Jump to content

Recommended Posts

Hello,

I've been infected with Win 7 Anti-Virus 2012. I think that has been gotten rid of, but I keep getting pop-ups from avast about C:\Windows\assembly\temp\U\80000032.$ infected with Win32:DNSChanger-VJ [Trj] and several other trojans some I think are backdoor trojans, which are not deleting and google redirects. PUP.Bitminer keeps popping up in my MBAM scans but not deleting. My system has crashed several time since 12/14/2011 and I would appreciate any help with these issues. attached are my DDS Scans

Recent DDS Scan

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Run by Michela at 18:15:46 on 2011-12-28

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2378 [GMT -6:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

svchost.exe

svchost.exe

svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

C:\Windows\system32\igfxext.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\real\realplayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

svchost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden

uRun: [Facebook Update] "C:\Users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\Michela\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

Trusted Zone: $talisma_url$

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2FB0FBA6-6420-43BE-950B-BE7DDB297058} : DhcpNameServer = 77.244.128.60 77.244.128.61

TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\245616E69656 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\24F696E676F60284F6473707F647 : DhcpNameServer = 66.103.80.4 66.103.64.4

TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\9454353547574656E64737 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\E4544574541425 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\E474232523 : DhcpNameServer = 192.168.1.1 68.238.96.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun-x64: [(Default)]

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - component: C:\Program Files\Defender Pro\Defender Pro 15-in-1\bdaphffext\components\bdaphff3.6.dll

FF - component: C:\Program Files\Defender Pro\Defender Pro 15-in-1\bdaphffext\components\bdaphff3.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa2.dll

FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa3.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Michela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Michela\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-28 44768]

R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-7-6 20544]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-28 652872]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-15 517632]

R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2011-7-15 315392]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-7-8 25824]

R2 PingTaisWz;PingTaisWz;C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe [2009-12-31 173440]

R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]

R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]

R2 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-4-15 62776]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]

R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]

R2 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-4-9 803696]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-2-11 603896]

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-25 135664]

S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-25 135664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-28 23:22:25 709968 ----a-w- C:\Windows\isRS-000.tmp

2011-12-28 22:32:43 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-12-28 22:32:42 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-12-28 22:32:18 41184 ----a-w- C:\Windows\avastSS.scr

2011-12-28 22:04:41 1060864 ----a-w- C:\Windows\SysWow64\MFC71.DLL

2011-12-28 22:04:41 -------- d-----w- C:\Program Files (x86)\Symantec

2011-12-28 21:50:05 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-26 08:14:35 0 ---ha-w- C:\Users\Michela\AppData\Local\BITBCCC.tmp

2011-12-26 08:02:46 -------- d-----w- C:\Users\Michela\AppData\Local\CrashDumps

2011-12-22 05:19:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-19 08:31:21 -------- d-----w- C:\Users\Michela\AppData\Roaming\QuickScan

2011-12-19 08:28:12 0 ---ha-w- C:\Users\Michela\AppData\Local\BIT2CEC.tmp

2011-12-19 04:50:28 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2011-12-19 02:14:36 -------- dc-h--w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2011-12-19 02:14:35 -------- d-----w- C:\Program Files (x86)\Uniblue

2011-12-19 01:02:05 -------- d-----w- C:\Users\Michela\AppData\Roaming\Defender Pro

2011-12-19 00:55:46 -------- d-----w- C:\ProgramData\bdch

2011-12-19 00:36:58 -------- d-----w- C:\ProgramData\BitDefender

2011-12-19 00:35:26 -------- d-----w- C:\Program Files\Defender Pro

2011-12-19 00:22:16 -------- d-----w- C:\ProgramData\Defender Pro

2011-12-19 00:22:16 -------- d-----w- C:\Program Files\Common Files\Defender Pro

2011-12-19 00:22:10 100792 ----a-w- C:\ProgramData\bdinstall.bin

2011-12-17 19:52:53 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FE64A51-5BC5-49D6-BA67-A50BC4D61B4E}\mpengine.dll

2011-12-17 19:52:00 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-17 19:50:19 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-12-17 19:50:14 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-17 19:50:13 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-17 19:44:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-17 19:44:44 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-17 09:11:29 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-12-17 09:10:48 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-12-17 09:10:48 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-12-17 06:49:19 -------- d-----w- C:\Users\Michela\AppData\Roaming\Malwarebytes

2011-12-16 20:45:26 -------- d-----w- C:\Users\Michela\AppData\Roaming\Tific

2011-12-16 20:24:32 -------- d-----w- C:\Users\Michela\AppData\Local\Symantec

2011-12-16 20:07:29 -------- d-----w- C:\ProgramData\PCSettings

2011-12-16 08:32:55 -------- d-----we C:\Windows\system64

2011-12-15 03:44:10 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-14 17:32:36 -------- d-----w- C:\Windows\SysWow64\sdtmp

2011-12-10 22:32:49 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2011-12-10 22:31:28 -------- d-----w- C:\Windows\PCHEALTH

2011-12-10 22:31:28 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-12-10 22:14:06 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

.

==================== Find3M ====================

.

2011-12-10 22:24:45 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-09 12:58:51 583296 ----a-w- C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-07-08 16:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe

.

============= FINISH: 18:19:15.03 ===============

****here is my attach file*********

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/31/2009 10:02:11 PM

System Uptime: 12/28/2011 6:04:34 PM (0 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Core2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 193.08 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP279: 12/10/2011 4:08:57 PM - Installed Microsoft Office Professional Plus 2010

RP280: 12/13/2011 5:20:08 AM - Windows Update

RP282: 12/13/2011 5:33:30 AM - Windows Defender Checkpoint

RP283: 12/14/2011 3:00:33 AM - Windows Update

RP284: 12/15/2011 3:00:31 AM - Windows Update

RP285: 12/16/2011 12:50:00 PM - Windows Update

RP286: 12/17/2011 1:11:10 AM - Windows Update

RP287: 12/17/2011 1:50:46 PM - Windows Update

RP288: 12/18/2011 1:45:30 PM - Windows Update

RP289: 12/18/2011 5:29:27 PM - Removed McAfee VirusScan Enterprise

RP290: 12/18/2011 5:36:54 PM - Removed McAfee Agent.

RP291: 12/18/2011 10:49:56 PM - Windows Update

RP292: 12/19/2011 3:00:42 AM - Windows Update

RP293: 12/20/2011 1:00:56 PM - Windows Update

RP294: 12/25/2011 2:13:40 AM - avast! Free Antivirus Setup

RP295: 12/25/2011 6:01:06 AM - avast! Free Antivirus Setup

RP296: 12/25/2011 1:25:46 PM - Windows Update

RP297: 12/27/2011 11:22:39 AM - Restore Operation

RP298: 12/28/2011 3:00:18 AM - Windows Update

RP299: 12/28/2011 4:31:36 PM - avast! Free Antivirus Setup

.

==== Installed Programs ======================

.

AC3Filter 1.63b

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader 9.2

Amazon Links

Apple Application Support

Apple Software Update

AT&T Service & Support Tool

att.net Internet Mail

avast! Free Antivirus

Cisco AnyConnect VPN Client

Cisco Connect

Comcast Desktop Software (v1.2.0.9)

Compatibility Pack for the 2007 Office system

CRI-Resizer

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Desktop Doctor

Direct DiscRecorder

DVD MovieFactory for TOSHIBA

EasyBits GO

Facebook Plug-In

Facebook Video Calling 1.0.0.8953

Google Toolbar for Internet Explorer

Google Update Helper

Harry Potter™ Calendar Widget

Java Auto Updater

Java 6 Update 22

LightScribe 1.4.136.1

LiveUpdate 3.2 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.60.0.1800

Memeo Instant Backup

Memeo Send

Memeo Share

Memory Clinic

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Essentials

Netzero Internet Access Installer

ooVoo

Picasa 3

QuickBooks Financial Center

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8136 8168 8169 Ethernet Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Seagate Dashboard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype Launcher

Skype Toolbars

Skype™ 5.5

Sony Picture Utility

Spelling Dictionaries Support For Adobe Reader 9

Spotify

swMSM

TOSHIBA Agreement Notification Utility

Toshiba Application Installer

TOSHIBA Assist

TOSHIBA DVD PLAYER

TOSHIBA eco Utility

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Internal Modem Region Select Utility

Toshiba Quality Application

Toshiba Registration

Toshiba Resources Page

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Upgrade Assistant

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

Uniblue RegistryBooster

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VLC media player 1.1.7

Vz In Home Agent

WavePad Sound Editor

WildTangent Games

Windows 7 Upgrade Advisor

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

12/28/2011 6:06:29 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

12/28/2011 6:05:53 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/28/2011 6:05:47 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

12/28/2011 6:05:47 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the file specified.

12/28/2011 6:05:31 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

12/28/2011 6:05:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

12/28/2011 6:03:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/28/2011 6:03:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2011 6:03:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/28/2011 6:03:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/28/2011 6:03:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/28/2011 6:03:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6

12/28/2011 6:03:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/28/2011 6:01:00 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

12/28/2011 5:59:00 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/28/2011 5:51:42 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

12/28/2011 5:51:42 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/28/2011 5:49:32 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

12/28/2011 5:49:30 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

12/28/2011 5:45:27 PM, Error: Service Control Manager [7001] - The TPCH Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: After starting, the service hung in a start-pending state.

12/27/2011 11:36:55 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

12/27/2011 11:26:21 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the TPCHSrv service.

12/25/2011 9:45:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi Bdfndisf bdfsfltr bdfwfpf Bdvedisk DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

12/25/2011 9:45:05 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/25/2011 9:45:05 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 9:45:05 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 9:45:05 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/25/2011 9:45:05 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/25/2011 9:45:05 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 9:45:05 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/25/2011 9:45:05 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 9:45:05 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/25/2011 9:43:29 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

12/24/2011 5:05:45 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Netman service.

12/23/2011 7:55:45 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{78BDB85A-779B-4502-8761-6D53EBA4BA48} because another computer on the network has the same name. The server could not start.

12/22/2011 5:33:53 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

12/21/2011 8:19:39 PM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (ddoctorv2) service terminated unexpectedly. It has done this 1 time(s).

12/21/2011 8:19:35 PM, Error: Service Control Manager [7034] - The TOSHIBA Navi Support Service service terminated unexpectedly. It has done this 1 time(s).

12/21/2011 8:19:35 PM, Error: Service Control Manager [7034] - The Seagate Dashboard Service service terminated unexpectedly. It has done this 1 time(s).

12/21/2011 8:19:35 PM, Error: Service Control Manager [7034] - The PingTaisWz service terminated unexpectedly. It has done this 1 time(s).

12/21/2011 8:19:35 PM, Error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).

12/21/2011 8:19:34 PM, Error: Service Control Manager [7034] - The McciServiceHost service terminated unexpectedly. It has done this 1 time(s).

12/21/2011 8:19:34 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

12/21/2011 8:19:34 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

12/21/2011 8:19:33 PM, Error: Service Control Manager [7034] - The TOSHIBA Web Camera Service service terminated unexpectedly. It has done this 1 time(s).

12/21/2011 8:19:32 PM, Error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Thanks!

Link to post
Share on other sites

  • Replies 80
  • Created
  • Last Reply

Top Posters In This Topic

Hello Mkaygee,

The log shows the system has 2 antivirus programs: Norton360 and Avast (which appears to be a recent install)

Having 2 antivirus apps active at same time will cause gridlock.

Tell me if Norton360 came pre-installed with the pc? Is the license current or expired?

When you got Avast?

If the license of Norton 360 is expired, you should un-install it and restart the system fresh. If so, then also, start Avast and make very sure it is up-to-date.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Copy and paste the contents of Checkup.txt in next reply.

There will be more to do after this.

Link to post
Share on other sites

Having 2 antivirus apps active at same time will cause gridlock.

Tell me if Norton360 came pre-installed with the pc?

Norton360 was a free trial downloaded from the internet. It should be uninstalled.

Is the license current or expired?

When you got Avast?

I had avast for months before the infection, but deleted it when it didn't get rid of the virus, and installed the norton trial. Then installed Bit pro-defender but that never worked to fix re-directs or , so it was uninstalled. I recently re-installed AVAST to have some protection.

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 22

Java version out of date!

Adobe Flash Player 10.3.183.11 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (9.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

Thanks.

Link to post
Share on other sites

NOTE: Please only use the AddReply button when starting your replies.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gifIf you are a casual viewer, do NOT try this on your system!

If you are not Mkaygee and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by RIGHT-click on the icon and select Run As administrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

  • Please download
Rootkit Unhooker and save it to your desktop.
Double-click RKUnhookerLE.exe to run it. If running Windows 7 or Vista, do a Right-Click on RKUnhookerLE and select Run As Administrator.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
This log may be very large so please use multiple posts if need be.

Note:You may get this warning. If so, please ignore it.

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

Copy the entire contents of the report and paste it in a reply here for review.

Step 4

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the MBAM log, and the C:\Combofix.txt log

Link to post
Share on other sites

Hello,

Sorry for the delay, I can't seem to get rid of Norton 360 though it is not listed under installed programs. I downloaded and ran a Norton uninstaller but seemingly to no avail, as combofix says it is still on my computer running live protection. I ran the scan anyway because I know Norton shouldn't be working.

Here are my logs

ComboFix 11-12-29.05 - Michela 12/29/2011 16:46:02.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2265 [GMT -6:00]

Running from: c:\users\Michela\Desktop\ComboFix.exe

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))

.

.

2011-12-29 23:34 . 2011-12-29 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-29 20:42 . 2011-12-29 20:42 -------- d-----w- c:\program files (x86)\ERUNT

2011-12-28 22:32 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-12-28 22:32 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-12-28 22:32 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-12-28 22:32 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-12-28 22:32 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-28 22:32 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-12-28 22:32 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2011-12-28 22:32 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-12-28 22:04 . 2003-03-19 03:19 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL

2011-12-28 21:50 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-26 08:14 . 2011-12-26 08:14 0 ---ha-w- c:\users\Michela\AppData\Local\BITBCCC.tmp

2011-12-26 08:02 . 2011-12-26 08:02 -------- d-----w- c:\users\Michela\AppData\Local\CrashDumps

2011-12-22 05:19 . 2011-12-28 23:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-19 08:31 . 2011-12-19 08:31 -------- d-----w- c:\users\Michela\AppData\Roaming\QuickScan

2011-12-19 08:28 . 2011-12-19 08:28 0 ---ha-w- c:\users\Michela\AppData\Local\BIT2CEC.tmp

2011-12-19 04:50 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2011-12-19 02:14 . 2011-12-27 17:34 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2011-12-19 02:14 . 2011-12-19 02:14 -------- d-----w- c:\program files (x86)\Uniblue

2011-12-19 01:02 . 2011-12-19 01:02 -------- d-----w- c:\users\Michela\AppData\Roaming\Defender Pro

2011-12-19 00:55 . 2011-12-19 00:55 -------- d-----w- c:\programdata\bdch

2011-12-19 00:36 . 2011-12-19 00:53 -------- d-----w- c:\programdata\BitDefender

2011-12-19 00:35 . 2011-12-28 21:30 -------- d-----w- c:\program files\Defender Pro

2011-12-19 00:22 . 2011-12-28 21:30 -------- d-----w- c:\programdata\Defender Pro

2011-12-19 00:22 . 2011-12-19 00:35 -------- d-----w- c:\program files\Common Files\Defender Pro

2011-12-19 00:22 . 2011-12-28 21:30 100792 ----a-w- c:\programdata\bdinstall.bin

2011-12-19 00:10 . 2011-12-27 17:34 -------- d-----w- c:\users\Virus Protection

2011-12-17 19:52 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FE64A51-5BC5-49D6-BA67-A50BC4D61B4E}\mpengine.dll

2011-12-17 19:52 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-17 19:50 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:50 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-17 19:50 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-17 19:44 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-17 19:44 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-17 09:11 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-12-17 09:10 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2011-12-17 09:10 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2011-12-17 07:17 . 2011-12-17 07:17 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-12-17 06:49 . 2011-12-17 06:49 -------- d-----w- c:\users\Michela\AppData\Roaming\Malwarebytes

2011-12-16 20:45 . 2011-12-16 20:45 -------- d-----w- c:\users\Michela\AppData\Roaming\Tific

2011-12-16 20:37 . 2011-12-17 09:11 -------- dc----w- c:\windows\system32\DRVSTORE

2011-12-16 20:24 . 2011-12-16 20:24 -------- d-----w- c:\users\Michela\AppData\Local\Symantec

2011-12-16 20:07 . 2011-12-16 20:07 -------- d-----w- c:\programdata\PCSettings

2011-12-16 08:31 . 2011-12-16 08:31 -------- d-----w- c:\windows\Sun

2011-12-15 03:44 . 2011-12-26 12:49 -------- d-----w- c:\programdata\Malwarebytes

2011-12-14 17:32 . 2011-12-14 17:48 -------- d-----w- c:\windows\SysWow64\sdtmp

2011-12-10 22:32 . 2011-12-10 22:32 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2011-12-10 22:31 . 2011-12-10 22:31 -------- d-----w- c:\windows\PCHEALTH

2011-12-10 22:31 . 2011-12-10 22:31 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2011-12-10 22:31 . 2011-12-10 22:31 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2011-12-10 22:14 . 2011-12-10 22:14 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 22:24 . 2011-07-15 23:20 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-28 18:01 . 2011-08-01 06:55 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-09 12:58 . 2011-11-09 12:58 583296 ----a-w- c:\windows\system32\drivers\NISx64\1008000.029\cchpx64.sys

2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2010-07-08 16:37 . 2010-07-08 16:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]

"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

"Facebook Update"="c:\users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]

"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-12-09 274608]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-07-08 136416]

"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

c:\users\Michela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-9-24 344064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 135664]

R2 PingTaisWz;PingTaisWz;c:\programdata\Toshiba\ToshibaSevenComp\PingTaisWizard.exe [2009-05-23 173440]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 135664]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]

S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-07-08 25824]

S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 251392]

S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]

S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-10 803696]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeapfk

*Deregistered* - mfeavfk

*Deregistered* - mfehidk

*Deregistered* - mferkdet

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4034558274-241080843-1589384674-1000Core.job

- c:\users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 05:54]

.

2011-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4034558274-241080843-1589384674-1000UA.job

- c:\users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 05:54]

.

2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 15:25]

.

2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-25 15:25]

.

2011-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4034558274-241080843-1589384674-1000.job

- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

.

2011-12-29 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-19 08:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1713448]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1123840]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: $talisma_url$

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-TPCHWMsg - c:\program files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe

HKLM-Run-combofix - c:\combofix\CF16977.3XE

AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@SACL=

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]

@Denied: (A 2) (Everyone)

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-12-29 17:56:45

ComboFix-quarantined-files.txt 2011-12-29 23:56

.

Pre-Run: 250,312,491,008 bytes free

Post-Run: 250,189,295,616 bytes free

.

- - End Of File - - 890E7F1C6E39D9BA6F42772E2B20C821

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.24.05

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Michela :: MGRANT-PC [administrator]

Protection: Enabled

12/29/2011 6:05:00 PM

mbam-log-2011-12-29 (18-05-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 193946

Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thank you.

Link to post
Share on other sites

I also ran a full Scan with updated malwarebytes and 1 infection was found and deleted. I haven't restarted the computer yet.

alwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.30.01

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Michela :: MGRANT-PC [administrator]

Protection: Enabled

12/29/2011 6:51:19 PM

mbam-log-2011-12-29 (18-51-19).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 394338

Time elapsed: 1 hour(s), 30 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\assembly\temp\U\000000cf.@ (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Howdy KkayGee,

Your last MBAM run found one of the "critters".

I want to insure that your Avast is fully up-to-date.

Startup your Avast. Run it's Update function and make sure the program and the definitions are up-to-date.

Next, then, I'd like for you to do an online scan.

See How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Now, close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the AVAST antivirus program.

Reply with copy of the Eset scan log

Edited by Maurice Naggar
Updated
Link to post
Share on other sites

Hello,

Attached is the Scan log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a0a1e4b8c5ab5544a4a1dbed7dd1ade3

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-30 04:43:14

# local_time=2011-12-29 10:43:14 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 66 94 888870 76758272 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=216320

# found=9

# cleaned=9

# scan_time=5372

C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Michela\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Virus Protection\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K8VFA5BJ\registrybooster[2].exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

Thanks!

Link to post
Share on other sites

There's 3 items on this system that are out of date and need to be at latest release version.

Java runtime

Adobe Reader

and Flash Player

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Windows 7/XP/Vista/2000/2003/2008 Offline and
    save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Click the Start button , click Control Panel, and then select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586-s.exe to install the newest version.
    ( jre-6u30-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

If you want to also un-check the "Check for updates automatically" you may:

Click the Update tab. un-check the line if it is checked.

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 30 from Sun Microsystems Inc.

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Click the Start button , click Control Panel, and then select Programs and Features. Remove Adobe Reader.

ALSO De-install Flash Player

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Get the latest Flash Player from http://get.adobe.com/flashplayer/

Tell me, How is your system now?

Link to post
Share on other sites

Hi,

What are you trying to "set" on the Windows firewall?

Please try this:

Start MBAM, click on the TAB "Protection" and un-check "Start protection module with Windows" and un-check "Enable protection module". and press EXIT button.

See if that makes any difference. If it does not, logoff and restart Windows.

Link to post
Share on other sites

In security, I'm am trying to turn on Network Firewall, I click 'turn on now' and it says "Action center can't turn on windows firewall" turn it on manually. When I try to do that, I get the "I get an error message saying Windows can't change some of it's settings

Error code: 0x080070424" message I said earlier.

MBAM won't let me uncheck 'enable protection module'; it's checked and grayed-out.

I'm restarting with the 1st one unchecked.

Is it important that I have this firewall?

Thanks!

Link to post
Share on other sites

The second run of MBAM and the Eset online scan removed remaining traces of the rogue.

I want to suggest your run another scan and let's see the results. If they are good, we can leave the system as is for a few days, but later on make sure you get back to this topic so I can guide you to removing the tools we used.

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer by RIGHT-Click on it (or it's icon on desktop, if present) and select Run as Adminitrator

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-ENABLE your antivirus program now !!

Happy (early) New Year !

Link to post
Share on other sites

Happy new year as well!

Here's the log,

QuickScan 32-bit v0.9.9.101

---------------------------

Scan date: Fri Dec 30 13:22:32 2011

Machine ID: 341592E1

No infection found.

-------------------

Processes

---------

Adobe Acrobat Update Service 1700 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

avast! Antivirus 1236 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

avast! Antivirus 4784 C:\Program Files\AVAST Software\Avast\AvastUI.exe

Cisco AnyConnect VPN Client 1068 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

GoFlex Home QuickConnect 2656 C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

Google Toolbar for Internet Explorer 5748 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

Malwarebytes Anti-Malware 5292 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

Malwarebytes Anti-Malware 4140 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

mcci+McciContextHookShim 3076 C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

Memeo Instant Backup 4876 C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

MemeoDashboardService 1612 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

Nero Home 3520 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PingTaisWizard.exe 1304 C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe

RealPlayer (32-bit) 4348 C:\Program Files (x86)\real\realplayer\Update\realsched.exe

Seagate Dashboard 4980 C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

Windows® Internet Explorer 392 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 3740 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 5496 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 5544 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) GoogleToolbarNotifier 3276 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) LightScribe 1884 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(verified) mcci+McciCMService 1908 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

(verified) mcci+McciServiceHost 1992 C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe

(verified) Nero Home 3952 C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

(verified) Nero Home 3216 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

(verified) Picture Motion Browser 112 C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

(verified) SupportSoft sprtcmd 4292 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe

(verified) SupportSoft sprtsvc 1788 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

(verified) TOSHIBA DVD Player 2212 C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

(verified) TOSHIBA Web Camera Application 1748 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

Network activity

----------------

Process iexplore.exe (392) connected on port 80 (HTTP) --> 173.194.64.95

Process iexplore.exe (3740) connected on port 80 (HTTP) --> 74.125.227.65

Process iexplore.exe (3740) connected on port 443 (HTTP over SSL) --> 74.125.227.89

Process iexplore.exe (3740) connected on port 443 (HTTP over SSL) --> 173.194.64.95

Process iexplore.exe (3740) connected on port 443 (HTTP over SSL) --> 173.194.64.95

Process iexplore.exe (3740) connected on port 80 (HTTP) --> 91.199.104.31

Process iexplore.exe (3740) connected on port 80 (HTTP) --> 173.194.64.95

Process iexplore.exe (5496) connected on port 80 (HTTP) --> 66.235.142.24

Process iexplore.exe (5496) connected on port 80 (HTTP) --> 66.235.142.24

Process iexplore.exe (5496) connected on port 80 (HTTP) --> 74.125.227.65

Process iexplore.exe (5496) connected on port 80 (HTTP) --> 74.125.227.65

Autoruns and critical files

---------------------------

Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe

Facebook Update C:\Users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe

Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

mcci+McciTrayApp C:\Program Files\ATT-SST\McciTrayApp.exe

Memeo Backup C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe

Memeo Dashboard C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe

Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

Microsoft® Windows® Operating System C:\Windows\system32\Mystify.scr

QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

RealPlayer (32-bit) C:\Program Files (x86)\real\realplayer\Update\realsched.exe

Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

TOSHIBA eco Utility C:\Program Files\TOSHIBA\TECO\Teco.exe

TOSHIBA HDD SSD Alert C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

TOSHIBA PC Health Monitor C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

TOSHIBA Power Saver C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE

TOSHIBA Service Station C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

TOSHIBA Web Camera C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

TOSHIBA Zooming Utility C:\Program Files\Toshiba\SmoothView\SmoothView.exe

Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe

(verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) Nero Home C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

(verified) Picture Motion Browser C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

(verified) SmartFaceVWatcher C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

(verified) SupportSoft Container C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe

(verified) SupportSoft sprtcmd C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe

(verified) TOSHIBA Button Support C:\Program Files\TOSHIBA\TBS\HSON.exe

(verified) TOSHIBA Flash Cards C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

avast! WebRep C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Facebook Plugin C:\Users\Michela\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

Facebook Video Calling Plugin C:\Users\Michela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

Google Toolbar for Internet Explorer C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

Google Update C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

Java Deployment Toolkit 6.0.220.4 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL

Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

Motive Plugin C:\Program Files (x86)\Common Files\Motive\npMotive.dll

NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

Picasa C:\Program Files (x86)\Picasa2\npPicasa2.dll

Picasa C:\Program Files (x86)\Picasa2\npPicasa3.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

RealJukebox NS Plugin C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

RealJukebox NS Plugin c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

RealPlayer Download and Record Plugin C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

RealPlayer Version Plugin C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

RealPlayer Version Plugin c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

RealPlayer G2 LiveConnect-Enabled P C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

RealPlayer G2 LiveConnect-Enabled P c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

RealPlayer HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

Windows Genuine Advantage C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll

(verified) RadioWMPCore.dll C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}\components\RadioWMPCore.dll

(verified) RadioWMPCoreGecko19.dll C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}\components\RadioWMPCoreGecko19.dll

Missing files

-------------

File not found: C:\Windows\System32\nwprovau.dll

--> HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\"LibraryPath"

File not found: C:\Windows\system32\rsvpsp.dll

--> HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028\"PackedCatalogItem"

--> HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029\"PackedCatalogItem"

File not found: c:\program files (x86)\java\jre6\bin\jp2ssv.dll

--> HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32\"(default)"

Scan

----

MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

MD5: 867216c78f34442948c7e7382ac4b6c2 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\LIBEAY32.dll

MD5: 747bcbeb5864cc6ccc38804501e583e8 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\SSLEAY32.dll

MD5: 34756733f0480d68e519e80e22e05d12 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

MD5: 27beb35501f0ba9dd9eeedefb1918ca7 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnapi.dll

MD5: c2d51971048ccc00a658119ca62ba291 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpncommon.dll

MD5: 25b867e2f9059831cb99ad673a0016bf C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpncommoncrypt.dll

MD5: c2fa196f8dd651f04e120c7214f18fd1 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\LIBEAY32.dll

MD5: 3f88d3d7c8dc3f00aaf911f87050e853 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtevent.dll

MD5: 0a27e09ef67c8601d5922e7c13620825 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtfod.dll

MD5: 822864a90ec876032b370855bc4f7109 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprthook.dll

MD5: c3642edfe1f7fe8d2fc67d9541f7a8e6 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsched.dll

MD5: e8b876be73b87242e1abe519e1816e29 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsync.dll

MD5: 4afe8423ea964c95dc0c6db0374b3ad7 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprttrigger.dll

MD5: 47765eca8b3d855deb4397eca9c2ba36 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtui.dll

MD5: cbd9fa343c0786ec4e7e89a560fe14cd C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtupdate.dll

MD5: 6397ea2e883422f04527da68a6941f26 C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 8c4ac22616e77925135c221c46dc6307 C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 11a52cf7b265631deeb24c6149309eff C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

MD5: 5e84bf363c370e7d257bb8a57de18492 C:\Program Files (x86)\Common Files\Ahead\Lib\AdvrCntr2.dll

MD5: ba2f8e8ab6c96649d19f1e35df7347a5 C:\Program Files (x86)\Common Files\Ahead\Lib\log4cxx.dll

MD5: ff65dacf5357af7bb33e39522c2a045b C:\Program Files (x86)\Common Files\Ahead\Lib\NeroIPP.dll

MD5: de9b12c6b81a980bb2b7f716fca7e5cb C:\Program Files (x86)\Common Files\Ahead\Lib\NMCoFoundation.dll

MD5: b2183002bf947063b766690e92779241 C:\Program Files (x86)\Common Files\Ahead\Lib\NMDataServices.dll

MD5: 3f9d12b84fe4de6c9a5f30fb84bdbd20 C:\Program Files (x86)\Common Files\Ahead\Lib\NMFullTextExtraction.dll

MD5: 124958add67c576df09b3839b0f91bf0 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingServicePS.dll

MD5: 4d7659e640a60cf69df6911cddcf9788 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

MD5: a5524c52c957d5039378d205f67bbc66 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll

MD5: 4ed04d5e90f559fca3f188a19f2aab5f C:\Program Files (x86)\Common Files\Ahead\Lib\NMLogCxx.dll

MD5: 1fbff5e5a957608f0074513eb5b67e50 C:\Program Files (x86)\Common Files\Ahead\Lib\NMPluginBase.dll

MD5: 25396b558a94eb64118772c7670558e7 C:\Program Files (x86)\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll

MD5: ff7bf92bf744f012f8705c59d331c8f7 C:\Program Files (x86)\Common Files\Ahead\Lib\NMSQLDB.dll

MD5: f7dd2d785280db73dc9060f80361befb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: cf259d14e763f6ef88767655f9d64d0e C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll

MD5: 938437451affae8f76e0145d81d7960c C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll

MD5: e9901a7e569c4156fda69f5c9356b8ed C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

MD5: a00d2aaf88fd04652c6bb355074f79c6 C:\Program Files (x86)\Common Files\Microsoft Shared\office14\mso.dll

MD5: 20069bf845edf301071624100bcc8745 C:\Program Files (x86)\Common Files\Motive\McciContextHook_DSR.dll

MD5: 68be9a35125f06f4627e7aaad3a45924 C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

MD5: a44c53ff489f73fbdd13d0060f0fc475 C:\Program Files (x86)\Common Files\Motive\McciSMX.dll

MD5: eeb03cb698e801d44359323bda4f361e C:\Program Files (x86)\Common Files\Motive\MECDiscoveryServiceX.dll

MD5: ac09ad6d041781c50b430b5a3c365119 C:\Program Files (x86)\Common Files\Motive\MECHNDataServiceX.dll

MD5: 1682778803a9f60f3bdaa449c3edf51a C:\Program Files (x86)\Common Files\Motive\MREW32N55_550-1804-1_DSR.dll

MD5: b73b5999d47cd9727264f557626bce3a C:\Program Files (x86)\Common Files\Motive\npMotive.dll

MD5: 818e749f321da642a139a928e18cf9a0 C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_9F5D286FA37B7450.dll

MD5: 1ccda4060cee40cee6ebddc50dc72b97 C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D2FF6916F564B6F7.dll

MD5: 273c9862feed8630b218fddf99cb85c5 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

MD5: b0636722344f5d0a65331ed12ce5e2e3 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

MD5: d580f8888b4a538753ddd16e06fc641b C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\gtn.dll

MD5: bbd2d60b8f0f0dc68d6211c81b755b6d C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

MD5: 23c7c424d37a7675622ca97355d96bdd C:\Program Files (x86)\Google\Update\1.3.21.79\psmachine.dll

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll

MD5: 4d0bad6e0b9a5e650fe37a05f33bf288 C:\Program Files (x86)\Internet Explorer\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe

MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: 2c20fa0f6d6825342a1529b2846e0c4f C:\Program Files (x86)\Internet Explorer\sqmapi.dll

MD5: ee407cac6c5fbc79af7c0aa180727e55 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll

MD5: 80d7997fc092cdb9da217d8dc5386f48 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll

MD5: 385b9a26dbe3d97b483d977c037c4bec C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

MD5: 7760679b6854a33433deb7f49a6f4a61 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll

MD5: de199f3aa9c541a349af95a5c72a71af C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: 624a038b78bd400fc34f2071b6dfbea1 C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

MD5: 4bb30a272df1e89ec54151041d97b0ea C:\Program Files (x86)\Memeo\AutoBackup\Interop.eWebControl.dll

MD5: 8957a9d8d0fe7df3826411127c1be135 C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.dll

MD5: c90da129d3fc24552f6d2ef3db932def C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll

MD5: c3c871f6ade8cc5c07afba49d36b838b C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll

MD5: d8be934f8bb4268aa2b22950be7c3c57 C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Common.dll

MD5: 6f4724ba561ecff5e0254241eceb9340 C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Dashboard.Remote.dll

MD5: c1c9061b7afd36442058e13e5c3bce21 C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

MD5: cbae8f237b18e1cdf094072025d3df6b C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe

MD5: 6b9521ff7c663c61ad4dac3877c00276 C:\Program Files (x86)\Memeo\AutoBackup\MemeoRemoteCore.dll

MD5: 084831bfd5e3f3b61b5a88411c2c8b89 C:\Program Files (x86)\Memeo\AutoBackup\Newtonsoft.Json.dll

MD5: 7f218150406b7116209cf5ddb4c7db17 C:\Program Files (x86)\Memeo\AutoBackup\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll

MD5: 95d2fe11cc730338d02be4455284a7c4 C:\Program Files (x86)\Memeo\AutoBackup\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll

MD5: b42ebde6f18209aeee684ac5e2750b8d C:\Program Files (x86)\Memeo\AutoBackup\SQLite.NET.dll

MD5: f3455e60b905d95d22f7ab8a6b49acce C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL

MD5: ff2d920775616495ddb10da5b5852b5a C:\Program Files (x86)\Memeo\AutoBackup\Tanagra.BMU.dll

MD5: 949acdb051f73da7d61b0186e0cf154f C:\Program Files (x86)\Memeo\AutoBackup\Tanagra.DataClad.DataAccess.dll

MD5: d38345a715d0899e4fc72a762b984d53 C:\Program Files (x86)\Memeo\AutoBackup\Tanagra.DataClad.dll

MD5: 9211fd794624b3008a9fb4e67d68d3bf C:\Program Files (x86)\Memeo\AutoBackup\Tanagra.Interop.dll

MD5: 7dc5dcb729e2329e2f52df3687c753b0 C:\Program Files (x86)\Memeo\AutoBackup\Tanagra.Third-party.Security.dll

MD5: 4d3eb6127b1fb377c3eab51cf6fe9db2 C:\Program Files (x86)\Memeo\AutoBackup\Tanagra.Utility.dll

MD5: 2889cf0d8056c4be65edfe255c9d9d42 C:\Program Files (x86)\Memeo\AutoBackup\USBLib.dll

MD5: b2077f0cdb8eee84d91921c0ea9ad215 C:\Program Files (x86)\Memeo\AutoBackup\XMLSettings.dll

MD5: 676ccc08d9e9a3f4ca39cb04e97048df C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MD5: 25311a26878ca7cc0386b4d7016114a6 C:\Program Files (x86)\Microsoft Office\Office14\1033\MAPIR.DLL

MD5: 26fef9aac9f9f265dee995547d84c055 C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE

MD5: fb8c6a46eaf7585d2ca8583c4c9a8edf C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

MD5: 47fc5a4a45e883a36aff884b3e6073b1 C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL

MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

MD5: c953747215143628d3724340faf73bd4 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

MD5: 8c0862357c9a52210b186c745b30f932 C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: 888aad9a554f21c21a6cfcdec8a6b276 C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

MD5: c68dcb01f397fdcdeffe7d0c7739e301 C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

MD5: 625d0a824f513ce1cabb8861e97f2142 C:\Program Files (x86)\Picasa2\npPicasa2.dll

MD5: 45d7f2fabdfd500e3c35dc068b552544 C:\Program Files (x86)\Picasa2\npPicasa3.dll

MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files (x86)\QuickTime\QTTask.exe

MD5: 8c0862357c9a52210b186c745b30f932 c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

MD5: 888aad9a554f21c21a6cfcdec8a6b276 c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

MD5: c68dcb01f397fdcdeffe7d0c7739e301 c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

MD5: 869513ca8428f231c7cac62a6f9b974a C:\Program Files (x86)\real\realplayer\Update\realsched.exe

MD5: a59dd04d3a7d19a263e6c6f444a6cda6 C:\Program Files (x86)\Seagate\Seagate Dashboard\DevComponents.DotNetBar2.dll

MD5: ac24d702ffb6e20669349efee145ed27 C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

MD5: fd1dc6c680299a2ed1eedcc3eabda601 C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\iconv.dll

MD5: 75bb3c7816650126683817b814e62e4d C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libcurl.dll

MD5: c114a12269c27694b379151d6140ca3e C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\LIBEAY32.dll

MD5: b949abfd3f4bec77f024d80bdad44124 C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll

MD5: 901cc55fea600a14e4ebf4205d5f5ace C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll

MD5: 0ab7d0e87f3843f8104b3670f5a9af62 C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\pthreadVC2.dll

MD5: 0553d91ddfb2b463a188e02a6967ec1e C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\SSLEAY32.dll

MD5: c7d4d685a0af2a09cbc21cb474358595 C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\zlib1.dll

MD5: 500bc37ab3a6680ad6ad6f6e3702f34c C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Common.dll

MD5: e07bf5fbf8d007ce8d21e83b2e4393df C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Dashboard.HelperAgentAdapter.dll

MD5: d6e2b0081007e4ead73884a8b5f14e20 C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Dashboard.HipServAdapter.dll

MD5: 19a0f4a82dd9daf3c7cace4657052d3b C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Dashboard.NasListener.dll

MD5: 67fd9f02531b8f41c34d298261029460 C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Dashboard.PluginCore.dll

MD5: a7ad96659a694ffca03cffdb983dea9a C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Dashboard.Remote.dll

MD5: f5f8eae60b619fc950e2983662872ff9 C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Dashboard.UI.dll

MD5: 991a165f4f3c08e3f2c92f27e14c697f C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll

MD5: 4b7b1fde6c4a6acef47a1ea53c9fb54d C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

MD5: ae72d2fd6d8c4109246e204bf395bd4c C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe

MD5: cbea6456deb8a9c3b0c53b66d350d543 C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.AddComputersPlugin.dll

MD5: e93fda17dd68091979b3b56831cd07d7 C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.AddUserPlugin.dll

MD5: f49e3a42bf1e555cc5fe2d837e934efd C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.BackupPlugin.dll

MD5: e9384811e222460bbd0631f9eaf03a71 C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.BackupPremiumPlugin.dll

MD5: 095959ae2b6645a78edf37c69e1e161a C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.FolderViewPlugin.dll

MD5: e0f30c6e78da1909bea87be163a022fc C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.LoadContentPlugin.dll

MD5: 0b4386b986745f019f81892fa373cb2d C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.RebitPlugin.dll

MD5: b06c6f766fa2f631ba1fa3be6805fb97 C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagatePreferencesPlugin.dll

MD5: 7fc6a4e90eab6c1c7ff274281a2ca0d7 C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlugin.dll

MD5: 739338cb648cbe8ec8ec497e78beba99 C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll

MD5: f2b2eb6e7dd9a14cbc5acc91e060aa55 C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SendPlugin.dll

MD5: 5739f252622882638ba9ce796fa37841 C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SharePlugin.dll

MD5: a97079d0ab532040dd21dce53b18726b C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SyncPlugin.dll

MD5: 93eac416e2012d4ed28cc57025359595 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateAdapter.dll

MD5: 2c542fb84b26459d437b22a9bc63c14d C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

MD5: 277687786a5323e522c63f07d8164b32 C:\Program Files (x86)\Seagate\Seagate Dashboard\STXDEVIF.dll

MD5: 863abb8788d7a4562d845a70b3cca426 C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\MFC71U.DLL

MD5: c6a0c21ac8bef71016dc6c1f09b178c1 C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcherLOC.DLL

MD5: 33e636e9cdf2b12af756f4410622918b C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

MD5: c08eeb50b0ca00f7d272ae94b1531f7d C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

MD5: a05a6ffe68c618e03eb6c2ba7145e8d1 C:\Program Files\ATT-SST\McciTrayApp.exe

MD5: ffaa62e671f4604f729063640befd039 C:\Program Files\AVAST Software\Avast\1033\Base.dll

MD5: cd76996b881fb8e96b4ec2210e6934b8 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll

MD5: 9e9898d12608f8fbbd3ab3b9cde010c6 C:\Program Files\AVAST Software\Avast\Aavm4h.dll

MD5: b0e0b1b2f651e3c3917d4bec88be57f4 C:\Program Files\AVAST Software\Avast\AavmRpch.dll

MD5: 082901e36e49bdd5ebe1aceaccfcabae C:\Program Files\AVAST Software\Avast\AhResBhv.dll

MD5: 7748d2c035541cc6119cbd0676065555 C:\Program Files\AVAST Software\Avast\AhResJs.dll

MD5: e656b9bb3650fdc261110b5791e15ac9 C:\Program Files\AVAST Software\Avast\AhResMai.dll

MD5: 9f91b0d0f39c087de9b0eadde33f49ec C:\Program Files\AVAST Software\Avast\AhResMes.dll

MD5: f54d386798c581ca2a5fc24503b046ff C:\Program Files\AVAST Software\Avast\AhResNS.dll

MD5: ea1cfd8098399e7ffebc5014c130729b C:\Program Files\AVAST Software\Avast\AhResP2P.dll

MD5: 3a5e076cbff22e52e5bc29222437e6f2 C:\Program Files\AVAST Software\Avast\AhResStd.dll

MD5: 852369f350aa2563938ab02f0eb8b431 C:\Program Files\AVAST Software\Avast\AhResWS.dll

MD5: ca4ddb5cb61b905a4407c5fb76527437 C:\Program Files\AVAST Software\Avast\ashBase.dll

MD5: a958d494cbbce0dfa989d8bb3d1b1841 C:\Program Files\AVAST Software\Avast\ashServ.dll

MD5: b821ced9f11f12f5dff8e983fc32aea2 C:\Program Files\AVAST Software\Avast\ashTask.dll

MD5: bef4f20a11c0fe612d2d521a502cca52 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll

MD5: 1d352baff5a4b2e5e163bb6e652daf49 C:\Program Files\AVAST Software\Avast\aswAux.dll

MD5: 5a996ce86bda5ff1b628b21b9871287a C:\Program Files\AVAST Software\Avast\aswCmnBS.dll

MD5: 85e7f7d95de30a2008c75726cfc3ad61 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll

MD5: 928f0fc896d10b099588a1d5aa46b1bf C:\Program Files\AVAST Software\Avast\aswCmnOS.dll

MD5: bdf5080dc5de21a5f662e45d57926233 C:\Program Files\AVAST Software\Avast\aswData.dll

MD5: 58bc0980941cb7ad218345adf24261d4 C:\Program Files\AVAST Software\Avast\aswDld.dll

MD5: 09cb9ae8bbc2512d9818987e721abe32 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll

MD5: c3f2f11d2db6436b638ffb3befe97009 C:\Program Files\AVAST Software\Avast\aswIdle.dll

MD5: 4f91c0b574919537defdb406ffd94430 C:\Program Files\AVAST Software\Avast\aswLog.dll

MD5: aee62a34b70cbea34ebe384d529312cb C:\Program Files\AVAST Software\Avast\aswProperty.dll

MD5: 388d8dd599c04577edff52e79c451bd7 C:\Program Files\AVAST Software\Avast\aswSqLt.dll

MD5: f9446590f30e954f9ada62dda89dc321 C:\Program Files\AVAST Software\Avast\aswStrm.dll

MD5: 99d5d540f154f29896c2f570938c6ceb C:\Program Files\AVAST Software\Avast\aswUtil.dll

MD5: 328bc79bc53ba7a284c818dde88945d7 C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

MD5: 996e6d052438e8d8dfd501f31560b2e0 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

MD5: f7226aa410954185160067d5fa82f3f2 C:\Program Files\AVAST Software\Avast\AvastUI.exe

MD5: c4b742a1bac5f35d9223619f94acb45f C:\Program Files\AVAST Software\Avast\CommonRes.dll

MD5: ee4645c14fa34af7ad1d03cf55801890 C:\Program Files\AVAST Software\Avast\defs\11123000\algo.dll

MD5: a6fcf0a3f06a49b3b77e7c7a4f35e3fc C:\Program Files\AVAST Software\Avast\defs\11123000\aswCmnBS.dll

MD5: 5ef9ebf61e8138870d926a575e9da801 C:\Program Files\AVAST Software\Avast\defs\11123000\aswCmnIS.dll

MD5: 5940a7924d4292c1ee8b9aa9eab15326 C:\Program Files\AVAST Software\Avast\defs\11123000\aswCmnOS.dll

MD5: 5eeff712460362a8072009dfe5b87452 C:\Program Files\AVAST Software\Avast\defs\11123000\aswEngin.dll

MD5: 42875a76f43c9690f2bae44498a7debb C:\Program Files\AVAST Software\Avast\defs\11123000\aswFiDb.dll

MD5: 747c7008effce9338a6ebd46a3706374 C:\Program Files\AVAST Software\Avast\defs\11123000\aswRep.dll

MD5: 73ceedc12ee347b4894222c6f143ea4c C:\Program Files\AVAST Software\Avast\defs\11123000\aswScan.dll

MD5: 7f1e33db62dbc4adac93dc890757d785 C:\Program Files\AVAST Software\Avast\defs\11123000\uiExt.dll

MD5: ea5abee342925aa2c959e07fe6a95d5c C:\Program Files\AVAST Software\Avast\snxhk.dll

MD5: ed1f06f358cf0566a96cfcd7bbdca4f7 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MD5: 1e1b40ed2ae0749c1ced642fa42c078d C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE

MD5: 8c5ae249270a3b4d7895b23d9e1e3744 C:\Program Files\Toshiba\SmoothView\SmoothView.exe

MD5: fde3ec30ef457e967269397dbecc2959 C:\Program Files\TOSHIBA\TECO\Teco.exe

MD5: c5b90f05034111fc9f7f9e796fcc5930 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

MD5: f919a4f30a436eddd92c77e2e8a7782b C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

MD5: b1689a8e86f0798450c2bb4f9bd9e49c C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

MD5: a54f0fcf48469993ea095aa38f247007 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

MD5: 61662fa50e310f865896786a9dc6030a C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe

MD5: c2758df79c83a0d12a5599a040ca1818 C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS

MD5: 38bd5b32e0722752be8465d2a6da43d9 C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS

MD5: fcc7c432fbf465c38fd5d940580ef9b7 C:\Users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe

MD5: 360a3ae06cfb924ff265ec4b0dea059c C:\Users\Michela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

MD5: d94c362e750f8c283bf52537d3df28b5 C:\Users\Michela\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

MD5: 0c8819f048221cca9eb29c1911db0bb1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll

MD5: 7bf6d92d3018f76d633d5b3b443b0d3a C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\168c6417c92bdddd10809791ed32be3e\Microsoft.VisualBasic.ni.dll

MD5: 87deeeb4a04306c3464c409027a47306 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MD5: 8be9187abfe036f157cf55d5a3eff22a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll

MD5: 2c990bea183d6ec73da4701e42c7a2cd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b36638dd2b7875d56d40b5f4bc5d3fd9\System.Data.ni.dll

MD5: d8c9ac87d26409fcb7c47edca2daa3c8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll

MD5: 903bdfac4542fa2f5459d2ac4f41d6c9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll

MD5: 46ab16b330c82bc899db28b3e57c64f5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll

MD5: 2b183cd8285b70cbc06096e51a417a43 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll

MD5: ab9575b252c185c342ffd79bb16c743c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll

MD5: 339d5e05399cdabda3202453f612197a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll

MD5: bd1be9e9625744df191e09e7e80d2979 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll

MD5: 0202b3742d8f91d87616c7585cdc3314 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll

MD5: 5865a7993e167a11cedda9dabc705db3 C:\Windows\Downloaded Program Files\qsax.dll

MD5: 0862495e0c825893db75ef44faea8e93 C:\Windows\Explorer.exe

MD5: af2d82d297609df60469bfae48645762 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: 44a38da547fbfeb2f2b3d480728805de C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: f556a64ab2db1bd834e7c89ce211516b C:\Windows\system32\Adobe\Director\np32dsw.dll

MD5: 5f3bdb02d64443efca7dd9248619c962 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

MD5: 225e83f591113adec764afba0ab12593 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

MD5: cb44e805bb7c0c9bc3b8a66a59bb300a C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

MD5: 0a58da99321d95944e796541a716cbf5 C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

MD5: ea93d50a341350321c96208f651408d0 C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

MD5: 61490bbf4d7c399bd42af6b63960fb92 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

MD5: 267aff1ea665dbe422276601989efff3 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

MD5: 792fc8e77dc71a5f095c32d3a5c78ea1 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

MD5: 84cb9832f03a6aa1929636f5d9e7e298 C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

MD5: 3927fdfe073338428a24160e427e87a3 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

MD5: 56b798396b5ad9fb064528b638a6008f C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

MD5: 77895ba5c5cdcfef66419a03b6a4cdad C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

MD5: 88955bce0a301ca342562be24415d9cc C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

MD5: 308823c5a58a4022fedd8f4db3f99a25 C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

MD5: 75959d7e5ef8fd7e7e17f40f63f3cc66 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

MD5: 2ff5b43393e8f2c46135ac33e842b076 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

MD5: a5750894aefe1d57cf8c460ea4065748 C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

MD5: b3758364d42bbdba18383f010fb7cfcd C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

MD5: 20f76c488929b6288733888bffe62f65 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

MD5: 11e5a68a159bf13bcf0538bec894e0ce C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

MD5: 5cccf830959345f0b8bcc2a0dfac11b5 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5: daef44b6ff4aec4533bab3761310d4a5 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

MD5: 62ad339f7420b022509edac1d9fd7ba1 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

MD5: c13d2932297d3597fea7b6902efc117d C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

MD5: cdc1f7b46fc7b0b8c88df0cfbda2eb2c C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

MD5: 69ac43aae61eec7625726b377ccaaa13 C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

MD5: 5710b9bd7a3e4f716402b8119004eb48 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

MD5: a2903ece1d115fea38bb07e01c122b5e C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

MD5: 74c46bfdf7bb7a42f4e943a1dfaccdd0 C:\Windows\system32\d2d1.dll

MD5: b8473011f59a6aa2b35e84aa19d707cf C:\Windows\system32\d3d10_1.dll

MD5: 029e2a480ce2020df097e535a2311712 C:\Windows\system32\d3d10_1core.dll

MD5: 524408d5127f14b71e574d80f2f0924f C:\Windows\system32\D3D10Warp.dll

MD5: 7fb5696ebcb8131ad2e2defe5f19c4b5 C:\Windows\System32\davclnt.dll

MD5: 11cdf138552bfec115b60ed6dc3aceb6 C:\Windows\system32\DEVRTL.dll

MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\Windows\system32\dnsapi.DLL

MD5: a2b4e9f5102e9a8fbd7802774935a20b C:\Windows\system32\DWrite.dll

MD5: 2af58d15edc06ec6fdacce1f19482bbf C:\Windows\system32\Explorer.exe

MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\Windows\system32\explorerframe.dll

MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL

MD5: 691e93028b8723e05b4a637be77380dd C:\Windows\system32\IEFRAME.dll

MD5: 274e38af453fa9e079b1d5a85f5f0921 C:\Windows\system32\IEUI.dll

MD5: b0335e0e041106e15acc6d36d6d75bf5 C:\Windows\system32\igd10umd32.dll

MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll

MD5: 7852e03bb44413b0b4c987040c1d0ad8 C:\Windows\system32\IPROP.dll

MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\system32\msfeeds.dll

MD5: 66c0aee61d1c5c35bf1b4642a153b114 C:\Windows\system32\MSHTML.dll

MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll

MD5: 0b8fe658bd033ec8b1f6fbc305cc65e7 C:\Windows\system32\MSRATING.dll

MD5: bd669749eaeff96773b5f8d0a43e0068 C:\Windows\System32\msxml3.dll

MD5: 5f856156f709df40b42d36ae8a0f0695 C:\Windows\System32\msxml6.dll

MD5: 535458a6cf4d817562f303a671727796 C:\Windows\system32\Mystify.scr

MD5: 5764c381949147ebcfb9a7134e2abf06 C:\Windows\system32\ODBC32.dll

MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\Windows\system32\OLEACC.dll

MD5: 71402c7923f6b7f8acb48e50f35463e7 C:\Windows\system32\SearchIndexer.exe

MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll

MD5: 8d908f346eedd752005a32787a6dcafa C:\Windows\System32\StructuredQuery.dll

MD5: 7271b48b193c9624416bd5006cd8b92f C:\Windows\system32\tquery.dll

MD5: 6d9b75275c3e3a5f51aef81affadb2b6 C:\Windows\System32\wcncsvc.dll

MD5: bb5ec38f8d4600119b4720bc5d4211f1 C:\Windows\System32\webclnt.dll

MD5: 4fb96aacf2f05c7357546becd7678863 C:\Windows\system32\webio.dll

MD5: cc9bbcfc715fbedf7ae476106fe653e9 C:\Windows\system32\winhttp.dll

MD5: 374b26395852a9092bde2e4c8d4d0c8d C:\Windows\system32\WSCAPI.dll

MD5: 0c2ae180d8c35f723ba13a16aa9ac453 C:\Windows\system32\XmlLite.dll

MD5: e702ed19c332c1f12c1403d100e2f4f3 C:\Windows\syswow64\CFGMGR32.dll

MD5: 6c9c05d5344b9ab80e9180fc859bc45a C:\Windows\syswow64\DEVOBJ.dll

MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll

MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll

MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll

MD5: 691e93028b8723e05b4a637be77380dd C:\Windows\SysWOW64\ieframe.dll

MD5: 1416ab557be700fa117323b6b8f32882 C:\Windows\syswow64\iertutil.dll

MD5: 82586704868e3abb382cae303b41e8b7 C:\Windows\SysWOW64\jscript9.dll

MD5: 4ea99f1644627b1ebad99d0b93cdee1c C:\Windows\syswow64\kernel32.dll

MD5: 2bf12696f4ac8afcfc06ead6f8d2db4c C:\Windows\syswow64\KERNELBASE.dll

MD5: de3745a51b7ac7fedc356a83f76c8023 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MD5: 4b80d1f847c0658977e1e8051a4de002 C:\Windows\SysWOW64\msfeedsbs.dll

MD5: c5b5ccdbf8ed1475240313ed88234e3f C:\Windows\SysWOW64\netcfgx.dll

MD5: 5ed76a46eff78575f99d3bf3302889cf C:\Windows\SysWOW64\ntdll.dll

MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\Windows\syswow64\ole32.dll

MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\Windows\SysWOW64\OLEACC.dll

MD5: 705c210efc5564be49eb026bd7aff27a C:\Windows\syswow64\OLEAUT32.dll

MD5: 21cf5c7d8d727dcc337a1d251b6135f4 C:\Windows\SysWOW64\schannel.dll

MD5: af70c31606f01c918e7198ca64b09c5f C:\Windows\syswow64\SHELL32.dll

MD5: 21012407e8c74aa72bbb485b0fc197fe C:\Windows\SysWOW64\taskschd.dll

MD5: 814638f572f497d96b17bf254113d9a4 C:\Windows\syswow64\urlmon.dll

MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\SysWOW64\vbscript.dll

MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll

MD5: 02f98b5c0e397ad06124d84428cf8f1a C:\Windows\syswow64\WININET.dll

MD5: 0c2ae180d8c35f723ba13a16aa9ac453 C:\Windows\SysWOW64\XmlLite.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll

MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL

MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\Comctl32.dll

MD5: 4b8dd8541c0e26602005dd0137333615 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.02 MB sent, 1.01 KB recvd

Scanned 568 files and modules - 26 seconds

==============================================================================

Also, my family bought me a virus protection software Webroot, can I download this and uninstall Avast Tomorrow?

Link to post
Share on other sites

Hello,

Sorry for delay in getting back to you.

The choice of anti-malware & antivirus is obviously your choice. Long-term wise and long-term cost-wise, in my view, is that MBAM along with a free antivirus, such as Avira (given you want to not have Avast) would be the better set, AND on costs:

MBAM is a 1-time purchase good for life

Webroot has a yearly license renewal ( to the bext of my recollection).

Hold off on any switching until we are all clear of this case.

I want to have you run 1 more tool.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
    TDSSKillerMain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

======================================================================

Download this file & extract TDSSKiller.exe onto your Desktop

Then create this batch file to be placed next to TDSSKiller:

----

Start NOTEPAD and copy/paste the text in the quotebox below into it:


@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt
del %0

Save this as fix.bat Choose to "Save type as - All Files"

It should look like this: batchfileimage.jpg

Double click on fix.bat & allow it to run.

Please post back with the result.

= = = = = =

The guide on Kaspersky support is at http://support.kaspersky.com/viruses/solutions?qid=208280684

Link to post
Share on other sites

06:53:30.0108 13692 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

06:53:30.0628 13692 ============================================================

06:53:30.0628 13692 Current date / time: 2012/01/01 06:53:30.0628

06:53:30.0628 13692 SystemInfo:

06:53:30.0628 13692

06:53:30.0628 13692 OS Version: 6.1.7600 ServicePack: 0.0

06:53:30.0628 13692 Product type: Workstation

06:53:30.0629 13692 ComputerName: MGRANT-PC

06:53:30.0630 13692 UserName: Michela

06:53:30.0630 13692 Windows directory: C:\Windows

06:53:30.0630 13692 System windows directory: C:\Windows

06:53:30.0630 13692 Running under WOW64

06:53:30.0630 13692 Processor architecture: Intel x64

06:53:30.0630 13692 Number of processors: 2

06:53:30.0630 13692 Page size: 0x1000

06:53:30.0630 13692 Boot type: Normal boot

06:53:30.0630 13692 ============================================================

06:53:32.0500 13692 Initialize success

06:54:11.0965 14332 ============================================================

06:54:11.0965 14332 Scan started

06:54:11.0965 14332 Mode: Manual;

06:54:11.0965 14332 ============================================================

06:54:13.0766 14332 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

06:54:13.0770 14332 1394ohci - ok

06:54:13.0923 14332 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

06:54:13.0928 14332 ACPI - ok

06:54:14.0069 14332 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

06:54:14.0071 14332 AcpiPmi - ok

06:54:14.0244 14332 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

06:54:14.0250 14332 adp94xx - ok

06:54:14.0418 14332 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

06:54:14.0423 14332 adpahci - ok

06:54:14.0569 14332 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

06:54:14.0572 14332 adpu320 - ok

06:54:14.0749 14332 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

06:54:14.0755 14332 AFD - ok

06:54:14.0926 14332 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

06:54:14.0941 14332 AgereSoftModem - ok

06:54:15.0299 14332 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

06:54:15.0300 14332 agp440 - ok

06:54:15.0446 14332 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

06:54:15.0447 14332 aliide - ok

06:54:15.0531 14332 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

06:54:15.0532 14332 amdide - ok

06:54:15.0945 14332 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

06:54:15.0968 14332 AmdK8 - ok

06:54:16.0081 14332 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

06:54:16.0083 14332 AmdPPM - ok

06:54:16.0209 14332 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

06:54:16.0211 14332 amdsata - ok

06:54:16.0366 14332 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

06:54:16.0369 14332 amdsbs - ok

06:54:16.0502 14332 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

06:54:16.0503 14332 amdxata - ok

06:54:16.0663 14332 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

06:54:16.0665 14332 AppID - ok

06:54:16.0844 14332 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

06:54:16.0846 14332 arc - ok

06:54:16.0869 14332 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

06:54:16.0871 14332 arcsas - ok

06:54:17.0024 14332 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys

06:54:17.0026 14332 aswFsBlk - ok

06:54:17.0178 14332 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys

06:54:17.0180 14332 aswMonFlt - ok

06:54:17.0630 14332 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys

06:54:17.0632 14332 aswRdr - ok

06:54:17.0773 14332 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys

06:54:17.0780 14332 aswSnx - ok

06:54:18.0230 14332 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys

06:54:18.0234 14332 aswSP - ok

06:54:18.0389 14332 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys

06:54:18.0391 14332 aswTdi - ok

06:54:18.0544 14332 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

06:54:18.0545 14332 AsyncMac - ok

06:54:18.0660 14332 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

06:54:18.0661 14332 atapi - ok

06:54:18.0917 14332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

06:54:18.0923 14332 b06bdrv - ok

06:54:19.0077 14332 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

06:54:19.0081 14332 b57nd60a - ok

06:54:19.0233 14332 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

06:54:19.0234 14332 Beep - ok

06:54:19.0378 14332 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

06:54:19.0380 14332 blbdrive - ok

06:54:19.0804 14332 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

06:54:19.0806 14332 bowser - ok

06:54:19.0954 14332 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

06:54:19.0955 14332 BrFiltLo - ok

06:54:20.0074 14332 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

06:54:20.0075 14332 BrFiltUp - ok

06:54:20.0460 14332 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

06:54:20.0464 14332 Brserid - ok

06:54:20.0583 14332 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

06:54:20.0585 14332 BrSerWdm - ok

06:54:20.0722 14332 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

06:54:20.0724 14332 BrUsbMdm - ok

06:54:20.0755 14332 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

06:54:20.0756 14332 BrUsbSer - ok

06:54:20.0902 14332 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

06:54:20.0904 14332 BTHMODEM - ok

06:54:21.0159 14332 catchme - ok

06:54:21.0377 14332 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

06:54:21.0379 14332 cdfs - ok

06:54:21.0529 14332 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

06:54:21.0531 14332 cdrom - ok

06:54:21.0694 14332 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

06:54:21.0696 14332 circlass - ok

06:54:22.0102 14332 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

06:54:22.0107 14332 CLFS - ok

06:54:22.0268 14332 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

06:54:22.0270 14332 CmBatt - ok

06:54:22.0383 14332 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

06:54:22.0385 14332 cmdide - ok

06:54:22.0812 14332 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

06:54:22.0818 14332 CNG - ok

06:54:22.0958 14332 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

06:54:22.0960 14332 Compbatt - ok

06:54:23.0104 14332 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

06:54:23.0106 14332 CompositeBus - ok

06:54:23.0250 14332 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

06:54:23.0252 14332 crcdisk - ok

06:54:23.0413 14332 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

06:54:23.0415 14332 DfsC - ok

06:54:23.0568 14332 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

06:54:23.0570 14332 discache - ok

06:54:23.0718 14332 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

06:54:23.0720 14332 Disk - ok

06:54:23.0888 14332 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

06:54:23.0891 14332 Dot4 - ok

06:54:24.0034 14332 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys

06:54:24.0035 14332 Dot4Print - ok

06:54:24.0426 14332 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

06:54:24.0427 14332 dot4usb - ok

06:54:24.0621 14332 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

06:54:24.0622 14332 drmkaud - ok

06:54:25.0128 14332 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

06:54:25.0143 14332 DXGKrnl - ok

06:54:25.0387 14332 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

06:54:25.0479 14332 ebdrv - ok

06:54:25.0688 14332 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

06:54:25.0694 14332 elxstor - ok

06:54:25.0818 14332 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

06:54:25.0819 14332 ErrDev - ok

06:54:25.0961 14332 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

06:54:25.0964 14332 exfat - ok

06:54:26.0099 14332 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

06:54:26.0102 14332 fastfat - ok

06:54:26.0241 14332 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

06:54:26.0242 14332 fdc - ok

06:54:26.0280 14332 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

06:54:26.0325 14332 FileInfo - ok

06:54:26.0755 14332 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

06:54:26.0761 14332 Filetrace - ok

06:54:27.0074 14332 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

06:54:27.0208 14332 flpydisk - ok

06:54:27.0447 14332 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

06:54:27.0451 14332 FltMgr - ok

06:54:27.0594 14332 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

06:54:27.0595 14332 FsDepends - ok

06:54:27.0716 14332 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

06:54:27.0717 14332 Fs_Rec - ok

06:54:27.0856 14332 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

06:54:27.0860 14332 fvevol - ok

06:54:27.0998 14332 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys

06:54:27.0999 14332 FwLnk - ok

06:54:28.0142 14332 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

06:54:28.0144 14332 gagp30kx - ok

06:54:28.0296 14332 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

06:54:28.0298 14332 GEARAspiWDM - ok

06:54:28.0505 14332 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

06:54:28.0508 14332 hcw85cir - ok

06:54:28.0657 14332 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

06:54:28.0662 14332 HdAudAddService - ok

06:54:29.0169 14332 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

06:54:29.0171 14332 HDAudBus - ok

06:54:29.0295 14332 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

06:54:29.0296 14332 HidBatt - ok

06:54:29.0702 14332 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

06:54:29.0705 14332 HidBth - ok

06:54:29.0829 14332 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

06:54:29.0831 14332 HidIr - ok

06:54:29.0994 14332 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

06:54:29.0996 14332 HidUsb - ok

06:54:30.0158 14332 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

06:54:30.0160 14332 HpSAMD - ok

06:54:30.0327 14332 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

06:54:30.0336 14332 HTTP - ok

06:54:30.0456 14332 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

06:54:30.0457 14332 hwpolicy - ok

06:54:30.0618 14332 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

06:54:30.0620 14332 i8042prt - ok

06:54:30.0791 14332 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

06:54:30.0797 14332 iaStorV - ok

06:54:32.0035 14332 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

06:54:32.0268 14332 igfx - ok

06:54:32.0419 14332 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

06:54:32.0421 14332 iirsp - ok

06:54:32.0578 14332 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

06:54:32.0580 14332 intelide - ok

06:54:32.0734 14332 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

06:54:32.0735 14332 intelppm - ok

06:54:32.0866 14332 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

06:54:32.0868 14332 IpFilterDriver - ok

06:54:32.0990 14332 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

06:54:32.0992 14332 IPMIDRV - ok

06:54:33.0145 14332 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

06:54:33.0147 14332 IPNAT - ok

06:54:33.0286 14332 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

06:54:33.0287 14332 IRENUM - ok

06:54:33.0688 14332 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

06:54:33.0690 14332 isapnp - ok

06:54:33.0814 14332 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

06:54:33.0818 14332 iScsiPrt - ok

06:54:34.0245 14332 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

06:54:34.0246 14332 kbdclass - ok

06:54:34.0394 14332 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

06:54:34.0396 14332 kbdhid - ok

06:54:34.0519 14332 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

06:54:34.0521 14332 KSecDD - ok

06:54:34.0629 14332 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

06:54:34.0632 14332 KSecPkg - ok

06:54:34.0784 14332 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

06:54:34.0785 14332 ksthunk - ok

06:54:35.0035 14332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

06:54:35.0037 14332 lltdio - ok

06:54:35.0182 14332 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

06:54:35.0185 14332 LSI_FC - ok

06:54:35.0300 14332 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

06:54:35.0303 14332 LSI_SAS - ok

06:54:35.0427 14332 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

06:54:35.0429 14332 LSI_SAS2 - ok

06:54:35.0469 14332 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

06:54:35.0471 14332 LSI_SCSI - ok

06:54:35.0634 14332 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

06:54:35.0637 14332 luafv - ok

06:54:36.0060 14332 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

06:54:36.0061 14332 MBAMProtector - ok

06:54:36.0523 14332 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

06:54:36.0525 14332 megasas - ok

06:54:36.0725 14332 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

06:54:36.0728 14332 MegaSR - ok

06:54:36.0886 14332 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

06:54:36.0888 14332 Modem - ok

06:54:37.0041 14332 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

06:54:37.0042 14332 monitor - ok

06:54:37.0191 14332 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

06:54:37.0193 14332 mouclass - ok

06:54:37.0341 14332 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

06:54:37.0342 14332 mouhid - ok

06:54:37.0466 14332 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

06:54:37.0469 14332 mountmgr - ok

06:54:37.0587 14332 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

06:54:37.0590 14332 mpio - ok

06:54:37.0709 14332 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

06:54:37.0711 14332 mpsdrv - ok

06:54:37.0831 14332 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

06:54:37.0833 14332 MREMP50 - ok

06:54:37.0912 14332 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS

06:54:37.0914 14332 MREMP50a64 - ok

06:54:37.0934 14332 MREMPR5 - ok

06:54:38.0301 14332 MRENDIS5 - ok

06:54:38.0400 14332 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

06:54:38.0401 14332 MRESP50 - ok

06:54:38.0777 14332 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS

06:54:38.0779 14332 MRESP50a64 - ok

06:54:38.0902 14332 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

06:54:38.0904 14332 MRxDAV - ok

06:54:39.0017 14332 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

06:54:39.0020 14332 mrxsmb - ok

06:54:39.0140 14332 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

06:54:39.0144 14332 mrxsmb10 - ok

06:54:39.0254 14332 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

06:54:39.0256 14332 mrxsmb20 - ok

06:54:39.0377 14332 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

06:54:39.0378 14332 msahci - ok

06:54:39.0496 14332 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

06:54:39.0498 14332 msdsm - ok

06:54:39.0631 14332 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

06:54:39.0632 14332 Msfs - ok

06:54:39.0758 14332 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

06:54:39.0760 14332 mshidkmdf - ok

06:54:39.0879 14332 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

06:54:39.0881 14332 msisadrv - ok

06:54:40.0027 14332 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

06:54:40.0029 14332 MSKSSRV - ok

06:54:40.0142 14332 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

06:54:40.0143 14332 MSPCLOCK - ok

06:54:40.0222 14332 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

06:54:40.0223 14332 MSPQM - ok

06:54:40.0637 14332 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

06:54:40.0642 14332 MsRPC - ok

06:54:41.0079 14332 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

06:54:41.0080 14332 mssmbios - ok

06:54:41.0235 14332 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

06:54:41.0236 14332 MSTEE - ok

06:54:41.0360 14332 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

06:54:41.0361 14332 MTConfig - ok

06:54:41.0517 14332 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

06:54:41.0519 14332 Mup - ok

06:54:41.0659 14332 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

06:54:41.0664 14332 NativeWifiP - ok

06:54:41.0837 14332 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

06:54:41.0848 14332 NDIS - ok

06:54:41.0996 14332 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

06:54:41.0998 14332 NdisCap - ok

06:54:42.0149 14332 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

06:54:42.0150 14332 NdisTapi - ok

06:54:42.0323 14332 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

06:54:42.0325 14332 Ndisuio - ok

06:54:42.0449 14332 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

06:54:42.0452 14332 NdisWan - ok

06:54:42.0892 14332 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

06:54:42.0894 14332 NDProxy - ok

06:54:43.0335 14332 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

06:54:43.0337 14332 NetBIOS - ok

06:54:43.0457 14332 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

06:54:43.0461 14332 NetBT - ok

06:54:43.0813 14332 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys

06:54:43.0978 14332 NETw5s64 - ok

06:54:44.0272 14332 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

06:54:44.0420 14332 netw5v64 - ok

06:54:44.0568 14332 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

06:54:44.0570 14332 nfrd960 - ok

06:54:44.0728 14332 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

06:54:44.0730 14332 Npfs - ok

06:54:44.0848 14332 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

06:54:45.0026 14332 nsiproxy - ok

06:54:45.0519 14332 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

06:54:45.0558 14332 Ntfs - ok

06:54:45.0676 14332 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

06:54:45.0677 14332 Null - ok

06:54:45.0790 14332 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

06:54:45.0793 14332 nvraid - ok

06:54:45.0899 14332 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

06:54:45.0902 14332 nvstor - ok

06:54:46.0015 14332 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

06:54:46.0018 14332 nv_agp - ok

06:54:46.0135 14332 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

06:54:46.0137 14332 ohci1394 - ok

06:54:46.0195 14332 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

06:54:46.0197 14332 Parport - ok

06:54:46.0316 14332 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

06:54:46.0318 14332 partmgr - ok

06:54:46.0438 14332 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

06:54:46.0441 14332 pci - ok

06:54:46.0559 14332 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

06:54:46.0561 14332 pciide - ok

06:54:46.0594 14332 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

06:54:46.0598 14332 pcmcia - ok

06:54:46.0632 14332 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

06:54:46.0634 14332 pcw - ok

06:54:46.0760 14332 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

06:54:46.0768 14332 PEAUTH - ok

06:54:46.0828 14332 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys

06:54:46.0830 14332 PGEffect - ok

06:54:46.0989 14332 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

06:54:46.0991 14332 PptpMiniport - ok

06:54:47.0021 14332 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

06:54:47.0023 14332 Processor - ok

06:54:47.0452 14332 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

06:54:47.0454 14332 Psched - ok

06:54:47.0877 14332 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

06:54:47.0894 14332 ql2300 - ok

06:54:48.0015 14332 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

06:54:48.0018 14332 ql40xx - ok

06:54:48.0131 14332 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

06:54:48.0133 14332 QWAVEdrv - ok

06:54:48.0249 14332 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

06:54:48.0250 14332 RasAcd - ok

06:54:48.0395 14332 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

06:54:48.0396 14332 RasAgileVpn - ok

06:54:48.0538 14332 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

06:54:48.0540 14332 Rasl2tp - ok

06:54:48.0693 14332 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

06:54:48.0696 14332 RasPppoe - ok

06:54:48.0832 14332 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

06:54:48.0834 14332 RasSstp - ok

06:54:48.0948 14332 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

06:54:48.0953 14332 rdbss - ok

06:54:49.0069 14332 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

06:54:49.0070 14332 rdpbus - ok

06:54:49.0154 14332 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

06:54:49.0155 14332 RDPCDD - ok

06:54:49.0300 14332 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

06:54:49.0302 14332 RDPENCDD - ok

06:54:49.0683 14332 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

06:54:49.0684 14332 RDPREFMP - ok

06:54:50.0104 14332 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

06:54:50.0108 14332 RDPWD - ok

06:54:50.0245 14332 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

06:54:50.0248 14332 rdyboost - ok

06:54:50.0406 14332 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

06:54:50.0408 14332 rspndr - ok

06:54:50.0570 14332 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys

06:54:50.0574 14332 RTL8169 - ok

06:54:50.0718 14332 RTSTOR (6ef529ede403010e1e7796325e3a4b3d) C:\Windows\system32\drivers\RTSTOR64.SYS

06:54:50.0721 14332 RTSTOR - ok

06:54:50.0834 14332 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

06:54:50.0836 14332 sbp2port - ok

06:54:50.0860 14332 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

06:54:50.0862 14332 scfilter - ok

06:54:51.0054 14332 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

06:54:51.0056 14332 secdrv - ok

06:54:51.0174 14332 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

06:54:51.0175 14332 Serenum - ok

06:54:51.0328 14332 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

06:54:51.0330 14332 Serial - ok

06:54:51.0450 14332 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

06:54:51.0452 14332 sermouse - ok

06:54:51.0573 14332 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

06:54:51.0574 14332 sffdisk - ok

06:54:51.0956 14332 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

06:54:51.0958 14332 sffp_mmc - ok

06:54:52.0070 14332 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys

06:54:52.0071 14332 sffp_sd - ok

06:54:52.0462 14332 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

06:54:52.0463 14332 sfloppy - ok

06:54:52.0611 14332 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

06:54:52.0613 14332 SiSRaid2 - ok

06:54:52.0636 14332 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

06:54:52.0638 14332 SiSRaid4 - ok

06:54:52.0696 14332 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

06:54:52.0698 14332 Smb - ok

06:54:52.0904 14332 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

06:54:52.0906 14332 spldr - ok

06:54:53.0066 14332 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

06:54:53.0071 14332 srv - ok

06:54:53.0183 14332 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

06:54:53.0189 14332 srv2 - ok

06:54:53.0306 14332 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

06:54:53.0310 14332 srvnet - ok

06:54:53.0441 14332 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

06:54:53.0443 14332 stexstor - ok

06:54:53.0583 14332 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

06:54:53.0584 14332 swenum - ok

06:54:53.0768 14332 SynTP (6de6d25cc1d1cb694a1cc3e4604db644) C:\Windows\system32\DRIVERS\SynTP.sys

06:54:53.0772 14332 SynTP - ok

06:54:54.0300 14332 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

06:54:54.0333 14332 Tcpip - ok

06:54:54.0812 14332 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

06:54:54.0824 14332 TCPIP6 - ok

06:54:54.0930 14332 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

06:54:54.0932 14332 tcpipreg - ok

06:54:55.0086 14332 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys

06:54:55.0087 14332 tdcmdpst - ok

06:54:55.0133 14332 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

06:54:55.0135 14332 TDPIPE - ok

06:54:55.0246 14332 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

06:54:55.0248 14332 TDTCP - ok

06:54:55.0326 14332 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

06:54:55.0329 14332 tdx - ok

06:54:55.0363 14332 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

06:54:55.0365 14332 TermDD - ok

06:54:55.0567 14332 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

06:54:55.0569 14332 tssecsrv - ok

06:54:55.0737 14332 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

06:54:55.0740 14332 tunnel - ok

06:54:55.0884 14332 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

06:54:55.0886 14332 TVALZ - ok

06:54:56.0035 14332 TVALZFL (be32a8658a0b56474ad4d0bb8afa8e55) C:\Windows\system32\DRIVERS\TVALZFL.sys

06:54:56.0037 14332 TVALZFL - ok

06:54:56.0168 14332 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

06:54:56.0170 14332 uagp35 - ok

06:54:56.0599 14332 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

06:54:56.0603 14332 udfs - ok

06:54:57.0175 14332 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

06:54:57.0177 14332 uliagpkx - ok

06:54:57.0308 14332 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

06:54:57.0310 14332 umbus - ok

06:54:57.0334 14332 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

06:54:57.0336 14332 UmPass - ok

06:54:57.0482 14332 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

06:54:57.0484 14332 usbaudio - ok

06:54:57.0595 14332 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

06:54:57.0597 14332 usbccgp - ok

06:54:57.0711 14332 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

06:54:57.0713 14332 usbcir - ok

06:54:57.0811 14332 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

06:54:57.0812 14332 usbehci - ok

06:54:57.0958 14332 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

06:54:57.0962 14332 usbhub - ok

06:54:58.0077 14332 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys

06:54:58.0079 14332 usbohci - ok

06:54:58.0196 14332 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

06:54:58.0198 14332 usbprint - ok

06:54:58.0319 14332 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

06:54:58.0321 14332 usbscan - ok

06:54:58.0433 14332 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

06:54:58.0435 14332 USBSTOR - ok

06:54:58.0548 14332 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys

06:54:58.0550 14332 usbuhci - ok

06:54:59.0062 14332 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

06:54:59.0065 14332 usbvideo - ok

06:54:59.0508 14332 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

06:54:59.0509 14332 vdrvroot - ok

06:54:59.0657 14332 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

06:54:59.0659 14332 vga - ok

06:54:59.0766 14332 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

06:54:59.0768 14332 VgaSave - ok

06:54:59.0859 14332 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

06:54:59.0862 14332 vhdmp - ok

06:54:59.0911 14332 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

06:54:59.0913 14332 viaide - ok

06:55:00.0027 14332 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

06:55:00.0032 14332 volmgr - ok

06:55:00.0155 14332 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

06:55:00.0160 14332 volmgrx - ok

06:55:00.0275 14332 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

06:55:00.0279 14332 volsnap - ok

06:55:00.0446 14332 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys

06:55:00.0447 14332 vpnva - ok

06:55:00.0584 14332 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

06:55:00.0587 14332 vsmraid - ok

06:55:00.0654 14332 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

06:55:00.0656 14332 vwifibus - ok

06:55:00.0805 14332 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

06:55:00.0807 14332 vwififlt - ok

06:55:00.0845 14332 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

06:55:00.0847 14332 WacomPen - ok

06:55:01.0332 14332 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

06:55:01.0334 14332 WANARP - ok

06:55:01.0355 14332 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

06:55:01.0357 14332 Wanarpv6 - ok

06:55:01.0780 14332 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

06:55:01.0782 14332 Wd - ok

06:55:01.0851 14332 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

06:55:01.0859 14332 Wdf01000 - ok

06:55:02.0035 14332 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

06:55:02.0037 14332 WfpLwf - ok

06:55:02.0123 14332 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

06:55:02.0125 14332 WIMMount - ok

06:55:02.0322 14332 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

06:55:02.0324 14332 WinUsb - ok

06:55:02.0448 14332 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

06:55:02.0450 14332 WmiAcpi - ok

06:55:02.0605 14332 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

06:55:02.0607 14332 ws2ifsl - ok

06:55:02.0691 14332 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

06:55:02.0694 14332 WudfPf - ok

06:55:02.0780 14332 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

06:55:02.0846 14332 \Device\Harddisk0\DR0 - ok

06:55:02.0849 14332 Boot (0x1200) (5714b0cb020cc834e357f9274598624c) \Device\Harddisk0\DR0\Partition0

06:55:02.0850 14332 \Device\Harddisk0\DR0\Partition0 - ok

06:55:02.0852 14332 ============================================================

06:55:02.0852 14332 Scan finished

06:55:02.0852 14332 ============================================================

06:55:02.0869 11784 Detected object count: 0

06:55:02.0869 11784 Actual detected object count: 0

end of part 1

Link to post
Share on other sites

The Fix. Bat file is not working. I'm getting a message that says "windows cannot find 'logit.txt'. Make sure you have typed the name correctly, and then try again." and a kaspersky error message. I've tried several times.

Thanks for your recs, and Happy New Year!

-MkayGee

Link to post
Share on other sites

Happy New Year.

I'm Confused on a few details. Did you follow ALL of my steps? Where then did you get this last log?

Curious a bit. Then let's move forward, and do

Download OTL by OldTimer AND SAVE to your Desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Link to post
Share on other sites

Hello,

The Killer scan worked just fine, the fix.bat didn't seem to want to work.

here is the OTL scan

OTL logfile created on: 1/1/2012 3:08:13 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michela\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 52.90% Memory free

7.74 Gb Paging File | 5.82 Gb Available in Paging File | 75.13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.58 Gb Total Space | 229.55 Gb Free Space | 80.10% Space Free | Partition Type: NTFS

Computer Name: MGRANT-PC | User Name: Michela | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/01 15:05:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michela\Desktop\OTL.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/06/01 17:06:40 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

PRC - [2011/06/01 17:06:40 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

PRC - [2011/06/01 10:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

PRC - [2011/02/11 09:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2010/12/09 09:28:52 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe

PRC - [2010/07/27 03:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe

PRC - [2010/07/27 03:47:12 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

PRC - [2010/07/08 12:21:12 | 000,323,296 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

PRC - [2009/05/22 18:09:04 | 000,173,440 | ---- | M] () -- C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe

PRC - [2009/04/16 19:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

PRC - [2009/03/30 17:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

PRC - [2008/04/24 12:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe

PRC - [2006/12/23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2006/12/23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2006/12/06 03:09:30 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/13 13:27:27 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\168c6417c92bdddd10809791ed32be3e\Microsoft.VisualBasic.ni.dll

MOD - [2011/10/13 13:26:58 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll

MOD - [2011/10/13 13:14:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll

MOD - [2011/10/13 13:14:10 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll

MOD - [2011/10/13 13:14:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll

MOD - [2011/10/13 13:13:57 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b36638dd2b7875d56d40b5f4bc5d3fd9\System.Data.ni.dll

MOD - [2011/10/13 13:13:21 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll

MOD - [2011/10/13 13:13:12 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll

MOD - [2011/10/13 13:13:08 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll

MOD - [2011/10/13 13:12:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll

MOD - [2011/10/13 13:12:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll

MOD - [2011/10/13 13:12:39 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll

MOD - [2011/10/13 13:12:27 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

MOD - [2011/06/01 17:11:18 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll

MOD - [2011/06/01 17:06:34 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll

MOD - [2011/06/01 10:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll

MOD - [2011/06/01 10:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/07/08 12:24:34 | 002,887,904 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll

MOD - [2010/07/08 12:24:02 | 000,026,848 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll

MOD - [2010/07/08 12:21:12 | 000,323,296 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

MOD - [2010/03/22 16:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll

MOD - [2009/06/10 15:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2009/04/14 18:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2009/04/09 18:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/03/17 12:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/03/06 19:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/02/19 15:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)

SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/06/01 17:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)

SRV - [2011/02/11 09:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2010/07/27 03:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)

SRV - [2010/07/08 12:21:52 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/22 18:09:04 | 000,173,440 | ---- | M] () [Auto | Running] -- C:\ProgramData\Toshiba\ToshibaSevenComp\PingTaisWizard.exe -- (PingTaisWz)

SRV - [2009/04/16 19:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)

SRV - [2009/04/01 17:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/03/30 17:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/11/03 17:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/11 09:27:37 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/08/20 21:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2010/07/27 03:47:46 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)

DRV:64bit: - [2010/07/27 03:47:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)

DRV:64bit: - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/24 15:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2009/03/23 15:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/03/18 12:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/03/18 11:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/03/11 17:35:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)

DRV:64bit: - [2007/12/11 15:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2007/11/09 15:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2006/11/19 23:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV - [2010/07/27 03:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2010/07/27 03:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {d1e06b91-60e6-4492-af9f-53043fa32716}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Michela\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Michela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/09 09:29:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/28 17:24:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/28 17:20:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/30 02:29:24 | 000,000,000 | ---D | M]

[2010/09/16 16:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michela\AppData\Roaming\Mozilla\Extensions

[2010/09/16 16:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michela\AppData\Roaming\Mozilla\Extensions\58282EC3-9AC0-4ab3-9BC3-6362BA4F2F5E

[2011/12/28 17:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions

[2009/12/31 21:36:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/12/26 00:29:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011/12/27 11:34:29 | 000,000,000 | ---D | M] (TheFreeDictionarycom Community Toolbar) -- C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\extensions\{d1e06b91-60e6-4492-af9f-53043fa32716}

[2011/12/26 00:31:24 | 000,002,306 | ---- | M] () -- C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Profiles\2vdm4kjb.default\searchplugins\wot-safe-search.xml

[2011/12/28 17:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/05/16 17:12:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/12/28 17:24:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/29 15:45:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (Reg Error: Value error.) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\Defender Pro\Defender Pro 15-in-1\IEToolbar.dll File not found

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\Michela\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - Startup: C:\Users\Michela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\pnrpnsp.dll File not found

O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB0FBA6-6420-43BE-950B-BE7DDB297058}: DhcpNameServer = 77.244.128.60 77.244.128.61

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Users\Michela\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 15:05:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michela\Desktop\OTL.exe

[2012/01/01 06:50:59 | 000,000,000 | ---D | C] -- C:\Users\Michela\Desktop\tdsskiller

[2011/12/30 03:26:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2011/12/30 03:26:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2011/12/30 03:26:13 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011/12/30 03:26:13 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2011/12/30 03:26:13 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011/12/30 03:26:13 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/12/30 03:26:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/12/30 03:26:13 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011/12/30 03:26:13 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011/12/30 03:26:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2011/12/30 03:26:13 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2011/12/30 03:26:13 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011/12/30 03:26:13 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2011/12/30 03:26:13 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011/12/30 03:26:13 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2011/12/30 03:26:13 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2011/12/30 03:26:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/12/30 03:26:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/12/30 03:26:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/12/30 03:26:13 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2011/12/30 03:26:13 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2011/12/30 03:26:13 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2011/12/30 03:26:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/12/30 03:26:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2011/12/30 03:26:13 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2011/12/30 03:26:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2011/12/30 03:26:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2011/12/30 03:26:13 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2011/12/30 03:26:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2011/12/30 03:26:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2011/12/30 03:26:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2011/12/30 03:26:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2011/12/30 03:26:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2011/12/30 03:26:13 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011/12/30 03:26:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2011/12/30 03:26:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2011/12/30 03:26:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2011/12/30 03:26:13 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2011/12/30 03:26:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011/12/30 03:26:13 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2011/12/30 03:26:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2011/12/30 03:26:13 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2011/12/30 03:26:13 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2011/12/30 03:26:13 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2011/12/30 03:26:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/12/30 03:26:13 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2011/12/30 03:26:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2011/12/30 03:26:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2011/12/30 03:26:13 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2011/12/30 03:26:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2011/12/30 03:26:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2011/12/30 03:26:13 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2011/12/30 03:26:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2011/12/30 03:26:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2011/12/30 03:26:13 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2011/12/30 03:26:13 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2011/12/30 03:26:13 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2011/12/30 03:26:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/12/30 03:26:13 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2011/12/30 03:26:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2011/12/30 03:26:13 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2011/12/30 03:26:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2011/12/30 03:26:13 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2011/12/30 03:26:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2011/12/30 03:26:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2011/12/30 03:26:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2011/12/30 03:26:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2011/12/30 03:26:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011/12/30 03:26:13 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011/12/30 03:26:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2011/12/30 03:26:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011/12/30 03:26:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011/12/30 02:31:19 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011/12/30 02:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011/12/30 02:19:34 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll

[2011/12/30 02:19:34 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe

[2011/12/30 02:19:34 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe

[2011/12/30 02:19:34 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe

[2011/12/30 02:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011/12/30 02:15:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/12/30 01:55:06 | 017,268,512 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Michela\Desktop\jre-6u30-windows-x64.exe

[2011/12/29 16:44:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/12/29 16:44:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/12/29 16:44:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/12/29 16:27:10 | 004,356,196 | R--- | C] (Swearware) -- C:\Users\Michela\Desktop\ComboFix.exe

[2011/12/29 15:06:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/12/29 14:45:51 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/12/29 14:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011/12/29 14:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2011/12/28 16:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/12/28 16:32:55 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/12/28 16:32:53 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/12/28 16:32:50 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/12/28 16:32:47 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/12/28 16:32:43 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2011/12/28 16:32:42 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/12/28 16:32:18 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/12/28 16:32:18 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/12/28 16:04:41 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.DLL

[2011/12/28 15:50:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/12/26 02:02:46 | 000,000,000 | ---D | C] -- C:\Users\Michela\AppData\Local\CrashDumps

[2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michela\Desktop\TDSSKiller.exe

[2011/12/21 23:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/21 23:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/12/19 02:31:21 | 000,000,000 | ---D | C] -- C:\Users\Michela\AppData\Roaming\QuickScan

[2011/12/18 20:14:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

[2011/12/18 20:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

[2011/12/18 20:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue

[2011/12/18 19:02:05 | 000,000,000 | ---D | C] -- C:\Users\Michela\AppData\Roaming\Defender Pro

[2011/12/18 18:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch

[2011/12/18 18:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender

[2011/12/18 18:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Defender Pro

[2011/12/18 18:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Defender Pro

[2011/12/18 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Defender Pro

[2011/12/17 13:52:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011/12/17 13:50:14 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011/12/17 13:50:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2011/12/17 03:11:29 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2011/12/17 03:10:48 | 000,125,872 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll

[2011/12/17 03:10:48 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll

[2011/12/17 03:02:14 | 000,000,000 | ---D | C] -- C:\Users\Michela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2011/12/17 00:49:19 | 000,000,000 | ---D | C] -- C:\Users\Michela\AppData\Roaming\Malwarebytes

[2011/12/16 14:45:26 | 000,000,000 | ---D | C] -- C:\Users\Michela\AppData\Roaming\Tific

[2011/12/16 14:37:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2011/12/16 14:24:32 | 000,000,000 | ---D | C] -- C:\Users\Michela\AppData\Local\Symantec

[2011/12/16 14:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings

[2011/12/16 02:31:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/12/14 21:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/12/14 11:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011/12/14 11:32:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sdtmp

[2011/12/10 16:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

[2011/12/10 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services

[2011/12/10 16:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2011/12/10 16:31:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2011/12/10 16:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework

[2011/12/10 16:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2011/12/10 16:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2 C:\Users\Michela\AppData\Local\*.tmp files -> C:\Users\Michela\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/01 15:05:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michela\Desktop\OTL.exe

[2012/01/01 14:58:56 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/01 14:58:54 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4034558274-241080843-1589384674-1000UA.job

[2012/01/01 14:58:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/01 07:10:37 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michela\Desktop\TDSSKiller.exe

[2012/01/01 07:01:28 | 001,558,406 | ---- | M] () -- C:\Users\Michela\Desktop\tdsskiller.zip

[2012/01/01 04:20:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/01 03:36:42 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4034558274-241080843-1589384674-1000Core.job

[2011/12/30 06:49:55 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/30 06:49:55 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/30 06:42:58 | 000,001,448 | ---- | M] () -- C:\Users\Michela\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/12/30 06:42:45 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job

[2011/12/30 06:41:01 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/30 03:26:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2011/12/30 03:26:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2011/12/30 03:26:13 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011/12/30 03:26:13 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2011/12/30 03:26:13 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011/12/30 03:26:13 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/12/30 03:26:13 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/12/30 03:26:13 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011/12/30 03:26:13 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011/12/30 03:26:13 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2011/12/30 03:26:13 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2011/12/30 03:26:13 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011/12/30 03:26:13 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2011/12/30 03:26:13 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011/12/30 03:26:13 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2011/12/30 03:26:13 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2011/12/30 03:26:13 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/12/30 03:26:13 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/12/30 03:26:13 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/12/30 03:26:13 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2011/12/30 03:26:13 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2011/12/30 03:26:13 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2011/12/30 03:26:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/12/30 03:26:13 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2011/12/30 03:26:13 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2011/12/30 03:26:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2011/12/30 03:26:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2011/12/30 03:26:13 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2011/12/30 03:26:13 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2011/12/30 03:26:13 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2011/12/30 03:26:13 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2011/12/30 03:26:13 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2011/12/30 03:26:13 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2011/12/30 03:26:13 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011/12/30 03:26:13 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2011/12/30 03:26:13 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2011/12/30 03:26:13 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2011/12/30 03:26:13 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2011/12/30 03:26:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011/12/30 03:26:13 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2011/12/30 03:26:13 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2011/12/30 03:26:13 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2011/12/30 03:26:13 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2011/12/30 03:26:13 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2011/12/30 03:26:13 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/12/30 03:26:13 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2011/12/30 03:26:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2011/12/30 03:26:13 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2011/12/30 03:26:13 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2011/12/30 03:26:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2011/12/30 03:26:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2011/12/30 03:26:13 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2011/12/30 03:26:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2011/12/30 03:26:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2011/12/30 03:26:13 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2011/12/30 03:26:13 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2011/12/30 03:26:13 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2011/12/30 03:26:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2011/12/30 03:26:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2011/12/30 03:26:13 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/12/30 03:26:13 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2011/12/30 03:26:13 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2011/12/30 03:26:13 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2011/12/30 03:26:13 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2011/12/30 03:26:13 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2011/12/30 03:26:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2011/12/30 03:26:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2011/12/30 03:26:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2011/12/30 03:26:13 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2011/12/30 03:26:13 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011/12/30 03:26:13 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011/12/30 03:26:13 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2011/12/30 03:26:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011/12/30 03:26:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011/12/30 02:31:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011/12/30 02:29:27 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/12/30 02:19:17 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe

[2011/12/30 02:19:17 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe

[2011/12/30 02:19:16 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe

[2011/12/30 02:19:14 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll

[2011/12/30 02:08:31 | 000,116,380 | ---- | M] () -- C:\Users\Michela\Desktop\JAva Runner.JPG

[2011/12/30 01:55:17 | 017,268,512 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Michela\Desktop\jre-6u30-windows-x64.exe

[2011/12/29 21:02:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/12/29 16:27:11 | 004,356,196 | R--- | M] (Swearware) -- C:\Users\Michela\Desktop\ComboFix.exe

[2011/12/29 15:45:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/12/29 14:42:05 | 000,000,935 | ---- | M] () -- C:\Users\Michela\Desktop\NTREGOPT.lnk

[2011/12/29 14:42:05 | 000,000,916 | ---- | M] () -- C:\Users\Michela\Desktop\ERUNT.lnk

[2011/12/28 18:22:17 | 000,000,467 | ---- | M] () -- C:\Users\Michela\Desktop\Attach.lnk

[2011/12/28 18:21:45 | 000,000,448 | ---- | M] () -- C:\Users\Michela\Desktop\DDS.lnk

[2011/12/28 17:22:25 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/28 17:21:13 | 000,001,914 | ---- | M] () -- C:\Users\Michela\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/12/28 17:20:19 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/12/28 16:32:56 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/12/28 15:30:32 | 000,100,792 | ---- | M] () -- C:\ProgramData\bdinstall.bin

[2011/12/26 02:12:24 | 000,000,000 | ---- | M] () -- C:\Users\Michela\AppData\Local\{437285A3-2406-471F-83F5-4BE8BFC2DC7C}

[2011/12/25 09:40:11 | 000,013,386 | ---- | M] () -- C:\Users\Michela\Documents\FiOS Tech Wizard Information.htm

[2011/12/24 07:15:04 | 000,000,112 | ---- | M] () -- C:\ProgramData\h682L5Pb.dat

[2011/12/21 20:13:43 | 000,010,180 | -HS- | M] () -- C:\Users\Michela\AppData\Local\id8i1jjw6f143c6io0c76

[2011/12/21 20:13:43 | 000,010,180 | -HS- | M] () -- C:\ProgramData\id8i1jjw6f143c6io0c76

[2011/12/19 02:30:28 | 000,013,280 | -HS- | M] () -- C:\Users\Michela\AppData\Local\857806u6a536h330w210q4bgt1u2

[2011/12/19 02:30:28 | 000,013,280 | -HS- | M] () -- C:\ProgramData\857806u6a536h330w210q4bgt1u2

[2011/12/19 02:26:06 | 000,000,000 | ---- | M] () -- C:\Users\Michela\AppData\Local\{07E69E1B-E1DC-4A9D-A47A-1F1A5F7292A2}

[2011/12/19 02:20:41 | 000,106,496 | ---- | M] () -- C:\Users\Michela\Desktop\nuke-M.exe

[2011/12/18 20:43:06 | 000,015,360 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl

[2011/12/18 20:43:04 | 438,000,864 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/12/18 19:24:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/12/18 19:24:51 | 000,624,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/12/18 19:24:51 | 000,106,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/12/18 19:09:53 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\asdict.dat

[2011/12/18 18:38:46 | 000,000,415 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml

[2011/12/18 18:35:26 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\GWJRLE4Q.ocx

[2011/12/18 18:35:26 | 000,003,120 | ---- | M] () -- C:\Windows\F6TDORFB.ocx

[2011/12/18 17:43:46 | 000,452,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/12/18 14:19:48 | 000,010,424 | -HS- | M] () -- C:\Users\Michela\AppData\Local\n1cq10c7ro3iik

[2011/12/18 14:19:48 | 000,010,424 | -HS- | M] () -- C:\ProgramData\n1cq10c7ro3iik

[2011/12/17 02:54:53 | 000,011,198 | -HS- | M] () -- C:\ProgramData\855476t4l626j788g862c8koh0h1

[2011/12/17 02:54:52 | 000,011,198 | -HS- | M] () -- C:\Users\Michela\AppData\Local\855476t4l626j788g862c8koh0h1

[2011/12/16 14:23:31 | 000,010,464 | -HS- | M] () -- C:\Users\Michela\AppData\Local\060526s0k731w840m316p3quc4c5

[2011/12/16 14:23:31 | 000,010,464 | -HS- | M] () -- C:\ProgramData\060526s0k731w840m316p3quc4c5

[2011/12/16 06:56:27 | 000,000,000 | ---- | M] () -- C:\ProgramData\c55SA2Dm.exe.b

[2011/12/14 17:09:39 | 000,014,152 | -HS- | M] () -- C:\Users\Michela\AppData\Local\502843u1s876d065e433s4int3x4

[2011/12/14 17:09:39 | 000,014,152 | -HS- | M] () -- C:\ProgramData\502843u1s876d065e433s4int3x4

[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2 C:\Users\Michela\AppData\Local\*.tmp files -> C:\Users\Michela\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/01 06:50:34 | 001,558,406 | ---- | C] () -- C:\Users\Michela\Desktop\tdsskiller.zip

[2011/12/30 03:26:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2011/12/30 03:26:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2011/12/30 02:29:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/12/30 02:29:27 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011/12/30 02:08:31 | 000,116,380 | ---- | C] () -- C:\Users\Michela\Desktop\JAva Runner.JPG

[2011/12/29 16:44:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/12/29 16:44:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/12/29 16:44:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/12/29 16:44:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/12/29 16:44:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/12/29 14:42:05 | 000,000,935 | ---- | C] () -- C:\Users\Michela\Desktop\NTREGOPT.lnk

[2011/12/29 14:42:05 | 000,000,916 | ---- | C] () -- C:\Users\Michela\Desktop\ERUNT.lnk

[2011/12/28 18:22:17 | 000,000,467 | ---- | C] () -- C:\Users\Michela\Desktop\Attach.lnk

[2011/12/28 18:21:45 | 000,000,448 | ---- | C] () -- C:\Users\Michela\Desktop\DDS.lnk

[2011/12/28 17:22:25 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/28 17:20:19 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011/12/28 16:32:56 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/12/26 02:00:57 | 000,000,000 | ---- | C] () -- C:\Users\Michela\AppData\Local\{437285A3-2406-471F-83F5-4BE8BFC2DC7C}

[2011/12/25 09:40:11 | 000,013,386 | ---- | C] () -- C:\Users\Michela\Documents\FiOS Tech Wizard Information.htm

[2011/12/21 20:11:31 | 000,010,180 | -HS- | C] () -- C:\ProgramData\id8i1jjw6f143c6io0c76

[2011/12/21 20:11:30 | 000,010,180 | -HS- | C] () -- C:\Users\Michela\AppData\Local\id8i1jjw6f143c6io0c76

[2011/12/19 02:26:06 | 000,000,000 | ---- | C] () -- C:\Users\Michela\AppData\Local\{07E69E1B-E1DC-4A9D-A47A-1F1A5F7292A2}

[2011/12/19 02:20:35 | 000,106,496 | ---- | C] () -- C:\Users\Michela\Desktop\nuke-M.exe

[2011/12/19 02:11:17 | 000,013,280 | -HS- | C] () -- C:\Users\Michela\AppData\Local\857806u6a536h330w210q4bgt1u2

[2011/12/19 02:11:17 | 000,013,280 | -HS- | C] () -- C:\ProgramData\857806u6a536h330w210q4bgt1u2

[2011/12/18 20:14:39 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job

[2011/12/18 19:09:53 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\asdict.dat

[2011/12/18 18:38:46 | 000,000,415 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml

[2011/12/18 18:35:26 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\GWJRLE4Q.ocx

[2011/12/18 18:35:26 | 000,003,120 | ---- | C] () -- C:\Windows\F6TDORFB.ocx

[2011/12/18 18:22:10 | 000,100,792 | ---- | C] () -- C:\ProgramData\bdinstall.bin

[2011/12/18 14:15:32 | 000,010,424 | -HS- | C] () -- C:\Users\Michela\AppData\Local\n1cq10c7ro3iik

[2011/12/18 14:15:32 | 000,010,424 | -HS- | C] () -- C:\ProgramData\n1cq10c7ro3iik

[2011/12/16 06:56:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\c55SA2Dm.exe.b

[2011/12/16 06:54:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\h682L5Pb.dat

[2011/12/16 02:31:49 | 000,010,464 | -HS- | C] () -- C:\Users\Michela\AppData\Local\060526s0k731w840m316p3quc4c5

[2011/12/16 02:31:49 | 000,010,464 | -HS- | C] () -- C:\ProgramData\060526s0k731w840m316p3quc4c5

[2011/12/14 02:27:20 | 000,014,152 | -HS- | C] () -- C:\Users\Michela\AppData\Local\502843u1s876d065e433s4int3x4

[2011/12/14 02:27:20 | 000,014,152 | -HS- | C] () -- C:\ProgramData\502843u1s876d065e433s4int3x4

[2011/12/13 02:26:46 | 000,011,198 | -HS- | C] () -- C:\Users\Michela\AppData\Local\855476t4l626j788g862c8koh0h1

[2011/12/13 02:26:46 | 000,011,198 | -HS- | C] () -- C:\ProgramData\855476t4l626j788g862c8koh0h1

[2011/10/09 17:03:46 | 000,004,608 | ---- | C] () -- C:\Users\Michela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/28 11:03:03 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011/01/28 11:03:03 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT

[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

[2010/06/14 14:16:18 | 000,002,771 | ---- | C] () -- C:\Windows\checkip.dat

[2010/06/14 14:11:16 | 000,003,718 | ---- | C] () -- C:\Windows\ipconfig.dat

[2009/12/31 22:59:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/09/22 21:15:05 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys

[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/07/06 23:27:37 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/05/03 01:00:45 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll

[2009/05/03 01:00:45 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll

[2009/05/03 01:00:45 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll

[2009/05/03 01:00:44 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll

[2009/05/03 01:00:44 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll

[2009/05/03 01:00:44 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll

========== Custom Scans ==========

< HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL: http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\SuggestionsURLFallback: http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\FaviconURLFallback: http://www.bing.com/favicon.ico

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\TopResultURLFallback: http://www.bing.com/search?q={searchTerms}&src=ie9tr

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\\URL: http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_enUS346US346

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\\FaviconURL: http://www.google.com/favicon.ico

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\\SuggestionsURL: http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\\SuggestionsURLFallback: http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\\FaviconURLFallback: http://www.google.com/favicon.ico

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\\TopResultURLFallback:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}\\URL: http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}\\FaviconURL: http://www.google.com/favicon.ico

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}\\SuggestionsURL: http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

< HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

========== Files - Unicode (All) ==========

[2011/12/28 15:29:41 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

[2011/12/28 15:29:41 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

Good morning MkayGee.

Sorry for delay in getting back.

Let's take care of the leftover traces of Norton360.

Read / digest this article titled Uninstall Tools for Major Antivirus Products at

http://aumha.net/viewtopic.php?f=27&t=33665

then get, save, and run the Norton/Symantec Removal Tool

When done, logoff and restart system.

BTW, Bookmark (save) the URL to the article. Highly recommended should you switch anti-virus apps in future.

You'd asked this earlier:

Also, my family bought me a virus protection software Webroot, can I download this and uninstall Avast Tomorrow?
Your choice. Just bear in mind that Webroot license will eventually expire, and you face periodic renewal$

Product and cost-wise you'd be better to have MBAM and get a license, which is good for life. No renewals. Note in the latter case, you'd still need an A-V app, like Avira free (my choice) if cost was an issue.

These next steps are for removal of a couple of temp files and some housekeeping. This will invoke a Reboot-Restart.

Be sure to close your open programs beforehand.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    C:\Windows\isRS-000.tmp
    C:\Users\Michela\AppData\Local\BIT2CEC.tmp
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.