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
02:19:23.0421 5000 NAV - ok
02:19:23.0608 5000 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\ENG64.SYS
02:19:23.0608 5000 NAVENG - ok
02:19:23.0764 5000 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\EX64.SYS
02:19:23.0842 5000 NAVEX15 - ok
02:19:24.0045 5000 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:19:24.0060 5000 NDIS - ok
02:19:24.0107 5000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:19:24.0107 5000 NdisCap - ok
02:19:24.0154 5000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:19:24.0154 5000 NdisTapi - ok
02:19:24.0185 5000 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:19:24.0201 5000 Ndisuio - ok
02:19:24.0247 5000 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:19:24.0247 5000 NdisWan - ok
02:19:24.0279 5000 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:19:24.0279 5000 NDProxy - ok
02:19:24.0310 5000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:19:24.0310 5000 NetBIOS - ok
02:19:24.0341 5000 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:19:24.0357 5000 NetBT - ok
02:19:24.0388 5000 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:19:24.0388 5000 Netlogon - ok
02:19:24.0466 5000 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:19:24.0466 5000 Netman - ok
02:19:24.0544 5000 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:19:24.0544 5000 netprofm - ok
02:19:24.0637 5000 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:19:24.0637 5000 NetTcpPortSharing - ok
02:19:24.0715 5000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:19:24.0715 5000 nfrd960 - ok
02:19:24.0778 5000 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:19:24.0778 5000 NlaSvc - ok
02:19:24.0809 5000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:19:24.0809 5000 Npfs - ok
02:19:24.0840 5000 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:19:24.0840 5000 nsi - ok
02:19:24.0840 5000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:19:24.0840 5000 nsiproxy - ok
02:19:24.0965 5000 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:19:25.0012 5000 Ntfs - ok
02:19:25.0168 5000 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:19:25.0168 5000 Null - ok
02:19:25.0246 5000 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:19:25.0246 5000 nvraid - ok
02:19:25.0277 5000 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:19:25.0293 5000 nvstor - ok
02:19:25.0355 5000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:19:25.0355 5000 nv_agp - ok
02:19:25.0558 5000 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:19:25.0573 5000 odserv - ok
02:19:25.0605 5000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:19:25.0605 5000 ohci1394 - ok
02:19:25.0667 5000 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:19:25.0683 5000 ose - ok
02:19:25.0745 5000 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:19:25.0745 5000 p2pimsvc - ok
02:19:25.0792 5000 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:19:25.0807 5000 p2psvc - ok
02:19:25.0854 5000 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:19:25.0854 5000 Parport - ok
02:19:25.0917 5000 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
02:19:25.0917 5000 partmgr - ok
02:19:25.0948 5000 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:19:25.0948 5000 PcaSvc - ok
02:19:25.0995 5000 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:19:25.0995 5000 pci - ok
02:19:26.0041 5000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:19:26.0041 5000 pciide - ok
02:19:26.0073 5000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:19:26.0073 5000 pcmcia - ok
02:19:26.0088 5000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:19:26.0088 5000 pcw - ok
02:19:26.0135 5000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:19:26.0166 5000 PEAUTH - ok
02:19:26.0275 5000 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
02:19:26.0322 5000 PeerDistSvc - ok
02:19:26.0431 5000 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:19:26.0431 5000 PerfHost - ok
02:19:26.0619 5000 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:19:26.0665 5000 pla - ok
02:19:26.0728 5000 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:19:26.0728 5000 PlugPlay - ok
02:19:26.0775 5000 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:19:26.0775 5000 PNRPAutoReg - ok
02:19:26.0806 5000 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:19:26.0806 5000 PNRPsvc - ok
02:19:26.0868 5000 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:19:26.0868 5000 PolicyAgent - ok
02:19:26.0915 5000 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:19:26.0915 5000 Power - ok
02:19:27.0009 5000 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:19:27.0009 5000 PptpMiniport - ok
02:19:27.0055 5000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:19:27.0055 5000 Processor - ok
02:19:27.0102 5000 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
02:19:27.0118 5000 ProfSvc - ok
02:19:27.0133 5000 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:19:27.0133 5000 ProtectedStorage - ok
02:19:27.0196 5000 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:19:27.0196 5000 Psched - ok
02:19:27.0321 5000 psqlWGE (5d059e1f56576a9264d2243d0c8dd7fa) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
02:19:27.0321 5000 psqlWGE - ok
02:19:27.0414 5000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:19:27.0461 5000 ql2300 - ok
02:19:27.0633 5000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:19:27.0633 5000 ql40xx - ok
02:19:27.0695 5000 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:19:27.0695 5000 QWAVE - ok
02:19:27.0726 5000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:19:27.0726 5000 QWAVEdrv - ok
02:19:27.0742 5000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:19:27.0742 5000 RasAcd - ok
02:19:27.0804 5000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:19:27.0804 5000 RasAgileVpn - ok
02:19:27.0820 5000 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:19:27.0820 5000 RasAuto - ok
02:19:27.0867 5000 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:19:27.0867 5000 Rasl2tp - ok
02:19:27.0913 5000 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:19:27.0913 5000 RasMan - ok
02:19:27.0945 5000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:19:27.0945 5000 RasPppoe - ok
02:19:27.0960 5000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:19:27.0960 5000 RasSstp - ok
02:19:27.0991 5000 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:19:27.0991 5000 rdbss - ok
02:19:28.0038 5000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:19:28.0038 5000 rdpbus - ok
02:19:28.0038 5000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:19:28.0038 5000 RDPCDD - ok
02:19:28.0101 5000 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
02:19:28.0101 5000 RDPDR - ok
02:19:28.0147 5000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:19:28.0147 5000 RDPENCDD - ok
02:19:28.0163 5000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:19:28.0163 5000 RDPREFMP - ok
02:19:28.0225 5000 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
02:19:28.0225 5000 RdpVideoMiniport - ok
02:19:28.0272 5000 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
02:19:28.0272 5000 RDPWD - ok
02:19:28.0335 5000 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:19:28.0335 5000 rdyboost - ok
02:19:28.0444 5000 Recovery Service for Windows (6266d28705bc3f99e8bac1f864c14e91) C:\Program Files (x86)\SMINST\BLService.exe
02:19:28.0459 5000 Recovery Service for Windows - ok
02:19:28.0475 5000 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:19:28.0491 5000 RemoteAccess - ok
02:19:28.0537 5000 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:19:28.0537 5000 RemoteRegistry - ok
02:19:28.0662 5000 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
02:19:28.0662 5000 RichVideo - ok
02:19:28.0678 5000 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:19:28.0678 5000 RpcEptMapper - ok
02:19:28.0725 5000 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:19:28.0725 5000 RpcLocator - ok
02:19:28.0787 5000 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:19:28.0787 5000 RpcSs - ok
02:19:28.0881 5000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:19:28.0896 5000 rspndr - ok
02:19:28.0974 5000 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:19:28.0974 5000 RTL8167 - ok
02:19:29.0037 5000 RTL8169 (390482953c63e81bae52f20386394421) C:\Windows\system32\DRIVERS\Rtlh64.sys
02:19:29.0037 5000 RTL8169 - ok
02:19:29.0068 5000 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
02:19:29.0083 5000 s3cap - ok
02:19:29.0099 5000 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:19:29.0099 5000 SamSs - ok
02:19:29.0115 5000 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:19:29.0130 5000 sbp2port - ok
02:19:29.0161 5000 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:19:29.0161 5000 SCardSvr - ok
02:19:29.0193 5000 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:19:29.0193 5000 scfilter - ok
02:19:29.0286 5000 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:19:29.0286 5000 Schedule - ok
02:19:29.0302 5000 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:19:29.0302 5000 SCPolicySvc - ok
02:19:29.0364 5000 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:19:29.0364 5000 SDRSVC - ok
02:19:29.0458 5000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:19:29.0458 5000 secdrv - ok
02:19:29.0473 5000 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:19:29.0489 5000 seclogon - ok
02:19:29.0520 5000 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:19:29.0520 5000 SENS - ok
02:19:29.0536 5000 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:19:29.0536 5000 SensrSvc - ok
02:19:29.0551 5000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:19:29.0551 5000 Serenum - ok
02:19:29.0583 5000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:19:29.0583 5000 Serial - ok
02:19:29.0614 5000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:19:29.0614 5000 sermouse - ok
02:19:29.0661 5000 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:19:29.0661 5000 SessionEnv - ok
02:19:29.0693 5000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:19:29.0693 5000 sffdisk - ok
02:19:29.0708 5000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:19:29.0708 5000 sffp_mmc - ok
02:19:29.0724 5000 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:19:29.0724 5000 sffp_sd - ok
02:19:29.0740 5000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:19:29.0740 5000 sfloppy - ok
02:19:29.0786 5000 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:19:29.0802 5000 SharedAccess - ok
02:19:29.0864 5000 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:19:29.0864 5000 ShellHWDetection - ok
02:19:29.0911 5000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:19:29.0927 5000 SiSRaid2 - ok
02:19:29.0942 5000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:19:29.0942 5000 SiSRaid4 - ok
02:19:30.0005 5000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:19:30.0005 5000 Smb - ok
02:19:30.0067 5000 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:19:30.0067 5000 SNMPTRAP - ok
02:19:30.0083 5000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:19:30.0083 5000 spldr - ok
02:19:30.0145 5000 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:19:30.0161 5000 Spooler - ok
02:19:30.0379 5000 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:19:30.0410 5000 sppsvc - ok
02:19:30.0535 5000 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:19:30.0551 5000 sppuinotify - ok
02:19:30.0722 5000 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS
02:19:30.0754 5000 SRTSP - ok
02:19:30.0941 5000 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS
02:19:30.0941 5000 SRTSPX - ok
02:19:31.0643 5000 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:19:31.0674 5000 srv - ok
02:19:32.0407 5000 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:19:32.0423 5000 srv2 - ok
02:19:32.0641 5000 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:19:32.0688 5000 srvnet - ok
02:19:33.0109 5000 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:19:33.0109 5000 SSDPSRV - ok
02:19:33.0328 5000 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:19:33.0328 5000 SstpSvc - ok
02:19:34.0529 5000 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
02:19:34.0560 5000 STacSV - ok
02:19:34.0654 5000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:19:34.0700 5000 stexstor - ok
02:19:35.0668 5000 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
02:19:35.0714 5000 STHDA - ok
02:19:36.0824 5000 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:19:36.0886 5000 stisvc - ok
02:19:36.0996 5000 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
02:19:36.0996 5000 storflt - ok
02:19:37.0136 5000 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
02:19:37.0136 5000 storvsc - ok
02:19:37.0198 5000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:19:37.0198 5000 swenum - ok
02:19:37.0339 5000 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:19:37.0339 5000 swprv - ok
02:19:37.0479 5000 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS
02:19:37.0495 5000 SymDS - ok
02:19:37.0588 5000 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS
02:19:37.0620 5000 SymEFA - ok
02:19:37.0682 5000 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
02:19:37.0698 5000 SymEvent - ok
02:19:37.0713 5000 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS
02:19:37.0713 5000 SymIRON - ok
02:19:37.0744 5000 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS
02:19:37.0744 5000 SymNetS - ok
02:19:37.0776 5000 Synth3dVsc - ok
02:19:37.0900 5000 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:19:37.0916 5000 SysMain - ok
02:19:38.0056 5000 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:19:38.0072 5000 TabletInputService - ok
02:19:38.0119 5000 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:19:38.0134 5000 TapiSrv - ok
02:19:38.0181 5000 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:19:38.0181 5000 TBS - ok
02:19:38.0322 5000 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
02:19:38.0384 5000 Tcpip - ok
02:19:38.0571 5000 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
02:19:38.0571 5000 TCPIP6 - ok
02:19:38.0743 5000 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:19:38.0743 5000 tcpipreg - ok
02:19:38.0790 5000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:19:38.0790 5000 TDPIPE - ok
02:19:38.0821 5000 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:19:38.0821 5000 TDTCP - ok
02:19:38.0852 5000 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:19:38.0868 5000 tdx - ok
02:19:38.0899 5000 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:19:38.0899 5000 TermDD - ok
02:19:38.0961 5000 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:19:38.0961 5000 TermService - ok
02:19:39.0008 5000 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:19:39.0008 5000 Themes - ok
02:19:39.0055 5000 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:19:39.0055 5000 THREADORDER - ok
02:19:39.0086 5000 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:19:39.0086 5000 TrkWks - ok
02:19:39.0148 5000 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:19:39.0148 5000 TrustedInstaller - ok
02:19:39.0180 5000 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:19:39.0180 5000 tssecsrv - ok
02:19:39.0195 5000 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:19:39.0195 5000 TsUsbFlt - ok
02:19:39.0226 5000 tsusbhub - ok
02:19:39.0289 5000 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:19:39.0289 5000 tunnel - ok
02:19:39.0476 5000 TVCapSvc (4215ecfc15d265a8e6e1925084b80908) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
02:19:39.0476 5000 TVCapSvc - ok
02:19:39.0492 5000 TVSched (f386d56f1b6d70e0e4e70e494975d279) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
02:19:39.0492 5000 TVSched - ok
02:19:39.0538 5000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:19:39.0538 5000 uagp35 - ok
02:19:39.0585 5000 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:19:39.0585 5000 udfs - ok
02:19:39.0632 5000 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:19:39.0632 5000 UI0Detect - ok
02:19:39.0679 5000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:19:39.0679 5000 uliagpkx - ok
02:19:39.0741 5000 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:19:39.0741 5000 umbus - ok
02:19:39.0788 5000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:19:39.0788 5000 UmPass - ok
02:19:39.0835 5000 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
02:19:39.0835 5000 UmRdpService - ok
02:19:39.0882 5000 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:19:39.0882 5000 upnphost - ok
02:19:39.0960 5000 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
02:19:39.0960 5000 USBAAPL64 - ok
02:19:39.0975 5000 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:19:39.0975 5000 usbccgp - ok
02:19:40.0038 5000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:19:40.0038 5000 usbcir - ok
02:19:40.0069 5000 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
02:19:40.0069 5000 usbehci - ok
02:19:40.0116 5000 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:19:40.0131 5000 usbhub - ok
02:19:40.0162 5000 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:19:40.0162 5000 usbohci - ok
02:19:40.0225 5000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:19:40.0225 5000 usbprint - ok
02:19:40.0256 5000 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:19:40.0256 5000 usbscan - ok
02:19:40.0287 5000 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
02:19:40.0287 5000 USBSTOR - ok
02:19:40.0303 5000 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
02:19:40.0303 5000 usbuhci - ok
02:19:40.0365 5000 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:19:40.0365 5000 usbvideo - ok
02:19:40.0396 5000 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:19:40.0396 5000 UxSms - ok
02:19:40.0412 5000 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:19:40.0412 5000 VaultSvc - ok
02:19:40.0428 5000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:19:40.0443 5000 vdrvroot - ok
02:19:40.0521 5000 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:19:40.0552 5000 vds - ok
02:19:40.0599 5000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:19:40.0599 5000 vga - ok
02:19:40.0615 5000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:19:40.0615 5000 VgaSave - ok
02:19:40.0646 5000 VGPU - ok
02:19:40.0708 5000 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:19:40.0708 5000 vhdmp - ok
02:19:40.0724 5000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:19:40.0724 5000 viaide - ok
02:19:40.0818 5000 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
02:19:40.0818 5000 Viewpoint Manager Service - ok
02:19:40.0849 5000 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
02:19:40.0849 5000 vmbus - ok
02:19:40.0880 5000 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
02:19:40.0880 5000 VMBusHID - ok
02:19:40.0911 5000 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:19:40.0911 5000 volmgr - ok
02:19:40.0942 5000 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:19:40.0958 5000 volmgrx - ok
02:19:40.0989 5000 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:19:40.0989 5000 volsnap - ok
02:19:41.0098 5000 vpnagent (e4d2305ebb9de0871a1e13294d0f349b) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
02:19:41.0098 5000 vpnagent - ok
02:19:41.0114 5000 vpnva (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
02:19:41.0114 5000 vpnva - ok
02:19:41.0176 5000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:19:41.0176 5000 vsmraid - ok
02:19:41.0286 5000 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:19:41.0332 5000 VSS - ok
02:19:41.0473 5000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
02:19:41.0473 5000 vwifibus - ok
02:19:41.0520 5000 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:19:41.0535 5000 W32Time - ok
02:19:41.0551 5000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:19:41.0551 5000 WacomPen - ok
02:19:41.0629 5000 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:19:41.0629 5000 WANARP - ok
02:19:41.0629 5000 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:19:41.0644 5000 Wanarpv6 - ok
02:19:41.0754 5000 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:19:41.0800 5000 WatAdminSvc - ok
02:19:41.0910 5000 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:19:41.0956 5000 wbengine - ok
02:19:42.0128 5000 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:19:42.0128 5000 WbioSrvc - ok
02:19:42.0175 5000 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:19:42.0190 5000 wcncsvc - ok
02:19:42.0222 5000 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:19:42.0237 5000 WcsPlugInService - ok
02:19:42.0284 5000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:19:42.0284 5000 Wd - ok
02:19:42.0331 5000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:19:42.0362 5000 Wdf01000 - ok
02:19:42.0409 5000 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:19:42.0424 5000 WdiServiceHost - ok
02:19:42.0424 5000 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:19:42.0424 5000 WdiSystemHost - ok
02:19:42.0456 5000 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:19:42.0471 5000 WebClient - ok
02:19:42.0502 5000 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:19:42.0502 5000 Wecsvc - ok
02:19:42.0534 5000 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:19:42.0534 5000 wercplsupport - ok
02:19:42.0580 5000 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:19:42.0580 5000 WerSvc - ok
02:19:42.0690 5000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:19:42.0690 5000 WfpLwf - ok
02:19:42.0705 5000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:19:42.0705 5000 WIMMount - ok
02:19:42.0752 5000 WinDefend - ok
02:19:42.0752 5000 WinHttpAutoProxySvc - ok
02:19:42.0846 5000 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:19:42.0846 5000 Winmgmt - ok
02:19:42.0970 5000 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:19:43.0080 5000 WinRM - ok
02:19:43.0267 5000 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:19:43.0267 5000 WinUsb - ok
02:19:43.0329 5000 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:19:43.0345 5000 Wlansvc - ok
02:19:43.0392 5000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:19:43.0392 5000 WmiAcpi - ok
02:19:43.0485 5000 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:19:43.0485 5000 wmiApSrv - ok
02:19:43.0532 5000 WMPNetworkSvc - ok
02:19:43.0579 5000 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:19:43.0579 5000 WPCSvc - ok
02:19:43.0626 5000 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:19:43.0626 5000 WPDBusEnum - ok
02:19:43.0657 5000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:19:43.0657 5000 ws2ifsl - ok
02:19:43.0719 5000 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
02:19:43.0719 5000 wscsvc - ok
02:19:43.0719 5000 WSearch - ok
02:19:43.0875 5000 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:19:43.0891 5000 wuauserv - ok
02:19:44.0062 5000 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:19:44.0062 5000 WudfPf - ok
02:19:44.0109 5000 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:19:44.0125 5000 WUDFRd - ok
02:19:44.0140 5000 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:19:44.0140 5000 wudfsvc - ok
02:19:44.0187 5000 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:19:44.0187 5000 WwanSvc - ok
02:19:44.0250 5000 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:19:44.0546 5000 \Device\Harddisk0\DR0 - ok
02:19:44.0546 5000 Boot (0x1200) (2e53fcfa961a445bebc3ce927916c211) \Device\Harddisk0\DR0\Partition0
02:19:44.0546 5000 \Device\Harddisk0\DR0\Partition0 - ok
02:19:44.0562 5000 Boot (0x1200) (545e5b20b40a6a12e4aa4ac957a1c39f) \Device\Harddisk0\DR0\Partition1
02:19:44.0562 5000 \Device\Harddisk0\DR0\Partition1 - ok
02:19:44.0562 5000 ============================================================
02:19:44.0562 5000 Scan finished
02:19:44.0562 5000 ============================================================
02:19:44.0577 5016 Detected object count: 0
02:19:44.0577 5016 Actual detected object count: 0
02:20:01.0285 4656 Deinitialize success
-
Here it is, windows update actually won't let me install 2007 Microsoft Office Suite Service Pack 3 (SP3)/SP2
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 3 (SP3)
Acrobat.com
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2 MUI
AIM 6
Apple Application Support
Apple Software Update
Bizarro DC++ 0.761
Cisco AnyConnect VPN Client
Compatibility Pack for the 2007 Office system
Crystal Reports 2008 Runtime SP1
CyberLink DVD Suite
DC++ 0.782
Default Manager
ESU for Microsoft Vista
Full Tilt Poker
HP Advisor
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Smart Web Printing
HP Support Assistant
HP Total Care Setup
HP Update
HP User Guides 0125
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Internet TV for Windows Media Center
Java Auto Updater
Java 6 Update 22
JMicron Flash Media Controller Driver
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
MyITLab ActiveX Installer 2, 9, 8, 65535
Netflix in Windows Media Center
NOOK for PC
Norton AntiVirus
Peachtree Accounting 2010
Peachtree Complete Accounting 2010
PeachTree Signature Ready Forms
Pervasive PSQL v10.10 Workgroup (32-bit)
Power2Go
PowerDirector
QuickTime
Realtek 8101E/8168/8169 PCI/PCIe Adapters
Sage Integration Services
Sage Message Center
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows 7 Upgrade Advisor
-
I also noticed that it said I had windows defender on in the logs.. Didn't even know that was active, should I re do the scan with it off?
-
Alright it found something heres the log,
ComboFix 12-07-02.01 - Marty 07/03/2012 19:46:27.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3999.2800 [GMT -4:00]
Running from: c:\users\Marty\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marty\Documents\~WRL0003.tmp
c:\windows\security\Database\tmp.edb
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 23:55 . 2012-07-03 23:55 -------- d-----w- c:\users\Mcx1-MARTY-PC\AppData\Local\temp
2012-07-03 23:55 . 2012-07-03 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 18:45 . 2012-07-01 18:45 -------- d-----w- C:\_OTL
2012-07-01 02:04 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-01 02:04 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-01 01:27 . 2012-07-01 01:27 -------- d-----w- C:\found.016
2012-07-01 00:02 . 2012-07-01 00:31 -------- d-----w- c:\windows\system32\drivers\NAVx64\1207010.003
2012-06-30 23:52 . 2012-06-30 23:52 -------- d-----w- c:\windows\system32\SPReview
2012-06-30 23:52 . 2012-06-30 23:52 -------- d-----w- c:\windows\system32\EventProviders
2012-06-30 21:50 . 2012-06-30 21:50 -------- d-----w- c:\users\Marty\AppData\Roaming\Malwarebytes
2012-06-30 21:50 . 2012-06-30 21:50 -------- d-----w- c:\programdata\Malwarebytes
2012-06-30 21:50 . 2012-06-30 21:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-30 21:50 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 18:20 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C93F422-9ED3-4CB6-B709-4A9BF1E633E5}\mpengine.dll
2012-06-30 18:20 . 2012-06-30 18:21 -------- d-----w- C:\609e82835773b7b852
2012-06-29 22:22 . 2012-06-30 18:11 -------- d-----w- C:\FRST
2012-06-28 23:49 . 2012-06-30 21:47 -------- d-----w- C:\NBRT
2012-06-28 19:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-28 19:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-28 19:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-28 19:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-28 19:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-28 19:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-28 19:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-28 18:21 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-28 18:21 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-28 18:21 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 18:21 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-28 18:21 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-28 18:21 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-28 18:17 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-28 18:17 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-28 18:16 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-28 18:16 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-28 18:16 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-28 18:16 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-28 18:16 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-28 18:16 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-28 18:15 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-28 18:15 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-28 18:15 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-28 18:15 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-06-28 18:15 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-28 18:15 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-28 18:15 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-28 17:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-28 17:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-28 17:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-28 17:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-28 17:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-28 17:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-28 17:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-28 17:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-28 17:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 00:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-01 00:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-20 2151128]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-05 222512]
R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-06-28 17152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-23 1255736]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-06-20 69376]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 23040]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2009-04-07 435496]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2009-03-10 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-02-04 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-02-24 116104]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-12-30 68608]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 129536]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-02-25 137056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://myub.buffalo.edu/myub/pw/template/myub.html
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\ubmnghfz.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-07-03 20:04:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 00:04
.
Pre-Run: 142,698,676,224 bytes free
Post-Run: 142,565,801,984 bytes free
.
- - End Of File - - 49155A1C95E320B4EE743CFAF0EC643B
-
Heres the most recent one
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.07.02.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Marty :: MARTY-PC [administrator]
7/2/2012 9:27:47 PM
mbam-log-2012-07-02 (21-27-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237222
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
So once I was able to install I ran MBAM, so I'll post that log(since it found sometihng) and the most recent. Here they are
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.30.07
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Marty :: MARTY-PC [administrator]
6/30/2012 5:51:01 PM
mbam-log-2012-06-30 (17-51-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241337
Time elapsed: 4 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-
Oh sorry do you mean this log
========== OTL ==========
Registry value HKEY_USERS\Marty_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marty
->Temp folder emptied: 44960347 bytes
->Temporary Internet Files folder emptied: 6261109857 bytes
->FireFox cache emptied: 67882928 bytes
->Flash cache emptied: 11205123 bytes
User: Mcx1-MARTY-PC
->Temp folder emptied: 518 bytes
->Temporary Internet Files folder emptied: 304365 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1781081878 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36163745 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes
Total Files Cleaned = 7,823.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 07012012_144523
-
OK heres the log
OTL logfile created on: 7/1/2012 4:31:02 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 118.43 Gb Free Space | 41.35% Space Free | Partition Type: NTFS
Drive D: | 963.69 Mb Total Space | 962.28 Mb Free Space | 99.85% Space Free | Partition Type: FAT
Drive E: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/08/26 10:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/09 10:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/03/09 20:54:12 | 000,365,952 | ---- | M] () [Auto] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2009/02/24 18:04:52 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/02/04 18:57:06 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/05/09 23:32:13 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NAVx64\1207010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NAVx64\1207010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/09 09:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/24 10:16:22 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/25 09:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/12/30 08:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2008/12/03 09:21:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/21 13:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/06/04 13:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2012/01/16 04:01:46 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\EX64.SYS -- (NAVEX15)
DRV - [2012/01/16 04:01:46 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\ENG64.SYS -- (NAVENG)
DRV - [2011/12/15 19:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 22:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 12:06:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/06/28 02:57:37 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://myub.buffalo.edu/myub/pw/template/myub.html
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Mcx1-MARTY-PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/09/22 15:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/06/30 22:12:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/05 00:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 17:39:46 | 000,000,000 | ---D | M]
[2011/11/15 17:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/05 00:44:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/04 18:54:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\Marty_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\Marty_ON_C..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Marty_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/07/01 14:45:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/30 22:04:34 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/30 22:04:34 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/06/30 21:27:18 | 000,000,000 | -HSD | C] -- C:\found.016
[2012/06/30 19:52:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/06/30 19:52:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/06/30 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\Marty\AppData\Roaming\Malwarebytes
[2012/06/30 17:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 17:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 17:50:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 17:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/30 14:20:44 | 000,000,000 | ---D | C] -- C:\609e82835773b7b852
[2012/06/29 18:22:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/28 19:49:43 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/06/28 15:02:20 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2012/06/28 15:02:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
[2012/06/28 15:02:19 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2012/06/28 15:02:19 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imagehlp.dll
[2012/06/28 15:02:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2012/06/28 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Chameleon
[2012/06/28 14:22:51 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/06/28 14:22:50 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2012/06/28 14:22:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/28 14:22:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/28 14:22:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/28 14:22:48 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/28 14:22:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/06/28 14:22:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/28 14:22:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2012/06/28 14:22:11 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/06/28 14:22:11 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012/06/28 14:22:11 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012/06/28 14:22:10 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/06/28 14:22:09 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/28 14:22:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/28 14:21:59 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/06/28 14:21:59 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2012/06/28 14:21:47 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/06/28 14:21:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/28 14:21:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/28 14:21:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/28 14:21:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/28 14:17:44 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2012/06/28 14:17:42 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msi.dll
[2012/06/28 14:16:13 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2012/06/28 14:16:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
[2012/06/28 13:13:18 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/28 13:13:18 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2012/06/28 13:13:18 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/28 13:13:00 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/28 13:13:00 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/28 13:13:00 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/28 13:12:41 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/28 13:12:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/28 00:58:59 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012/06/28 00:40:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/01 15:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 15:13:41 | 000,864,552 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_41_00012960.dmp
[2012/07/01 15:13:24 | 000,872,715 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_23_0000e520.dmp
[2012/07/01 15:13:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/07/01 15:13:07 | 3144,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 02:17:28 | 000,854,906 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_28_0000fc0a.dmp
[2012/07/01 02:17:22 | 000,857,349 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_22_0000e37b.dmp
[2012/07/01 02:16:56 | 000,867,429 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_16_55_00007ae9.dmp
[2012/07/01 01:36:53 | 001,955,557 | -H-- | M] () -- C:\Users\Marty\AppData\Local\IconCache.db
[2012/07/01 01:24:26 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 01:24:26 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 22:18:25 | 000,728,186 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012/06/30 22:18:25 | 000,625,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/30 22:18:25 | 000,107,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/30 22:12:34 | 000,861,073 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_34_00012aa8.dmp
[2012/06/30 22:12:29 | 000,860,821 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_29_0001145a.dmp
[2012/06/30 22:12:11 | 000,859,932 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_11_0000cea3.dmp
[2012/06/30 22:09:19 | 002,009,432 | ---- | M] () -- C:\Windows\System32\drivers\NAVx64\1207010.003\Cat.DB
[2012/06/30 21:58:02 | 000,859,296 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_58_02_00016660.dmp
[2012/06/30 21:57:54 | 000,858,390 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_54_0001475b.dmp
[2012/06/30 21:57:34 | 000,853,746 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_31_0000f102.dmp
[2012/06/30 21:43:20 | 000,861,111 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_20_0001e0bd.dmp
[2012/06/30 21:43:14 | 000,858,358 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_14_0001c908.dmp
[2012/06/30 21:42:29 | 000,871,502 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_42_28_00011728.dmp
[2012/06/30 21:42:06 | 000,447,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/30 21:30:31 | 000,859,144 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_31_00018c66.dmp
[2012/06/30 21:30:26 | 000,855,984 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_25_000175cb.dmp
[2012/06/30 21:29:59 | 000,849,792 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_29_56_00010222.dmp
[2012/06/30 20:35:24 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/30 20:33:14 | 000,871,100 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_14_00021b3d.dmp
[2012/06/30 20:33:05 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/06/30 20:33:02 | 000,872,810 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_01_0001e9e1.dmp
[2012/06/30 20:32:34 | 000,857,389 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_32_33_00017ba4.dmp
[2012/06/30 20:06:48 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012/06/30 20:06:48 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/06/30 19:16:52 | 000,863,113 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_51_00014f66.dmp
[2012/06/30 19:16:45 | 000,854,116 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_45_000136d8.dmp
[2012/06/30 19:16:24 | 000,868,541 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_22_0000dcb7.dmp
[2012/06/30 18:41:40 | 000,858,419 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_40_00016151.dmp
[2012/06/30 18:41:30 | 000,863,648 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_30_0001386d.dmp
[2012/06/30 18:41:11 | 000,858,823 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_10_0000eb95.dmp
[2012/06/30 18:39:55 | 000,006,584 | ---- | M] () -- C:\bootsqm.dat
[2012/06/30 18:07:49 | 000,862,110 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_49_000102ec.dmp
[2012/06/30 18:07:40 | 000,866,266 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_40_0000e08e.dmp
[2012/06/30 18:07:20 | 000,870,083 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_19_00008ce3.dmp
[2012/06/30 17:59:27 | 000,853,236 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_26_00013429.dmp
[2012/06/30 17:59:21 | 000,855,669 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_21_00011ddc.dmp
[2012/06/30 17:58:50 | 000,857,918 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_58_48_00009c00.dmp
[2012/06/30 17:58:30 | 000,028,672 | ---- | M] () -- C:\BCD_BACKUP
[2012/06/30 17:50:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 17:36:04 | 000,863,697 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_36_04_00018fff.dmp
[2012/06/30 17:35:58 | 000,864,121 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_58_000177dd.dmp
[2012/06/30 17:35:39 | 000,853,803 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_37_00012654.dmp
[2012/06/30 15:29:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/06/30 14:23:23 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2012/06/30 14:19:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/30 14:03:50 | 000,853,576 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
[2012/06/30 14:03:43 | 000,861,303 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp
[2012/06/30 14:02:56 | 000,853,038 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
[2012/06/29 18:59:32 | 001,428,039 | ---- | M] () -- C:\Users\Marty\Desktop\FRST64.exe
[2012/06/28 16:58:12 | 000,001,209 | ---- | M] () -- C:\Users\Marty\Desktop\cmd.exe.lnk
[2012/06/28 16:41:13 | 000,294,400 | ---- | M] () -- C:\Users\Marty\Desktop\exeHelper.com
[2012/06/28 15:09:24 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/06/28 00:40:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe
[2012/06/28 00:37:52 | 292,176,077 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/01 15:13:41 | 000,864,552 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_41_00012960.dmp
[2012/07/01 15:13:23 | 000,872,715 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_23_0000e520.dmp
[2012/07/01 02:17:28 | 000,854,906 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_28_0000fc0a.dmp
[2012/07/01 02:17:22 | 000,857,349 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_22_0000e37b.dmp
[2012/07/01 02:16:55 | 000,867,429 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_16_55_00007ae9.dmp
[2012/06/30 22:12:34 | 000,861,073 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_34_00012aa8.dmp
[2012/06/30 22:12:29 | 000,860,821 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_29_0001145a.dmp
[2012/06/30 22:12:11 | 000,859,932 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_11_0000cea3.dmp
[2012/06/30 21:58:02 | 000,859,296 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_58_02_00016660.dmp
[2012/06/30 21:57:54 | 000,858,390 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_54_0001475b.dmp
[2012/06/30 21:57:31 | 000,853,746 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_31_0000f102.dmp
[2012/06/30 21:43:20 | 000,861,111 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_20_0001e0bd.dmp
[2012/06/30 21:43:14 | 000,858,358 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_14_0001c908.dmp
[2012/06/30 21:42:28 | 000,871,502 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_42_28_00011728.dmp
[2012/06/30 21:30:31 | 000,859,144 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_31_00018c66.dmp
[2012/06/30 21:30:25 | 000,855,984 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_25_000175cb.dmp
[2012/06/30 21:29:56 | 000,849,792 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_29_56_00010222.dmp
[2012/06/30 20:33:14 | 000,871,100 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_14_00021b3d.dmp
[2012/06/30 20:33:01 | 000,872,810 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_01_0001e9e1.dmp
[2012/06/30 20:32:33 | 000,857,389 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_32_33_00017ba4.dmp
[2012/06/30 19:16:51 | 000,863,113 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_51_00014f66.dmp
[2012/06/30 19:16:45 | 000,854,116 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_45_000136d8.dmp
[2012/06/30 19:16:22 | 000,868,541 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_22_0000dcb7.dmp
[2012/06/30 18:41:40 | 000,858,419 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_40_00016151.dmp
[2012/06/30 18:41:30 | 000,863,648 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_30_0001386d.dmp
[2012/06/30 18:41:10 | 000,858,823 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_10_0000eb95.dmp
[2012/06/30 18:39:55 | 000,006,584 | ---- | C] () -- C:\bootsqm.dat
[2012/06/30 18:07:49 | 000,862,110 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_49_000102ec.dmp
[2012/06/30 18:07:40 | 000,866,266 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_40_0000e08e.dmp
[2012/06/30 18:07:19 | 000,870,083 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_19_00008ce3.dmp
[2012/06/30 17:59:26 | 000,853,236 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_26_00013429.dmp
[2012/06/30 17:59:21 | 000,855,669 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_21_00011ddc.dmp
[2012/06/30 17:58:48 | 000,857,918 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_58_48_00009c00.dmp
[2012/06/30 17:58:29 | 000,028,672 | ---- | C] () -- C:\BCD_BACKUP
[2012/06/30 17:36:04 | 000,863,697 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_36_04_00018fff.dmp
[2012/06/30 17:35:58 | 000,864,121 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_58_000177dd.dmp
[2012/06/30 17:35:37 | 000,853,803 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_37_00012654.dmp
[2012/06/30 14:10:37 | 001,428,039 | ---- | C] () -- C:\Users\Marty\Desktop\FRST64.exe
[2012/06/30 14:03:50 | 000,853,576 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
[2012/06/30 14:03:43 | 000,861,303 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp
[2012/06/30 14:02:53 | 000,853,038 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
[2012/06/28 16:53:37 | 000,001,209 | ---- | C] () -- C:\Users\Marty\Desktop\cmd.exe.lnk
[2012/06/28 16:40:51 | 000,294,400 | ---- | C] () -- C:\Users\Marty\Desktop\exeHelper.com
[2012/06/28 15:09:24 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/06/28 13:20:43 | 001,955,557 | -H-- | C] () -- C:\Users\Marty\AppData\Local\IconCache.db
[2012/01/25 19:56:50 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/10/14 12:11:28 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/14 12:03:29 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/07 02:28:22 | 001,193,320 | ---- | C] () -- C:\Windows\SysWow64\FM20.DLL
[2011/06/28 02:57:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/28 02:57:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/11/02 23:39:34 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/22 20:25:56 | 000,122,720 | ---- | C] () -- C:\Users\Marty\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/13 16:35:52 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe
[2010/09/13 16:35:52 | 000,001,682 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 01:32:39 | 000,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 01:32:39 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009/07/13 22:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/01 00:33:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/04/06 17:51:44 | 000,001,776 | ---- | C] () -- C:\Windows\PCW170.ini
[2007/03/21 08:28:50 | 000,000,634 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.manifest
[2007/03/21 08:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.config
[2006/11/02 08:34:27 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini
========== LOP Check ==========
[2010/09/22 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\acccore
[2011/08/29 01:10:12 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Barnes & Noble
[2011/09/06 02:09:22 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Bizarro DC++
[2011/09/05 22:35:30 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\DC++
[2011/10/14 12:11:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Peachtree
[2010/10/27 08:17:14 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Tific
[2011/10/14 12:08:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Aatrix Software
[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore
[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM Toolbar
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/09/22 15:44:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/11/29 17:06:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/01 17:08:42 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/10/14 12:03:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Pervasive Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/09/04 17:58:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/10/14 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/09/22 15:44:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2012/01/24 18:14:31 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
-
Update: For some reason I can now install and run programs, I am installing malwarebytes now. One problem that still occurs however is if your right click a logo windows explorer freezes
-
Update: Things seem to be working now don't know why... I'm installing malwarebytes now
-
Ok here are the files. Also I noticed most of these scans are for the past 30 days, these virus is a lot older than that. Just letting you know, not sure if this information is important or not.
OTL logfile created on: 6/30/2012 4:56:33 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 111.05 Gb Free Space | 38.77% Space Free | Partition Type: NTFS
Drive E: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/01/28 09:15:24 | 000,290,304 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_27a7f4961a76cb4e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/11/17 15:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_27a7f4961a76cb4e\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/08/26 10:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe -- (NAV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/09 10:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/03/09 20:54:12 | 000,365,952 | ---- | M] () [Auto] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2009/02/24 18:04:52 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/02/04 18:57:06 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV:64bit: - [2011/06/20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/05/09 23:32:13 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NAVx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207000.00D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NAVx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NAVx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207000.00D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/09 09:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/24 10:16:22 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/02/25 09:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/01/28 09:16:06 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/30 08:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2008/12/03 09:21:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/21 13:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/06/04 13:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2012/01/16 04:01:46 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\EX64.SYS -- (NAVEX15)
DRV - [2012/01/16 04:01:46 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\ENG64.SYS -- (NAVENG)
DRV - [2011/12/15 19:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 22:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 12:06:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/06/28 02:57:37 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://myub.buffalo.edu/myub/pw/template/myub.html
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Mcx1-MARTY-PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Marty\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/09/22 15:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/06/30 14:03:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/05 00:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 17:39:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Marty\AppData\Roaming\Move Networks [2010/09/22 15:55:37 | 000,000,000 | ---D | M]
[2010/10/12 11:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marty\AppData\Roaming\Mozilla\Extensions
[2010/10/12 11:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\ubmnghfz.default\extensions
[2011/11/15 17:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2012/06/30 14:03:27 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2012/01/05 00:44:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/04 18:54:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\Marty_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKU\LocalService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Marty_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{49536b28-f84e-11e0-9aa7-00235aad2481}\Shell - "" = AutoRun
O33 - MountPoints2\{49536b28-f84e-11e0-9aa7-00235aad2481}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/06/30 14:20:44 | 000,000,000 | ---D | C] -- C:\609e82835773b7b852
[2012/06/29 18:22:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/28 19:49:43 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/06/28 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Chameleon
[2012/06/28 12:59:32 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Marty\Desktop\dd5.com
[2012/06/28 12:56:37 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Marty\Desktop\dds.scr
[2012/06/28 00:58:59 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012/06/28 00:40:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/30 17:58:30 | 000,028,672 | ---- | M] () -- C:\BCD_BACKUP
[2012/06/30 15:30:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 15:29:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/06/30 15:25:59 | 000,625,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/30 15:25:59 | 000,107,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/30 14:19:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/30 14:11:01 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 14:11:01 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 14:03:50 | 000,853,576 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
[2012/06/30 14:03:43 | 000,861,303 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp
[2012/06/30 14:02:56 | 000,853,038 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
[2012/06/30 14:02:22 | 3144,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 18:59:32 | 001,428,039 | ---- | M] () -- C:\Users\Marty\Desktop\FRST64.exe
[2012/06/28 16:58:12 | 000,001,209 | ---- | M] () -- C:\Users\Marty\Desktop\cmd.exe.lnk
[2012/06/28 16:41:13 | 000,294,400 | ---- | M] () -- C:\Users\Marty\Desktop\exeHelper.com
[2012/06/28 15:17:54 | 000,447,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/28 15:09:24 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/06/28 14:35:12 | 001,012,656 | ---- | M] () -- C:\Users\Marty\Desktop\WiNlOgOn.exe
[2012/06/28 12:59:37 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Marty\Desktop\dd5.com
[2012/06/28 12:56:42 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Marty\Desktop\dds.scr
[2012/06/28 00:40:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe
[2012/06/28 00:37:52 | 292,176,077 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/30 17:58:29 | 000,028,672 | ---- | C] () -- C:\BCD_BACKUP
[2012/06/30 14:10:37 | 001,428,039 | ---- | C] () -- C:\Users\Marty\Desktop\FRST64.exe
[2012/06/30 14:03:50 | 000,853,576 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
[2012/06/30 14:03:43 | 000,861,303 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp
[2012/06/30 14:02:53 | 000,853,038 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
[2012/06/28 16:53:37 | 000,001,209 | ---- | C] () -- C:\Users\Marty\Desktop\cmd.exe.lnk
[2012/06/28 16:40:51 | 000,294,400 | ---- | C] () -- C:\Users\Marty\Desktop\exeHelper.com
[2012/06/28 15:09:24 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/06/28 14:35:09 | 001,012,656 | ---- | C] () -- C:\Users\Marty\Desktop\WiNlOgOn.exe
[2011/10/14 12:11:28 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/14 12:03:29 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/06/28 02:57:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/28 02:57:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/11/02 23:39:34 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/13 16:35:52 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe
[2010/09/13 16:35:52 | 000,001,682 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/01 00:33:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/04/06 17:51:44 | 000,001,776 | ---- | C] () -- C:\Windows\PCW170.ini
[2007/03/21 08:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.config
========== LOP Check ==========
[2010/09/22 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\acccore
[2011/08/29 01:10:12 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Barnes & Noble
[2011/09/06 02:09:22 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Bizarro DC++
[2011/09/05 22:35:30 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\DC++
[2011/10/14 12:11:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Peachtree
[2010/10/27 08:17:14 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Tific
[2011/10/14 12:08:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Aatrix Software
[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore
[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM Toolbar
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/09/22 15:44:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/11/29 17:06:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/01 17:08:42 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/10/14 12:03:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Pervasive Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/09/04 17:58:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/10/14 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/09/22 15:44:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2012/01/24 18:14:31 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
-
I now see what you meant when you said run it throught system recovery, I guess I misread it. I see it says it will not work properly if its not in a recovery envrionment, so I'll do it from there and repost
-
Heres the log
Scan result of Farbar Recovery Scan Tool Version: 28-06-2012 02
Ran by Marty at 30-06-2012 14:10:55
Running from C:\Users\Marty\Desktop
(X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
============ One Month Created Files and Folders ==============
2012-06-30 17:58 - 2012-06-30 17:58 - 00025600 __ASH C:\BCD_BACKUP.LOG
2012-06-30 14:10 - 2012-06-29 18:59 - 01428039 ____A C:\Users\Marty\Desktop\FRST64.exe
2012-06-30 14:09 - 2012-06-30 14:09 - 00000000 ____D C:\70aa3f7f846933a956
2012-06-30 14:03 - 2012-06-30 14:03 - 00861303 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_43_0001a275.dmp
2012-06-30 14:03 - 2012-06-30 14:03 - 00853576 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
2012-06-30 14:02 - 2012-06-30 14:02 - 00853038 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
2012-06-29 18:22 - 2012-06-30 14:10 - 00000000 ____D C:\FRST
2012-06-28 19:49 - 2012-06-30 17:47 - 00000000 ____D C:\NBRT
2012-06-28 16:53 - 2012-06-28 16:58 - 00001209 ____A C:\Users\Marty\Desktop\cmd.exe.lnk
2012-06-28 16:40 - 2012-06-28 16:41 - 00294400 ____A C:\Users\Marty\Desktop\exeHelper.com
2012-06-28 15:09 - 2012-06-28 15:09 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-06-28 15:02 - 2012-03-01 02:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-28 15:02 - 2012-03-01 02:45 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-28 15:02 - 2012-03-01 02:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-28 15:02 - 2012-03-01 02:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-28 15:02 - 2012-03-01 01:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-06-28 15:02 - 2012-03-01 01:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-06-28 15:02 - 2012-03-01 01:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-06-28 14:38 - 2012-06-28 14:38 - 00000000 ____D C:\Users\Marty\Desktop\Chameleon
2012-06-28 14:35 - 2012-06-28 14:35 - 01012656 ____A C:\Users\Marty\Desktop\WiNlOgOn.exe
2012-06-28 14:23 - 2012-04-20 02:21 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 14:22 - 2012-05-14 23:56 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 14:22 - 2012-05-14 23:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 14:22 - 2012-05-14 23:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 14:22 - 2012-05-14 23:06 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 14:22 - 2012-05-02 01:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-28 14:22 - 2012-04-27 23:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-28 14:22 - 2012-04-20 02:25 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 14:22 - 2012-04-20 02:25 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 14:22 - 2012-04-20 02:23 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-28 14:22 - 2012-04-20 02:21 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 14:22 - 2012-04-20 02:21 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-28 14:22 - 2012-04-20 02:21 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-28 14:22 - 2012-04-20 02:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 14:22 - 2012-04-20 02:18 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-28 14:22 - 2012-04-20 01:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 14:22 - 2012-04-20 01:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-28 14:22 - 2012-04-20 01:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-28 14:22 - 2012-04-20 01:00 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-28 14:22 - 2012-04-20 00:15 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 14:22 - 2012-04-19 23:58 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-28 14:22 - 2012-04-19 23:24 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 14:22 - 2012-03-17 03:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-28 14:21 - 2012-05-14 21:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-28 14:21 - 2012-04-26 01:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-28 14:21 - 2012-04-26 01:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-28 14:21 - 2012-04-26 01:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-28 14:21 - 2012-04-17 01:38 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 14:21 - 2012-04-17 00:45 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 01837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 01541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-06-28 14:17 - 2012-04-07 08:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-28 14:17 - 2012-04-07 07:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-28 14:16 - 2012-04-24 01:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-28 14:16 - 2012-04-24 01:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-28 14:16 - 2012-04-24 01:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-28 14:16 - 2012-04-24 00:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-28 14:16 - 2012-04-24 00:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-28 14:16 - 2012-04-24 00:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-28 14:15 - 2012-03-30 07:09 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-28 13:22 - 2012-06-28 13:27 - 00004058 ____A C:\Windows\IE9_main.log
2012-06-28 13:13 - 2012-06-02 18:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-28 13:13 - 2012-06-02 18:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-28 13:13 - 2012-06-02 18:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-28 13:13 - 2012-06-02 18:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-28 13:12 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-28 13:12 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-28 12:59 - 2012-06-28 12:59 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dd5.com
2012-06-28 12:56 - 2012-06-28 12:56 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dds.scr
2012-06-28 00:58 - 2012-06-28 00:58 - 00000000 ____D C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}
2012-06-28 00:40 - 2012-06-28 00:40 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Marty\Desktop\asde.exe
2012-06-28 00:38 - 2012-06-28 00:38 - 00270536 ____A C:\Windows\Minidump\062812-29889-01.dmp
============ 3 Months Modified Files and Folders =============
2012-06-30 17:58 - 2012-06-30 17:58 - 00028672 ____A C:\BCD_BACKUP
2012-06-30 17:58 - 2012-06-30 17:58 - 00025600 __ASH C:\BCD_BACKUP.LOG
2012-06-30 17:47 - 2012-06-28 19:49 - 00000000 ____D C:\NBRT
2012-06-30 17:21 - 2011-01-24 00:47 - 00000000 ____D C:\users\Mcx1-MARTY-PC
2012-06-30 17:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2012-06-30 17:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2012-06-30 17:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-30 14:10 - 2012-06-29 18:22 - 00000000 ____D C:\FRST
2012-06-30 14:09 - 2012-06-30 14:09 - 00000000 ____D C:\70aa3f7f846933a956
2012-06-30 14:08 - 2010-09-22 16:14 - 01743460 ____A C:\Windows\WindowsUpdate.log
2012-06-30 14:05 - 2010-09-22 15:20 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-30 14:05 - 2010-09-22 15:20 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-30 14:03 - 2012-06-30 14:03 - 00861303 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_43_0001a275.dmp
2012-06-30 14:03 - 2012-06-30 14:03 - 00853576 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
2012-06-30 14:02 - 2012-06-30 14:02 - 00853038 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
2012-06-30 14:02 - 2010-09-22 15:22 - 00000000 ____D C:\users\Marty
2012-06-30 14:02 - 2009-08-13 03:07 - 00136636 ____A C:\aaw7boot.log
2012-06-30 14:02 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-30 14:02 - 2009-07-14 00:51 - 03654223 ____A C:\Windows\setupact.log
2012-06-29 18:59 - 2012-06-30 14:10 - 01428039 ____A C:\Users\Marty\Desktop\FRST64.exe
2012-06-28 21:02 - 2009-07-14 01:13 - 00728058 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-28 16:58 - 2012-06-28 16:53 - 00001209 ____A C:\Users\Marty\Desktop\cmd.exe.lnk
2012-06-28 16:41 - 2012-06-28 16:40 - 00294400 ____A C:\Users\Marty\Desktop\exeHelper.com
2012-06-28 15:17 - 2009-07-14 00:45 - 00447760 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-28 15:09 - 2012-06-28 15:09 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-06-28 15:01 - 2009-07-14 03:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-28 14:38 - 2012-06-28 14:38 - 00000000 ____D C:\Users\Marty\Desktop\Chameleon
2012-06-28 14:35 - 2012-06-28 14:35 - 01012656 ____A C:\Users\Marty\Desktop\WiNlOgOn.exe
2012-06-28 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-06-28 13:27 - 2012-06-28 13:22 - 00004058 ____A C:\Windows\IE9_main.log
2012-06-28 12:59 - 2012-06-28 12:59 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dd5.com
2012-06-28 12:56 - 2012-06-28 12:56 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dds.scr
2012-06-28 00:58 - 2012-06-28 00:58 - 00000000 ____D C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}
2012-06-28 00:40 - 2012-06-28 00:40 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Marty\Desktop\asde.exe
2012-06-28 00:38 - 2012-06-28 00:38 - 00270536 ____A C:\Windows\Minidump\062812-29889-01.dmp
2012-06-28 00:38 - 2010-10-01 21:08 - 00000000 ____D C:\Windows\Minidump
2012-06-28 00:37 - 2010-09-07 14:50 - 292176077 ____A C:\Windows\MEMORY.DMP
2012-06-03 23:28 - 2011-04-01 11:17 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 18:19 - 2012-06-28 13:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-06-28 13:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-06-28 13:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:15 - 2012-06-28 13:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 15:19 - 2012-06-28 13:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-28 13:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-14 23:56 - 2012-06-28 14:22 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 23:52 - 2012-06-28 14:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 23:08 - 2012-06-28 14:22 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 23:06 - 2012-06-28 14:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 21:32 - 2012-06-28 14:21 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-02 01:32 - 2012-06-28 14:22 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 23:50 - 2012-06-28 14:22 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 01:34 - 2012-06-28 14:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 01:34 - 2012-06-28 14:21 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 01:28 - 2012-06-28 14:21 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 01:59 - 2012-06-28 14:16 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 01:59 - 2012-06-28 14:16 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 01:59 - 2012-06-28 14:16 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 00:47 - 2012-06-28 14:16 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 00:47 - 2012-06-28 14:16 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 00:47 - 2012-06-28 14:16 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-20 02:25 - 2012-06-28 14:22 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-20 02:25 - 2012-06-28 14:22 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-20 02:23 - 2012-06-28 14:22 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-20 02:21 - 2012-06-28 14:23 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-20 02:21 - 2012-06-28 14:22 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-20 02:21 - 2012-06-28 14:22 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-20 02:21 - 2012-06-28 14:22 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-20 02:21 - 2012-06-28 14:22 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-20 02:18 - 2012-06-28 14:22 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-20 01:07 - 2012-06-28 14:22 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-20 01:07 - 2012-06-28 14:22 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-20 01:03 - 2012-06-28 14:22 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-20 01:00 - 2012-06-28 14:22 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-20 00:15 - 2012-06-28 14:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 23:58 - 2012-06-28 14:22 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-19 23:24 - 2012-06-28 14:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-17 01:38 - 2012-06-28 14:21 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-17 00:45 - 2012-06-28 14:21 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 08:18 - 2012-06-28 14:17 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 07:34 - 2012-06-28 14:17 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 39%
Total physical RAM: 3998.96 MB
Available physical RAM: 2430.27 MB
Total Pagefile: 7996.06 MB
Available Pagefile: 6438.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:286.41 GB) (Free:109.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.9 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 2048 KB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 286 GB 1024 KB
Partition 2 Primary 11 GB 286 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 286 GB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 11 GB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-28 21:20
======================= End Of Log ==========================
-
So I tried both the usb and cd but whenever I try to boot to it says something like media failure and goes to the regular boot. However I tried clicking the file through the cd and it opened up, should I just use it through windows?
-
Yes I do. I also tried using the chameleon feature of malwarebytes. I copied it over from another computer onto the infected one. The actual chameleon program was able to open up and I tested all 12 but none of them seemed to work.
-
I tried downloading both of them, however they never run. And every time I try to right click them(or most programs) windows explorer stops responding and has to restart.
-
Hey guys,
so my computer won't open any bascially any .exe files. The only files I can open however is like IE or the control panel. Can't open anything else, tried installing malwarebytes but it wouldn't let me. Please let me know if you have any idea whats wrong with my computer
Can't open anything
in Resolved Malware Removal Logs
Posted
The past two times I got an error code of
Code 80246007
Code 92D
But its honestly not that big of a deal. But I'd like to thank you for your time and helping me fix the computer. Thanks