Jump to content

Recommended Posts

Hello there, and thank you very much for taking the time to read my problem! Recently, my computer has been running rather slow and as of a few days ago has suffered from several blue screen crashes. My anti virus would no longer (and still will not) open, and so I downloaded malwarebytes in hope of finding the problem. It detected a few problems and was able to delete them-- all but a trojan.agent that continues to attack c:\Windows\svchost.exe. I'm really not sure what to do, and would really appreciate help, as I have finals coming up next week and most of them require me using my laptop to complete them.

So, after reading the rules, here is the requested information. I'm not sure if more info will be necessary. Thanks again!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.5.1

Run by SHeLBY at 21:37:50 on 2013-03-07

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.2831 [GMT -6:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\vcsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe

C:\Windows\SysWOW64\PSIService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>

uURLSearchHooks: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\CoIEPlg.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [AdobeBridge] <no file>

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [sMessaging] C:\Users\SHeLBY\AppData\Local\Strongvault Online Backup\SMessaging.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - C:\Users\SHeLBY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

TCP: NameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{4E74CCDA-CAC2-49EA-82B7-DF4BB932DFDA} : DHCPNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{4E74CCDA-CAC2-49EA-82B7-DF4BB932DFDA}\2375942554035323 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{4E74CCDA-CAC2-49EA-82B7-DF4BB932DFDA}\2375942554636343 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{4E74CCDA-CAC2-49EA-82B7-DF4BB932DFDA}\35075636E202F40737026516E6023223 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{4E74CCDA-CAC2-49EA-82B7-DF4BB932DFDA}\3545554454E445F575946494 : DHCPNameServer = 172.31.94.5

TCP: Interfaces\{4E74CCDA-CAC2-49EA-82B7-DF4BB932DFDA}\74275656E602963702E6F64702160234275616479667560234F6C6F627 : DHCPNameServer = 75.75.76.76 75.75.75.75

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = DPPassFilter scecli

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-26 55856]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1402010.016\SymDS64.sys [2013-2-3 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1402010.016\SymEFA64.sys [2013-2-3 1133216]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-7 1388120]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1402010.016\ccSetx64.sys [2013-2-3 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130307.001\IDSviA64.sys [2013-3-7 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1402010.016\Ironx64.sys [2013-2-3 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1402010.016\symnets.sys [2013-2-3 432800]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-8 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-6-15 30520]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-7 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-7 682344]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [2013-2-3 143928]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-26 6583160]

R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-26 528760]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-8 2533400]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]

R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]

R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]

R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-5 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-27 151936]

R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-7 24176]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-8-16 39832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-9 1431888]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-8 232992]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-8 344680]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-13 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-03-07 23:14:50 -------- d-----w- C:\Users\SHeLBY\AppData\Roaming\Malwarebytes

2013-03-07 23:14:41 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-07 23:14:39 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-07 23:14:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-07 23:14:27 -------- d-----w- C:\Users\SHeLBY\AppData\Local\Programs

2013-03-04 04:51:46 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DB0A.tmp

2013-03-04 04:51:46 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DAEA.tmp

2013-02-23 00:15:21 -------- d-----w- C:\Program Files (x86)\TERA

2013-02-23 00:15:20 -------- d-----w- C:\Users\SHeLBY\AppData\Local\TERA

2013-02-22 06:59:46 -------- d-----w- C:\Users\SHeLBY\AppData\Roaming\Toon Boom Animation

2013-02-22 06:19:37 -------- d-----w- C:\Program Files (x86)\Toon Boom Animation

2013-02-14 09:04:34 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 09:04:34 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 09:00:59 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2013-02-11 22:13:46 -------- d-----w- C:\Users\SHeLBY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

.

==================== Find3M ====================

.

2013-02-28 20:19:22 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-28 20:19:22 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-04 05:25:29 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-05 05:57:43 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:02:17 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:02:17 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll

2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll

2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-01-04 03:22:49 3150848 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

.

============= FINISH: 21:38:48.73 ===============

attach.txt

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Thank you so much for your help! Here is the log you requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-03-2013

Ran by SYSTEM at 09-03-2013 14:13:11

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)

HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-19] (Intel® Corporation)

HKLM\...\Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1441792 2010-06-08] (Intel® Corporation)

HKLM\...\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-08-31] ()

HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)

HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sMessaging] C:\Users\SHeLBY\AppData\Local\Strongvault Online Backup\SMessaging.exe [x]

HKU\SHeLBY\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)

HKU\SHeLBY\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-11-16] (Google Inc.)

HKU\SHeLBY\...\Run: [AdobeBridge] [x]

HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [739664 2010-09-15] (DigitalPersona, Inc.)

Lsa: [Notification Packages] DPPassFilter scecli

==================== Services (Whitelisted) ===================

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\diMaster.dll" /prefetch:1 [535416 2012-12-05] (Symantec Corporation)

2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)

1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-02] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-02] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130308.001\IDSvia64.sys [513184 2013-02-01] (Symantec Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130309.003\ENG64.SYS [126192 2013-02-07] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130309.003\EX64.SYS [2087664 2013-02-07] (Symantec Corporation)

3 SRTSP; C:\Windows\system32\drivers\NISx64\1402010.016\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1402010.016\SRTSPX64.SYS [37496 2012-09-06] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NISx64\1402010.016\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1402010.016\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-02-03] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)

1 SymNetS; C:\Windows\system32\drivers\NISx64\1402010.016\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)

3 Prot6Flt; C:\Windows\System32\DRIVERS\Prot6Flt.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-03-07 20:52 - 2013-03-07 20:52 - 00107365 ____A C:\Users\SHeLBY\Desktop\gmer.log

2013-03-07 19:39 - 2013-03-07 19:39 - 00012647 ____A C:\Users\SHeLBY\Desktop\attach.txt

2013-03-07 19:39 - 2013-03-07 19:38 - 00025978 ____A C:\Users\SHeLBY\Desktop\dds.txt

2013-03-07 18:26 - 2013-03-07 18:26 - 00015116 ____A C:\Users\SHeLBY\Desktop\hijackthis.log

2013-03-07 15:14 - 2013-03-07 15:14 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-07 15:14 - 2013-03-07 15:14 - 00000000 ____D C:\Users\SHeLBY\AppData\Roaming\Malwarebytes

2013-03-07 15:14 - 2013-03-07 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-03-07 15:14 - 2013-03-07 15:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-07 15:14 - 2012-12-14 14:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-03-07 12:21 - 2013-03-07 12:21 - 00279672 ____A C:\Windows\Minidump\030713-33602-01.dmp

2013-03-04 17:14 - 2013-03-04 17:14 - 00279704 ____A C:\Windows\Minidump\030413-33353-01.dmp

2013-03-04 08:54 - 2013-03-04 08:54 - 00279672 ____A C:\Windows\Minidump\030413-47595-01.dmp

2013-03-01 17:02 - 2013-03-01 17:02 - 00685736 ____A C:\Windows\Minidump\030113-41262-01.dmp

2013-02-22 16:15 - 2013-02-23 00:13 - 00000000 ____D C:\Program Files (x86)\TERA

2013-02-22 16:15 - 2013-02-22 16:25 - 00000000 ____D C:\Users\SHeLBY\AppData\Local\TERA

2013-02-22 16:15 - 2013-02-22 16:15 - 00001666 ____A C:\Users\Public\Desktop\TERA.lnk

2013-02-22 00:00 - 2013-02-22 00:00 - 00000000 ____D C:\Users\SHeLBY\Documents\Toon Boom Storyboard Pro Trial Library

2013-02-21 22:59 - 2013-03-01 19:09 - 00000000 ____D C:\Users\SHeLBY\AppData\Roaming\Toon Boom Animation

2013-02-21 22:20 - 2013-02-21 22:20 - 00002470 ____A C:\Users\Public\Desktop\Toon Boom Storyboard Pro 2.lnk

2013-02-21 22:20 - 2013-02-21 22:20 - 00000000 ____D C:\Users\Public\Documents\Toon Boom Animation

2013-02-21 22:19 - 2013-02-21 22:19 - 00000000 ____D C:\Program Files (x86)\Toon Boom Animation

2013-02-14 01:01 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-02-14 01:01 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-02-14 01:01 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-02-14 01:01 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-02-14 01:01 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-02-14 01:01 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-02-14 01:01 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-02-14 01:01 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-02-14 01:01 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-02-14 01:01 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-02-14 01:01 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-02-14 01:01 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-02-14 01:01 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-02-14 01:01 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-02-14 01:01 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-02-14 01:01 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-02-14 01:01 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-02-14 01:01 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-02-14 01:01 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-02-14 01:01 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-02-14 01:01 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-02-14 01:01 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-02-14 01:01 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-02-14 01:01 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-02-14 01:01 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-02-14 01:01 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-02-14 01:01 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-02-14 01:01 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-02-14 01:00 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-02-14 01:00 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-02-14 01:00 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-02-14 01:00 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-02-13 18:39 - 2013-01-04 21:57 - 05500776 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-02-13 18:39 - 2013-01-04 21:02 - 03957608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-02-13 18:39 - 2013-01-04 21:02 - 03902312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-02-13 18:39 - 2013-01-03 21:41 - 01893224 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-02-13 18:39 - 2013-01-03 21:40 - 00287576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2013-02-13 18:39 - 2013-01-03 21:37 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2013-02-13 18:39 - 2013-01-03 21:37 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2013-02-13 18:39 - 2013-01-03 21:37 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2013-02-13 18:39 - 2013-01-03 21:36 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-02-13 18:39 - 2013-01-03 21:33 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2013-02-13 18:39 - 2013-01-03 21:30 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-02-13 18:39 - 2013-01-03 21:30 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:27 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:51 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-02-13 18:39 - 2013-01-03 20:51 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-02-13 18:39 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 19:22 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-02-13 18:39 - 2013-01-03 19:19 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-02-13 18:39 - 2013-01-03 18:48 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-02-13 18:39 - 2013-01-03 18:48 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-02-13 18:39 - 2013-01-03 18:48 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-02-13 18:39 - 2013-01-03 18:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-02-13 18:39 - 2013-01-03 18:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 18:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 18:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-02-13 18:39 - 2013-01-03 18:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-02-11 14:13 - 2013-02-11 14:13 - 00000000 ____D C:\Users\SHeLBY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

==================== One Month Modified Files and Folders =======

2013-03-09 12:09 - 2011-02-08 00:49 - 00000050 ____A C:\Windows\System32\SupplicantTest.log

2013-03-09 12:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-03-09 12:09 - 2009-07-13 20:51 - 00124575 ____A C:\Windows\setupact.log

2013-03-09 12:08 - 2011-02-08 00:36 - 01413310 ____A C:\Windows\WindowsUpdate.log

2013-03-09 12:05 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-09 11:23 - 2011-05-09 16:49 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-03-09 11:19 - 2012-09-25 13:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-03-09 11:16 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-03-09 11:16 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-03-09 11:08 - 2011-05-09 16:49 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-03-09 11:07 - 2011-02-08 00:52 - 01820582 ____A C:\Windows\PFRO.log

2013-03-07 20:52 - 2013-03-07 20:52 - 00107365 ____A C:\Users\SHeLBY\Desktop\gmer.log

2013-03-07 20:52 - 2011-09-07 18:24 - 00000000 ____D C:\Users\SHeLBY\Documents\HTML Coding

2013-03-07 19:39 - 2013-03-07 19:39 - 00012647 ____A C:\Users\SHeLBY\Desktop\attach.txt

2013-03-07 19:38 - 2013-03-07 19:39 - 00025978 ____A C:\Users\SHeLBY\Desktop\dds.txt

2013-03-07 19:37 - 2011-05-09 16:42 - 00000000 ____D C:\Users\SHeLBY\Downloads\Setups

2013-03-07 18:26 - 2013-03-07 18:26 - 00015116 ____A C:\Users\SHeLBY\Desktop\hijackthis.log

2013-03-07 15:14 - 2013-03-07 15:14 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-07 15:14 - 2013-03-07 15:14 - 00000000 ____D C:\Users\SHeLBY\AppData\Roaming\Malwarebytes

2013-03-07 15:14 - 2013-03-07 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-03-07 15:14 - 2013-03-07 15:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-07 12:57 - 2011-05-09 15:54 - 00000000 ____D C:\users\SHeLBY

2013-03-07 12:40 - 2011-05-10 13:18 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2013-03-07 12:25 - 2013-01-23 15:18 - 00002143 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-03-07 12:21 - 2013-03-07 12:21 - 00279672 ____A C:\Windows\Minidump\030713-33602-01.dmp

2013-03-07 12:21 - 2012-07-10 20:39 - 511651807 ____A C:\Windows\MEMORY.DMP

2013-03-07 12:21 - 2012-07-10 20:39 - 00000000 ____D C:\Windows\Minidump

2013-03-04 17:14 - 2013-03-04 17:14 - 00279704 ____A C:\Windows\Minidump\030413-33353-01.dmp

2013-03-04 08:54 - 2013-03-04 08:54 - 00279672 ____A C:\Windows\Minidump\030413-47595-01.dmp

2013-03-03 20:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep

2013-03-02 20:23 - 2011-05-09 17:21 - 00000000 ____D C:\Users\SHeLBY\AppData\Local\CrashDumps

2013-03-02 15:56 - 2011-06-17 12:38 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForSHeLBY.job

2013-03-01 19:09 - 2013-02-21 22:59 - 00000000 ____D C:\Users\SHeLBY\AppData\Roaming\Toon Boom Animation

2013-03-01 17:02 - 2013-03-01 17:02 - 00685736 ____A C:\Windows\Minidump\030113-41262-01.dmp

2013-03-01 13:30 - 2009-07-13 20:45 - 05143000 ____A C:\Windows\System32\FNTCACHE.DAT

2013-02-28 12:49 - 2011-05-09 15:59 - 00235544 ____A C:\Users\SHeLBY\AppData\Local\GDIPFONTCACHEV1.DAT

2013-02-28 12:38 - 2010-10-16 11:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-02-28 12:37 - 2010-10-16 11:27 - 00000000 ____D C:\Program Files (x86)\CyberLink

2013-02-28 12:28 - 2010-10-16 11:20 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-02-28 12:19 - 2012-09-25 13:31 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-28 12:19 - 2011-05-30 08:46 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-23 20:55 - 2012-12-31 18:15 - 00000132 ____A C:\Users\SHeLBY\AppData\Roaming\Adobe PNG Format CS5 Prefs

2013-02-23 00:13 - 2013-02-22 16:15 - 00000000 ____D C:\Program Files (x86)\TERA

2013-02-22 19:39 - 2011-05-09 17:10 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleForSHELBY-COMPUTER$.job

2013-02-22 16:25 - 2013-02-22 16:15 - 00000000 ____D C:\Users\SHeLBY\AppData\Local\TERA

2013-02-22 16:16 - 2010-10-16 11:18 - 00469112 ____A C:\Windows\DirectX.log

2013-02-22 16:15 - 2013-02-22 16:15 - 00001666 ____A C:\Users\Public\Desktop\TERA.lnk

2013-02-22 00:00 - 2013-02-22 00:00 - 00000000 ____D C:\Users\SHeLBY\Documents\Toon Boom Storyboard Pro Trial Library

2013-02-21 22:20 - 2013-02-21 22:20 - 00002470 ____A C:\Users\Public\Desktop\Toon Boom Storyboard Pro 2.lnk

2013-02-21 22:20 - 2013-02-21 22:20 - 00000000 ____D C:\Users\Public\Documents\Toon Boom Animation

2013-02-21 22:19 - 2013-02-21 22:19 - 00000000 ____D C:\Program Files (x86)\Toon Boom Animation

2013-02-21 22:18 - 2011-06-09 20:26 - 00000000 ____D C:\Windows\Downloaded Installations

2013-02-14 01:09 - 2012-11-08 13:37 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-02-11 14:13 - 2013-02-11 14:13 - 00000000 ____D C:\Users\SHeLBY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2013-02-10 21:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-02-07 22:01 - 2011-09-12 14:42 - 00000000 ____D C:\Users\SHeLBY\AppData\Roaming\Skype

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-21 22:19:23

Restore point made on: 2013-02-22 16:15:16

Restore point made on: 2013-02-24 17:19:57

Restore point made on: 2013-02-28 12:05:48

Restore point made on: 2013-02-28 12:20:28

Restore point made on: 2013-02-28 12:27:49

Restore point made on: 2013-02-28 12:29:59

Restore point made on: 2013-02-28 12:36:51

Restore point made on: 2013-02-28 12:40:57

Restore point made on: 2013-03-03 17:02:12

==================== Memory info ===========================

Percentage of memory in use: 13%

Total physical RAM: 5941.86 MB

Available physical RAM: 5111.27 MB

Total Pagefile: 5940.01 MB

Available Pagefile: 5096.17 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:565.43 GB) (Free:290.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:30.44 GB) (Free:4.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive g: (METAL SONIC) (Removable) (Total:3.8 GB) (Free:3.77 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 596 GB 103 MB

Disk 1 Online 3894 MB 0 B

Partitions of Disk 0:

===============

Disk ID: 40C486BC

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 565 GB 200 MB

Partition 3 Primary 30 GB 565 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 565 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 30 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: C3072E18

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3894 MB 28 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G METAL SONIC FAT32 Removable 3894 MB Healthy

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: 40C486BC

Partition 1:

===========

Hex: 80003200000000003100000000000000

Active: YES

Type: 00

Size: 0 byte

ATTENTION ===> 0 byte partition bookit on partition 1

Partition 2:

===========

Hex: 80202100077E25190008000000380600

Active: YES

Type: 07 (NTFS)

Size: 199 MB

Partition 3:

===========

Hex: 007E261907FEFFFF0040060000D0AD46

Active: NO

Type: 07 (NTFS)

Size: 565 GB

Partition 4:

===========

Hex: 00FEFFFF07FEFFFF0010B4460030CE03

Active: NO

Type: 07 (NTFS)

Size: 30 GB

==============================

Partitions of Disk 1:

===============

Disk ID: C3072E18

Partition 1:

===========

Hex: 000039000C6F7FF03800000048B17900

Active: NO

Type: 0C

Size: 4 GB

Last Boot: 2013-02-22 22:00

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Please make sure you do all the steps in the order they are written.

  1. For 64bit systems, download Listparts64 and save it to your flashdrive
  2. Download fix.txt
    Save it to your flash drive.
  3. Please download FixList.txt
    Save it to your flash drive.
  4. Boot to System Recovery Options and select "Command Prompt".
    Run FRST64 and press the fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it later on to your reply. You may close the tool.
  5. While still in the recovery environment run ListParts by typing g:\listparts64 in the command prompt and pressing Enter
    Click Fix. Close the pop up after the fix is done.
  6. Please restart, let it boot normally and then post the FixLog.txt

NEXT

Please download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now

    [*]Copy and paste the log in your next reply

    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Link to post
Share on other sites

I hope I did this right. Oh dear..

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2013

Ran by SYSTEM at 2013-03-09 15:20:14 Run:1

Running from G:\

==============================================

C:\Windows\svchost.exe not found.

==== End of Fixlog ====

15:25:07.0628 2948 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:25:07.0800 2948 ============================================================

15:25:07.0800 2948 Current date / time: 2013/03/09 15:25:07.0800

15:25:07.0800 2948 SystemInfo:

15:25:07.0800 2948

15:25:07.0800 2948 OS Version: 6.1.7600 ServicePack: 0.0

15:25:07.0800 2948 Product type: Workstation

15:25:07.0800 2948 ComputerName: SHELBY-COMPUTER

15:25:07.0800 2948 UserName: SHeLBY

15:25:07.0800 2948 Windows directory: C:\Windows

15:25:07.0800 2948 System windows directory: C:\Windows

15:25:07.0800 2948 Running under WOW64

15:25:07.0800 2948 Processor architecture: Intel x64

15:25:07.0800 2948 Number of processors: 4

15:25:07.0800 2948 Page size: 0x1000

15:25:07.0800 2948 Boot type: Normal boot

15:25:07.0800 2948 ============================================================

15:25:09.0968 2948 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:25:09.0968 2948 Drive \Device\Harddisk1\DR1 - Size: 0xF3630000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1F0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

15:25:09.0984 2948 ============================================================

15:25:09.0984 2948 \Device\Harddisk0\DR0:

15:25:09.0984 2948 MBR partitions:

15:25:09.0984 2948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

15:25:09.0984 2948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x46ADD000

15:25:09.0984 2948 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x46B41000, BlocksNum 0x3CE3000

15:25:09.0984 2948 \Device\Harddisk1\DR1:

15:25:09.0984 2948 MBR partitions:

15:25:09.0984 2948 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x38, BlocksNum 0x79B148

15:25:09.0984 2948 ============================================================

15:25:10.0000 2948 C: <-> \Device\Harddisk0\DR0\Partition2

15:25:10.0046 2948 D: <-> \Device\Harddisk0\DR0\Partition3

15:25:10.0046 2948 ============================================================

15:25:10.0046 2948 Initialize success

15:25:10.0046 2948 ============================================================

15:25:40.0576 4764 ============================================================

15:25:40.0576 4764 Scan started

15:25:40.0576 4764 Mode: Manual; TDLFS;

15:25:40.0576 4764 ============================================================

15:25:41.0215 4764 ================ Scan system memory ========================

15:25:41.0215 4764 System memory - ok

15:25:41.0215 4764 ================ Scan services =============================

15:25:41.0465 4764 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

15:25:41.0465 4764 1394ohci - ok

15:25:41.0512 4764 [ 5AA055FE5AE506E19E9A8F537756EE10 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys

15:25:41.0512 4764 Accelerometer - ok

15:25:41.0574 4764 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

15:25:41.0590 4764 ACPI - ok

15:25:41.0652 4764 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

15:25:41.0652 4764 AcpiPmi - ok

15:25:41.0902 4764 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:25:41.0902 4764 AdobeFlashPlayerUpdateSvc - ok

15:25:41.0933 4764 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

15:25:41.0948 4764 adp94xx - ok

15:25:41.0964 4764 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

15:25:41.0964 4764 adpahci - ok

15:25:42.0058 4764 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

15:25:42.0058 4764 adpu320 - ok

15:25:42.0089 4764 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:25:42.0089 4764 AeLookupSvc - ok

15:25:42.0292 4764 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

15:25:42.0292 4764 AESTFilters - ok

15:25:42.0401 4764 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys

15:25:42.0401 4764 AFD - ok

15:25:42.0432 4764 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

15:25:42.0432 4764 agp440 - ok

15:25:42.0448 4764 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

15:25:42.0463 4764 ALG - ok

15:25:42.0479 4764 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

15:25:42.0479 4764 aliide - ok

15:25:42.0572 4764 [ 48619A29F9C9C3CFEB66718DD03D8057 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

15:25:42.0572 4764 AMD External Events Utility - ok

15:25:42.0604 4764 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

15:25:42.0604 4764 amdide - ok

15:25:42.0619 4764 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

15:25:42.0619 4764 AmdK8 - ok

15:25:42.0931 4764 [ 06BF0785DE714637EBA9BB1084B28626 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

15:25:43.0087 4764 amdkmdag - ok

15:25:43.0165 4764 [ 2DEC3274589FF6889AB05ADCEEB0F642 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

15:25:43.0165 4764 amdkmdap - ok

15:25:43.0212 4764 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

15:25:43.0212 4764 AmdPPM - ok

15:25:43.0290 4764 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys

15:25:43.0290 4764 amdsata - ok

15:25:43.0352 4764 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

15:25:43.0352 4764 amdsbs - ok

15:25:43.0368 4764 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys

15:25:43.0368 4764 amdxata - ok

15:25:43.0415 4764 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

15:25:43.0415 4764 AppID - ok

15:25:43.0446 4764 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

15:25:43.0446 4764 AppIDSvc - ok

15:25:43.0446 4764 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

15:25:43.0446 4764 Appinfo - ok

15:25:43.0586 4764 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:25:43.0586 4764 Apple Mobile Device - ok

15:25:43.0633 4764 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

15:25:43.0633 4764 arc - ok

15:25:43.0696 4764 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

15:25:43.0696 4764 arcsas - ok

15:25:43.0727 4764 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:25:43.0727 4764 AsyncMac - ok

15:25:43.0774 4764 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

15:25:43.0774 4764 atapi - ok

15:25:43.0836 4764 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

15:25:43.0836 4764 AtiHdmiService - ok

15:25:43.0867 4764 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:25:43.0883 4764 AudioEndpointBuilder - ok

15:25:43.0930 4764 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll

15:25:43.0930 4764 AudioSrv - ok

15:25:43.0976 4764 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

15:25:43.0976 4764 AxInstSV - ok

15:25:44.0023 4764 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

15:25:44.0039 4764 b06bdrv - ok

15:25:44.0086 4764 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

15:25:44.0086 4764 b57nd60a - ok

15:25:44.0117 4764 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

15:25:44.0117 4764 BDESVC - ok

15:25:44.0148 4764 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

15:25:44.0148 4764 Beep - ok

15:25:44.0195 4764 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

15:25:44.0210 4764 BFE - ok

15:25:44.0726 4764 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys

15:25:44.0742 4764 BHDrvx64 - ok

15:25:44.0913 4764 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll

15:25:44.0929 4764 BITS - ok

15:25:45.0007 4764 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

15:25:45.0007 4764 blbdrive - ok

15:25:45.0132 4764 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:25:45.0147 4764 Bonjour Service - ok

15:25:45.0225 4764 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:25:45.0225 4764 bowser - ok

15:25:45.0289 4764 [ F46DD257FAD7D2D097EF32E72220A06C ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys

15:25:45.0289 4764 bpenum - ok

15:25:45.0398 4764 [ E82060AED0F28ED8909F2B07FA276185 ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys

15:25:45.0398 4764 bpmp - ok

15:25:45.0460 4764 [ FC6313A5A45C1AE53D0491F0057D5A4D ] bpusb C:\Windows\system32\Drivers\bpusb.sys

15:25:45.0460 4764 bpusb - ok

15:25:45.0507 4764 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:25:45.0507 4764 BrFiltLo - ok

15:25:45.0538 4764 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:25:45.0538 4764 BrFiltUp - ok

15:25:45.0616 4764 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll

15:25:45.0616 4764 Browser - ok

15:25:45.0679 4764 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

15:25:45.0679 4764 Brserid - ok

15:25:45.0710 4764 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

15:25:45.0710 4764 BrSerWdm - ok

15:25:45.0726 4764 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

15:25:45.0726 4764 BrUsbMdm - ok

15:25:45.0757 4764 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

15:25:45.0757 4764 BrUsbSer - ok

15:25:45.0788 4764 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

15:25:45.0788 4764 BTHMODEM - ok

15:25:45.0835 4764 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

15:25:45.0835 4764 bthserv - ok

15:25:45.0991 4764 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys

15:25:45.0991 4764 ccSet_NIS - ok

15:25:46.0022 4764 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:25:46.0022 4764 cdfs - ok

15:25:46.0084 4764 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

15:25:46.0084 4764 cdrom - ok

15:25:46.0131 4764 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

15:25:46.0131 4764 CertPropSvc - ok

15:25:46.0162 4764 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

15:25:46.0162 4764 circlass - ok

15:25:46.0194 4764 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

15:25:46.0194 4764 CLFS - ok

15:25:46.0304 4764 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:25:46.0304 4764 clr_optimization_v2.0.50727_32 - ok

15:25:46.0366 4764 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:25:46.0366 4764 clr_optimization_v2.0.50727_64 - ok

15:25:46.0460 4764 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:25:46.0507 4764 clr_optimization_v4.0.30319_32 - ok

15:25:46.0553 4764 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:25:46.0553 4764 clr_optimization_v4.0.30319_64 - ok

15:25:46.0585 4764 [ D68D9F4D53010B7E84D4E80A2E485554 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

15:25:46.0585 4764 clwvd - ok

15:25:46.0631 4764 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

15:25:46.0631 4764 CmBatt - ok

15:25:46.0647 4764 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

15:25:46.0663 4764 cmdide - ok

15:25:46.0741 4764 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys

15:25:46.0741 4764 CNG - ok

15:25:46.0772 4764 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

15:25:46.0772 4764 Compbatt - ok

15:25:46.0834 4764 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

15:25:46.0834 4764 CompositeBus - ok

15:25:46.0881 4764 COMSysApp - ok

15:25:46.0912 4764 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

15:25:46.0912 4764 crcdisk - ok

15:25:46.0959 4764 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:25:46.0959 4764 CryptSvc - ok

15:25:47.0021 4764 [ B1C55A95006D621D04FE4A23F86C0A54 ] DCamUSBEMPIA C:\Windows\system32\DRIVERS\emDevice64.sys

15:25:47.0021 4764 DCamUSBEMPIA - ok

15:25:47.0099 4764 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:25:47.0099 4764 DcomLaunch - ok

15:25:47.0146 4764 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

15:25:47.0146 4764 defragsvc - ok

15:25:47.0193 4764 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:25:47.0193 4764 DfsC - ok

15:25:47.0224 4764 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

15:25:47.0224 4764 Dhcp - ok

15:25:47.0240 4764 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

15:25:47.0240 4764 discache - ok

15:25:47.0271 4764 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

15:25:47.0271 4764 Disk - ok

15:25:47.0349 4764 [ 61458C120CDDFE7514E2DB125568CA59 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

15:25:47.0349 4764 DMAgent - ok

15:25:47.0380 4764 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:25:47.0380 4764 Dnscache - ok

15:25:47.0411 4764 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

15:25:47.0427 4764 dot3svc - ok

15:25:47.0489 4764 [ EAC9D9868D37C8785D12475A9BB65A11 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe

15:25:47.0505 4764 DpHost - ok

15:25:47.0536 4764 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

15:25:47.0536 4764 DPS - ok

15:25:47.0552 4764 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:25:47.0567 4764 drmkaud - ok

15:25:47.0614 4764 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:25:47.0630 4764 DXGKrnl - ok

15:25:47.0645 4764 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

15:25:47.0645 4764 EapHost - ok

15:25:47.0833 4764 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

15:25:47.0926 4764 ebdrv - ok

15:25:48.0004 4764 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

15:25:48.0004 4764 eeCtrl - ok

15:25:48.0051 4764 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe

15:25:48.0051 4764 EFS - ok

15:25:48.0129 4764 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe

15:25:48.0145 4764 ehRecvr - ok

15:25:48.0191 4764 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

15:25:48.0191 4764 ehSched - ok

15:25:48.0223 4764 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

15:25:48.0238 4764 elxstor - ok

15:25:48.0316 4764 [ 8543BB84CD5872CD1619183F5CBBE3F9 ] emAudio C:\Windows\system32\drivers\emAudio64.sys

15:25:48.0316 4764 emAudio - ok

15:25:48.0379 4764 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

15:25:48.0379 4764 EraserUtilRebootDrv - ok

15:25:48.0394 4764 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

15:25:48.0394 4764 ErrDev - ok

15:25:48.0441 4764 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

15:25:48.0457 4764 EventSystem - ok

15:25:48.0691 4764 [ BDFCB7E8C108D042B213957D2B044E7E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

15:25:48.0706 4764 EvtEng - ok

15:25:48.0784 4764 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

15:25:48.0784 4764 exfat - ok

15:25:48.0800 4764 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:25:48.0815 4764 fastfat - ok

15:25:48.0847 4764 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

15:25:48.0862 4764 Fax - ok

15:25:48.0909 4764 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

15:25:48.0909 4764 fdc - ok

15:25:48.0940 4764 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

15:25:48.0940 4764 fdPHost - ok

15:25:48.0956 4764 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

15:25:48.0956 4764 FDResPub - ok

15:25:48.0971 4764 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:25:48.0987 4764 FileInfo - ok

15:25:49.0003 4764 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:25:49.0003 4764 Filetrace - ok

15:25:49.0081 4764 [ 73FBB50C4D92ADC30A9D57A269489A0B ] FiltUSBEMPIA C:\Windows\system32\DRIVERS\emFilter64.sys

15:25:49.0081 4764 FiltUSBEMPIA - ok

15:25:49.0159 4764 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

15:25:49.0159 4764 FLEXnet Licensing Service - ok

15:25:49.0471 4764 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

15:25:49.0502 4764 FLEXnet Licensing Service 64 - ok

15:25:49.0611 4764 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

15:25:49.0627 4764 flpydisk - ok

15:25:49.0658 4764 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:25:49.0658 4764 FltMgr - ok

15:25:49.0736 4764 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll

15:25:49.0751 4764 FontCache - ok

15:25:49.0814 4764 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:25:49.0814 4764 FontCache3.0.0.0 - ok

15:25:49.0829 4764 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

15:25:49.0829 4764 FsDepends - ok

15:25:49.0876 4764 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:25:49.0876 4764 Fs_Rec - ok

15:25:49.0939 4764 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

15:25:49.0939 4764 fvevol - ok

15:25:49.0970 4764 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

15:25:49.0970 4764 gagp30kx - ok

15:25:50.0017 4764 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:25:50.0017 4764 GEARAspiWDM - ok

15:25:50.0095 4764 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

15:25:50.0110 4764 gpsvc - ok

15:25:50.0235 4764 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:25:50.0235 4764 gupdate - ok

15:25:50.0251 4764 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:25:50.0251 4764 gupdatem - ok

15:25:50.0375 4764 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

15:25:50.0391 4764 gusvc - ok

15:25:50.0625 4764 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

15:25:50.0625 4764 hcw85cir - ok

15:25:50.0672 4764 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:25:50.0687 4764 HdAudAddService - ok

15:25:50.0765 4764 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

15:25:50.0765 4764 HDAudBus - ok

15:25:50.0797 4764 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

15:25:50.0812 4764 HECIx64 - ok

15:25:50.0843 4764 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

15:25:50.0843 4764 HidBatt - ok

15:25:50.0890 4764 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

15:25:50.0890 4764 HidBth - ok

15:25:51.0109 4764 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

15:25:51.0124 4764 HidIr - ok

15:25:51.0155 4764 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

15:25:51.0155 4764 hidserv - ok

15:25:51.0202 4764 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:25:51.0202 4764 HidUsb - ok

15:25:51.0233 4764 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:25:51.0249 4764 hkmsvc - ok

15:25:51.0296 4764 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:25:51.0296 4764 HomeGroupListener - ok

15:25:51.0421 4764 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:25:51.0421 4764 HomeGroupProvider - ok

15:25:51.0561 4764 [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

15:25:51.0561 4764 HP Health Check Service - ok

15:25:51.0639 4764 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

15:25:51.0639 4764 HP Wireless Assistant Service - ok

15:25:51.0701 4764 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

15:25:51.0701 4764 HPClientSvc - ok

15:25:51.0748 4764 [ F55442690A70A0278A7EED4FAAEBF576 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

15:25:51.0748 4764 HPDrvMntSvc.exe - ok

15:25:51.0795 4764 [ 0AC88FBE4BF315F5F8FD862426C11540 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys

15:25:51.0795 4764 hpdskflt - ok

15:25:51.0857 4764 [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

15:25:51.0873 4764 hpqwmiex - ok

15:25:51.0920 4764 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

15:25:51.0935 4764 HpSAMD - ok

15:25:51.0982 4764 [ 778CE2C015DEC896C5C9323342BD71D4 ] hpsrv C:\Windows\system32\Hpservice.exe

15:25:51.0982 4764 hpsrv - ok

15:25:53.0043 4764 [ 854197D1270D20193FE2D4B14784AADE ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

15:25:53.0059 4764 HPWMISVC - ok

15:25:53.0199 4764 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:25:53.0215 4764 HTTP - ok

15:25:53.0246 4764 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

15:25:53.0246 4764 hwpolicy - ok

15:25:53.0324 4764 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

15:25:53.0324 4764 i8042prt - ok

15:25:53.0402 4764 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

15:25:53.0402 4764 iaStor - ok

15:25:53.0605 4764 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys

15:25:53.0620 4764 iaStorV - ok

15:25:53.0807 4764 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:25:53.0823 4764 idsvc - ok

15:25:54.0135 4764 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130308.001\IDSvia64.sys

15:25:54.0135 4764 IDSVia64 - ok

15:25:55.0336 4764 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

15:25:55.0570 4764 igfx - ok

15:25:55.0617 4764 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

15:25:55.0617 4764 iirsp - ok

15:25:55.0789 4764 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

15:25:55.0804 4764 IKEEXT - ok

15:25:55.0851 4764 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys

15:25:55.0867 4764 Impcd - ok

15:25:55.0882 4764 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

15:25:55.0882 4764 intelide - ok

15:25:56.0553 4764 [ 1BE8D9CA4F2363B8E8015621878E0043 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys

15:25:56.0803 4764 intelkmd - ok

15:25:56.0834 4764 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

15:25:56.0849 4764 intelppm - ok

15:25:56.0896 4764 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:25:56.0896 4764 IPBusEnum - ok

15:25:56.0927 4764 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:25:56.0927 4764 IpFilterDriver - ok

15:25:56.0959 4764 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

15:25:56.0959 4764 iphlpsvc - ok

15:25:57.0037 4764 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

15:25:57.0052 4764 IPMIDRV - ok

15:25:57.0083 4764 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

15:25:57.0083 4764 IPNAT - ok

15:25:57.0161 4764 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:25:57.0177 4764 iPod Service - ok

15:25:57.0208 4764 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:25:57.0208 4764 IRENUM - ok

15:25:57.0239 4764 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

15:25:57.0239 4764 isapnp - ok

15:25:57.0255 4764 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

15:25:57.0286 4764 iScsiPrt - ok

15:25:57.0317 4764 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

15:25:57.0333 4764 kbdclass - ok

15:25:57.0349 4764 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

15:25:57.0349 4764 kbdhid - ok

15:25:57.0364 4764 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe

15:25:57.0364 4764 KeyIso - ok

15:25:57.0427 4764 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:25:57.0427 4764 KSecDD - ok

15:25:57.0442 4764 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

15:25:57.0442 4764 KSecPkg - ok

15:25:57.0458 4764 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

15:25:57.0458 4764 ksthunk - ok

15:25:57.0551 4764 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

15:25:57.0567 4764 KtmRm - ok

15:25:57.0614 4764 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll

15:25:57.0614 4764 LanmanServer - ok

15:25:57.0645 4764 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:25:57.0661 4764 LanmanWorkstation - ok

15:25:57.0707 4764 [ FCBDCC6F1801E32244235608E1277752 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

15:25:57.0723 4764 LightScribeService - ok

15:25:57.0770 4764 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:25:57.0770 4764 lltdio - ok

15:25:57.0817 4764 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:25:57.0817 4764 lltdsvc - ok

15:25:57.0863 4764 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:25:57.0863 4764 lmhosts - ok

15:25:57.0941 4764 [ 6D515466AB8BFE61184092B635AE6EB4 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:25:57.0941 4764 LMS - ok

15:25:57.0973 4764 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

15:25:57.0973 4764 LSI_FC - ok

15:25:57.0988 4764 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

15:25:58.0004 4764 LSI_SAS - ok

15:25:58.0019 4764 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:25:58.0019 4764 LSI_SAS2 - ok

15:25:58.0035 4764 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:25:58.0035 4764 LSI_SCSI - ok

15:25:58.0082 4764 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

15:25:58.0082 4764 luafv - ok

15:25:58.0144 4764 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys

15:25:58.0160 4764 MarvinBus - ok

15:25:58.0207 4764 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

15:25:58.0207 4764 MBAMProtector - ok

15:25:58.0363 4764 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

15:25:58.0363 4764 MBAMScheduler - ok

15:25:58.0409 4764 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:25:58.0409 4764 MBAMService - ok

15:25:58.0441 4764 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

15:25:58.0441 4764 Mcx2Svc - ok

15:25:58.0472 4764 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

15:25:58.0472 4764 megasas - ok

15:25:58.0581 4764 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

15:25:58.0581 4764 MegaSR - ok

15:25:58.0659 4764 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

15:25:58.0659 4764 MMCSS - ok

15:25:58.0675 4764 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

15:25:58.0675 4764 Modem - ok

15:25:58.0706 4764 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:25:58.0706 4764 monitor - ok

15:25:58.0721 4764 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:25:58.0721 4764 mouclass - ok

15:25:58.0768 4764 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:25:58.0768 4764 mouhid - ok

15:25:58.0799 4764 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

15:25:58.0799 4764 mountmgr - ok

15:25:58.0862 4764 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

15:25:58.0862 4764 mpio - ok

15:25:58.0877 4764 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:25:58.0909 4764 mpsdrv - ok

15:25:58.0971 4764 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

15:25:58.0987 4764 MpsSvc - ok

15:25:59.0065 4764 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:25:59.0065 4764 MRxDAV - ok

15:25:59.0096 4764 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:25:59.0096 4764 mrxsmb - ok

15:25:59.0127 4764 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:25:59.0127 4764 mrxsmb10 - ok

15:25:59.0205 4764 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:25:59.0205 4764 mrxsmb20 - ok

15:25:59.0221 4764 [ D1318D7B87B71003A5C6C7C31EC80288 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

15:25:59.0221 4764 msahci - ok

15:25:59.0267 4764 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

15:25:59.0267 4764 msdsm - ok

15:25:59.0299 4764 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

15:25:59.0314 4764 MSDTC - ok

15:25:59.0345 4764 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:25:59.0345 4764 Msfs - ok

15:25:59.0392 4764 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

15:25:59.0392 4764 mshidkmdf - ok

15:25:59.0439 4764 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

15:25:59.0439 4764 msisadrv - ok

15:25:59.0517 4764 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:25:59.0517 4764 MSiSCSI - ok

15:25:59.0533 4764 msiserver - ok

15:25:59.0564 4764 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:25:59.0564 4764 MSKSSRV - ok

15:25:59.0595 4764 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:25:59.0595 4764 MSPCLOCK - ok

15:25:59.0611 4764 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:25:59.0611 4764 MSPQM - ok

15:25:59.0657 4764 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:25:59.0657 4764 MsRPC - ok

15:25:59.0689 4764 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

15:25:59.0689 4764 mssmbios - ok

15:25:59.0704 4764 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:25:59.0720 4764 MSTEE - ok

15:25:59.0751 4764 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

15:25:59.0751 4764 MTConfig - ok

15:25:59.0767 4764 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

15:25:59.0767 4764 Mup - ok

15:25:59.0813 4764 [ 93CD1C4ECB8658A35E5E6EBA02D43E4F ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

15:25:59.0829 4764 MyWiFiDHCPDNS - ok

15:25:59.0907 4764 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

15:25:59.0907 4764 napagent - ok

15:25:59.0954 4764 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:25:59.0969 4764 NativeWifiP - ok

15:26:00.0063 4764 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130309.003\ENG64.SYS

15:26:00.0063 4764 NAVENG - ok

15:26:00.0125 4764 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130309.003\EX64.SYS

15:26:00.0172 4764 NAVEX15 - ok

15:26:00.0313 4764 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys

15:26:00.0328 4764 NDIS - ok

15:26:00.0344 4764 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

15:26:00.0344 4764 NdisCap - ok

15:26:00.0375 4764 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:26:00.0375 4764 NdisTapi - ok

15:26:00.0406 4764 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:26:00.0406 4764 Ndisuio - ok

15:26:00.0422 4764 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:26:00.0437 4764 NdisWan - ok

15:26:00.0453 4764 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:26:00.0453 4764 NDProxy - ok

15:26:00.0453 4764 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:26:00.0453 4764 NetBIOS - ok

15:26:00.0484 4764 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

15:26:00.0484 4764 NetBT - ok

15:26:00.0515 4764 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe

15:26:00.0515 4764 Netlogon - ok

15:26:00.0625 4764 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

15:26:00.0625 4764 Netman - ok

15:26:00.0656 4764 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

15:26:00.0656 4764 netprofm - ok

15:26:00.0687 4764 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:26:00.0687 4764 NetTcpPortSharing - ok

15:26:00.0968 4764 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

15:26:01.0280 4764 netw5v64 - ok

15:26:01.0561 4764 [ EB43840BABF5589E33186D094DE7381D ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

15:26:01.0685 4764 NETwNs64 - ok

15:26:01.0732 4764 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

15:26:01.0732 4764 nfrd960 - ok

15:26:01.0841 4764 [ 4BA84C832E0741A294C4444556DFE993 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe

15:26:01.0841 4764 NIS - ok

15:26:01.0888 4764 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:26:01.0904 4764 NlaSvc - ok

15:26:01.0935 4764 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:26:01.0935 4764 Npfs - ok

15:26:01.0951 4764 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

15:26:01.0951 4764 nsi - ok

15:26:01.0982 4764 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:26:01.0982 4764 nsiproxy - ok

15:26:02.0060 4764 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:26:02.0107 4764 Ntfs - ok

15:26:02.0138 4764 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

15:26:02.0138 4764 Null - ok

15:26:02.0169 4764 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys

15:26:02.0169 4764 nvraid - ok

15:26:02.0216 4764 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys

15:26:02.0216 4764 nvstor - ok

15:26:02.0263 4764 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

15:26:02.0263 4764 nv_agp - ok

15:26:02.0294 4764 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

15:26:02.0294 4764 ohci1394 - ok

15:26:02.0372 4764 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:26:02.0387 4764 ose64 - ok

15:26:02.0543 4764 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:26:02.0653 4764 osppsvc - ok

15:26:02.0684 4764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

15:26:02.0699 4764 p2pimsvc - ok

15:26:02.0731 4764 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

15:26:02.0746 4764 p2psvc - ok

15:26:02.0762 4764 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

15:26:02.0762 4764 Parport - ok

15:26:02.0809 4764 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:26:02.0809 4764 partmgr - ok

15:26:02.0840 4764 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

15:26:02.0840 4764 PcaSvc - ok

15:26:02.0855 4764 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

15:26:02.0871 4764 pci - ok

15:26:02.0902 4764 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

15:26:02.0902 4764 pciide - ok

15:26:02.0933 4764 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

15:26:02.0933 4764 pcmcia - ok

15:26:02.0965 4764 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

15:26:02.0965 4764 pcw - ok

15:26:02.0996 4764 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:26:03.0011 4764 PEAUTH - ok

15:26:03.0105 4764 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

15:26:03.0121 4764 PerfHost - ok

15:26:03.0167 4764 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

15:26:03.0214 4764 pla - ok

15:26:03.0261 4764 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:26:03.0261 4764 PlugPlay - ok

15:26:03.0277 4764 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

15:26:03.0277 4764 PNRPAutoReg - ok

15:26:03.0292 4764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

15:26:03.0292 4764 PNRPsvc - ok

15:26:03.0339 4764 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

15:26:03.0339 4764 Point64 - ok

15:26:03.0370 4764 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:26:03.0386 4764 PolicyAgent - ok

15:26:03.0417 4764 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

15:26:03.0417 4764 Power - ok

15:26:03.0448 4764 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:26:03.0464 4764 PptpMiniport - ok

15:26:03.0479 4764 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

15:26:03.0479 4764 Processor - ok

15:26:03.0526 4764 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll

15:26:03.0526 4764 ProfSvc - ok

15:26:03.0542 4764 Prot6Flt - ok

15:26:03.0557 4764 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:26:03.0557 4764 ProtectedStorage - ok

15:26:03.0589 4764 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe

15:26:03.0604 4764 ProtexisLicensing - ok

15:26:03.0620 4764 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

15:26:03.0620 4764 Psched - ok

15:26:03.0682 4764 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

15:26:03.0682 4764 PxHlpa64 - ok

15:26:03.0745 4764 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

15:26:03.0791 4764 ql2300 - ok

15:26:03.0823 4764 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

15:26:03.0823 4764 ql40xx - ok

15:26:03.0854 4764 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

15:26:03.0869 4764 QWAVE - ok

15:26:03.0885 4764 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:26:03.0885 4764 QWAVEdrv - ok

15:26:03.0916 4764 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:26:03.0916 4764 RasAcd - ok

15:26:03.0932 4764 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

15:26:03.0932 4764 RasAgileVpn - ok

15:26:03.0947 4764 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

15:26:03.0963 4764 RasAuto - ok

15:26:03.0979 4764 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:26:03.0979 4764 Rasl2tp - ok

15:26:03.0994 4764 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

15:26:04.0010 4764 RasMan - ok

15:26:04.0025 4764 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:26:04.0025 4764 RasPppoe - ok

15:26:04.0057 4764 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:26:04.0057 4764 RasSstp - ok

15:26:04.0072 4764 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:26:04.0088 4764 rdbss - ok

15:26:04.0103 4764 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

15:26:04.0103 4764 rdpbus - ok

15:26:04.0135 4764 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:26:04.0135 4764 RDPCDD - ok

15:26:04.0150 4764 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:26:04.0150 4764 RDPENCDD - ok

15:26:04.0166 4764 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

15:26:04.0166 4764 RDPREFMP - ok

15:26:04.0213 4764 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:26:04.0213 4764 RDPWD - ok

15:26:04.0259 4764 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

15:26:04.0259 4764 rdyboost - ok

15:26:04.0337 4764 [ A6BAEA839CC888D4961AB5FE16BB8C4A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

15:26:04.0353 4764 RegSrvc - ok

15:26:04.0384 4764 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:26:04.0400 4764 RemoteAccess - ok

15:26:04.0415 4764 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:26:04.0415 4764 RemoteRegistry - ok

15:26:04.0493 4764 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

15:26:04.0509 4764 RoxioNow Service - ok

15:26:04.0525 4764 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

15:26:04.0525 4764 RpcEptMapper - ok

15:26:04.0540 4764 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

15:26:04.0556 4764 RpcLocator - ok

15:26:04.0571 4764 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll

15:26:04.0587 4764 RpcSs - ok

15:26:04.0603 4764 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:26:04.0603 4764 rspndr - ok

15:26:04.0649 4764 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

15:26:04.0649 4764 RSUSBSTOR - ok

15:26:04.0712 4764 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

15:26:04.0712 4764 RTL8167 - ok

15:26:04.0727 4764 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe

15:26:04.0727 4764 SamSs - ok

15:26:04.0743 4764 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

15:26:04.0759 4764 sbp2port - ok

15:26:04.0790 4764 [ EECBBF7D76300E5558D316983961FFC1 ] ScanUSBEMPIA C:\Windows\system32\DRIVERS\emScan64.sys

15:26:04.0790 4764 ScanUSBEMPIA - ok

15:26:04.0821 4764 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:26:04.0837 4764 SCardSvr - ok

15:26:04.0837 4764 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

15:26:04.0837 4764 scfilter - ok

15:26:04.0883 4764 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll

15:26:04.0930 4764 Schedule - ok

15:26:04.0961 4764 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

15:26:04.0961 4764 SCPolicySvc - ok

15:26:04.0977 4764 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

15:26:04.0977 4764 sdbus - ok

15:26:05.0008 4764 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:26:05.0008 4764 SDRSVC - ok

15:26:05.0024 4764 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:26:05.0024 4764 secdrv - ok

15:26:05.0055 4764 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

15:26:05.0055 4764 seclogon - ok

15:26:05.0055 4764 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

15:26:05.0071 4764 SENS - ok

15:26:05.0102 4764 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

15:26:05.0102 4764 SensrSvc - ok

15:26:05.0117 4764 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

15:26:05.0117 4764 Serenum - ok

15:26:05.0133 4764 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

15:26:05.0149 4764 Serial - ok

15:26:05.0164 4764 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

15:26:05.0164 4764 sermouse - ok

15:26:05.0195 4764 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

15:26:05.0211 4764 SessionEnv - ok

15:26:05.0242 4764 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

15:26:05.0242 4764 sffdisk - ok

15:26:05.0258 4764 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

15:26:05.0258 4764 sffp_mmc - ok

15:26:05.0273 4764 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

15:26:05.0273 4764 sffp_sd - ok

15:26:05.0305 4764 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

15:26:05.0305 4764 sfloppy - ok

15:26:05.0336 4764 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:26:05.0336 4764 SharedAccess - ok

15:26:05.0351 4764 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:26:05.0367 4764 ShellHWDetection - ok

15:26:05.0398 4764 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:26:05.0398 4764 SiSRaid2 - ok

15:26:05.0414 4764 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

15:26:05.0414 4764 SiSRaid4 - ok

15:26:05.0461 4764 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:26:05.0461 4764 SkypeUpdate - ok

15:26:05.0492 4764 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:26:05.0507 4764 Smb - ok

15:26:05.0539 4764 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:26:05.0539 4764 SNMPTRAP - ok

15:26:05.0554 4764 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

15:26:05.0554 4764 spldr - ok

15:26:05.0601 4764 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe

15:26:05.0601 4764 Spooler - ok

15:26:05.0695 4764 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

15:26:05.0773 4764 sppsvc - ok

15:26:05.0804 4764 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

15:26:05.0804 4764 sppuinotify - ok

15:26:05.0897 4764 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\system32\drivers\NISx64\1402010.016\SRTSP64.SYS

15:26:05.0913 4764 SRTSP - ok

15:26:05.0944 4764 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NISx64\1402010.016\SRTSPX64.SYS

15:26:05.0944 4764 SRTSPX - ok

15:26:05.0975 4764 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys

15:26:05.0991 4764 srv - ok

15:26:06.0007 4764 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:26:06.0022 4764 srv2 - ok

15:26:06.0053 4764 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

15:26:06.0053 4764 SrvHsfHDA - ok

15:26:06.0100 4764 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

15:26:06.0147 4764 SrvHsfV92 - ok

15:26:06.0178 4764 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

15:26:06.0194 4764 SrvHsfWinac - ok

15:26:06.0241 4764 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:26:06.0256 4764 srvnet - ok

15:26:06.0287 4764 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:26:06.0287 4764 SSDPSRV - ok

15:26:06.0303 4764 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:26:06.0319 4764 SstpSvc - ok

15:26:06.0381 4764 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

15:26:06.0381 4764 STacSV - ok

15:26:06.0412 4764 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

15:26:06.0412 4764 stexstor - ok

15:26:06.0443 4764 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

15:26:06.0459 4764 STHDA - ok

15:26:06.0506 4764 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

15:26:06.0521 4764 stisvc - ok

15:26:06.0537 4764 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

15:26:06.0537 4764 swenum - ok

15:26:06.0662 4764 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

15:26:06.0677 4764 SwitchBoard - ok

15:26:06.0693 4764 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

15:26:06.0709 4764 swprv - ok

15:26:06.0755 4764 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS

15:26:06.0771 4764 SymDS - ok

15:26:06.0818 4764 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS

15:26:06.0849 4764 SymEFA - ok

15:26:06.0880 4764 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

15:26:06.0880 4764 SymEvent - ok

15:26:06.0896 4764 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS

15:26:06.0896 4764 SymIRON - ok

15:26:06.0927 4764 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\NISx64\1402010.016\SYMNETS.SYS

15:26:06.0927 4764 SymNetS - ok

15:26:06.0989 4764 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

15:26:07.0005 4764 SynTP - ok

15:26:07.0052 4764 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

15:26:07.0099 4764 SysMain - ok

15:26:07.0114 4764 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:26:07.0130 4764 TabletInputService - ok

15:26:07.0333 4764 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe

15:26:07.0379 4764 TabletServicePen - ok

15:26:07.0442 4764 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

15:26:07.0442 4764 TapiSrv - ok

15:26:07.0457 4764 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

15:26:07.0473 4764 TBS - ok

15:26:07.0535 4764 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

15:26:07.0582 4764 Tcpip - ok

15:26:07.0629 4764 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

15:26:07.0645 4764 TCPIP6 - ok

15:26:07.0691 4764 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

15:26:07.0691 4764 tcpipreg - ok

15:26:07.0707 4764 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

15:26:07.0707 4764 TDPIPE - ok

15:26:07.0754 4764 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

15:26:07.0754 4764 TDTCP - ok

15:26:07.0801 4764 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

15:26:07.0801 4764 tdx - ok

15:26:07.0816 4764 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

15:26:07.0816 4764 TermDD - ok

15:26:07.0847 4764 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

15:26:07.0863 4764 TermService - ok

15:26:07.0894 4764 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

15:26:07.0910 4764 Themes - ok

15:26:07.0941 4764 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

15:26:07.0941 4764 THREADORDER - ok

15:26:07.0988 4764 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe

15:26:07.0988 4764 TouchServicePen - ok

15:26:08.0019 4764 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

15:26:08.0035 4764 TrkWks - ok

15:26:08.0081 4764 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:26:08.0081 4764 TrustedInstaller - ok

15:26:08.0097 4764 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

15:26:08.0097 4764 tssecsrv - ok

15:26:08.0144 4764 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

15:26:08.0144 4764 tunnel - ok

15:26:08.0175 4764 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

15:26:08.0175 4764 uagp35 - ok

15:26:08.0206 4764 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:26:08.0222 4764 udfs - ok

15:26:08.0253 4764 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:26:08.0253 4764 UI0Detect - ok

15:26:08.0284 4764 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

15:26:08.0284 4764 uliagpkx - ok

15:26:08.0315 4764 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

15:26:08.0315 4764 umbus - ok

15:26:08.0347 4764 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

15:26:08.0347 4764 UmPass - ok

15:26:08.0471 4764 [ 0FADD949576A164B4E51E716F46B6C33 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:26:08.0503 4764 UNS - ok

15:26:08.0534 4764 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

15:26:08.0534 4764 upnphost - ok

15:26:08.0596 4764 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

15:26:08.0596 4764 USBAAPL64 - ok

15:26:08.0690 4764 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

15:26:08.0690 4764 usbaudio - ok

15:26:08.0737 4764 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:26:08.0737 4764 usbccgp - ok

15:26:08.0752 4764 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

15:26:08.0752 4764 usbcir - ok

15:26:08.0768 4764 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

15:26:08.0768 4764 usbehci - ok

15:26:08.0799 4764 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:26:08.0799 4764 usbhub - ok

15:26:08.0846 4764 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

15:26:08.0861 4764 usbohci - ok

15:26:08.0877 4764 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

15:26:08.0877 4764 usbprint - ok

15:26:08.0908 4764 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

15:26:08.0908 4764 usbscan - ok

15:26:08.0939 4764 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:26:08.0955 4764 USBSTOR - ok

15:26:08.0971 4764 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

15:26:08.0971 4764 usbuhci - ok

15:26:09.0017 4764 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

15:26:09.0017 4764 usbvideo - ok

15:26:09.0033 4764 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

15:26:09.0049 4764 UxSms - ok

15:26:09.0064 4764 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe

15:26:09.0064 4764 VaultSvc - ok

15:26:09.0142 4764 [ 2662F24C7AEE2A32CEBDEC907A5366F1 ] vcsFPService C:\Windows\system32\vcsFPService.exe

15:26:09.0189 4764 vcsFPService - ok

15:26:09.0236 4764 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

15:26:09.0236 4764 vdrvroot - ok

15:26:09.0267 4764 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

15:26:09.0267 4764 vds - ok

15:26:09.0314 4764 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:26:09.0314 4764 vga - ok

15:26:09.0345 4764 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

15:26:09.0345 4764 VgaSave - ok

15:26:09.0376 4764 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

15:26:09.0376 4764 vhdmp - ok

15:26:09.0392 4764 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

15:26:09.0392 4764 viaide - ok

15:26:09.0439 4764 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

15:26:09.0439 4764 volmgr - ok

15:26:09.0454 4764 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:26:09.0470 4764 volmgrx - ok

15:26:09.0532 4764 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys

15:26:09.0532 4764 volsnap - ok

15:26:09.0563 4764 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

15:26:09.0563 4764 vsmraid - ok

15:26:09.0626 4764 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

15:26:09.0673 4764 VSS - ok

15:26:09.0688 4764 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

15:26:09.0688 4764 vwifibus - ok

15:26:09.0735 4764 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

15:26:09.0735 4764 vwififlt - ok

15:26:09.0751 4764 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

15:26:09.0751 4764 vwifimp - ok

15:26:09.0782 4764 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

15:26:09.0797 4764 W32Time - ok

15:26:09.0844 4764 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys

15:26:09.0844 4764 wacommousefilter - ok

15:26:09.0875 4764 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

15:26:09.0875 4764 WacomPen - ok

15:26:09.0922 4764 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys

15:26:09.0922 4764 wacomvhid - ok

15:26:09.0953 4764 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

15:26:09.0953 4764 WANARP - ok

15:26:09.0969 4764 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:26:09.0969 4764 Wanarpv6 - ok

15:26:10.0047 4764 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

15:26:10.0078 4764 WatAdminSvc - ok

15:26:10.0125 4764 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

15:26:10.0172 4764 wbengine - ok

15:26:10.0187 4764 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

15:26:10.0187 4764 WbioSrvc - ok

15:26:10.0250 4764 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:26:10.0250 4764 wcncsvc - ok

15:26:10.0265 4764 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:26:10.0281 4764 WcsPlugInService - ok

15:26:10.0297 4764 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

15:26:10.0312 4764 Wd - ok

15:26:10.0343 4764 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:26:10.0359 4764 Wdf01000 - ok

15:26:10.0375 4764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:26:10.0375 4764 WdiServiceHost - ok

15:26:10.0375 4764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:26:10.0375 4764 WdiSystemHost - ok

15:26:10.0421 4764 [ FE31110E39A0B11ABAE1BA43A2DC94F9 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys

15:26:10.0421 4764 wdkmd - ok

15:26:10.0453 4764 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll

15:26:10.0453 4764 WebClient - ok

15:26:10.0468 4764 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:26:10.0484 4764 Wecsvc - ok

15:26:10.0499 4764 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:26:10.0499 4764 wercplsupport - ok

15:26:10.0531 4764 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

15:26:10.0546 4764 WerSvc - ok

15:26:10.0577 4764 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

15:26:10.0577 4764 WfpLwf - ok

15:26:10.0640 4764 [ 8686E96E13F41AC9806A79CA8004FEEE ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

15:26:10.0655 4764 WiMAXAppSrv - ok

15:26:10.0671 4764 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

15:26:10.0671 4764 WIMMount - ok

15:26:10.0687 4764 WinDefend - ok

15:26:10.0687 4764 WinHttpAutoProxySvc - ok

15:26:10.0765 4764 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:26:10.0765 4764 Winmgmt - ok

15:26:10.0827 4764 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

15:26:10.0874 4764 WinRM - ok

15:26:10.0905 4764 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

15:26:10.0921 4764 WinUSB - ok

15:26:10.0952 4764 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

15:26:10.0983 4764 Wlansvc - ok

15:26:11.0077 4764 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:26:11.0108 4764 wlidsvc - ok

15:26:11.0123 4764 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

15:26:11.0123 4764 WmiAcpi - ok

15:26:11.0155 4764 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:26:11.0155 4764 wmiApSrv - ok

15:26:11.0170 4764 WMPNetworkSvc - ok

15:26:11.0186 4764 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:26:11.0186 4764 WPCSvc - ok

15:26:11.0201 4764 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:26:11.0201 4764 WPDBusEnum - ok

15:26:11.0217 4764 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:26:11.0217 4764 ws2ifsl - ok

15:26:11.0248 4764 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll

15:26:11.0264 4764 wscsvc - ok

15:26:11.0264 4764 WSearch - ok

15:26:11.0357 4764 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

15:26:11.0435 4764 wuauserv - ok

15:26:11.0467 4764 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:26:11.0467 4764 WudfPf - ok

15:26:11.0482 4764 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

15:26:11.0498 4764 WUDFRd - ok

15:26:11.0498 4764 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:26:11.0513 4764 wudfsvc - ok

15:26:11.0529 4764 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

15:26:11.0529 4764 WwanSvc - ok

15:26:11.0576 4764 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

15:26:11.0576 4764 xusb21 - ok

15:26:11.0607 4764 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

15:26:11.0607 4764 yukonw7 - ok

15:26:11.0623 4764 ================ Scan global ===============================

15:26:11.0654 4764 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

15:26:11.0685 4764 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll

15:26:11.0701 4764 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll

15:26:11.0732 4764 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

15:26:11.0763 4764 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

15:26:11.0779 4764 [Global] - ok

15:26:11.0779 4764 ================ Scan MBR ==================================

15:26:11.0794 4764 [ 58D52A39F7FE446786C83DA86D1E37E5 ] \Device\Harddisk0\DR0

15:26:12.0247 4764 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:26:12.0247 4764 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:26:12.0262 4764 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

15:26:12.0387 4764 \Device\Harddisk1\DR1 - ok

15:26:12.0387 4764 ================ Scan VBR ==================================

15:26:12.0403 4764 [ 7AA6A776121295AA97183B573E8AED29 ] \Device\Harddisk0\DR0\Partition1

15:26:12.0403 4764 \Device\Harddisk0\DR0\Partition1 - ok

15:26:12.0418 4764 [ 39A036E290958251DCD1D560E7B81E8C ] \Device\Harddisk0\DR0\Partition2

15:26:12.0418 4764 \Device\Harddisk0\DR0\Partition2 - ok

15:26:12.0449 4764 [ 33F4B21108CFF1E568506E318D7AE828 ] \Device\Harddisk0\DR0\Partition3

15:26:12.0449 4764 \Device\Harddisk0\DR0\Partition3 - ok

15:26:12.0465 4764 [ 4600C1DE87512EAFFA1D9FAE734187E4 ] \Device\Harddisk1\DR1\Partition1

15:26:12.0465 4764 \Device\Harddisk1\DR1\Partition1 - ok

15:26:12.0465 4764 ============================================================

15:26:12.0465 4764 Scan finished

15:26:12.0465 4764 ============================================================

15:26:12.0481 4556 Detected object count: 1

15:26:12.0481 4556 Actual detected object count: 1

15:27:17.0673 4556 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:27:17.0673 4556 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:27:35.0254 4616 Deinitialize success

PLfixlog.txt

Link to post
Share on other sites

  • Staff

looks better

please run the following:

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 13-03-09.01 - SHeLBY 03/09/2013 16:18:11.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.3711 [GMT -6:00]

Running from: c:\users\SHeLBY\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\DAEA.tmp

c:\programdata\Microsoft\Windows\DRM\DB0A.tmp

c:\users\SHeLBY\AppData\Local\assembly\tmp

.

.

((((((((((((((((((((((((( Files Created from 2013-02-09 to 2013-03-09 )))))))))))))))))))))))))))))))

.

.

2013-03-09 22:29 . 2013-03-09 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-09 22:13 . 2013-03-09 22:13 -------- d-----w- C:\FRST

2013-03-07 23:14 . 2013-03-07 23:14 -------- d-----w- c:\users\SHeLBY\AppData\Roaming\Malwarebytes

2013-03-07 23:14 . 2013-03-07 23:14 -------- d-----w- c:\programdata\Malwarebytes

2013-03-07 23:14 . 2013-03-07 23:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-03-07 23:14 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-07 23:14 . 2013-03-07 23:14 -------- d-----w- c:\users\SHeLBY\AppData\Local\Programs

2013-02-23 00:15 . 2013-02-23 08:13 -------- d-----w- c:\program files (x86)\TERA

2013-02-23 00:15 . 2013-02-23 00:25 -------- d-----w- c:\users\SHeLBY\AppData\Local\TERA

2013-02-22 06:59 . 2013-03-02 03:09 -------- d-----w- c:\users\SHeLBY\AppData\Roaming\Toon Boom Animation

2013-02-22 06:19 . 2013-02-22 06:19 -------- d-----w- c:\program files (x86)\Toon Boom Animation

2013-02-14 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 09:00 . 2013-01-09 01:14 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2013-02-14 09:00 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll

2013-02-14 09:00 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll

2013-02-11 22:13 . 2013-02-11 22:13 -------- d-----w- c:\users\SHeLBY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-28 20:19 . 2012-09-25 21:31 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-28 20:19 . 2011-05-30 16:46 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-04 05:25 . 2013-02-04 05:25 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-01-04 04:43 . 2013-02-14 02:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-16 16:52 . 2012-12-24 06:46 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:40 . 2012-12-24 06:46 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:25 . 2012-12-24 06:46 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:25 . 2012-12-24 06:46 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-17 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-10 1431888]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-12 232992]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-24 344680]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys [2012-08-20 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130308.001\IDSvia64.sys [2013-02-01 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS [2012-09-07 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1402010.016\SYMNETS.SYS [2012-09-07 432800]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-04 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 203264]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920]

S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-02-03 138912]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 151936]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-28 10610400]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-08-16 39832]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-07 20:23 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 20:19]

.

2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 00:49]

.

2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 00:49]

.

2013-02-23 c:\windows\Tasks\HPCeeScheduleForSHELBY-COMPUTER$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2013-03-02 c:\windows\Tasks\HPCeeScheduleForSHeLBY.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-23 487424]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\SHeLBY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-SMessaging - c:\users\SHeLBY\AppData\Local\Strongvault Online Backup\SMessaging.exe

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe

AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{05971B75-B620-4D64-9985-7971BEF763A2}\setup.exe

AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3652421346-3148141067-3488229082-1001\Software\SecuROM\License information*]

"datasecu"=hex:9f,24,be,14,e2,27,48,d3,08,83,00,ec,31,71,8f,19,10,3e,2d,29,3e,

3c,e5,c5,eb,15,59,16,ed,a4,b2,21,ff,03,af,68,f5,83,e5,eb,10,fb,c9,5b,4c,35,\

"rkeysecu"=hex:20,db,e3,cf,f3,01,d6,08,4e,1b,46,c1,49,f2,a8,2a

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-09 16:33:43

ComboFix-quarantined-files.txt 2013-03-09 22:33

.

Pre-Run: 311,346,683,904 bytes free

Post-Run: 311,727,902,720 bytes free

.

- - End Of File - - 99764B7B87557558D8938FEA6141F946

Link to post
Share on other sites

  • Staff

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

Sorry for taking so long with this reply. My internet's been kinda picky lately, so the eset scan had some trouble.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.9 (03.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by SHeLBY on Sat 03/09/2013 at 17:57:46.81

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{30f9b915-b755-4826-820b-08fba6bd249d}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\utorrentbar

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2653012

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2786678

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\SHeLBY\AppData\Roaming\dvdvideosoftiehelpers"

Successfully deleted: [Folder] "C:\Users\SHeLBY\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\SHeLBY\AppData\Roaming\strongvault"

Successfully deleted: [Folder] "C:\Users\SHeLBY\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\SHeLBY\appdata\local\stronghold_llc"

Successfully deleted: [Folder] "C:\Users\SHeLBY\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\SHeLBY\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\SHeLBY\appdata\locallow\utorrentbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 03/09/2013 at 18:14:09.57

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.09.13

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

SHeLBY :: SHELBY-COMPUTER [administrator]

Protection: Enabled

3/9/2013 6:23:03 PM

mbam-log-2013-03-09 (18-23-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210741

Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

AdwCleanerS1.txt

esetscan.txt

Link to post
Share on other sites

  • Staff

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


File::
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe
C:\Users\SHeLBY\Downloads\Setups\FreeStudio\FreeVideoToiPhoneConverter.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

ComboFix 13-03-10.02 - SHeLBY 03/10/2013 14:03:39.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.3673 [GMT -5:00]

Running from: c:\users\SHeLBY\Desktop\ComboFix.exe

Command switches used :: c:\users\SHeLBY\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll"

"c:\program files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe"

"c:\users\SHeLBY\Downloads\Setups\FreeStudio\FreeVideoToiPhoneConverter.exe"

.

.

((((((((((((((((((((((((( Files Created from 2013-02-10 to 2013-03-10 )))))))))))))))))))))))))))))))

.

.

2013-03-10 19:14 . 2013-03-10 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-09 23:57 . 2013-03-09 23:57 -------- d-----w- c:\windows\ERUNT

2013-03-09 23:57 . 2013-03-09 23:57 -------- d-----w- C:\JRT

2013-03-09 22:13 . 2013-03-09 22:13 -------- d-----w- C:\FRST

2013-03-07 23:14 . 2013-03-07 23:14 -------- d-----w- c:\users\SHeLBY\AppData\Roaming\Malwarebytes

2013-03-07 23:14 . 2013-03-07 23:14 -------- d-----w- c:\programdata\Malwarebytes

2013-03-07 23:14 . 2013-03-07 23:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-03-07 23:14 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-07 23:14 . 2013-03-07 23:14 -------- d-----w- c:\users\SHeLBY\AppData\Local\Programs

2013-02-23 00:15 . 2013-02-23 08:13 -------- d-----w- c:\program files (x86)\TERA

2013-02-23 00:15 . 2013-02-23 00:25 -------- d-----w- c:\users\SHeLBY\AppData\Local\TERA

2013-02-22 06:59 . 2013-03-02 03:09 -------- d-----w- c:\users\SHeLBY\AppData\Roaming\Toon Boom Animation

2013-02-22 06:19 . 2013-02-22 06:19 -------- d-----w- c:\program files (x86)\Toon Boom Animation

2013-02-14 09:04 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 09:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 09:00 . 2013-01-09 01:14 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2013-02-14 09:00 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll

2013-02-14 09:00 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll

2013-02-11 22:13 . 2013-02-11 22:13 -------- d-----w- c:\users\SHeLBY\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-28 20:19 . 2012-09-25 21:31 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-28 20:19 . 2011-05-30 16:46 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-04 05:25 . 2013-02-04 05:25 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-01-04 04:43 . 2013-02-14 02:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-16 16:52 . 2012-12-24 06:46 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:40 . 2012-12-24 06:46 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:25 . 2012-12-24 06:46 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:25 . 2012-12-24 06:46 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-17 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-10 1431888]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-12 232992]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-24 344680]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-13 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys [2012-08-20 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130308.001\IDSvia64.sys [2013-02-01 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS [2012-09-07 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1402010.016\SYMNETS.SYS [2012-09-07 432800]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-04 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 203264]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920]

S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-02-03 138912]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 151936]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-28 10610400]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-08-16 39832]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-07 20:23 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 20:19]

.

2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 00:49]

.

2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10 00:49]

.

2013-02-23 c:\windows\Tasks\HPCeeScheduleForSHELBY-COMPUTER$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2013-03-02 c:\windows\Tasks\HPCeeScheduleForSHeLBY.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-23 487424]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\SHeLBY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe

AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{05971B75-B620-4D64-9985-7971BEF763A2}\setup.exe

AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3652421346-3148141067-3488229082-1001\Software\SecuROM\License information*]

"datasecu"=hex:9f,24,be,14,e2,27,48,d3,08,83,00,ec,31,71,8f,19,10,3e,2d,29,3e,

3c,e5,c5,eb,15,59,16,ed,a4,b2,21,ff,03,af,68,f5,83,e5,eb,10,fb,c9,5b,4c,35,\

"rkeysecu"=hex:20,db,e3,cf,f3,01,d6,08,4e,1b,46,c1,49,f2,a8,2a

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-10 14:18:11

ComboFix-quarantined-files.txt 2013-03-10 19:18

.

Pre-Run: 361,823,973,376 bytes free

Post-Run: 361,529,778,176 bytes free

.

- - End Of File - - BB6A8E06CBAA79ECB2BE637C6B6E5913

Link to post
Share on other sites

  • Staff

Please run the following:

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

javaicon.jpg

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u17
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u17-windows-i586.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked

      • Trace and Log Files
        Cached Applications and Applets

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

NEXT

Please advise how the computer running now and if there are any outstanding issues

Link to post
Share on other sites

  • Staff

We just have some housekeeping to do now,

Please do the following:

You can delete the DDS, JRT, TDSSKiller and Farbar logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

    [*]Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.