mrrumme1125 Posted May 23, 2013 ID:683026 Share Posted May 23, 2013 I had a few simple questions about the Trojan.BHO virus. I recently ran a scan using Malwarebytes and this showed up 5 times from the scan plus a few other things. Is there anything i should be concerned about? I dont know how long it has been on the computer but i do know that the screen does very funny things on boot-up such as, it will act like a cable is unplugged and do the static lines across the screen while scrolling the windows picture then boots up. Also i have noticied that my computer has become slower. Any advice would be very grateful.Paytonmbam-log-2013-05-23 (10-37-45).txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 23, 2013 ID:683087 Share Posted May 23, 2013 Hello mrrumme1125 and welcome to Malwarebytes!I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Note:Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"-------> Your topic will be closed if you haven't replied within 3 days! <--------(If I don't respond within 24 hours, please send me a PM)-DFB Link to post Share on other sites More sharing options...
mrrumme1125 Posted May 24, 2013 Author ID:683129 Share Posted May 24, 2013 Well i did everything you requested. Computer is still a little sluggish opening up programs and such. It still does a jumping screen when re-booting the computer, when the computer boots up the Windows logo will literally start bouncing up and down and then it stops like it freezes on me but it will boot up fine after that. Here are the requested Logs you requested as well.18:44:30.0325 3472 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:3418:44:30.0809 3472 ============================================================18:44:30.0809 3472 Current date / time: 2013/05/23 18:44:30.080918:44:30.0809 3472 SystemInfo:18:44:30.0809 3472 18:44:30.0809 3472 OS Version: 6.1.7601 ServicePack: 1.018:44:30.0809 3472 Product type: Workstation18:44:30.0809 3472 ComputerName: MRSRUMME1125-PC18:44:30.0809 3472 UserName: MrsRumme112518:44:30.0809 3472 Windows directory: C:\windows18:44:30.0809 3472 System windows directory: C:\windows18:44:30.0809 3472 Running under WOW6418:44:30.0809 3472 Processor architecture: Intel x6418:44:30.0809 3472 Number of processors: 218:44:30.0809 3472 Page size: 0x100018:44:30.0809 3472 Boot type: Normal boot18:44:30.0809 3472 ============================================================18:44:33.0227 3472 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004018:44:33.0227 3472 ============================================================18:44:33.0227 3472 \Device\Harddisk0\DR0:18:44:33.0227 3472 MBR partitions:18:44:33.0227 3472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3892680018:44:33.0227 3472 ============================================================18:44:33.0351 3472 C: <-> \Device\Harddisk0\DR0\Partition118:44:33.0351 3472 ============================================================18:44:33.0351 3472 Initialize success18:44:33.0351 3472 ============================================================18:44:43.0502 7148 ============================================================18:44:43.0502 7148 Scan started18:44:43.0502 7148 Mode: Manual;18:44:43.0502 7148 ============================================================18:44:44.0875 7148 ================ Scan system memory ========================18:44:44.0875 7148 System memory - ok18:44:44.0875 7148 ================ Scan services =============================18:44:45.0046 7148 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys18:44:45.0046 7148 1394ohci - ok18:44:45.0077 7148 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys18:44:45.0093 7148 ACPI - ok18:44:45.0124 7148 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys18:44:45.0124 7148 AcpiPmi - ok18:44:45.0218 7148 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe18:44:45.0233 7148 AdobeARMservice - ok18:44:45.0327 7148 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe18:44:45.0327 7148 AdobeFlashPlayerUpdateSvc - ok18:44:45.0389 7148 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys18:44:45.0389 7148 adp94xx - ok18:44:45.0421 7148 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys18:44:45.0421 7148 adpahci - ok18:44:45.0452 7148 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys18:44:45.0467 7148 adpu320 - ok18:44:45.0499 7148 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll18:44:45.0499 7148 AeLookupSvc - ok18:44:45.0545 7148 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys18:44:45.0545 7148 AFD - ok18:44:45.0592 7148 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys18:44:45.0592 7148 agp440 - ok18:44:45.0623 7148 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe18:44:45.0639 7148 ALG - ok18:44:45.0670 7148 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys18:44:45.0670 7148 aliide - ok18:44:45.0717 7148 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe18:44:45.0717 7148 AMD External Events Utility - ok18:44:45.0733 7148 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys18:44:45.0733 7148 amdide - ok18:44:45.0779 7148 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys18:44:45.0779 7148 AmdK8 - ok18:44:45.0811 7148 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys18:44:45.0842 7148 AmdPPM - ok18:44:45.0935 7148 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys18:44:45.0982 7148 amdsata - ok18:44:45.0998 7148 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys18:44:45.0998 7148 amdsbs - ok18:44:46.0013 7148 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys18:44:46.0013 7148 amdxata - ok18:44:46.0060 7148 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys18:44:46.0060 7148 AppID - ok18:44:46.0091 7148 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll18:44:46.0091 7148 AppIDSvc - ok18:44:46.0123 7148 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll18:44:46.0123 7148 Appinfo - ok18:44:46.0169 7148 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys18:44:46.0169 7148 arc - ok18:44:46.0185 7148 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys18:44:46.0185 7148 arcsas - ok18:44:46.0232 7148 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys18:44:46.0232 7148 AsyncMac - ok18:44:46.0263 7148 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys18:44:46.0263 7148 atapi - ok18:44:46.0435 7148 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys18:44:46.0559 7148 atikmdag - ok18:44:46.0622 7148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll18:44:46.0622 7148 AudioEndpointBuilder - ok18:44:46.0637 7148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll18:44:46.0637 7148 AudioSrv - ok18:44:46.0700 7148 [ CA0D66B63DBD2A22D0AC9B758D67B8E8 ] avgtp C:\windows\system32\drivers\avgtpx64.sys18:44:46.0700 7148 avgtp - ok18:44:46.0747 7148 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll18:44:46.0747 7148 AxInstSV - ok18:44:46.0793 7148 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys18:44:46.0793 7148 b06bdrv - ok18:44:46.0840 7148 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys18:44:46.0840 7148 b57nd60a - ok18:44:46.0887 7148 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll18:44:46.0887 7148 BDESVC - ok18:44:46.0934 7148 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys18:44:46.0934 7148 Beep - ok18:44:46.0996 7148 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll18:44:46.0996 7148 BFE - ok18:44:47.0230 7148 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130515.001\BHDrvx64.sys18:44:47.0246 7148 BHDrvx64 - ok18:44:47.0293 7148 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll18:44:47.0308 7148 BITS - ok18:44:47.0339 7148 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys18:44:47.0339 7148 blbdrive - ok18:44:47.0386 7148 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys18:44:47.0386 7148 bowser - ok18:44:47.0402 7148 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys18:44:47.0402 7148 BrFiltLo - ok18:44:47.0449 7148 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys18:44:47.0449 7148 BrFiltUp - ok18:44:47.0480 7148 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll18:44:47.0480 7148 Browser - ok18:44:47.0495 7148 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys18:44:47.0511 7148 Brserid - ok18:44:47.0527 7148 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys18:44:47.0527 7148 BrSerWdm - ok18:44:47.0573 7148 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys18:44:47.0573 7148 BrUsbMdm - ok18:44:47.0573 7148 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys18:44:47.0573 7148 BrUsbSer - ok18:44:47.0605 7148 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys18:44:47.0605 7148 BTHMODEM - ok18:44:47.0667 7148 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll18:44:47.0667 7148 bthserv - ok18:44:47.0745 7148 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NAV C:\windows\system32\drivers\NAVx64\1403010.016\ccSetx64.sys18:44:47.0745 7148 ccSet_NAV - ok18:44:47.0776 7148 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys18:44:47.0776 7148 cdfs - ok18:44:47.0823 7148 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys18:44:47.0823 7148 cdrom - ok18:44:47.0870 7148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll18:44:47.0870 7148 CertPropSvc - ok18:44:47.0917 7148 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys18:44:47.0917 7148 circlass - ok18:44:47.0948 7148 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys18:44:47.0963 7148 CLFS - ok18:44:48.0026 7148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe18:44:48.0026 7148 clr_optimization_v2.0.50727_32 - ok18:44:48.0088 7148 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe18:44:48.0088 7148 clr_optimization_v2.0.50727_64 - ok18:44:48.0166 7148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe18:44:48.0166 7148 clr_optimization_v4.0.30319_32 - ok18:44:48.0197 7148 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe18:44:48.0197 7148 clr_optimization_v4.0.30319_64 - ok18:44:48.0291 7148 [ 934F4153380EDB6809EB9231C6B5F2A9 ] CltMngSvc C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe18:44:48.0291 7148 CltMngSvc - ok18:44:48.0322 7148 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys18:44:48.0322 7148 CmBatt - ok18:44:48.0338 7148 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys18:44:48.0338 7148 cmdide - ok18:44:48.0385 7148 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys18:44:48.0385 7148 CNG - ok18:44:48.0447 7148 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys18:44:48.0447 7148 CnxtHdAudService - ok18:44:48.0463 7148 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys18:44:48.0478 7148 Compbatt - ok18:44:48.0509 7148 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys18:44:48.0509 7148 CompositeBus - ok18:44:48.0525 7148 COMSysApp - ok18:44:48.0556 7148 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys18:44:48.0556 7148 crcdisk - ok18:44:48.0587 7148 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll18:44:48.0587 7148 CryptSvc - ok18:44:48.0681 7148 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE18:44:48.0681 7148 cvhsvc - ok18:44:48.0728 7148 [ BA25D4B9B067248F7CAC416E855D706B ] dc3d C:\windows\system32\DRIVERS\dc3d.sys18:44:48.0743 7148 dc3d - ok18:44:48.0790 7148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll18:44:48.0790 7148 DcomLaunch - ok18:44:48.0837 7148 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll18:44:48.0837 7148 defragsvc - ok18:44:48.0868 7148 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys18:44:48.0868 7148 DfsC - ok18:44:48.0915 7148 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll18:44:48.0915 7148 Dhcp - ok18:44:48.0946 7148 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys18:44:48.0946 7148 discache - ok18:44:49.0009 7148 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys18:44:49.0009 7148 Disk - ok18:44:49.0040 7148 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll18:44:49.0040 7148 Dnscache - ok18:44:49.0071 7148 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll18:44:49.0071 7148 dot3svc - ok18:44:49.0087 7148 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll18:44:49.0087 7148 DPS - ok18:44:49.0133 7148 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys18:44:49.0133 7148 drmkaud - ok18:44:49.0180 7148 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys18:44:49.0180 7148 DXGKrnl - ok18:44:49.0227 7148 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll18:44:49.0227 7148 EapHost - ok18:44:49.0305 7148 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys18:44:49.0367 7148 ebdrv - ok18:44:49.0430 7148 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys18:44:49.0430 7148 eeCtrl - ok18:44:49.0461 7148 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe18:44:49.0461 7148 EFS - ok18:44:49.0523 7148 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe18:44:49.0539 7148 ehRecvr - ok18:44:49.0555 7148 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe18:44:49.0555 7148 ehSched - ok18:44:49.0617 7148 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys18:44:49.0617 7148 elxstor - ok18:44:49.0664 7148 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys18:44:49.0664 7148 EraserUtilRebootDrv - ok18:44:49.0695 7148 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys18:44:49.0695 7148 ErrDev - ok18:44:49.0742 7148 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll18:44:49.0742 7148 EventSystem - ok18:44:49.0757 7148 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys18:44:49.0757 7148 exfat - ok18:44:49.0789 7148 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys18:44:49.0789 7148 fastfat - ok18:44:49.0851 7148 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe18:44:49.0851 7148 Fax - ok18:44:49.0867 7148 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys18:44:49.0867 7148 fdc - ok18:44:49.0898 7148 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll18:44:49.0898 7148 fdPHost - ok18:44:49.0913 7148 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll18:44:49.0913 7148 FDResPub - ok18:44:49.0945 7148 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys18:44:49.0945 7148 FileInfo - ok18:44:49.0960 7148 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys18:44:49.0960 7148 Filetrace - ok18:44:49.0976 7148 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys18:44:49.0976 7148 flpydisk - ok18:44:50.0007 7148 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys18:44:50.0023 7148 FltMgr - ok18:44:50.0054 7148 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll18:44:50.0069 7148 FontCache - ok18:44:50.0116 7148 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe18:44:50.0116 7148 FontCache3.0.0.0 - ok18:44:50.0147 7148 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys18:44:50.0147 7148 FsDepends - ok18:44:50.0179 7148 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys18:44:50.0179 7148 Fs_Rec - ok18:44:50.0225 7148 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys18:44:50.0225 7148 fvevol - ok18:44:50.0257 7148 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys18:44:50.0257 7148 gagp30kx - ok18:44:50.0303 7148 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll18:44:50.0303 7148 gpsvc - ok18:44:50.0397 7148 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe18:44:50.0397 7148 gupdate - ok18:44:50.0428 7148 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe18:44:50.0428 7148 gupdatem - ok18:44:50.0444 7148 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys18:44:50.0459 7148 hcw85cir - ok18:44:50.0506 7148 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys18:44:50.0522 7148 HdAudAddService - ok18:44:50.0537 7148 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys18:44:50.0537 7148 HDAudBus - ok18:44:50.0569 7148 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys18:44:50.0569 7148 HidBatt - ok18:44:50.0584 7148 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys18:44:50.0584 7148 HidBth - ok18:44:50.0600 7148 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys18:44:50.0600 7148 HidIr - ok18:44:50.0631 7148 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll18:44:50.0631 7148 hidserv - ok18:44:50.0662 7148 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys18:44:50.0662 7148 HidUsb - ok18:44:50.0693 7148 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll18:44:50.0693 7148 hkmsvc - ok18:44:50.0725 7148 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll18:44:50.0725 7148 HomeGroupListener - ok18:44:50.0756 7148 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll18:44:50.0771 7148 HomeGroupProvider - ok18:44:50.0803 7148 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys18:44:50.0803 7148 HpSAMD - ok18:44:50.0849 7148 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys18:44:50.0865 7148 HTTP - ok18:44:50.0881 7148 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys18:44:50.0881 7148 hwpolicy - ok18:44:50.0927 7148 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys18:44:50.0927 7148 i8042prt - ok18:44:50.0959 7148 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys18:44:50.0959 7148 iaStorV - ok18:44:51.0052 7148 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe18:44:51.0052 7148 IDriverT - ok18:44:51.0099 7148 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe18:44:51.0115 7148 idsvc - ok18:44:51.0208 7148 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130522.001\IDSvia64.sys18:44:51.0208 7148 IDSVia64 - ok18:44:51.0255 7148 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys18:44:51.0255 7148 iirsp - ok18:44:51.0286 7148 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll18:44:51.0302 7148 IKEEXT - ok18:44:51.0317 7148 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys18:44:51.0317 7148 intelide - ok18:44:51.0349 7148 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys18:44:51.0349 7148 intelppm - ok18:44:51.0395 7148 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll18:44:51.0395 7148 IPBusEnum - ok18:44:51.0427 7148 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys18:44:51.0427 7148 IpFilterDriver - ok18:44:51.0458 7148 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll18:44:51.0458 7148 iphlpsvc - ok18:44:51.0489 7148 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys18:44:51.0489 7148 IPMIDRV - ok18:44:51.0505 7148 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys18:44:51.0505 7148 IPNAT - ok18:44:51.0536 7148 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys18:44:51.0536 7148 IRENUM - ok18:44:51.0567 7148 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys18:44:51.0567 7148 isapnp - ok18:44:51.0614 7148 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys18:44:51.0614 7148 iScsiPrt - ok18:44:51.0645 7148 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys18:44:51.0645 7148 kbdclass - ok18:44:51.0676 7148 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys18:44:51.0676 7148 kbdhid - ok18:44:51.0692 7148 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe18:44:51.0692 7148 KeyIso - ok18:44:51.0770 7148 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe18:44:51.0770 7148 Kodak AiO Network Discovery Service - ok18:44:51.0848 7148 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe18:44:51.0848 7148 Kodak AiO Status Monitor Service - ok18:44:51.0879 7148 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys18:44:51.0879 7148 KSecDD - ok18:44:51.0910 7148 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys18:44:51.0910 7148 KSecPkg - ok18:44:51.0941 7148 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys18:44:51.0941 7148 ksthunk - ok18:44:51.0973 7148 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll18:44:51.0973 7148 KtmRm - ok18:44:52.0019 7148 [ 655A5D8E80869781CCE23760ADA7E695 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys18:44:52.0035 7148 L1C - ok18:44:52.0082 7148 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll18:44:52.0097 7148 LanmanServer - ok18:44:52.0129 7148 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll18:44:52.0129 7148 LanmanWorkstation - ok18:44:52.0160 7148 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys18:44:52.0160 7148 lltdio - ok18:44:52.0207 7148 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll18:44:52.0207 7148 lltdsvc - ok18:44:52.0222 7148 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll18:44:52.0222 7148 lmhosts - ok18:44:52.0253 7148 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys18:44:52.0269 7148 LSI_FC - ok18:44:52.0300 7148 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys18:44:52.0300 7148 LSI_SAS - ok18:44:52.0316 7148 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys18:44:52.0316 7148 LSI_SAS2 - ok18:44:52.0347 7148 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys18:44:52.0363 7148 LSI_SCSI - ok18:44:52.0378 7148 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys18:44:52.0378 7148 luafv - ok18:44:52.0425 7148 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys18:44:52.0425 7148 MBAMProtector - ok18:44:52.0487 7148 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe18:44:52.0487 7148 MBAMScheduler - ok18:44:52.0534 7148 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe18:44:52.0534 7148 MBAMService - ok18:44:52.0612 7148 [ 944B3087B142CD9BF8DA6B3039FBFBA5 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe18:44:52.0612 7148 McciCMService - ok18:44:52.0690 7148 [ FBD57A7C443C85CC6C6169493A020FDF ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe18:44:52.0690 7148 McciCMService64 - ok18:44:52.0721 7148 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll18:44:52.0721 7148 Mcx2Svc - ok18:44:52.0753 7148 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys18:44:52.0753 7148 megasas - ok18:44:52.0768 7148 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys18:44:52.0784 7148 MegaSR - ok18:44:52.0862 7148 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe18:44:52.0862 7148 Microsoft Office Groove Audit Service - ok18:44:52.0909 7148 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll18:44:52.0909 7148 MMCSS - ok18:44:52.0924 7148 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys18:44:52.0924 7148 Modem - ok18:44:52.0971 7148 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys18:44:52.0971 7148 monitor - ok18:44:53.0002 7148 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys18:44:53.0002 7148 mouclass - ok18:44:53.0033 7148 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys18:44:53.0033 7148 mouhid - ok18:44:53.0065 7148 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys18:44:53.0065 7148 mountmgr - ok18:44:53.0096 7148 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe18:44:53.0096 7148 MozillaMaintenance - ok18:44:53.0127 7148 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys18:44:53.0127 7148 mpio - ok18:44:53.0158 7148 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys18:44:53.0158 7148 mpsdrv - ok18:44:53.0205 7148 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll18:44:53.0205 7148 MpsSvc - ok18:44:53.0236 7148 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS18:44:53.0236 7148 MREMP50 - ok18:44:53.0252 7148 MREMP50a64 - ok18:44:53.0252 7148 MREMPR5 - ok18:44:53.0252 7148 MRENDIS5 - ok18:44:53.0267 7148 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS18:44:53.0267 7148 MRESP50 - ok18:44:53.0267 7148 MRESP50a64 - ok18:44:53.0299 7148 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys18:44:53.0299 7148 MRxDAV - ok18:44:53.0330 7148 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys18:44:53.0330 7148 mrxsmb - ok18:44:53.0361 7148 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys18:44:53.0361 7148 mrxsmb10 - ok18:44:53.0377 7148 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys18:44:53.0377 7148 mrxsmb20 - ok18:44:53.0392 7148 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys18:44:53.0408 7148 msahci - ok18:44:53.0439 7148 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys18:44:53.0439 7148 msdsm - ok18:44:53.0455 7148 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe18:44:53.0455 7148 MSDTC - ok18:44:53.0486 7148 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys18:44:53.0486 7148 Msfs - ok18:44:53.0501 7148 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys18:44:53.0501 7148 mshidkmdf - ok18:44:53.0517 7148 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys18:44:53.0517 7148 msisadrv - ok18:44:53.0579 7148 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll18:44:53.0595 7148 MSiSCSI - ok18:44:53.0595 7148 msiserver - ok18:44:53.0626 7148 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys18:44:53.0626 7148 MSKSSRV - ok18:44:53.0673 7148 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys18:44:53.0673 7148 MSPCLOCK - ok18:44:53.0689 7148 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys18:44:53.0689 7148 MSPQM - ok18:44:53.0720 7148 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys18:44:53.0720 7148 MsRPC - ok18:44:53.0767 7148 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys18:44:53.0767 7148 mssmbios - ok18:44:53.0798 7148 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys18:44:53.0798 7148 MSTEE - ok18:44:53.0813 7148 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys18:44:53.0829 7148 MTConfig - ok18:44:53.0845 7148 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys18:44:53.0860 7148 Mup - ok18:44:53.0891 7148 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll18:44:53.0891 7148 napagent - ok18:44:53.0938 7148 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys18:44:53.0938 7148 NativeWifiP - ok18:44:54.0001 7148 [ 241BD3019FB31E812A51B31B06906335 ] NAV C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe18:44:54.0001 7148 NAV - ok18:44:54.0047 7148 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130523.003\ENG64.SYS18:44:54.0063 7148 NAVENG - ok18:44:54.0125 7148 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130523.003\EX64.SYS18:44:54.0141 7148 NAVEX15 - ok18:44:54.0203 7148 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys18:44:54.0219 7148 NDIS - ok18:44:54.0266 7148 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys18:44:54.0266 7148 NdisCap - ok18:44:54.0297 7148 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys18:44:54.0297 7148 NdisTapi - ok18:44:54.0328 7148 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys18:44:54.0328 7148 Ndisuio - ok18:44:54.0359 7148 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys18:44:54.0359 7148 NdisWan - ok18:44:54.0391 7148 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys18:44:54.0391 7148 NDProxy - ok18:44:54.0422 7148 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys18:44:54.0437 7148 NetBIOS - ok18:44:54.0469 7148 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys18:44:54.0469 7148 NetBT - ok18:44:54.0484 7148 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe18:44:54.0484 7148 Netlogon - ok18:44:54.0531 7148 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll18:44:54.0531 7148 Netman - ok18:44:54.0547 7148 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll18:44:54.0562 7148 netprofm - ok18:44:54.0578 7148 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe18:44:54.0593 7148 NetTcpPortSharing - ok18:44:54.0625 7148 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys18:44:54.0625 7148 nfrd960 - ok18:44:54.0656 7148 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll18:44:54.0671 7148 NlaSvc - ok18:44:54.0671 7148 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys18:44:54.0671 7148 Npfs - ok18:44:54.0703 7148 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll18:44:54.0703 7148 nsi - ok18:44:54.0718 7148 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys18:44:54.0718 7148 nsiproxy - ok18:44:54.0781 7148 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys18:44:54.0796 7148 Ntfs - ok18:44:54.0827 7148 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys18:44:54.0827 7148 Null - ok18:44:54.0859 7148 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys18:44:54.0859 7148 nvraid - ok18:44:54.0874 7148 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys18:44:54.0874 7148 nvstor - ok18:44:54.0890 7148 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys18:44:54.0890 7148 nv_agp - ok18:44:54.0952 7148 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE18:44:54.0952 7148 odserv - ok18:44:54.0983 7148 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys18:44:54.0983 7148 ohci1394 - ok18:44:55.0030 7148 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE18:44:55.0030 7148 ose - ok18:44:55.0155 7148 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE18:44:55.0280 7148 osppsvc - ok18:44:55.0327 7148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll18:44:55.0327 7148 p2pimsvc - ok18:44:55.0358 7148 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll18:44:55.0373 7148 p2psvc - ok18:44:55.0389 7148 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys18:44:55.0389 7148 Parport - ok18:44:55.0436 7148 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys18:44:55.0436 7148 partmgr - ok18:44:55.0451 7148 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll18:44:55.0467 7148 PcaSvc - ok18:44:55.0467 7148 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys18:44:55.0483 7148 pci - ok18:44:55.0498 7148 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys18:44:55.0498 7148 pciide - ok18:44:55.0529 7148 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys18:44:55.0529 7148 pcmcia - ok18:44:55.0561 7148 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys18:44:55.0561 7148 pcw - ok18:44:55.0623 7148 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys18:44:55.0623 7148 PEAUTH - ok18:44:55.0717 7148 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe18:44:55.0717 7148 PerfHost - ok18:44:55.0763 7148 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll18:44:55.0779 7148 pla - ok18:44:55.0826 7148 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll18:44:55.0826 7148 PlugPlay - ok18:44:55.0857 7148 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll18:44:55.0857 7148 PNRPAutoReg - ok18:44:55.0873 7148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll18:44:55.0873 7148 PNRPsvc - ok18:44:55.0919 7148 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys18:44:55.0919 7148 Point64 - ok18:44:55.0951 7148 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll18:44:55.0951 7148 PolicyAgent - ok18:44:55.0982 7148 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll18:44:55.0982 7148 Power - ok18:44:56.0029 7148 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys18:44:56.0029 7148 PptpMiniport - ok18:44:56.0060 7148 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys18:44:56.0060 7148 Processor - ok18:44:56.0107 7148 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll18:44:56.0107 7148 ProfSvc - ok18:44:56.0122 7148 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe18:44:56.0122 7148 ProtectedStorage - ok18:44:56.0169 7148 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys18:44:56.0169 7148 Psched - ok18:44:56.0200 7148 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys18:44:56.0216 7148 QIOMem - ok18:44:56.0263 7148 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys18:44:56.0278 7148 ql2300 - ok18:44:56.0309 7148 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys18:44:56.0309 7148 ql40xx - ok18:44:56.0356 7148 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll18:44:56.0356 7148 QWAVE - ok18:44:56.0387 7148 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys18:44:56.0387 7148 QWAVEdrv - ok18:44:56.0403 7148 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys18:44:56.0403 7148 RasAcd - ok18:44:56.0450 7148 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys18:44:56.0450 7148 RasAgileVpn - ok18:44:56.0465 7148 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll18:44:56.0465 7148 RasAuto - ok18:44:56.0512 7148 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys18:44:56.0512 7148 Rasl2tp - ok18:44:56.0543 7148 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll18:44:56.0559 7148 RasMan - ok18:44:56.0590 7148 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys18:44:56.0590 7148 RasPppoe - ok18:44:56.0606 7148 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys18:44:56.0621 7148 RasSstp - ok18:44:56.0653 7148 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys18:44:56.0653 7148 rdbss - ok18:44:56.0684 7148 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys18:44:56.0684 7148 rdpbus - ok18:44:56.0699 7148 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys18:44:56.0699 7148 RDPCDD - ok18:44:56.0731 7148 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys18:44:56.0731 7148 RDPENCDD - ok18:44:56.0746 7148 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys18:44:56.0746 7148 RDPREFMP - ok18:44:56.0809 7148 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys18:44:56.0809 7148 RdpVideoMiniport - ok18:44:56.0855 7148 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys18:44:56.0855 7148 RDPWD - ok18:44:56.0918 7148 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys18:44:56.0918 7148 rdyboost - ok18:44:56.0996 7148 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe18:44:56.0996 7148 RealNetworks Downloader Resolver Service - ok18:44:57.0011 7148 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll18:44:57.0011 7148 RemoteAccess - ok18:44:57.0089 7148 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll18:44:57.0089 7148 RemoteRegistry - ok18:44:57.0136 7148 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll18:44:57.0136 7148 RpcEptMapper - ok18:44:57.0167 7148 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe18:44:57.0167 7148 RpcLocator - ok18:44:57.0199 7148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll18:44:57.0214 7148 RpcSs - ok18:44:57.0245 7148 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys18:44:57.0245 7148 rspndr - ok18:44:57.0323 7148 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys18:44:57.0323 7148 RSUSBSTOR - ok18:44:57.0370 7148 [ FFC748D848740D1BC8F330A8879C2674 ] rtl8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys18:44:57.0370 7148 rtl8192Ce - ok18:44:57.0386 7148 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe18:44:57.0386 7148 SamSs - ok18:44:57.0433 7148 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys18:44:57.0433 7148 sbp2port - ok18:44:57.0464 7148 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll18:44:57.0464 7148 SCardSvr - ok18:44:57.0495 7148 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys18:44:57.0495 7148 scfilter - ok18:44:57.0542 7148 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll18:44:57.0542 7148 Schedule - ok18:44:57.0589 7148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll18:44:57.0589 7148 SCPolicySvc - ok18:44:57.0589 7148 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll18:44:57.0604 7148 SDRSVC - ok18:44:57.0635 7148 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys18:44:57.0651 7148 secdrv - ok18:44:57.0667 7148 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll18:44:57.0682 7148 seclogon - ok18:44:57.0698 7148 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll18:44:57.0713 7148 SENS - ok18:44:57.0729 7148 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll18:44:57.0729 7148 SensrSvc - ok18:44:57.0745 7148 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys18:44:57.0745 7148 Serenum - ok18:44:57.0791 7148 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys18:44:57.0791 7148 Serial - ok18:44:57.0807 7148 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys18:44:57.0807 7148 sermouse - ok18:44:57.0838 7148 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll18:44:57.0854 7148 SessionEnv - ok18:44:57.0869 7148 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys18:44:57.0885 7148 sffdisk - ok18:44:57.0901 7148 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys18:44:57.0901 7148 sffp_mmc - ok18:44:57.0901 7148 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys18:44:57.0901 7148 sffp_sd - ok18:44:57.0947 7148 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys18:44:57.0947 7148 sfloppy - ok18:44:57.0979 7148 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys18:44:57.0994 7148 Sftfs - ok18:44:58.0072 7148 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe18:44:58.0088 7148 sftlist - ok18:44:58.0119 7148 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys18:44:58.0119 7148 Sftplay - ok18:44:58.0166 7148 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys18:44:58.0166 7148 Sftredir - ok18:44:58.0166 7148 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys18:44:58.0166 7148 Sftvol - ok18:44:58.0197 7148 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe18:44:58.0213 7148 sftvsa - ok18:44:58.0228 7148 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll18:44:58.0244 7148 SharedAccess - ok18:44:58.0275 7148 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll18:44:58.0275 7148 ShellHWDetection - ok18:44:58.0322 7148 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys18:44:58.0322 7148 SiSRaid2 - ok18:44:58.0337 7148 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys18:44:58.0337 7148 SiSRaid4 - ok18:44:58.0369 7148 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys18:44:58.0369 7148 Smb - ok18:44:58.0415 7148 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe18:44:58.0431 7148 SNMPTRAP - ok18:44:58.0431 7148 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys18:44:58.0431 7148 spldr - ok18:44:58.0478 7148 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe18:44:58.0478 7148 Spooler - ok18:44:58.0587 7148 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe18:44:58.0649 7148 sppsvc - ok18:44:58.0681 7148 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll18:44:58.0696 7148 sppuinotify - ok18:44:58.0759 7148 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\windows\System32\Drivers\NAVx64\1403010.016\SRTSP64.SYS18:44:58.0759 7148 SRTSP - ok18:44:58.0774 7148 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\windows\system32\drivers\NAVx64\1403010.016\SRTSPX64.SYS18:44:58.0774 7148 SRTSPX - ok18:44:58.0821 7148 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys18:44:58.0821 7148 srv - ok18:44:58.0852 7148 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys18:44:58.0852 7148 srv2 - ok18:44:58.0899 7148 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS18:44:58.0899 7148 SrvHsfHDA - ok18:44:59.0008 7148 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS18:44:59.0039 7148 SrvHsfV92 - ok18:44:59.0071 7148 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS18:44:59.0086 7148 SrvHsfWinac - ok18:44:59.0117 7148 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys18:44:59.0117 7148 srvnet - ok18:44:59.0149 7148 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll18:44:59.0164 7148 SSDPSRV - ok18:44:59.0180 7148 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll18:44:59.0180 7148 SstpSvc - ok18:44:59.0195 7148 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys18:44:59.0211 7148 stexstor - ok18:44:59.0242 7148 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys18:44:59.0242 7148 StillCam - ok18:44:59.0305 7148 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll18:44:59.0305 7148 stisvc - ok18:44:59.0336 7148 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys18:44:59.0336 7148 swenum - ok18:44:59.0367 7148 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll18:44:59.0383 7148 swprv - ok18:44:59.0414 7148 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\windows\system32\drivers\NAVx64\1403010.016\SYMDS64.SYS18:44:59.0429 7148 SymDS - ok18:44:59.0461 7148 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\windows\system32\drivers\NAVx64\1403010.016\SYMEFA64.SYS18:44:59.0476 7148 SymEFA - ok18:44:59.0523 7148 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS18:44:59.0523 7148 SymEvent - ok18:44:59.0570 7148 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\windows\system32\drivers\NAVx64\1403010.016\Ironx64.SYS18:44:59.0570 7148 SymIRON - ok18:44:59.0601 7148 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\windows\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS18:44:59.0601 7148 SymNetS - ok18:44:59.0648 7148 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys18:44:59.0648 7148 SynTP - ok18:44:59.0710 7148 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll18:44:59.0726 7148 SysMain - ok18:44:59.0757 7148 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll18:44:59.0757 7148 TabletInputService - ok18:44:59.0773 7148 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll18:44:59.0773 7148 TapiSrv - ok18:44:59.0788 7148 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll18:44:59.0788 7148 TBS - ok18:44:59.0882 7148 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys18:44:59.0897 7148 Tcpip - ok18:44:59.0960 7148 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys18:44:59.0960 7148 TCPIP6 - ok18:45:00.0007 7148 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys18:45:00.0007 7148 tcpipreg - ok18:45:00.0038 7148 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys18:45:00.0038 7148 tdcmdpst - ok18:45:00.0069 7148 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys18:45:00.0069 7148 TDPIPE - ok18:45:00.0100 7148 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys18:45:00.0100 7148 TDTCP - ok18:45:00.0147 7148 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys18:45:00.0147 7148 tdx - ok18:45:00.0178 7148 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys18:45:00.0178 7148 TermDD - ok18:45:00.0194 7148 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll18:45:00.0209 7148 TermService - ok18:45:00.0241 7148 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll18:45:00.0241 7148 Themes - ok18:45:00.0272 7148 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll18:45:00.0272 7148 THREADORDER - ok18:45:00.0334 7148 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe18:45:00.0334 7148 TMachInfo - ok18:45:00.0365 7148 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe18:45:00.0365 7148 TODDSrv - ok18:45:00.0459 7148 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe18:45:00.0459 7148 TosCoSrv - ok18:45:00.0506 7148 [ 2AB7A4697462EDB0C9DFAFC529746BA9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe18:45:00.0506 7148 TOSHIBA eco Utility Service - ok18:45:00.0568 7148 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe18:45:00.0568 7148 TOSHIBA HDD SSD Alert Service - ok18:45:00.0615 7148 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe18:45:00.0631 7148 TPCHSrv - ok18:45:00.0662 7148 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll18:45:00.0662 7148 TrkWks - ok18:45:00.0709 7148 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe18:45:00.0724 7148 TrustedInstaller - ok18:45:00.0755 7148 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys18:45:00.0755 7148 tssecsrv - ok18:45:00.0771 7148 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys18:45:00.0771 7148 TsUsbFlt - ok18:45:00.0833 7148 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys18:45:00.0833 7148 tunnel - ok18:45:00.0849 7148 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS18:45:00.0865 7148 TVALZ - ok18:45:00.0896 7148 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys18:45:00.0896 7148 TVALZFL - ok18:45:00.0927 7148 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys18:45:00.0927 7148 uagp35 - ok18:45:00.0958 7148 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys18:45:00.0958 7148 udfs - ok18:45:01.0005 7148 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe18:45:01.0005 7148 UI0Detect - ok18:45:01.0036 7148 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys18:45:01.0036 7148 uliagpkx - ok18:45:01.0067 7148 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys18:45:01.0067 7148 umbus - ok18:45:01.0114 7148 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys18:45:01.0114 7148 UmPass - ok18:45:01.0130 7148 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll18:45:01.0145 7148 upnphost - ok18:45:01.0161 7148 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys18:45:01.0161 7148 usbccgp - ok18:45:01.0208 7148 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys18:45:01.0208 7148 usbcir - ok18:45:01.0223 7148 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys18:45:01.0239 7148 usbehci - ok18:45:01.0255 7148 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys18:45:01.0255 7148 usbhub - ok18:45:01.0286 7148 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys18:45:01.0286 7148 usbohci - ok18:45:01.0317 7148 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys18:45:01.0317 7148 usbprint - ok18:45:01.0348 7148 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS18:45:01.0348 7148 USBSTOR - ok18:45:01.0364 7148 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys18:45:01.0364 7148 usbuhci - ok18:45:01.0426 7148 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys18:45:01.0426 7148 usbvideo - ok18:45:01.0457 7148 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll18:45:01.0457 7148 UxSms - ok18:45:01.0473 7148 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe18:45:01.0473 7148 VaultSvc - ok18:45:01.0489 7148 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys18:45:01.0489 7148 vdrvroot - ok18:45:01.0535 7148 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe18:45:01.0535 7148 vds - ok18:45:01.0567 7148 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys18:45:01.0582 7148 vga - ok18:45:01.0598 7148 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys18:45:01.0598 7148 VgaSave - ok18:45:01.0629 7148 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys18:45:01.0629 7148 vhdmp - ok18:45:01.0645 7148 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys18:45:01.0645 7148 viaide - ok18:45:01.0676 7148 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys18:45:01.0676 7148 volmgr - ok18:45:01.0707 7148 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys18:45:01.0723 7148 volmgrx - ok18:45:01.0738 7148 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys18:45:01.0738 7148 volsnap - ok18:45:01.0785 7148 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys18:45:01.0785 7148 vsmraid - ok18:45:01.0863 7148 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe18:45:01.0879 7148 VSS - ok18:45:02.0003 7148 [ F1E8C5167F849D1089D8108C50E6FF11 ] vToolbarUpdater15.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe18:45:02.0003 7148 vToolbarUpdater15.2.0 - ok18:45:02.0019 7148 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys18:45:02.0019 7148 vwifibus - ok18:45:02.0050 7148 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys18:45:02.0050 7148 vwififlt - ok18:45:02.0081 7148 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys18:45:02.0081 7148 vwifimp - ok18:45:02.0128 7148 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll18:45:02.0128 7148 W32Time - ok18:45:02.0144 7148 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys18:45:02.0159 7148 WacomPen - ok18:45:02.0206 7148 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys18:45:02.0206 7148 WANARP - ok18:45:02.0206 7148 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys18:45:02.0206 7148 Wanarpv6 - ok18:45:02.0269 7148 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe18:45:02.0284 7148 WatAdminSvc - ok18:45:02.0347 7148 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe18:45:02.0362 7148 wbengine - ok18:45:02.0393 7148 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll18:45:02.0393 7148 WbioSrvc - ok18:45:02.0425 7148 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll18:45:02.0425 7148 wcncsvc - ok18:45:02.0440 7148 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll18:45:02.0440 7148 WcsPlugInService - ok18:45:02.0471 7148 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys18:45:02.0471 7148 Wd - ok18:45:02.0518 7148 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys18:45:02.0518 7148 Wdf01000 - ok18:45:02.0534 7148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll18:45:02.0534 7148 WdiServiceHost - ok18:45:02.0549 7148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll18:45:02.0549 7148 WdiSystemHost - ok18:45:02.0581 7148 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll18:45:02.0596 7148 WebClient - ok18:45:02.0612 7148 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll18:45:02.0612 7148 Wecsvc - ok18:45:02.0627 7148 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll18:45:02.0627 7148 wercplsupport - ok18:45:02.0659 7148 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll18:45:02.0659 7148 WerSvc - ok18:45:02.0705 7148 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys18:45:02.0705 7148 WfpLwf - ok18:45:02.0721 7148 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys18:45:02.0721 7148 WIMMount - ok18:45:02.0737 7148 WinDefend - ok18:45:02.0752 7148 WinHttpAutoProxySvc - ok18:45:02.0815 7148 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll18:45:02.0815 7148 Winmgmt - ok18:45:02.0877 7148 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll18:45:02.0908 7148 WinRM - ok18:45:02.0939 7148 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys18:45:02.0939 7148 WinUsb - ok18:45:02.0986 7148 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll18:45:02.0986 7148 Wlansvc - ok18:45:03.0064 7148 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe18:45:03.0064 7148 wlcrasvc - ok18:45:03.0236 7148 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE18:45:03.0236 7148 wlidsvc - ok18:45:03.0267 7148 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys18:45:03.0267 7148 WmiAcpi - ok18:45:03.0298 7148 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe18:45:03.0298 7148 wmiApSrv - ok18:45:03.0329 7148 WMPNetworkSvc - ok18:45:03.0361 7148 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll18:45:03.0361 7148 WPCSvc - ok18:45:03.0392 7148 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll18:45:03.0392 7148 WPDBusEnum - ok18:45:03.0423 7148 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys18:45:03.0423 7148 ws2ifsl - ok18:45:03.0454 7148 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll18:45:03.0454 7148 wscsvc - ok18:45:03.0485 7148 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys18:45:03.0485 7148 WSDPrintDevice - ok18:45:03.0517 7148 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys18:45:03.0517 7148 WSDScan - ok18:45:03.0517 7148 WSearch - ok18:45:03.0610 7148 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll18:45:03.0626 7148 wuauserv - ok18:45:03.0657 7148 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys18:45:03.0657 7148 WudfPf - ok18:45:03.0688 7148 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys18:45:03.0688 7148 WUDFRd - ok18:45:03.0704 7148 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll18:45:03.0704 7148 wudfsvc - ok18:45:03.0735 7148 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll18:45:03.0735 7148 WwanSvc - ok18:45:03.0797 7148 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe18:45:03.0797 7148 YahooAUService - ok18:45:03.0813 7148 ================ Scan global ===============================18:45:03.0844 7148 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll18:45:03.0891 7148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll18:45:03.0891 7148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll18:45:03.0922 7148 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll18:45:03.0938 7148 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe18:45:03.0953 7148 [Global] - ok18:45:03.0953 7148 ================ Scan MBR ==================================18:45:03.0969 7148 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR018:45:04.0203 7148 \Device\Harddisk0\DR0 - ok18:45:04.0203 7148 ================ Scan VBR ==================================18:45:04.0219 7148 [ E84FB94F82240DED7D83C719FB1F0514 ] \Device\Harddisk0\DR0\Partition118:45:04.0219 7148 \Device\Harddisk0\DR0\Partition1 - ok18:45:04.0219 7148 ============================================================18:45:04.0219 7148 Scan finished18:45:04.0219 7148 ============================================================18:45:04.0234 6312 Detected object count: 018:45:04.0234 6312 Actual detected object count: 018:46:02.0173 8112 Deinitialize success Link to post Share on other sites More sharing options...
mrrumme1125 Posted May 24, 2013 Author ID:683131 Share Posted May 24, 2013 2.)Malwarebytes Anti-Rootkit BETA 1.05.0.1001www.malwarebytes.orgDatabase version: v2013.03.22.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16576MrsRumme1125 :: MRSRUMME1125-PC [administrator]5/23/2013 7:09:33 PMmbar-log-2013-05-23 (19-09-33).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 30738Time elapsed: 21 minute(s), 1 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)3.)---------------------------------------Malwarebytes Anti-Rootkit BETA 1.05.0.1001© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16576File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.393000 GHzMemory total: 4016951296, free: 2199990272------------ Kernel report ------------ 05/23/2013 18:48:21------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\NAVx64\1403010.016\SYMDS64.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\NAVx64\1403010.016\SYMEFA64.SYS\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\TVALZ_O.SYS\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\system32\drivers\NAVx64\1403010.016\ccSetx64.sys\SystemRoot\System32\Drivers\NAVx64\1403010.016\SRTSP64.SYS\SystemRoot\system32\drivers\NAVx64\1403010.016\SRTSPX64.SYS\SystemRoot\system32\drivers\NAVx64\1403010.016\Ironx64.SYS\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\windows\system32\drivers\avgtpx64.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130522.001\IDSvia64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130515.001\BHDrvx64.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\rtl8192Ce.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\tdcmdpst.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\TVALZFL.sys\SystemRoot\system32\DRIVERS\QIOMem.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\CHDRT64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\dc3d.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\point64.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\??\C:\windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130523.003\EX64.SYS\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130523.003\ENG64.SYS\SystemRoot\system32\DRIVERS\WSDPrint.sys\SystemRoot\system32\DRIVERS\WSDScan.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\msctf.dll\Windows\System32\shell32.dll\Windows\System32\comdlg32.dll\Windows\System32\advapi32.dll\Windows\System32\normaliz.dll\Windows\System32\wininet.dll\Windows\System32\gdi32.dll\Windows\System32\rpcrt4.dll\Windows\System32\imm32.dll\Windows\System32\imagehlp.dll\Windows\System32\setupapi.dll\Windows\System32\clbcatq.dll\Windows\System32\iertutil.dll\Windows\System32\difxapi.dll\Windows\System32\kernel32.dll\Windows\System32\user32.dll\Windows\System32\sechost.dll\Windows\System32\lpk.dll\Windows\System32\usp10.dll\Windows\System32\ws2_32.dll\Windows\System32\shlwapi.dll\Windows\System32\nsi.dll\Windows\System32\ole32.dll\Windows\System32\oleaut32.dll\Windows\System32\urlmon.dll\Windows\System32\psapi.dll\Windows\System32\msvcrt.dll\Windows\System32\Wldap32.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\wintrust.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004341700Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xfffffa8003e20060Lower Device Driver Name: \Driver\atapi\Driver name found: atapiInitialization returned 0x0Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)Load Function returned 0x0Initializing...Done!<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004341700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004342040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004341700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8003e20060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0xfffff8a00eb55680, 0xfffffa8004341700, 0xfffffa8005fb8790Lower DeviceData: 0xfffff8a012b4acd0, 0xfffffa8003e20060, 0xfffffa80053ff6b0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 764E929FPartition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 3074048 Numsec = 949118976 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 952193024 Numsec = 24580096 Partition is not bootableHidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Performing system, memory and registry scan...Read File: File "c:\ProgramData\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}\Best Buy pc app Setup.dat" is compressed (flags = 1)Read File: File "c:\ProgramData\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}\instance.dat" is compressed (flags = 1)Read File: File "c:\ProgramData\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}\Best Buy pc app Setup.dat" is compressed (flags = 1)Read File: File "c:\ProgramData\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}\instance.dat" is compressed (flags = 1)Done!Scan finished=======================================4.)ComboFix 13-05-23.02 - MrsRumme1125 05/23/2013 19:19:04.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.2037 [GMT -4:00]Running from: c:\users\MrsRumme1125\Desktop\ComboFix.exeAV: Norton AntiVirus Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Norton AntiVirus Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\security\Database\tmp.edbc:\windows\SysWow64\Cachec:\windows\SysWow64\Cache\075884af680ff6dc.fbc:\windows\SysWow64\Cache\227113dfa1ca894d.fbc:\windows\SysWow64\Cache\49fbbc5a8678d502.fbc:\windows\SysWow64\Cache\5c54eb1a1655b076.fbc:\windows\SysWow64\Cache\613e8ce7ab7106af.fbc:\windows\SysWow64\Cache\633a76311867bd11.fbc:\windows\SysWow64\Cache\691f14230153a9e1.fbc:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fbc:\windows\SysWow64\Cache\7614bd6cfa99e546.fbc:\windows\SysWow64\Cache\77664b6ccc36be9f.fbc:\windows\SysWow64\Cache\881b3593316772f0.fbc:\windows\SysWow64\Cache\8aad08ae64f27eed.fbc:\windows\SysWow64\Cache\98657d0579ae1930.fbc:\windows\SysWow64\Cache\c4e10d1be905349b.fbc:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fbc:\windows\SysWow64\Cache\d9ca663388d21ec0.fbc:\windows\SysWow64\Cache\f2cda51fd108941f.fbc:\windows\SysWow64\Cache\f34d8db84131d925.fb..((((((((((((((((((((((((( Files Created from 2013-04-23 to 2013-05-23 )))))))))))))))))))))))))))))))..2013-05-23 23:31 . 2013-05-23 23:31 -------- d-----w- c:\users\Default\AppData\Local\temp2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\Malwarebytes2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\programdata\Malwarebytes2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-05-23 14:36 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\users\MrsRumme1125\AppData\Local\Programs2013-05-23 14:17 . 2013-05-23 14:17 0 ----a-w- c:\windows\SysWow64\sho861E.tmp2013-05-16 07:02 . 2013-04-05 06:50 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-05-15 15:31 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-05-15 00:07 . 2013-05-15 00:07 -------- d-----w- c:\users\MrsRumme1125\AppData\Local\HorizonWimba2013-05-14 16:52 . 2013-05-16 13:22 -------- d-----w- c:\users\MrsRumme1125\AppData\Local\NPE2013-05-13 12:48 . 2013-05-13 12:48 -------- d-----w- c:\program files (x86)\Common Files\Java2013-05-13 12:47 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2013-05-11 00:43 . 2013-05-11 00:43 -------- d-----w- c:\program files (x86)\RAPTOR2013-05-02 18:06 . 2013-05-02 18:08 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\Curse Advertising2013-04-28 14:37 . 2013-04-28 14:38 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment2013-04-28 14:37 . 2013-04-28 14:38 -------- d-----w- c:\programdata\Blizzard Entertainment2013-04-28 14:37 . 2013-04-28 14:37 -------- d-----w- c:\programdata\Battle.net2013-04-28 01:57 . 2013-04-28 01:57 -------- d-----w- c:\program files (x86)\SearchProtect2013-04-28 01:57 . 2013-04-28 03:49 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\SearchProtect2013-04-28 01:48 . 2013-04-28 01:48 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\TuneUp Software2013-04-28 01:48 . 2013-04-28 01:48 -------- d-----w- c:\programdata\TuneUp Software2013-04-28 01:48 . 2013-04-28 01:48 -------- d-s---w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}2013-04-28 01:45 . 2013-04-28 01:50 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\DVDVideoSoft2013-04-28 01:45 . 2013-04-28 01:47 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft2013-04-28 01:45 . 2013-04-28 01:45 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\OpenCandy2013-04-28 01:45 . 2013-04-28 01:48 -------- d-----w- c:\program files (x86)\DVDVideoSoft2013-04-24 13:13 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-20 15:53 . 2013-03-15 22:17 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys2013-05-16 07:13 . 2012-05-26 05:03 75016696 ----a-w- c:\windows\system32\MRT.exe2013-05-15 00:05 . 2012-05-27 03:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-15 00:05 . 2012-05-27 03:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-05-14 16:56 . 2012-08-13 19:07 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-04-13 05:49 . 2013-05-15 15:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 15:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 15:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 15:31 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 15:31 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 15:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-11 14:22 . 2011-06-11 07:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll2013-04-02 08:33 . 2013-04-02 08:35 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll2013-03-19 06:04 . 2013-04-10 13:01 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-19 05:46 . 2013-04-10 13:01 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-03-19 05:04 . 2013-04-10 13:01 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04 . 2013-04-10 13:01 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-03-19 04:47 . 2013-04-10 13:01 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-03-19 03:06 . 2013-04-10 13:01 112640 ----a-w- c:\windows\system32\smss.exe2013-03-14 18:05 . 2013-03-14 18:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-03-14 18:05 . 2013-03-14 18:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-03-14 18:05 . 2013-03-14 18:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-03-14 18:05 . 2013-03-14 18:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-03-14 18:05 . 2013-03-14 18:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-03-14 18:05 . 2013-03-14 18:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-03-14 18:05 . 2013-03-14 18:05 361984 ----a-w- c:\windows\SysWow64\html.iec2013-03-14 18:05 . 2013-03-14 18:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-03-14 18:05 . 2013-03-14 18:05 226304 ----a-w- c:\windows\system32\elshyph.dll2013-03-14 18:05 . 2013-03-14 18:05 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-03-14 18:05 . 2013-03-14 18:05 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-03-14 18:05 . 2013-03-14 18:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-03-14 18:05 . 2013-03-14 18:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-03-14 18:05 . 2013-03-14 18:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-03-14 18:05 . 2013-03-14 18:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-03-14 18:05 . 2013-03-14 18:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-03-14 18:05 . 2013-03-14 18:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-03-14 18:05 . 2013-03-14 18:05 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-03-14 18:05 . 2013-03-14 18:05 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-03-14 18:05 . 2013-03-14 18:05 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-03-14 18:05 . 2013-03-14 18:05 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-03-14 18:05 . 2013-03-14 18:05 81408 ----a-w- c:\windows\system32\icardie.dll2013-03-14 18:05 . 2013-03-14 18:05 77312 ----a-w- c:\windows\system32\tdc.ocx2013-03-14 18:05 . 2013-03-14 18:05 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-03-14 18:05 . 2013-03-14 18:05 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-03-14 18:05 . 2013-03-14 18:05 599552 ----a-w- c:\windows\system32\vbscript.dll2013-03-14 18:05 . 2013-03-14 18:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-03-14 18:05 . 2013-03-14 18:05 51200 ----a-w- c:\windows\system32\imgutil.dll2013-03-14 18:05 . 2013-03-14 18:05 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-03-14 18:05 . 2013-03-14 18:05 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-03-14 18:05 . 2013-03-14 18:05 441856 ----a-w- c:\windows\system32\html.iec2013-03-14 18:05 . 2013-03-14 18:05 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-03-14 18:05 . 2013-03-14 18:05 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-03-14 18:05 . 2013-03-14 18:05 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-03-14 18:05 . 2013-03-14 18:05 247296 ----a-w- c:\windows\system32\webcheck.dll2013-03-14 18:05 . 2013-03-14 18:05 235008 ----a-w- c:\windows\system32\url.dll2013-03-14 18:05 . 2013-03-14 18:05 216064 ----a-w- c:\windows\system32\msls31.dll2013-03-14 18:05 . 2013-03-14 18:05 197120 ----a-w- c:\windows\system32\msrating.dll2013-03-14 18:05 . 2013-03-14 18:05 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-03-14 18:05 . 2013-03-14 18:05 167424 ----a-w- c:\windows\system32\iexpress.exe2013-03-14 18:05 . 2013-03-14 18:05 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-03-14 18:05 . 2013-03-14 18:05 149504 ----a-w- c:\windows\system32\occache.dll2013-03-14 18:05 . 2013-03-14 18:05 144896 ----a-w- c:\windows\system32\wextract.exe2013-03-14 18:05 . 2013-03-14 18:05 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-03-14 18:05 . 2013-03-14 18:05 13824 ----a-w- c:\windows\system32\mshta.exe2013-03-14 18:05 . 2013-03-14 18:05 136192 ----a-w- c:\windows\system32\iepeers.dll2013-03-14 18:05 . 2013-03-14 18:05 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-03-14 18:05 . 2013-03-14 18:05 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-03-14 18:05 . 2013-03-14 18:05 102912 ----a-w- c:\windows\system32\inseng.dll2013-03-14 17:59 . 2012-10-04 08:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-14 17:59 . 2012-05-28 04:58 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440].[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1][HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{74A50311-B85A-462C-B161-9367AF91AC59}]2013-03-15 22:10 78648 ----a-w- c:\users\MrsRumme1125\AppData\Local\getsavin\ie\getsavin_1363385402.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]2013-04-26 18:56 280736 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Spotify Web Helper"="c:\users\MrsRumme1125\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-07 1105408]"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]"Spotify"="c:\users\MrsRumme1125\AppData\Roaming\Spotify\Spotify.exe" [2013-05-07 4573184]"Akamai NetSession Interface"="c:\users\MrsRumme1125\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]"SearchProtect"="c:\users\MrsRumme1125\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]"ReminderApp"="c:\program files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]"CenturyLinkTouchPointAgent"="c:\program files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" [2012-11-09 48056]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-12-13 295072]"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-08 377800]"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-20 1226928]"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"Z1"="c:\users\MrsRumme1125\Desktop\Malware\mbar\mbar.exe" [2013-05-23 1398856].c:\users\MrsRumme1125\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-5-2 0]Dropbox.lnk - c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-26 1255736]R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1403010.016\SYMDS64.SYS [2013-01-22 493656]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-20 45856]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-04-12 1390680]S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1403010.016\ccSetx64.sys [2012-11-16 168096]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130523.001\IDSvia64.sys [2013-01-11 513184]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1403010.016\Ironx64.SYS [2012-11-16 224416]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS [2013-01-31 432800]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2012-08-02 441344]S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-20 1015984]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 62558359*NewlyCreated* - 86134539*Deregistered* - 62558359*Deregistered* - 86134539.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-05-22 17:25 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 00:05].2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 14:09].2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 14:09]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]2013-04-26 18:56 340640 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceFontCache.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://searchab.com/?aff=7&uid=171485d6-4437-11e2-aecf-60eb6980d1f4mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htmIE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htmIE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: genieo.com\yahooTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.2.1Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dllFF - ProfilePath - c:\users\MrsRumme1125\AppData\Roaming\Mozilla\Firefox\Profiles\n2ootddc.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN30774649677744828&UM=2&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - entrusted Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN30774649677744828&UM=2&UP=SPFBB48C03-BE0A-4A71-8368-FB5374ABA943FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN30774649677744828&UM=2&q=FF - ExtSQL: 2013-04-27 21:46; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ffFF - ExtSQL: 2013-04-27 21:57; {e44a1809-4d10-4ab8-b343-3326b64c7cdd}; c:\users\MrsRumme1125\AppData\Roaming\Mozilla\Firefox\Profiles\n2ootddc.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}FF - user.js: extentions.y2layers.installId - 82982438-c38e-476a-b2fa-40a50b370fc2FF - user.js: extentions.y2layers.defaultEnableAppsList - easyinline,YontooNewOffersFF - user.js: extensions.autoDisableScopes - 14.- - - - ORPHANS REMOVED - - - -.BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)Toolbar-Locked - (no file)Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files (x86)\Coupons.com CouponBar\tbcore3.dllToolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exeWow6432Node-HKLM-Run-<NO NAME> - (no file)Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeHKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEHKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exeHKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exeHKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exeHKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exeHKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exeHKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exeHKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exeAddRemove-Installation Assistant - c:\program files (x86)\Installation Assistant\Uninstall.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2678032144-211938022-1408486185-1000\Software\SecuROM\License information*]"datasecu"=hex:ea,53,41,b7,b8,20,65,64,44,10,a6,df,6b,4d,75,49,95,73,67,c7,58, 23,3a,8a,b7,a5,db,46,20,62,b9,ad,9e,ec,a5,fd,e0,c0,fa,fa,66,a9,5a,04,c9,d1,\"rkeysecu"=hex:ca,17,25,4a,5a,62,92,58,76,7d,30,ef,9f,79,1e,c3.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-05-23 19:38:17ComboFix-quarantined-files.txt 2013-05-23 23:38.Pre-Run: 411,569,684,480 bytes freePost-Run: 413,345,386,496 bytes free.- - End Of File - - E97A08D2396C84C764137AAEE4B250075.)Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:``````````````Windows Firewall Enabled! Norton AntiVirus Online WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:`````````Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader XI Mozilla Firefox 20.0.1 Firefox out of Date! Google Chrome 26.0.1410.64 Google Chrome 27.0.1453.93 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exeMalwarebytes Anti-Malware mbamservice.exe Norton AntiVirus Engine 20.3.1.22 ccSvcHst.exeMalwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check`````````````````Total Fragmentation on Drive C: 2%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 24, 2013 ID:683135 Share Posted May 24, 2013 Please do the following:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:KILLALL::Driver::6255835986134539File::c:\windows\system32\drivers\62558359.sysc:\windows\system32\drivers\86134539.sysFirefox::FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN30774649677744828&UM=2&SearchSource=3&q={searchTerms}FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN30774649677744828&UM=2&UP=SPFBB48C03-BE0A-4A71-8368-FB5374ABA943FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN30774649677744828&UM=2&q= FF - user.js: extentions.y2layers.defaultEnableAppsList - easyinline,YontooNewOffersReboot::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now Link to post Share on other sites More sharing options...
mrrumme1125 Posted May 24, 2013 Author ID:683156 Share Posted May 24, 2013 Here is the report but had a problem. When the computer restarted it generated the report for me so i saved it. After i saved it the computer crashed and then did an automatic system restore to an earlier time. Is there any reason why this would have happened? ComboFix 13-05-23.02 - MrsRumme1125 05/23/2013 21:04:59.2.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1669 [GMT -4:00]Running from: c:\users\MrsRumme1125\Desktop\Malware\ComboFix.exeCommand switches used :: c:\users\MrsRumme1125\Desktop\Malware\CFScript.txtAV: Norton AntiVirus Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Norton AntiVirus Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\windows\system32\drivers\62558359.sys""c:\windows\system32\drivers\86134539.sys"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_62558359-------\Legacy_86134539..((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))..2013-05-24 01:12 . 2013-05-24 01:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2013-05-24 01:12 . 2013-05-24 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\Malwarebytes2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\programdata\Malwarebytes2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-05-23 14:36 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\users\MrsRumme1125\AppData\Local\Programs2013-05-23 14:17 . 2013-05-23 14:17 0 ----a-w- c:\windows\SysWow64\sho861E.tmp2013-05-16 07:02 . 2013-04-05 06:50 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-05-15 15:31 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-05-15 00:07 . 2013-05-15 00:07 -------- d-----w- c:\users\MrsRumme1125\AppData\Local\HorizonWimba2013-05-14 16:52 . 2013-05-16 13:22 -------- d-----w- c:\users\MrsRumme1125\AppData\Local\NPE2013-05-13 12:48 . 2013-05-13 12:48 -------- d-----w- c:\program files (x86)\Common Files\Java2013-05-13 12:47 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2013-05-11 00:43 . 2013-05-11 00:43 -------- d-----w- c:\program files (x86)\RAPTOR2013-05-02 18:06 . 2013-05-02 18:08 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\Curse Advertising2013-04-28 14:37 . 2013-04-28 14:38 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment2013-04-28 14:37 . 2013-04-28 14:38 -------- d-----w- c:\programdata\Blizzard Entertainment2013-04-28 14:37 . 2013-04-28 14:37 -------- d-----w- c:\programdata\Battle.net2013-04-28 01:57 . 2013-04-28 01:57 -------- d-----w- c:\program files (x86)\SearchProtect2013-04-28 01:57 . 2013-04-28 03:49 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\SearchProtect2013-04-28 01:48 . 2013-04-28 01:48 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\TuneUp Software2013-04-28 01:48 . 2013-04-28 01:48 -------- d-----w- c:\programdata\TuneUp Software2013-04-28 01:48 . 2013-04-28 01:48 -------- d-s---w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}2013-04-28 01:45 . 2013-04-28 01:50 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\DVDVideoSoft2013-04-28 01:45 . 2013-04-28 01:47 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft2013-04-28 01:45 . 2013-04-28 01:45 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\OpenCandy2013-04-28 01:45 . 2013-04-28 01:48 -------- d-----w- c:\program files (x86)\DVDVideoSoft2013-04-24 13:13 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-20 15:53 . 2013-03-15 22:17 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys2013-05-16 07:13 . 2012-05-26 05:03 75016696 ----a-w- c:\windows\system32\MRT.exe2013-05-15 00:05 . 2012-05-27 03:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-15 00:05 . 2012-05-27 03:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-05-14 16:56 . 2012-08-13 19:07 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-04-13 05:49 . 2013-05-15 15:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 15:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 15:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 15:31 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 15:31 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 15:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-11 14:22 . 2011-06-11 07:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll2013-04-02 08:33 . 2013-04-02 08:35 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll2013-03-19 06:04 . 2013-04-10 13:01 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-19 05:46 . 2013-04-10 13:01 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-03-19 05:04 . 2013-04-10 13:01 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04 . 2013-04-10 13:01 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-03-19 04:47 . 2013-04-10 13:01 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-03-19 03:06 . 2013-04-10 13:01 112640 ----a-w- c:\windows\system32\smss.exe2013-03-14 18:05 . 2013-03-14 18:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-03-14 18:05 . 2013-03-14 18:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-03-14 18:05 . 2013-03-14 18:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-03-14 18:05 . 2013-03-14 18:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-03-14 18:05 . 2013-03-14 18:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-03-14 18:05 . 2013-03-14 18:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-03-14 18:05 . 2013-03-14 18:05 361984 ----a-w- c:\windows\SysWow64\html.iec2013-03-14 18:05 . 2013-03-14 18:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-03-14 18:05 . 2013-03-14 18:05 226304 ----a-w- c:\windows\system32\elshyph.dll2013-03-14 18:05 . 2013-03-14 18:05 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-03-14 18:05 . 2013-03-14 18:05 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-03-14 18:05 . 2013-03-14 18:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-03-14 18:05 . 2013-03-14 18:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-03-14 18:05 . 2013-03-14 18:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-03-14 18:05 . 2013-03-14 18:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-03-14 18:05 . 2013-03-14 18:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-03-14 18:05 . 2013-03-14 18:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-03-14 18:05 . 2013-03-14 18:05 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-03-14 18:05 . 2013-03-14 18:05 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-03-14 18:05 . 2013-03-14 18:05 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-03-14 18:05 . 2013-03-14 18:05 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-03-14 18:05 . 2013-03-14 18:05 81408 ----a-w- c:\windows\system32\icardie.dll2013-03-14 18:05 . 2013-03-14 18:05 77312 ----a-w- c:\windows\system32\tdc.ocx2013-03-14 18:05 . 2013-03-14 18:05 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-03-14 18:05 . 2013-03-14 18:05 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-03-14 18:05 . 2013-03-14 18:05 599552 ----a-w- c:\windows\system32\vbscript.dll2013-03-14 18:05 . 2013-03-14 18:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-03-14 18:05 . 2013-03-14 18:05 51200 ----a-w- c:\windows\system32\imgutil.dll2013-03-14 18:05 . 2013-03-14 18:05 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-03-14 18:05 . 2013-03-14 18:05 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-03-14 18:05 . 2013-03-14 18:05 441856 ----a-w- c:\windows\system32\html.iec2013-03-14 18:05 . 2013-03-14 18:05 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-03-14 18:05 . 2013-03-14 18:05 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-03-14 18:05 . 2013-03-14 18:05 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-03-14 18:05 . 2013-03-14 18:05 247296 ----a-w- c:\windows\system32\webcheck.dll2013-03-14 18:05 . 2013-03-14 18:05 235008 ----a-w- c:\windows\system32\url.dll2013-03-14 18:05 . 2013-03-14 18:05 216064 ----a-w- c:\windows\system32\msls31.dll2013-03-14 18:05 . 2013-03-14 18:05 197120 ----a-w- c:\windows\system32\msrating.dll2013-03-14 18:05 . 2013-03-14 18:05 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-03-14 18:05 . 2013-03-14 18:05 167424 ----a-w- c:\windows\system32\iexpress.exe2013-03-14 18:05 . 2013-03-14 18:05 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-03-14 18:05 . 2013-03-14 18:05 149504 ----a-w- c:\windows\system32\occache.dll2013-03-14 18:05 . 2013-03-14 18:05 144896 ----a-w- c:\windows\system32\wextract.exe2013-03-14 18:05 . 2013-03-14 18:05 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-03-14 18:05 . 2013-03-14 18:05 13824 ----a-w- c:\windows\system32\mshta.exe2013-03-14 18:05 . 2013-03-14 18:05 136192 ----a-w- c:\windows\system32\iepeers.dll2013-03-14 18:05 . 2013-03-14 18:05 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-03-14 18:05 . 2013-03-14 18:05 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-03-14 18:05 . 2013-03-14 18:05 102912 ----a-w- c:\windows\system32\inseng.dll2013-03-14 17:59 . 2012-10-04 08:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-14 17:59 . 2012-05-28 04:58 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440].[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1][HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{74A50311-B85A-462C-B161-9367AF91AC59}]2013-03-15 22:10 78648 ----a-w- c:\users\MrsRumme1125\AppData\Local\getsavin\ie\getsavin_1363385402.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]2013-04-26 18:56 280736 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [bU].[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}][HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3][HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}][HKEY_CLASSES_ROOT\TBSB07898.TBSB07898].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Spotify Web Helper"="c:\users\MrsRumme1125\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-07 1105408]"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]"Spotify"="c:\users\MrsRumme1125\AppData\Roaming\Spotify\Spotify.exe" [2013-05-07 4573184]"Akamai NetSession Interface"="c:\users\MrsRumme1125\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]"SearchProtect"="c:\users\MrsRumme1125\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]"ReminderApp"="c:\program files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]"CenturyLinkTouchPointAgent"="c:\program files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" [2012-11-09 48056]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-12-13 295072]"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-08 377800]"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-20 1226928]"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].c:\users\MrsRumme1125\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-5-2 0]Dropbox.lnk - c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-26 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1403010.016\SYMDS64.SYS [2013-01-22 493656]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-20 45856]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-04-12 1390680]S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1403010.016\ccSetx64.sys [2012-11-16 168096]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130523.001\IDSvia64.sys [2013-01-11 513184]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1403010.016\Ironx64.SYS [2012-11-16 224416]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS [2013-01-31 432800]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2012-08-02 441344]S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-20 1015984]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-05-22 17:25 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 00:05].2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 14:09].2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 14:09]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]2013-04-26 18:56 340640 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceFontCache.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://searchab.com/?aff=7&uid=171485d6-4437-11e2-aecf-60eb6980d1f4mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htmIE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htmIE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: genieo.com\yahooTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.2.1Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dllFF - ProfilePath - c:\users\MrsRumme1125\AppData\Roaming\Mozilla\Firefox\Profiles\n2ootddc.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN30774649677744828&UM=2&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - entrusted Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN30774649677744828&UM=2&UP=SPFBB48C03-BE0A-4A71-8368-FB5374ABA943FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN30774649677744828&UM=2&q=FF - ExtSQL: 2013-04-27 21:46; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ffFF - ExtSQL: 2013-04-27 21:57; {e44a1809-4d10-4ab8-b343-3326b64c7cdd}; c:\users\MrsRumme1125\AppData\Roaming\Mozilla\Firefox\Profiles\n2ootddc.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}FF - user.js: extentions.y2layers.installId - 82982438-c38e-476a-b2fa-40a50b370fc2FF - user.js: extentions.y2layers.defaultEnableAppsList - easyinline,YontooNewOffersFF - user.js: extensions.autoDisableScopes - 14.- - - - ORPHANS REMOVED - - - -.BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)Toolbar-Locked - (no file)Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-Installation Assistant - c:\program files (x86)\Installation Assistant\Uninstall.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2678032144-211938022-1408486185-1000\Software\SecuROM\License information*]"datasecu"=hex:ea,53,41,b7,b8,20,65,64,44,10,a6,df,6b,4d,75,49,95,73,67,c7,58, 23,3a,8a,b7,a5,db,46,20,62,b9,ad,9e,ec,a5,fd,e0,c0,fa,fa,66,a9,5a,04,c9,d1,\"rkeysecu"=hex:ca,17,25,4a,5a,62,92,58,76,7d,30,ef,9f,79,1e,c3.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\Common Files\Motive\McciCMService.exec:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe.**************************************************************************.Completion time: 2013-05-23 21:20:30 - machine was rebootedComboFix-quarantined-files.txt 2013-05-24 01:20ComboFix2.txt 2013-05-23 23:38.Pre-Run: 413,172,994,048 bytes freePost-Run: 412,929,437,696 bytes free.- - End Of File - - 4CC97268BA10E5E4E43CC8CF663563E1 Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 24, 2013 ID:683159 Share Posted May 24, 2013 Here is the report but had a problem. When the computer restarted it generated the report for me so i saved it. After i saved it the computer crashed and then did an automatic system restore to an earlier time. Is there any reason why this would have happened?That's strange... I suspect it is malware-related. Please go ahead and run ComboFix again (forget about the script for now, just run it normally).Afterwards, please run the following scan as well:We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Change the "Extra Registry" option to "SafeList"[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized Link to post Share on other sites More sharing options...
mrrumme1125 Posted May 24, 2013 Author ID:683171 Share Posted May 24, 2013 Well i ran into another problem now....when i try ot run either program it will sart running and then will go to not responding and i have to force quit the programs. What should i do now? Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 24, 2013 ID:683172 Share Posted May 24, 2013 Try running RKill before you run ComboFix and OTL...Please download Rkill by Grinler from one of these links:Rkill.exeRkill.comRkill.scrRkill.pifSave Rkill to your Desktop. Double-click on Rkill to run it. Note: If the first one does not run successfully, download and try the other copies (with a different file extension) and see if one of them will run. Once Rkill has successfully run, run those other programs.If that doesn't work, try running the programs from Safe Mode. Link to post Share on other sites More sharing options...
mrrumme1125 Posted May 24, 2013 Author ID:683177 Share Posted May 24, 2013 That worked for me to be able to run the ComboFix program and this is the report from it. When i try to run OTL as an administrator it gets to scanning firefox setting then times out and goes to not responding and i have to force quit it. Any suggestions as to why this is happening? ComboFix 13-05-23.02 - MrsRumme1125 05/23/2013 22:47:35.2.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1854 [GMT -4:00]Running from: c:\users\MrsRumme1125\Desktop\ComboFix.exeAV: Norton AntiVirus Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Norton AntiVirus Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\security\Database\tmp.edbc:\windows\SysWow64\Cachec:\windows\SysWow64\Cache\075884af680ff6dc.fbc:\windows\SysWow64\Cache\227113dfa1ca894d.fbc:\windows\SysWow64\Cache\49fbbc5a8678d502.fbc:\windows\SysWow64\Cache\5c54eb1a1655b076.fbc:\windows\SysWow64\Cache\613e8ce7ab7106af.fbc:\windows\SysWow64\Cache\633a76311867bd11.fbc:\windows\SysWow64\Cache\691f14230153a9e1.fbc:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fbc:\windows\SysWow64\Cache\7614bd6cfa99e546.fbc:\windows\SysWow64\Cache\77664b6ccc36be9f.fbc:\windows\SysWow64\Cache\881b3593316772f0.fbc:\windows\SysWow64\Cache\8aad08ae64f27eed.fbc:\windows\SysWow64\Cache\98657d0579ae1930.fbc:\windows\SysWow64\Cache\c4e10d1be905349b.fbc:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fbc:\windows\SysWow64\Cache\d9ca663388d21ec0.fbc:\windows\SysWow64\Cache\f2cda51fd108941f.fbc:\windows\SysWow64\Cache\f34d8db84131d925.fb..((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))..2013-05-24 02:56 . 2013-05-24 02:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2013-05-24 02:56 . 2013-05-24 02:56 -------- d-----w- c:\users\Default\AppData\Local\temp2013-05-24 02:56 . 2013-05-24 02:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\Malwarebytes2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\programdata\Malwarebytes2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-05-23 14:36 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-05-23 14:36 . 2013-05-23 14:36 -------- d-----w- c:\users\MrsRumme1125\AppData\Local\Programs2013-05-23 14:17 . 2013-05-23 14:17 0 ----a-w- c:\windows\SysWow64\sho861E.tmp2013-05-16 07:02 . 2013-04-05 06:50 2647552 ----a-w- c:\windows\system32\iertutil.dll2013-05-15 15:31 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-05-15 00:07 . 2013-05-15 00:07 -------- d-----w- c:\users\MrsRumme1125\AppData\Local\HorizonWimba2013-05-14 16:52 . 2013-05-16 13:22 -------- d-----w- c:\users\MrsRumme1125\AppData\Local\NPE2013-05-13 12:48 . 2013-05-13 12:48 -------- d-----w- c:\program files (x86)\Common Files\Java2013-05-13 12:47 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2013-05-11 00:43 . 2013-05-11 00:43 -------- d-----w- c:\program files (x86)\RAPTOR2013-05-02 18:06 . 2013-05-02 18:08 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\Curse Advertising2013-04-28 14:37 . 2013-04-28 14:38 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment2013-04-28 14:37 . 2013-04-28 14:38 -------- d-----w- c:\programdata\Blizzard Entertainment2013-04-28 14:37 . 2013-04-28 14:37 -------- d-----w- c:\programdata\Battle.net2013-04-28 01:57 . 2013-04-28 01:57 -------- d-----w- c:\program files (x86)\SearchProtect2013-04-28 01:57 . 2013-04-28 03:49 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\SearchProtect2013-04-28 01:48 . 2013-04-28 01:48 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\TuneUp Software2013-04-28 01:48 . 2013-04-28 01:48 -------- d-----w- c:\programdata\TuneUp Software2013-04-28 01:48 . 2013-04-28 01:48 -------- d-s---w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}2013-04-28 01:45 . 2013-04-28 01:50 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\DVDVideoSoft2013-04-28 01:45 . 2013-04-28 01:47 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft2013-04-28 01:45 . 2013-04-28 01:45 -------- d-----w- c:\users\MrsRumme1125\AppData\Roaming\OpenCandy2013-04-28 01:45 . 2013-04-28 01:48 -------- d-----w- c:\program files (x86)\DVDVideoSoft2013-04-24 13:13 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-20 15:53 . 2013-03-15 22:17 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys2013-05-16 07:13 . 2012-05-26 05:03 75016696 ----a-w- c:\windows\system32\MRT.exe2013-05-15 00:05 . 2012-05-27 03:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-15 00:05 . 2012-05-27 03:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-05-14 16:56 . 2012-08-13 19:07 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-04-13 05:49 . 2013-05-15 15:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 15:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 15:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 15:31 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 15:31 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 15:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-11 14:22 . 2011-06-11 07:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll2013-04-02 08:33 . 2013-04-02 08:35 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll2013-03-19 06:04 . 2013-04-10 13:01 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-19 05:46 . 2013-04-10 13:01 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-03-19 05:04 . 2013-04-10 13:01 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04 . 2013-04-10 13:01 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-03-19 04:47 . 2013-04-10 13:01 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-03-19 03:06 . 2013-04-10 13:01 112640 ----a-w- c:\windows\system32\smss.exe2013-03-14 18:05 . 2013-03-14 18:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-03-14 18:05 . 2013-03-14 18:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-03-14 18:05 . 2013-03-14 18:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-03-14 18:05 . 2013-03-14 18:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-03-14 18:05 . 2013-03-14 18:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-03-14 18:05 . 2013-03-14 18:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-03-14 18:05 . 2013-03-14 18:05 361984 ----a-w- c:\windows\SysWow64\html.iec2013-03-14 18:05 . 2013-03-14 18:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-03-14 18:05 . 2013-03-14 18:05 226304 ----a-w- c:\windows\system32\elshyph.dll2013-03-14 18:05 . 2013-03-14 18:05 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-03-14 18:05 . 2013-03-14 18:05 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-03-14 18:05 . 2013-03-14 18:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-03-14 18:05 . 2013-03-14 18:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-03-14 18:05 . 2013-03-14 18:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-03-14 18:05 . 2013-03-14 18:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-03-14 18:05 . 2013-03-14 18:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-03-14 18:05 . 2013-03-14 18:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-03-14 18:05 . 2013-03-14 18:05 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-03-14 18:05 . 2013-03-14 18:05 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-03-14 18:05 . 2013-03-14 18:05 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-03-14 18:05 . 2013-03-14 18:05 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-03-14 18:05 . 2013-03-14 18:05 81408 ----a-w- c:\windows\system32\icardie.dll2013-03-14 18:05 . 2013-03-14 18:05 77312 ----a-w- c:\windows\system32\tdc.ocx2013-03-14 18:05 . 2013-03-14 18:05 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-03-14 18:05 . 2013-03-14 18:05 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-03-14 18:05 . 2013-03-14 18:05 599552 ----a-w- c:\windows\system32\vbscript.dll2013-03-14 18:05 . 2013-03-14 18:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-03-14 18:05 . 2013-03-14 18:05 51200 ----a-w- c:\windows\system32\imgutil.dll2013-03-14 18:05 . 2013-03-14 18:05 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-03-14 18:05 . 2013-03-14 18:05 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-03-14 18:05 . 2013-03-14 18:05 441856 ----a-w- c:\windows\system32\html.iec2013-03-14 18:05 . 2013-03-14 18:05 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-03-14 18:05 . 2013-03-14 18:05 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-03-14 18:05 . 2013-03-14 18:05 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-03-14 18:05 . 2013-03-14 18:05 247296 ----a-w- c:\windows\system32\webcheck.dll2013-03-14 18:05 . 2013-03-14 18:05 235008 ----a-w- c:\windows\system32\url.dll2013-03-14 18:05 . 2013-03-14 18:05 216064 ----a-w- c:\windows\system32\msls31.dll2013-03-14 18:05 . 2013-03-14 18:05 197120 ----a-w- c:\windows\system32\msrating.dll2013-03-14 18:05 . 2013-03-14 18:05 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-03-14 18:05 . 2013-03-14 18:05 167424 ----a-w- c:\windows\system32\iexpress.exe2013-03-14 18:05 . 2013-03-14 18:05 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-03-14 18:05 . 2013-03-14 18:05 149504 ----a-w- c:\windows\system32\occache.dll2013-03-14 18:05 . 2013-03-14 18:05 144896 ----a-w- c:\windows\system32\wextract.exe2013-03-14 18:05 . 2013-03-14 18:05 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-03-14 18:05 . 2013-03-14 18:05 13824 ----a-w- c:\windows\system32\mshta.exe2013-03-14 18:05 . 2013-03-14 18:05 136192 ----a-w- c:\windows\system32\iepeers.dll2013-03-14 18:05 . 2013-03-14 18:05 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-03-14 18:05 . 2013-03-14 18:05 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-03-14 18:05 . 2013-03-14 18:05 102912 ----a-w- c:\windows\system32\inseng.dll2013-03-14 17:59 . 2012-10-04 08:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-14 17:59 . 2012-05-28 04:58 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440].[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1][HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{74A50311-B85A-462C-B161-9367AF91AC59}]2013-03-15 22:10 78648 ----a-w- c:\users\MrsRumme1125\AppData\Local\getsavin\ie\getsavin_1363385402.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]2013-04-26 18:56 280736 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [bU].[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}][HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3][HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}][HKEY_CLASSES_ROOT\TBSB07898.TBSB07898].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Spotify Web Helper"="c:\users\MrsRumme1125\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-07 1105408]"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]"Spotify"="c:\users\MrsRumme1125\AppData\Roaming\Spotify\Spotify.exe" [2013-05-07 4573184]"Akamai NetSession Interface"="c:\users\MrsRumme1125\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]"SearchProtect"="c:\users\MrsRumme1125\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]"ReminderApp"="c:\program files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]"Conime"="c:\windows\system32\conime.exe" [bU]"CenturyLinkTouchPointAgent"="c:\program files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" [2012-11-09 48056]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-12-13 295072]"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-08 377800]"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-20 1226928]"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].c:\users\MrsRumme1125\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013-5-2 0]Dropbox.lnk - c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-26 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1403010.016\SYMDS64.SYS [2013-01-22 493656]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-20 45856]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-04-12 1390680]S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1403010.016\ccSetx64.sys [2012-11-16 168096]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130523.001\IDSvia64.sys [2013-01-11 513184]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1403010.016\Ironx64.SYS [2012-11-16 224416]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS [2013-01-31 432800]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2012-08-02 441344]S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-20 1015984]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]start [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-05-22 17:25 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.93\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 00:05].2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 14:09].2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 14:09]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]2013-04-26 18:56 340640 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\MrsRumme1125\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceFontCache.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://searchab.com/?aff=7&uid=171485d6-4437-11e2-aecf-60eb6980d1f4mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htmIE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htmIE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: genieo.com\yahooTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.2.1Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dllFF - ProfilePath - c:\users\MrsRumme1125\AppData\Roaming\Mozilla\Firefox\Profiles\n2ootddc.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN30774649677744828&UM=2&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - entrusted Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN30774649677744828&UM=2&UP=SPFBB48C03-BE0A-4A71-8368-FB5374ABA943FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN30774649677744828&UM=2&q=FF - ExtSQL: 2013-04-27 21:46; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ffFF - ExtSQL: 2013-04-27 21:57; {e44a1809-4d10-4ab8-b343-3326b64c7cdd}; c:\users\MrsRumme1125\AppData\Roaming\Mozilla\Firefox\Profiles\n2ootddc.default\extensions\{e44a1809-4d10-4ab8-b343-3326b64c7cdd}FF - user.js: extentions.y2layers.installId - 82982438-c38e-476a-b2fa-40a50b370fc2FF - user.js: extentions.y2layers.defaultEnableAppsList - easyinline,YontooNewOffersFF - user.js: extensions.autoDisableScopes - 14.- - - - ORPHANS REMOVED - - - -.BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)Toolbar-Locked - (no file)Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)Toolbar-Locked - (no file)WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)AddRemove-Installation Assistant - c:\program files (x86)\Installation Assistant\Uninstall.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.3.1.22\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2678032144-211938022-1408486185-1000\Software\SecuROM\License information*]"datasecu"=hex:ea,53,41,b7,b8,20,65,64,44,10,a6,df,6b,4d,75,49,95,73,67,c7,58, 23,3a,8a,b7,a5,db,46,20,62,b9,ad,9e,ec,a5,fd,e0,c0,fa,fa,66,a9,5a,04,c9,d1,\"rkeysecu"=hex:ca,17,25,4a,5a,62,92,58,76,7d,30,ef,9f,79,1e,c3.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-05-23 22:59:49ComboFix-quarantined-files.txt 2013-05-24 02:59ComboFix2.txt 2013-05-24 01:20ComboFix3.txt 2013-05-23 23:38.Pre-Run: 412,889,583,616 bytes freePost-Run: 412,754,534,400 bytes free.- - End Of File - - 718CDCAA4251702BFBFCFFB877ADD0D6 Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 24, 2013 ID:683178 Share Posted May 24, 2013 Have you tried running OTL from Safe Mode? Link to post Share on other sites More sharing options...
mrrumme1125 Posted May 24, 2013 Author ID:683179 Share Posted May 24, 2013 Yes and when i hit run scan it freezes and wont do anything. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 24, 2013 ID:683180 Share Posted May 24, 2013 Okay, let's try the following:Please download to the Desktop RogueKiller (by tigzy).Please quit all programs.Start RogueKiller.exe.Wait until Prescan has finished.Click on Scan.Click on Report and copy/paste the contents of the report in your next reply. Link to post Share on other sites More sharing options...
mrrumme1125 Posted May 24, 2013 Author ID:683184 Share Posted May 24, 2013 Here is the report as requested.RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : MrsRumme1125 [Admin rights]Mode : Scan -- Date : 05/23/2013 23:52:17| ARK || FAK || MBR |¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] cltmng.exe -- C:\Users\MrsRumme1125\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc][sUSP PATH] CenturyLinkTouchPointAgent.exe -- C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [7] -> KILLED [TermProc]¤¤¤ Registry Entries : 10 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\MrsRumme1125\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2678032144-211938022-1408486185-1000[...]\Run : SearchProtect (C:\Users\MrsRumme1125\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : CenturyLinkTouchPointAgent ("C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart) [7] -> FOUND[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\MRSRUM~1\AppData\Local\Temp\IHU3081.tmp.exe [x] -> FOUND[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [7] -> FOUND[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\windows\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++--- User ---[MBR] dad8382ebf63bb99ed6429743218272e[bSP] bde1f10253e66a06a09738fbca23efb2 : Windows Vista MBR CodePartition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[3]_S_05232013_02d2352.txt >>RKreport[1]_S_05232013_02d2340.txt ; RKreport[2]_SC_05232013_02d2351.txt ; RKreport[3]_S_05232013_02d2352.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 24, 2013 ID:683185 Share Posted May 24, 2013 Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
mrrumme1125 Posted May 24, 2013 Author ID:683187 Share Posted May 24, 2013 Internet Explorer is not working properly and its telling me i need to run malwarebytes to figure out the problem...do i need to run it? When i open internet explorer it wont let me do anything online....not google or yahoo or anything. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 24, 2013 ID:683188 Share Posted May 24, 2013 That's strange. Go ahead and do the following:Please Launch Malwarebytes' Anti-Malware.Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a location you will remember.Copy and Paste that log into your next reply.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK for either of the prompts and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 24, 2013 ID:683207 Share Posted May 24, 2013 for some reason, my internet connection got borked as I was posting my last reply.Not sure if you can see it or not, so I'll just re-post it here.That's strange. Go ahead and do the following:Please Launch Malwarebytes' Anti-Malware.Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a location you will remember.Copy and Paste that log into your next reply.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK for either of the prompts and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 27, 2013 ID:684345 Share Posted May 27, 2013 (bump)Are you still with me? Link to post Share on other sites More sharing options...
LDTate Posted June 6, 2013 ID:688083 Share Posted June 6, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts