Jump to content

Infected - Need Help

hardworkguy
 Share

Recommended Posts

hardworkguy

hardworkguy

Posted
Posted

I ran TDSSKiller and quarantined Rootkit.Win32.BackBoot.gen(Cure was not an option). I ran a quickscan malwarebytes and found nothing. I now keep getting pop up messages saying malwarebytes anti-malware successfully blocked access to a potentially malicious website 46.249.61.84 (last number changes) type outgoing port xxxxx process svchost.exe. These messages pop up every few seconds or so. Thanks.

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Hello hardworkguy and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites
hardworkguy

hardworkguy

Posted
  • Author
Posted

I am not getting the pop messages anymore and the cure from the TDSSkiller cured the infected rootkit. Here is the requested information. 2:47:50.0342 2116 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34

22:47:51.0200 2116 ============================================================

22:47:51.0200 2116 Current date / time: 2013/06/07 22:47:51.0200

22:47:51.0200 2116 SystemInfo:

22:47:51.0200 2116

22:47:51.0200 2116 OS Version: 6.1.7601 ServicePack: 1.0

22:47:51.0200 2116 Product type: Workstation

22:47:51.0200 2116 ComputerName: PWISE-PC

22:47:51.0200 2116 UserName: PWise

22:47:51.0200 2116 Windows directory: C:\windows

22:47:51.0200 2116 System windows directory: C:\windows

22:47:51.0200 2116 Running under WOW64

22:47:51.0200 2116 Processor architecture: Intel x64

22:47:51.0200 2116 Number of processors: 2

22:47:51.0200 2116 Page size: 0x1000

22:47:51.0200 2116 Boot type: Normal boot

22:47:51.0200 2116 ============================================================

22:47:51.0652 2116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:47:51.0668 2116 ============================================================

22:47:51.0668 2116 \Device\Harddisk0\DR0:

22:47:51.0668 2116 MBR partitions:

22:47:51.0668 2116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23AE5000

22:47:51.0668 2116 ============================================================

22:47:51.0683 2116 C: <-> \Device\Harddisk0\DR0\Partition1

22:47:51.0683 2116 ============================================================

22:47:51.0683 2116 Initialize success

22:47:51.0683 2116 ============================================================

22:47:58.0471 7076 ============================================================

22:47:58.0471 7076 Scan started

22:47:58.0471 7076 Mode: Manual;

22:47:58.0471 7076 ============================================================

22:47:58.0830 7076 ================ Scan system memory ========================

22:47:58.0830 7076 System memory - ok

22:47:58.0846 7076 ================ Scan services =============================

22:47:59.0080 7076 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

22:47:59.0080 7076 1394ohci - ok

22:47:59.0142 7076 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

22:47:59.0158 7076 ACPI - ok

22:47:59.0190 7076 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

22:47:59.0190 7076 AcpiPmi - ok

22:47:59.0330 7076 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:47:59.0330 7076 AdobeARMservice - ok

22:47:59.0533 7076 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:47:59.0533 7076 AdobeFlashPlayerUpdateSvc - ok

22:47:59.0611 7076 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

22:47:59.0611 7076 adp94xx - ok

22:47:59.0658 7076 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

22:47:59.0674 7076 adpahci - ok

22:47:59.0720 7076 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

22:47:59.0736 7076 adpu320 - ok

22:47:59.0783 7076 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

22:47:59.0783 7076 AeLookupSvc - ok

22:47:59.0845 7076 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

22:47:59.0861 7076 AFD - ok

22:47:59.0908 7076 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

22:47:59.0908 7076 agp440 - ok

22:47:59.0954 7076 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

22:47:59.0954 7076 ALG - ok

22:47:59.0986 7076 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

22:48:00.0001 7076 aliide - ok

22:48:00.0017 7076 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

22:48:00.0017 7076 amdide - ok

22:48:00.0079 7076 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

22:48:00.0079 7076 AmdK8 - ok

22:48:00.0095 7076 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

22:48:00.0095 7076 AmdPPM - ok

22:48:00.0142 7076 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

22:48:00.0158 7076 amdsata - ok

22:48:00.0189 7076 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

22:48:00.0189 7076 amdsbs - ok

22:48:00.0205 7076 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

22:48:00.0205 7076 amdxata - ok

22:48:00.0252 7076 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

22:48:00.0252 7076 AppID - ok

22:48:00.0299 7076 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

22:48:00.0299 7076 AppIDSvc - ok

22:48:00.0330 7076 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll

22:48:00.0330 7076 Appinfo - ok

22:48:00.0408 7076 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:48:00.0408 7076 Apple Mobile Device - ok

22:48:00.0470 7076 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

22:48:00.0470 7076 arc - ok

22:48:00.0486 7076 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

22:48:00.0486 7076 arcsas - ok

22:48:00.0548 7076 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys

22:48:00.0548 7076 aswFsBlk - ok

22:48:00.0611 7076 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys

22:48:00.0611 7076 aswMonFlt - ok

22:48:00.0751 7076 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys

22:48:00.0751 7076 aswRvrt - ok

22:48:00.0860 7076 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\windows\system32\drivers\aswSnx.sys

22:48:00.0876 7076 aswSnx - ok

22:48:00.0938 7076 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\windows\system32\drivers\aswSP.sys

22:48:00.0938 7076 aswSP - ok

22:48:01.0016 7076 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\windows\system32\drivers\aswVmm.sys

22:48:01.0032 7076 aswVmm - ok

22:48:01.0094 7076 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

22:48:01.0094 7076 AsyncMac - ok

22:48:01.0141 7076 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

22:48:01.0141 7076 atapi - ok

22:48:01.0235 7076 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\windows\system32\DRIVERS\athrx.sys

22:48:01.0250 7076 athr - ok

22:48:01.0359 7076 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

22:48:01.0375 7076 AudioEndpointBuilder - ok

22:48:01.0391 7076 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

22:48:01.0391 7076 AudioSrv - ok

22:48:01.0515 7076 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

22:48:01.0515 7076 avast! Antivirus - ok

22:48:01.0593 7076 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\windows\system32\drivers\avgtpx64.sys

22:48:01.0593 7076 avgtp - ok

22:48:01.0656 7076 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

22:48:01.0656 7076 AxInstSV - ok

22:48:01.0718 7076 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

22:48:01.0718 7076 b06bdrv - ok

22:48:01.0765 7076 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

22:48:01.0765 7076 b57nd60a - ok

22:48:01.0843 7076 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

22:48:01.0859 7076 BDESVC - ok

22:48:01.0874 7076 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

22:48:01.0874 7076 Beep - ok

22:48:01.0937 7076 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

22:48:01.0937 7076 BFE - ok

22:48:02.0608 7076 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130531.001_b0\BHDrvx64.sys

22:48:02.0732 7076 BHDrvx64 - ok

22:48:02.0779 7076 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

22:48:02.0795 7076 BITS - ok

22:48:02.0826 7076 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

22:48:02.0842 7076 blbdrive - ok

22:48:02.0888 7076 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

22:48:02.0888 7076 Bonjour Service - ok

22:48:02.0935 7076 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

22:48:02.0935 7076 bowser - ok

22:48:03.0013 7076 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

22:48:03.0013 7076 BrFiltLo - ok

22:48:03.0029 7076 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

22:48:03.0044 7076 BrFiltUp - ok

22:48:03.0076 7076 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

22:48:03.0076 7076 Browser - ok

22:48:03.0138 7076 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

22:48:03.0138 7076 Brserid - ok

22:48:03.0169 7076 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

22:48:03.0169 7076 BrSerWdm - ok

22:48:03.0200 7076 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

22:48:03.0200 7076 BrUsbMdm - ok

22:48:03.0216 7076 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

22:48:03.0216 7076 BrUsbSer - ok

22:48:03.0247 7076 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

22:48:03.0247 7076 BTHMODEM - ok

22:48:03.0310 7076 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

22:48:03.0310 7076 bthserv - ok

22:48:03.0403 7076 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys

22:48:03.0403 7076 ccSet_N360 - ok

22:48:03.0434 7076 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

22:48:03.0450 7076 cdfs - ok

22:48:03.0497 7076 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

22:48:03.0497 7076 cdrom - ok

22:48:03.0544 7076 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

22:48:03.0544 7076 CertPropSvc - ok

22:48:03.0575 7076 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

22:48:03.0575 7076 circlass - ok

22:48:03.0606 7076 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

22:48:03.0622 7076 CLFS - ok

22:48:03.0700 7076 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:48:03.0700 7076 clr_optimization_v2.0.50727_32 - ok

22:48:03.0762 7076 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:48:03.0762 7076 clr_optimization_v2.0.50727_64 - ok

22:48:03.0856 7076 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:48:03.0887 7076 clr_optimization_v4.0.30319_32 - ok

22:48:03.0934 7076 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:48:03.0934 7076 clr_optimization_v4.0.30319_64 - ok

22:48:03.0980 7076 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

22:48:03.0980 7076 CmBatt - ok

22:48:04.0012 7076 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

22:48:04.0012 7076 cmdide - ok

22:48:04.0058 7076 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

22:48:04.0074 7076 CNG - ok

22:48:04.0136 7076 [ 66D12B53E117EF951D5E1CED03B4CC1B ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys

22:48:04.0152 7076 CnxtHdAudService - ok

22:48:04.0220 7076 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

22:48:04.0220 7076 Compbatt - ok

22:48:04.0252 7076 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

22:48:04.0252 7076 CompositeBus - ok

22:48:04.0267 7076 COMSysApp - ok

22:48:04.0298 7076 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

22:48:04.0298 7076 crcdisk - ok

22:48:04.0345 7076 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

22:48:04.0345 7076 CryptSvc - ok

22:48:04.0392 7076 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

22:48:04.0408 7076 DcomLaunch - ok

22:48:04.0454 7076 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

22:48:04.0486 7076 defragsvc - ok

22:48:04.0517 7076 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

22:48:04.0517 7076 DfsC - ok

22:48:04.0579 7076 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

22:48:04.0595 7076 Dhcp - ok

22:48:04.0657 7076 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

22:48:04.0657 7076 discache - ok

22:48:04.0704 7076 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

22:48:04.0704 7076 Disk - ok

22:48:04.0735 7076 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

22:48:04.0735 7076 Dnscache - ok

22:48:04.0766 7076 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

22:48:04.0766 7076 dot3svc - ok

22:48:04.0798 7076 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

22:48:04.0798 7076 DPS - ok

22:48:04.0860 7076 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

22:48:04.0860 7076 drmkaud - ok

22:48:04.0922 7076 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

22:48:04.0938 7076 DXGKrnl - ok

22:48:04.0985 7076 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

22:48:05.0000 7076 EapHost - ok

22:48:05.0281 7076 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

22:48:05.0375 7076 ebdrv - ok

22:48:05.0484 7076 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

22:48:05.0484 7076 eeCtrl - ok

22:48:05.0531 7076 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

22:48:05.0546 7076 EFS - ok

22:48:05.0609 7076 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

22:48:05.0624 7076 ehRecvr - ok

22:48:05.0671 7076 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

22:48:05.0671 7076 ehSched - ok

22:48:05.0718 7076 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

22:48:05.0734 7076 elxstor - ok

22:48:05.0796 7076 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

22:48:05.0796 7076 EraserUtilRebootDrv - ok

22:48:05.0812 7076 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

22:48:05.0812 7076 ErrDev - ok

22:48:05.0874 7076 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

22:48:05.0874 7076 EventSystem - ok

22:48:05.0921 7076 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

22:48:05.0921 7076 exfat - ok

22:48:05.0952 7076 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

22:48:05.0952 7076 fastfat - ok

22:48:05.0999 7076 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

22:48:06.0014 7076 Fax - ok

22:48:06.0030 7076 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

22:48:06.0030 7076 fdc - ok

22:48:06.0077 7076 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

22:48:06.0077 7076 fdPHost - ok

22:48:06.0092 7076 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

22:48:06.0092 7076 FDResPub - ok

22:48:06.0124 7076 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

22:48:06.0124 7076 FileInfo - ok

22:48:06.0139 7076 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

22:48:06.0139 7076 Filetrace - ok

22:48:06.0170 7076 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

22:48:06.0170 7076 flpydisk - ok

22:48:06.0202 7076 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

22:48:06.0202 7076 FltMgr - ok

22:48:06.0264 7076 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll

22:48:06.0280 7076 FontCache - ok

22:48:06.0342 7076 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:48:06.0342 7076 FontCache3.0.0.0 - ok

22:48:06.0373 7076 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

22:48:06.0373 7076 FsDepends - ok

22:48:06.0420 7076 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

22:48:06.0420 7076 Fs_Rec - ok

22:48:06.0482 7076 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

22:48:06.0482 7076 fvevol - ok

22:48:06.0529 7076 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys

22:48:06.0529 7076 FwLnk - ok

22:48:06.0576 7076 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

22:48:06.0592 7076 gagp30kx - ok

22:48:06.0623 7076 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

22:48:06.0638 7076 GEARAspiWDM - ok

22:48:06.0732 7076 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\windows\system32\drivers\gfibto.sys

22:48:06.0732 7076 gfibto - ok

22:48:06.0763 7076 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

22:48:06.0779 7076 gpsvc - ok

22:48:06.0841 7076 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:48:06.0841 7076 gupdate - ok

22:48:06.0872 7076 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:48:06.0872 7076 gupdatem - ok

22:48:06.0904 7076 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:48:06.0919 7076 gusvc - ok

22:48:06.0950 7076 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

22:48:06.0950 7076 hcw85cir - ok

22:48:06.0982 7076 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

22:48:06.0982 7076 HdAudAddService - ok

22:48:07.0028 7076 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

22:48:07.0028 7076 HDAudBus - ok

22:48:07.0044 7076 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

22:48:07.0044 7076 HidBatt - ok

22:48:07.0060 7076 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

22:48:07.0060 7076 HidBth - ok

22:48:07.0153 7076 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

22:48:07.0200 7076 HidIr - ok

22:48:07.0262 7076 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

22:48:07.0278 7076 hidserv - ok

22:48:07.0325 7076 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

22:48:07.0325 7076 HidUsb - ok

22:48:07.0356 7076 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

22:48:07.0372 7076 hkmsvc - ok

22:48:07.0387 7076 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

22:48:07.0387 7076 HomeGroupListener - ok

22:48:07.0434 7076 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

22:48:07.0450 7076 HomeGroupProvider - ok

22:48:07.0496 7076 [ F90DD89E8A482AC976DD4E1029802E49 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

22:48:07.0512 7076 HP LaserJet Service - ok

22:48:07.0543 7076 [ 0570A17A2E5001B97E20C15B4FC516AE ] HP1210FAX C:\windows\system32\Drivers\HPM1210FAX.sys

22:48:07.0543 7076 HP1210FAX - ok

22:48:07.0606 7076 [ F8F686D62121549377D9E1CDF6BC3441 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe

22:48:07.0621 7076 HPM1210RcvFaxSrvc - ok

22:48:07.0668 7076 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

22:48:07.0668 7076 HpSAMD - ok

22:48:07.0730 7076 [ 4E9CAE3200A46135DE01CE22BAF832BE ] HPSIService C:\windows\system32\HPSIsvc.exe

22:48:07.0730 7076 HPSIService - ok

22:48:07.0777 7076 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\windows\system32\Drivers\ANDROIDUSB.sys

22:48:07.0777 7076 HTCAND64 - ok

22:48:07.0824 7076 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\windows\system32\DRIVERS\htcnprot.sys

22:48:07.0824 7076 htcnprot - ok

22:48:07.0871 7076 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

22:48:07.0886 7076 HTTP - ok

22:48:07.0902 7076 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

22:48:07.0902 7076 hwpolicy - ok

22:48:07.0964 7076 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

22:48:07.0964 7076 i8042prt - ok

22:48:08.0011 7076 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

22:48:08.0027 7076 iaStor - ok

22:48:08.0089 7076 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

22:48:08.0089 7076 iaStorV - ok

22:48:08.0152 7076 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:48:08.0167 7076 idsvc - ok

22:48:08.0448 7076 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130606.001\IDSvia64.sys

22:48:08.0510 7076 IDSVia64 - ok

22:48:08.0916 7076 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

22:48:09.0181 7076 igfx - ok

22:48:09.0212 7076 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

22:48:09.0212 7076 iirsp - ok

22:48:09.0308 7076 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

22:48:09.0308 7076 IKEEXT - ok

22:48:09.0324 7076 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

22:48:09.0339 7076 intelide - ok

22:48:09.0370 7076 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

22:48:09.0370 7076 intelppm - ok

22:48:09.0386 7076 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

22:48:09.0386 7076 IPBusEnum - ok

22:48:09.0417 7076 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

22:48:09.0417 7076 IpFilterDriver - ok

22:48:09.0464 7076 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

22:48:09.0464 7076 iphlpsvc - ok

22:48:09.0480 7076 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

22:48:09.0480 7076 IPMIDRV - ok

22:48:09.0495 7076 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

22:48:09.0511 7076 IPNAT - ok

22:48:09.0573 7076 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

22:48:09.0573 7076 iPod Service - ok

22:48:09.0604 7076 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

22:48:09.0604 7076 IRENUM - ok

22:48:09.0636 7076 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

22:48:09.0636 7076 isapnp - ok

22:48:09.0651 7076 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

22:48:09.0667 7076 iScsiPrt - ok

22:48:09.0682 7076 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

22:48:09.0698 7076 kbdclass - ok

22:48:09.0698 7076 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

22:48:09.0698 7076 kbdhid - ok

22:48:09.0714 7076 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

22:48:09.0714 7076 KeyIso - ok

22:48:09.0760 7076 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

22:48:09.0760 7076 KSecDD - ok

22:48:09.0776 7076 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

22:48:09.0776 7076 KSecPkg - ok

22:48:09.0807 7076 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

22:48:09.0807 7076 ksthunk - ok

22:48:09.0838 7076 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

22:48:09.0854 7076 KtmRm - ok

22:48:09.0901 7076 [ 655A5D8E80869781CCE23760ADA7E695 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys

22:48:09.0901 7076 L1C - ok

22:48:09.0963 7076 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

22:48:09.0963 7076 LanmanServer - ok

22:48:09.0994 7076 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

22:48:09.0994 7076 LanmanWorkstation - ok

22:48:10.0057 7076 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

22:48:10.0057 7076 lltdio - ok

22:48:10.0088 7076 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

22:48:10.0088 7076 lltdsvc - ok

22:48:10.0119 7076 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

22:48:10.0135 7076 lmhosts - ok

22:48:10.0166 7076 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

22:48:10.0166 7076 LSI_FC - ok

22:48:10.0197 7076 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

22:48:10.0197 7076 LSI_SAS - ok

22:48:10.0213 7076 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

22:48:10.0213 7076 LSI_SAS2 - ok

22:48:10.0228 7076 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

22:48:10.0244 7076 LSI_SCSI - ok

22:48:10.0260 7076 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

22:48:10.0260 7076 luafv - ok

22:48:10.0322 7076 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys

22:48:10.0322 7076 MBAMProtector - ok

22:48:10.0416 7076 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

22:48:10.0416 7076 MBAMScheduler - ok

22:48:10.0478 7076 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:48:10.0478 7076 MBAMService - ok

22:48:10.0540 7076 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

22:48:10.0540 7076 Mcx2Svc - ok

22:48:10.0572 7076 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

22:48:10.0572 7076 megasas - ok

22:48:10.0618 7076 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

22:48:10.0650 7076 MegaSR - ok

22:48:10.0696 7076 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

22:48:10.0696 7076 MMCSS - ok

22:48:10.0712 7076 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

22:48:10.0712 7076 Modem - ok

22:48:10.0759 7076 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

22:48:10.0759 7076 monitor - ok

22:48:10.0806 7076 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

22:48:10.0806 7076 mouclass - ok

22:48:10.0837 7076 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

22:48:10.0837 7076 mouhid - ok

22:48:10.0852 7076 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

22:48:10.0852 7076 mountmgr - ok

22:48:10.0930 7076 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

22:48:10.0930 7076 MozillaMaintenance - ok

22:48:10.0977 7076 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

22:48:10.0977 7076 mpio - ok

22:48:11.0008 7076 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

22:48:11.0008 7076 mpsdrv - ok

22:48:11.0055 7076 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

22:48:11.0071 7076 MpsSvc - ok

22:48:11.0102 7076 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

22:48:11.0102 7076 MRxDAV - ok

22:48:11.0133 7076 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

22:48:11.0133 7076 mrxsmb - ok

22:48:11.0164 7076 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

22:48:11.0164 7076 mrxsmb10 - ok

22:48:11.0180 7076 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

22:48:11.0180 7076 mrxsmb20 - ok

22:48:11.0227 7076 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

22:48:11.0227 7076 msahci - ok

22:48:11.0242 7076 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

22:48:11.0242 7076 msdsm - ok

22:48:11.0274 7076 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

22:48:11.0274 7076 MSDTC - ok

22:48:11.0320 7076 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

22:48:11.0320 7076 Msfs - ok

22:48:11.0352 7076 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

22:48:11.0352 7076 mshidkmdf - ok

22:48:11.0367 7076 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

22:48:11.0367 7076 msisadrv - ok

22:48:11.0383 7076 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

22:48:11.0414 7076 MSiSCSI - ok

22:48:11.0414 7076 msiserver - ok

22:48:11.0461 7076 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

22:48:11.0461 7076 MSKSSRV - ok

22:48:11.0476 7076 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

22:48:11.0476 7076 MSPCLOCK - ok

22:48:11.0492 7076 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

22:48:11.0492 7076 MSPQM - ok

22:48:11.0523 7076 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

22:48:11.0523 7076 MsRPC - ok

22:48:11.0539 7076 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

22:48:11.0539 7076 mssmbios - ok

22:48:11.0554 7076 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

22:48:11.0554 7076 MSTEE - ok

22:48:11.0601 7076 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

22:48:11.0601 7076 MTConfig - ok

22:48:11.0617 7076 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

22:48:11.0632 7076 Mup - ok

22:48:11.0664 7076 [ 09818558C2579B45D78AB18A759B0CA8 ] mvusbews C:\windows\system32\Drivers\mvusbews.sys

22:48:11.0664 7076 mvusbews - ok

22:48:11.0757 7076 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe

22:48:11.0757 7076 N360 - ok

22:48:11.0804 7076 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

22:48:11.0820 7076 napagent - ok

22:48:11.0866 7076 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

22:48:11.0866 7076 NativeWifiP - ok

22:48:11.0976 7076 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20130606.039\ENG64.SYS

22:48:11.0991 7076 NAVENG - ok

22:48:12.0132 7076 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20130606.039\EX64.SYS

22:48:12.0147 7076 NAVEX15 - ok

22:48:12.0194 7076 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

22:48:12.0210 7076 NDIS - ok

22:48:12.0272 7076 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

22:48:12.0272 7076 NdisCap - ok

22:48:12.0303 7076 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

22:48:12.0303 7076 NdisTapi - ok

22:48:12.0334 7076 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

22:48:12.0350 7076 Ndisuio - ok

22:48:12.0366 7076 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

22:48:12.0366 7076 NdisWan - ok

22:48:12.0397 7076 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

22:48:12.0397 7076 NDProxy - ok

22:48:12.0444 7076 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

22:48:12.0444 7076 NetBIOS - ok

22:48:12.0475 7076 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

22:48:12.0490 7076 NetBT - ok

22:48:12.0506 7076 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

22:48:12.0506 7076 Netlogon - ok

22:48:12.0553 7076 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

22:48:12.0568 7076 Netman - ok

22:48:12.0600 7076 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

22:48:12.0615 7076 netprofm - ok

22:48:12.0646 7076 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:48:12.0662 7076 NetTcpPortSharing - ok

22:48:12.0709 7076 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

22:48:12.0709 7076 nfrd960 - ok

22:48:12.0756 7076 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

22:48:12.0756 7076 NlaSvc - ok

22:48:12.0771 7076 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

22:48:12.0771 7076 Npfs - ok

22:48:12.0818 7076 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

22:48:12.0818 7076 nsi - ok

22:48:12.0849 7076 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

22:48:12.0849 7076 nsiproxy - ok

22:48:12.0974 7076 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

22:48:13.0021 7076 Ntfs - ok

22:48:13.0052 7076 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

22:48:13.0052 7076 Null - ok

22:48:13.0099 7076 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

22:48:13.0099 7076 nvraid - ok

22:48:13.0146 7076 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

22:48:13.0146 7076 nvstor - ok

22:48:13.0177 7076 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

22:48:13.0177 7076 nv_agp - ok

22:48:13.0208 7076 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

22:48:13.0208 7076 ohci1394 - ok

22:48:13.0286 7076 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:48:13.0286 7076 ose - ok

22:48:13.0504 7076 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:48:13.0536 7076 osppsvc - ok

22:48:13.0598 7076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

22:48:13.0614 7076 p2pimsvc - ok

22:48:13.0645 7076 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

22:48:13.0645 7076 p2psvc - ok

22:48:13.0676 7076 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

22:48:13.0676 7076 Parport - ok

22:48:13.0707 7076 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

22:48:13.0707 7076 partmgr - ok

22:48:13.0770 7076 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

22:48:13.0770 7076 PassThru Service - ok

22:48:13.0801 7076 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

22:48:13.0816 7076 PcaSvc - ok

22:48:13.0848 7076 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

22:48:13.0848 7076 pci - ok

22:48:13.0863 7076 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys

22:48:13.0863 7076 pciide - ok

22:48:13.0894 7076 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

22:48:13.0894 7076 pcmcia - ok

22:48:13.0910 7076 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

22:48:13.0910 7076 pcw - ok

22:48:13.0941 7076 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

22:48:13.0941 7076 PEAUTH - ok

22:48:14.0019 7076 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

22:48:14.0019 7076 PerfHost - ok

22:48:14.0113 7076 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys

22:48:14.0113 7076 PGEffect - ok

22:48:14.0175 7076 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

22:48:14.0191 7076 pla - ok

22:48:14.0238 7076 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

22:48:14.0253 7076 PlugPlay - ok

22:48:14.0284 7076 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

22:48:14.0284 7076 PNRPAutoReg - ok

22:48:14.0348 7076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

22:48:14.0348 7076 PNRPsvc - ok

22:48:14.0410 7076 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys

22:48:14.0410 7076 Point64 - ok

22:48:14.0441 7076 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

22:48:14.0457 7076 PolicyAgent - ok

22:48:14.0488 7076 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

22:48:14.0504 7076 Power - ok

22:48:14.0551 7076 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

22:48:14.0551 7076 PptpMiniport - ok

22:48:14.0566 7076 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

22:48:14.0582 7076 Processor - ok

22:48:14.0629 7076 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

22:48:14.0644 7076 ProfSvc - ok

22:48:14.0644 7076 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

22:48:14.0644 7076 ProtectedStorage - ok

22:48:14.0691 7076 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

22:48:14.0691 7076 Psched - ok

22:48:14.0738 7076 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

22:48:14.0753 7076 ql2300 - ok

22:48:14.0785 7076 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

22:48:14.0785 7076 ql40xx - ok

22:48:14.0816 7076 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

22:48:14.0816 7076 QWAVE - ok

22:48:14.0831 7076 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

22:48:14.0847 7076 QWAVEdrv - ok

22:48:14.0863 7076 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

22:48:14.0863 7076 RasAcd - ok

22:48:14.0925 7076 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

22:48:14.0925 7076 RasAgileVpn - ok

22:48:14.0956 7076 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

22:48:14.0972 7076 RasAuto - ok

22:48:15.0003 7076 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

22:48:15.0003 7076 Rasl2tp - ok

22:48:15.0019 7076 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

22:48:15.0034 7076 RasMan - ok

22:48:15.0065 7076 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

22:48:15.0065 7076 RasPppoe - ok

22:48:15.0097 7076 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

22:48:15.0097 7076 RasSstp - ok

22:48:15.0112 7076 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

22:48:15.0128 7076 rdbss - ok

22:48:15.0143 7076 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

22:48:15.0143 7076 rdpbus - ok

22:48:15.0175 7076 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

22:48:15.0175 7076 RDPCDD - ok

22:48:15.0190 7076 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

22:48:15.0190 7076 RDPENCDD - ok

22:48:15.0206 7076 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

22:48:15.0206 7076 RDPREFMP - ok

22:48:15.0268 7076 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

22:48:15.0284 7076 RDPWD - ok

22:48:15.0331 7076 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

22:48:15.0331 7076 rdyboost - ok

22:48:15.0346 7076 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

22:48:15.0346 7076 RemoteAccess - ok

22:48:15.0393 7076 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

22:48:15.0409 7076 RemoteRegistry - ok

22:48:15.0455 7076 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

22:48:15.0455 7076 RpcEptMapper - ok

22:48:15.0502 7076 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

22:48:15.0502 7076 RpcLocator - ok

22:48:15.0533 7076 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

22:48:15.0549 7076 RpcSs - ok

22:48:15.0596 7076 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

22:48:15.0596 7076 rspndr - ok

22:48:15.0658 7076 [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

22:48:15.0658 7076 RSUSBSTOR - ok

22:48:15.0674 7076 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

22:48:15.0689 7076 SamSs - ok

22:48:15.0705 7076 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

22:48:15.0705 7076 sbp2port - ok

22:48:15.0736 7076 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

22:48:15.0736 7076 SCardSvr - ok

22:48:15.0752 7076 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

22:48:15.0752 7076 scfilter - ok

22:48:15.0783 7076 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

22:48:15.0799 7076 Schedule - ok

22:48:15.0830 7076 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

22:48:15.0830 7076 SCPolicySvc - ok

22:48:15.0861 7076 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

22:48:15.0861 7076 SDRSVC - ok

22:48:15.0923 7076 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

22:48:15.0923 7076 secdrv - ok

22:48:15.0939 7076 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

22:48:15.0939 7076 seclogon - ok

22:48:15.0955 7076 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

22:48:15.0955 7076 SENS - ok

22:48:16.0001 7076 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

22:48:16.0001 7076 SensrSvc - ok

22:48:16.0017 7076 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

22:48:16.0017 7076 Serenum - ok

22:48:16.0033 7076 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

22:48:16.0033 7076 Serial - ok

22:48:16.0064 7076 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

22:48:16.0079 7076 sermouse - ok

22:48:16.0095 7076 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

22:48:16.0111 7076 SessionEnv - ok

22:48:16.0126 7076 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

22:48:16.0126 7076 sffdisk - ok

22:48:16.0142 7076 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

22:48:16.0142 7076 sffp_mmc - ok

22:48:16.0157 7076 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

22:48:16.0157 7076 sffp_sd - ok

22:48:16.0189 7076 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

22:48:16.0189 7076 sfloppy - ok

22:48:16.0235 7076 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

22:48:16.0235 7076 SharedAccess - ok

22:48:16.0267 7076 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

22:48:16.0282 7076 ShellHWDetection - ok

22:48:16.0345 7076 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

22:48:16.0345 7076 SiSRaid2 - ok

22:48:16.0407 7076 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

22:48:16.0407 7076 SiSRaid4 - ok

22:48:16.0657 7076 [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

22:48:16.0672 7076 Skype C2C Service - ok

22:48:16.0781 7076 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

22:48:16.0797 7076 SkypeUpdate - ok

22:48:16.0844 7076 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

22:48:16.0844 7076 Smb - ok

22:48:16.0891 7076 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

22:48:16.0891 7076 SNMPTRAP - ok

22:48:16.0922 7076 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

22:48:16.0937 7076 spldr - ok

22:48:16.0984 7076 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

22:48:17.0000 7076 Spooler - ok

22:48:17.0109 7076 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

22:48:17.0203 7076 sppsvc - ok

22:48:17.0234 7076 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

22:48:17.0249 7076 sppuinotify - ok

22:48:17.0343 7076 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS

22:48:17.0359 7076 SRTSP - ok

22:48:17.0390 7076 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS

22:48:17.0390 7076 SRTSPX - ok

22:48:17.0421 7076 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

22:48:17.0437 7076 srv - ok

22:48:17.0452 7076 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

22:48:17.0452 7076 srv2 - ok

22:48:17.0468 7076 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

22:48:17.0468 7076 srvnet - ok

22:48:17.0530 7076 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

22:48:17.0546 7076 SSDPSRV - ok

22:48:17.0546 7076 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

22:48:17.0561 7076 SstpSvc - ok

22:48:17.0593 7076 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

22:48:17.0593 7076 stexstor - ok

22:48:17.0639 7076 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys

22:48:17.0639 7076 StillCam - ok

22:48:17.0686 7076 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

22:48:17.0702 7076 stisvc - ok

22:48:17.0733 7076 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

22:48:17.0733 7076 swenum - ok

22:48:17.0764 7076 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

22:48:17.0764 7076 swprv - ok

22:48:17.0811 7076 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS

22:48:17.0827 7076 SymDS - ok

22:48:17.0889 7076 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS

22:48:17.0905 7076 SymEFA - ok

22:48:17.0951 7076 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS

22:48:17.0951 7076 SymEvent - ok

22:48:17.0998 7076 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS

22:48:17.0998 7076 SymIRON - ok

22:48:18.0045 7076 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS

22:48:18.0045 7076 SymNetS - ok

22:48:18.0076 7076 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

22:48:18.0092 7076 SynTP - ok

22:48:18.0154 7076 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

22:48:18.0170 7076 SysMain - ok

22:48:18.0201 7076 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

22:48:18.0201 7076 TabletInputService - ok

22:48:18.0217 7076 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

22:48:18.0217 7076 TapiSrv - ok

22:48:18.0248 7076 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

22:48:18.0248 7076 TBS - ok

22:48:18.0326 7076 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys

22:48:18.0357 7076 Tcpip - ok

22:48:18.0388 7076 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

22:48:18.0404 7076 TCPIP6 - ok

22:48:18.0435 7076 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

22:48:18.0435 7076 tcpipreg - ok

22:48:18.0482 7076 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys

22:48:18.0482 7076 tdcmdpst - ok

22:48:18.0529 7076 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

22:48:18.0529 7076 TDPIPE - ok

22:48:18.0575 7076 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

22:48:18.0575 7076 TDTCP - ok

22:48:18.0607 7076 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

22:48:18.0607 7076 tdx - ok

22:48:18.0638 7076 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

22:48:18.0638 7076 TermDD - ok

22:48:18.0669 7076 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

22:48:18.0685 7076 TermService - ok

22:48:18.0716 7076 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

22:48:18.0716 7076 Themes - ok

22:48:18.0747 7076 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

22:48:18.0747 7076 THREADORDER - ok

22:48:18.0841 7076 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

22:48:18.0841 7076 TMachInfo - ok

22:48:18.0872 7076 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\windows\system32\TODDSrv.exe

22:48:18.0887 7076 TODDSrv - ok

22:48:18.0965 7076 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

22:48:18.0965 7076 TosCoSrv - ok

22:48:19.0043 7076 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

22:48:19.0043 7076 TOSHIBA HDD SSD Alert Service - ok

22:48:19.0106 7076 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

22:48:19.0106 7076 TrkWks - ok

22:48:19.0168 7076 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

22:48:19.0168 7076 TrustedInstaller - ok

22:48:19.0199 7076 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

22:48:19.0199 7076 tssecsrv - ok

22:48:19.0262 7076 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

22:48:19.0262 7076 TsUsbFlt - ok

22:48:19.0277 7076 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

22:48:19.0277 7076 TsUsbGD - ok

22:48:19.0324 7076 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

22:48:19.0324 7076 tunnel - ok

22:48:19.0371 7076 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

22:48:19.0371 7076 TVALZ - ok

22:48:19.0388 7076 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

22:48:19.0388 7076 uagp35 - ok

22:48:19.0434 7076 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

22:48:19.0434 7076 udfs - ok

22:48:19.0481 7076 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

22:48:19.0481 7076 UI0Detect - ok

22:48:19.0512 7076 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

22:48:19.0512 7076 uliagpkx - ok

22:48:19.0559 7076 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

22:48:19.0559 7076 umbus - ok

22:48:19.0575 7076 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

22:48:19.0575 7076 UmPass - ok

22:48:19.0622 7076 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

22:48:19.0637 7076 upnphost - ok

22:48:19.0668 7076 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

22:48:19.0668 7076 USBAAPL64 - ok

22:48:19.0700 7076 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

22:48:19.0700 7076 usbccgp - ok

22:48:19.0746 7076 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

22:48:19.0746 7076 usbcir - ok

22:48:19.0778 7076 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

22:48:19.0778 7076 usbehci - ok

22:48:19.0824 7076 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

22:48:19.0840 7076 usbhub - ok

22:48:19.0856 7076 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

22:48:19.0856 7076 usbohci - ok

22:48:19.0902 7076 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

22:48:19.0902 7076 usbprint - ok

22:48:19.0934 7076 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

22:48:19.0949 7076 usbscan - ok

22:48:19.0980 7076 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

22:48:19.0980 7076 USBSTOR - ok

22:48:20.0012 7076 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys

22:48:20.0012 7076 usbuhci - ok

22:48:20.0058 7076 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

22:48:20.0058 7076 usbvideo - ok

22:48:20.0090 7076 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

22:48:20.0090 7076 UxSms - ok

22:48:20.0121 7076 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

22:48:20.0121 7076 VaultSvc - ok

22:48:20.0152 7076 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

22:48:20.0168 7076 vdrvroot - ok

22:48:20.0183 7076 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

22:48:20.0199 7076 vds - ok

22:48:20.0230 7076 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

22:48:20.0230 7076 vga - ok

22:48:20.0246 7076 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

22:48:20.0246 7076 VgaSave - ok

22:48:20.0277 7076 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

22:48:20.0277 7076 vhdmp - ok

22:48:20.0292 7076 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

22:48:20.0292 7076 viaide - ok

22:48:20.0324 7076 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

22:48:20.0324 7076 volmgr - ok

22:48:20.0355 7076 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

22:48:20.0355 7076 volmgrx - ok

22:48:20.0386 7076 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

22:48:20.0386 7076 volsnap - ok

22:48:20.0433 7076 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

22:48:20.0433 7076 vsmraid - ok

22:48:20.0480 7076 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

22:48:20.0511 7076 VSS - ok

22:48:20.0589 7076 vToolbarUpdater14.2.0 - ok

22:48:20.0604 7076 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

22:48:20.0604 7076 vwifibus - ok

22:48:20.0651 7076 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

22:48:20.0651 7076 vwififlt - ok

22:48:20.0698 7076 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

22:48:20.0714 7076 W32Time - ok

22:48:20.0745 7076 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

22:48:20.0745 7076 WacomPen - ok

22:48:20.0792 7076 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

22:48:20.0792 7076 WANARP - ok

22:48:20.0792 7076 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

22:48:20.0807 7076 Wanarpv6 - ok

22:48:20.0901 7076 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

22:48:20.0932 7076 WatAdminSvc - ok

22:48:20.0994 7076 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

22:48:21.0026 7076 wbengine - ok

22:48:21.0041 7076 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

22:48:21.0041 7076 WbioSrvc - ok

22:48:21.0057 7076 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

22:48:21.0072 7076 wcncsvc - ok

22:48:21.0088 7076 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

22:48:21.0104 7076 WcsPlugInService - ok

22:48:21.0135 7076 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

22:48:21.0135 7076 Wd - ok

22:48:21.0182 7076 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

22:48:21.0197 7076 Wdf01000 - ok

22:48:21.0213 7076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

22:48:21.0228 7076 WdiServiceHost - ok

22:48:21.0228 7076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

22:48:21.0228 7076 WdiSystemHost - ok

22:48:21.0244 7076 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

22:48:21.0260 7076 WebClient - ok

22:48:21.0275 7076 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

22:48:21.0275 7076 Wecsvc - ok

22:48:21.0291 7076 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

22:48:21.0291 7076 wercplsupport - ok

22:48:21.0338 7076 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

22:48:21.0338 7076 WerSvc - ok

22:48:21.0384 7076 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

22:48:21.0384 7076 WfpLwf - ok

22:48:21.0400 7076 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

22:48:21.0400 7076 WIMMount - ok

22:48:21.0416 7076 WinDefend - ok

22:48:21.0431 7076 WinHttpAutoProxySvc - ok

22:48:21.0494 7076 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

22:48:21.0509 7076 Winmgmt - ok

22:48:21.0572 7076 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

22:48:21.0603 7076 WinRM - ok

22:48:21.0650 7076 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

22:48:21.0650 7076 WinUsb - ok

22:48:21.0696 7076 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

22:48:21.0712 7076 Wlansvc - ok

22:48:21.0774 7076 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

22:48:21.0774 7076 wlcrasvc - ok

22:48:21.0962 7076 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:48:21.0977 7076 wlidsvc - ok

22:48:22.0008 7076 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

22:48:22.0008 7076 WmiAcpi - ok

22:48:22.0040 7076 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

22:48:22.0040 7076 wmiApSrv - ok

22:48:22.0086 7076 WMPNetworkSvc - ok

22:48:22.0118 7076 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

22:48:22.0118 7076 WPCSvc - ok

22:48:22.0133 7076 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

22:48:22.0133 7076 WPDBusEnum - ok

22:48:22.0196 7076 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

22:48:22.0211 7076 ws2ifsl - ok

22:48:22.0227 7076 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

22:48:22.0227 7076 wscsvc - ok

22:48:22.0289 7076 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys

22:48:22.0289 7076 WSDPrintDevice - ok

22:48:22.0289 7076 WSearch - ok

22:48:22.0476 7076 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

22:48:22.0523 7076 wuauserv - ok

22:48:22.0570 7076 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

22:48:22.0570 7076 WudfPf - ok

22:48:22.0601 7076 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

22:48:22.0601 7076 WUDFRd - ok

22:48:22.0632 7076 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

22:48:22.0632 7076 wudfsvc - ok

22:48:22.0679 7076 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll

22:48:22.0710 7076 WwanSvc - ok

22:48:22.0726 7076 ================ Scan global ===============================

22:48:22.0757 7076 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

22:48:22.0788 7076 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

22:48:22.0804 7076 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

22:48:22.0835 7076 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

22:48:22.0866 7076 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

22:48:22.0882 7076 [Global] - ok

22:48:22.0882 7076 ================ Scan MBR ==================================

22:48:22.0898 7076 [ 7C073E8BB11E8EE0F384E939542EC0E2 ] \Device\Harddisk0\DR0

22:48:22.0898 7076 Suspicious mbr (Forged): \Device\Harddisk0\DR0

22:48:22.0960 7076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected

22:48:22.0960 7076 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)

22:48:22.0960 7076 ================ Scan VBR ==================================

22:48:22.0976 7076 [ B1A4C95213FEDA0DF655A63C625FADD7 ] \Device\Harddisk0\DR0\Partition1

22:48:22.0976 7076 \Device\Harddisk0\DR0\Partition1 - ok

22:48:22.0976 7076 ============================================================

22:48:22.0976 7076 Scan finished

22:48:22.0976 7076 ============================================================

22:48:23.0007 7152 Detected object count: 1

22:48:23.0007 7152 Actual detected object count: 1

22:49:07.0026 7152 \Device\Harddisk0\DR0\# - copied to quarantine

22:49:07.0041 7152 \Device\Harddisk0\DR0 - copied to quarantine

22:49:07.0821 7152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot

22:49:07.0821 7152 \Device\Harddisk0\DR0 - ok

22:49:07.0993 7152 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure

22:49:13.0632 5516 Deinitialize success

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.08.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

PWise :: PWISE-PC [administrator]

6/7/2013 11:04:49 PM

mbar-log-2013-06-07 (23-04-49).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 237251

Time elapsed: 14 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 4156522496, free: 2577956864

Downloaded database version: v2013.06.08.01

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

06/07/2013 23:04:44

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\09067084.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\gfibto.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\pciide.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\aswRvrt.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\drivers\N360x64\0604010.00E\ccSetx64.sys

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS

\SystemRoot\system32\drivers\N360x64\0604010.00E\Ironx64.SYS

\SystemRoot\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS

\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20130606.039\EX64.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20130606.039\ENG64.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130606.001\IDSvia64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130531.001_b0\BHDrvx64.sys

\SystemRoot\System32\Drivers\aswSP.SYS

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\FwLnk.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\DRIVERS\pgeffect.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\CHDRT64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\windows\system32\drivers\aswMonFlt.sys

\??\C:\windows\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shlwapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\wininet.dll

\Windows\System32\normaliz.dll

\Windows\System32\clbcatq.dll

\Windows\System32\shell32.dll

\Windows\System32\lpk.dll

\Windows\System32\imm32.dll

\Windows\System32\ole32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\sechost.dll

\Windows\System32\user32.dll

\Windows\System32\gdi32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\setupapi.dll

\Windows\System32\msctf.dll

\Windows\System32\iertutil.dll

\Windows\System32\ws2_32.dll

\Windows\System32\urlmon.dll

\Windows\System32\kernel32.dll

\Windows\System32\difxapi.dll

\Windows\System32\nsi.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80057bb060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80046ca050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80057bb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80057ba270, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80057bb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80046ca050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 5A9912A7

Partition information:

Partition 0 type is Other (0x27)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 3072000

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 3074048 Numsec = 598626304

Partition 2 type is HIDDEN (0x17)

Partition is NOT ACTIVE.

Partition starts at LBA: 601700352 Numsec = 23441408

Partition is not bootable

Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_601700352_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

Link to post
Share on other sites
hardworkguy

hardworkguy

Posted
  • Author
Posted

Here is the Combofix and Security Check.ComboFix 13-06-07.03 - PWise 06/07/2013 23:48:29.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2337 [GMT -5:00]

Running from: c:\users\PWise\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\alotappbar

c:\program files (x86)\alotappbar\alotUninst.exe

c:\program files (x86)\alotappbar\bin\alotappbar.dll

c:\program files (x86)\alotappbar\bin\alothelper.dll

c:\program files (x86)\alotappbar\bin\ALOTSettings.exe

c:\program files (x86)\alotappbar\bin\alotwidgets.exe

c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll

c:\programdata\Microsoft\Windows\DRM\3D73.tmp

c:\programdata\Microsoft\Windows\DRM\CF33.tmp

c:\programdata\Microsoft\Windows\DRM\CF82.tmp

c:\users\PWise\AppData\Local\assembly\tmp

c:\users\PWise\AppData\Roaming\tcedition.09.tmp

c:\users\PWise\g2mdlhlpx.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))

.

.

2013-06-08 04:59 . 2013-06-08 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-08 04:04 . 2013-06-08 04:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-07 14:32 . 2013-06-08 03:49 -------- d-----w- C:\TDSSKiller_Quarantine

2013-06-04 13:47 . 2013-06-04 13:47 -------- d-----w- c:\users\PWise\AppData\Local\CounterPath Corporation

2013-06-04 13:45 . 2013-06-07 16:26 -------- d-----w- c:\users\PWise\AppData\Local\CounterPath

2013-06-03 13:51 . 2013-06-03 13:51 -------- d-----w- c:\programdata\Package Cache

2013-05-15 18:19 . 2013-05-15 18:19 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 18:19 . 2012-09-28 16:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-15 18:19 . 2011-10-07 13:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-13 14:28 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-13 05:49 . 2013-05-15 14:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 14:20 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 14:20 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 14:20 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 14:20 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 14:20 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 14:12 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 19:50 . 2013-03-12 22:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-19 06:04 . 2013-04-10 13:52 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 13:52 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 13:52 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 13:52 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 13:52 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 13:52 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-12 22:46 . 2013-03-12 22:46 12872 ----a-w- c:\windows\system32\bootdelete.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]

R3 aswVmm;aswVmm; [x]

R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMEFA64.SYS [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130531.001_b0\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130531.001_b0\BHDrvx64.sys [x]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130607.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130607.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\0604010.00E\SYMNETS.SYS [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [x]

S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [x]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]

S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 68086266

*Deregistered* - 68086266

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-07 18:44 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 18:19]

.

2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 14:26]

.

2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 14:26]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.startribune.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: bullhorn.com

Trusted Zone: bullhornstaffing.com

Trusted Zone: jobdiva.com

TCP: DhcpNameServer = 204.127.202.4 216.148.227.68 97.64.168.12

TCP: Interfaces\{C0DF8D80-520B-49AF-949C-CEE4E8F2D572}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{C0DF8D80-520B-49AF-949C-CEE4E8F2D572}\34F6E6475636860275962756C6563737: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\PWise\AppData\Roaming\Mozilla\Firefox\Profiles\cu3cbh2j.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll

Toolbar-Locked - (no file)

Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files (x86)\alotappbar\bin\ALOTHelper.dll

Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-68086266.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-alotAppbar - c:\program files (x86)\alotappbar\alotUninst.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-08 00:03:10

ComboFix-quarantined-files.txt 2013-06-08 05:03

.

Pre-Run: 245,642,448,896 bytes free

Post-Run: 245,424,422,912 bytes free

.

- - End Of File - - 2DD754CF735C62D0C97590194A01F6FE Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Norton 360

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.7.700.202

Adobe Reader 10.1.7 Adobe Reader out of Date!

Mozilla Firefox (15.0)

Google Chrome 27.0.1453.110

Google Chrome 27.0.1453.94

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Making progress. Still have some more fixing to do.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

68086266

File::

C:\Windows\System32\Drivers\68086266.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Link to post
Share on other sites
hardworkguy

hardworkguy

Posted
  • Author
Posted

I ran Combofix with the script you provided. It ran, rebooted and then produced the log report. I tried to open Internet Explorer and I kept getting a message that it could not be opened and it was marked for deletion. I then rebooted my machine and things seems to be ok. I was able to get into IE after the reboot. Here is the combo fix .txt ComboFix 13-06-08.01 - PWise 06/08/2013 8:41.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2294 [GMT -5:00]

Running from: c:\users\PWise\Desktop\ComboFix.exe

Command switches used :: c:\users\PWise\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\System32\Drivers\68086266.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_68086266

.

.

((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))

.

.

2013-06-08 04:04 . 2013-06-08 04:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-07 14:32 . 2013-06-08 03:49 -------- d-----w- C:\TDSSKiller_Quarantine

2013-06-04 13:47 . 2013-06-04 13:47 -------- d-----w- c:\users\PWise\AppData\Local\CounterPath Corporation

2013-06-04 13:45 . 2013-06-07 16:26 -------- d-----w- c:\users\PWise\AppData\Local\CounterPath

2013-06-03 13:51 . 2013-06-03 13:51 -------- d-----w- c:\programdata\Package Cache

2013-05-15 18:19 . 2013-05-15 18:19 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 18:19 . 2012-09-28 16:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-15 18:19 . 2011-10-07 13:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-13 14:28 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-13 05:49 . 2013-05-15 14:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 14:20 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 14:20 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 14:20 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 14:20 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 14:20 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 14:12 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 19:50 . 2013-03-12 22:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-19 06:04 . 2013-04-10 13:52 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 13:52 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 13:52 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 13:52 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 13:52 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 13:52 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-12 22:46 . 2013-03-12 22:46 12872 ----a-w- c:\windows\system32\bootdelete.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]

c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]

R3 aswVmm;aswVmm; [x]

R3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]

R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\SYMEFA64.SYS [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130531.001_b0\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130531.001_b0\BHDrvx64.sys [x]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130607.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130607.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0604010.00E\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\0604010.00E\SYMNETS.SYS [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [x]

S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [x]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-07 18:44 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 18:19]

.

2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 14:26]

.

2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 14:26]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.startribune.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: bullhorn.com

Trusted Zone: bullhornstaffing.com

Trusted Zone: jobdiva.com

TCP: DhcpNameServer = 204.127.202.4 216.148.227.68 97.64.168.12

TCP: Interfaces\{C0DF8D80-520B-49AF-949C-CEE4E8F2D572}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{C0DF8D80-520B-49AF-949C-CEE4E8F2D572}\34F6E6475636860275962756C6563737: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\PWise\AppData\Roaming\Mozilla\Firefox\Profiles\cu3cbh2j.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-alotAppbar - c:\program files (x86)\alotappbar\alotUninst.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2013-06-08 08:59:12 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-08 13:59

ComboFix2.txt 2013-06-08 05:03

.

Pre-Run: 245,148,258,304 bytes free

Post-Run: 244,705,173,504 bytes free

.

- - End Of File - - 192650739F35BEE4D3A2A289D5DA7B5C

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Looks a whole lot better. I'd like to run a few more scans to verify we haven't missed anything.

----------Step 1----------------

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:

    [*]Save it to your desktop.

    [*]Double click on the OTL icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Change the "Extra Registry" option to "SafeList"

    [*]Push the Run Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 2----------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 3----------------

Please post the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites
hardworkguy

hardworkguy

Posted
  • Author
Posted

Here are the first step that you requested, 2nd step will be in the next post. Thanks! OTL logfile created on: 6/8/2013 11:45:42 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PWise\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.79% Memory free

7.74 Gb Paging File | 5.68 Gb Available in Paging File | 73.41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.45 Gb Total Space | 227.86 Gb Free Space | 79.83% Space Free | Partition Type: NTFS

Computer Name: PWISE-PC | User Name: PWise | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/08 11:43:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PWise\Desktop\OTL.exe

PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/03/06 17:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/03/06 17:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe

PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/03/06 17:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/05/11 16:05:40 | 000,362,296 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)

SRV:64bit: - [2010/04/29 20:10:40 | 000,127,800 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)

SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/05/15 13:19:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/09/28 12:51:41 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)

SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/15 11:13:50 | 000,136,192 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)

SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/06 17:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/03/06 17:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/03/06 17:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/03/06 17:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/03/06 17:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/03/06 17:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/02/18 10:28:45 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2013/01/14 16:07:36 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys -- (ccSet_N360)

DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys -- (SymEFA)

DRV:64bit: - [2012/04/27 10:12:32 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/17 17:46:01 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys -- (SymNetS)

DRV:64bit: - [2012/01/17 17:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys -- (SymDS)

DRV:64bit: - [2012/01/17 17:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys -- (SymIRON)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/04/20 10:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/08 13:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/08/16 13:13:00 | 000,733,824 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/04/28 18:49:50 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)

DRV:64bit: - [2010/04/28 18:49:50 | 000,016,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPM1210FAX.sys -- (HP1210FAX)

DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/02/20 11:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2013/06/07 23:15:47 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20130607.024\ex64.sys -- (NAVEX15)

DRV - [2013/06/07 23:15:47 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20130607.024\eng64.sys -- (NAVENG)

DRV - [2013/06/06 15:43:00 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130607.001\IDSviA64.sys -- (IDSVia64)

DRV - [2013/05/31 17:15:28 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130531.001_b0\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013/01/24 17:32:29 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/09 09:36:13 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startribune.com/

IE - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ

IE - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..\SearchScopes\{1F637723-A64B-4DCC-89E7-5D03C8085AB3}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS450

IE - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}

IE - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..\SearchScopes\{D379CECC-1DBA-4E4D-A451-A92393AAFEA1}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARS&o=15080&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=AB&apn_dtid=YYYYYYSFUS&apn_uid=192172a5-fa11-4c44-9e3a-dc36c7933e13&apn_sauid=B9197165-993B-45CB-B94E-F57B7ECE00AA&

IE - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: cvwvvrpflq@cvwvvrpflq.org:2.5

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\PWise\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2013/06/07 11:26:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2013/06/08 09:42:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/12 12:26:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/28 12:51:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/28 12:51:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/05 15:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PWise\AppData\Roaming\Mozilla\Extensions

[2013/03/08 11:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PWise\AppData\Roaming\Mozilla\Firefox\Profiles\cu3cbh2j.default\extensions

[2013/01/14 16:06:55 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\PWise\AppData\Roaming\Mozilla\Firefox\Profiles\cu3cbh2j.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack

[2013/03/22 17:23:57 | 000,001,672 | ---- | M] () (No name found) -- C:\Users\PWise\AppData\Roaming\Mozilla\Firefox\Profiles\cu3cbh2j.default\extensions\cvwvvrpflq@cvwvvrpflq.org.xpi

[2012/09/28 12:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/09/28 12:51:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/24 21:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/08/24 21:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\PWise\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

CHR - Extension: No name found = C:\Users\PWise\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\

CHR - Extension: No name found = C:\Users\PWise\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

CHR - Extension: No name found = C:\Users\PWise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\

O1 HOSTS File: ([2013/06/08 08:54:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..Trusted Domains: bullhorn.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..Trusted Domains: bullhornstaffing.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..Trusted Domains: jobdiva.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-4038842359-2132870236-758783311-1000\..Trusted Domains: jobdiva.com ([]https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.127.202.4 216.148.227.68 97.64.168.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58D78F47-0B70-4041-9FAF-9F1AF4F451CC}: DhcpNameServer = 10.1.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DF8D80-520B-49AF-949C-CEE4E8F2D572}: DhcpNameServer = 204.127.202.4 216.148.227.68 97.64.168.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DF8D80-520B-49AF-949C-CEE4E8F2D572}: NameServer = 8.8.8.8,8.8.4.4

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/08 11:43:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PWise\Desktop\OTL.exe

[2013/06/08 08:59:14 | 000,000,000 | ---D | C] -- C:\windows\temp

[2013/06/08 08:54:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/07 23:45:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/06/07 23:45:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/06/07 23:45:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/06/07 23:37:40 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/06/07 23:31:54 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/06/07 23:29:32 | 005,078,669 | R--- | C] (Swearware) -- C:\Users\PWise\Desktop\ComboFix.exe

[2013/06/07 23:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/06/07 22:46:29 | 002,240,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\PWise\Desktop\TDSSKiller.exe

[2013/06/07 09:32:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013/06/04 08:47:02 | 000,000,000 | ---D | C] -- C:\Users\PWise\AppData\Local\CounterPath Corporation

[2013/06/04 08:45:32 | 000,000,000 | ---D | C] -- C:\Users\PWise\AppData\Local\CounterPath

[2013/06/03 08:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache

[2013/05/22 17:41:52 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

[2013/05/22 17:41:52 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll

[2013/05/22 17:41:52 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2013/05/22 17:41:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2013/05/22 17:41:52 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll

[2013/05/22 17:41:52 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll

[2013/05/22 17:41:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

[2013/05/22 17:41:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe

[2013/05/22 17:41:52 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe

[2013/05/22 17:41:52 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2013/05/22 17:41:52 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll

[2013/05/22 17:41:52 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll

[2013/05/22 17:41:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll

[2013/05/22 17:41:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll

[2013/05/22 17:41:52 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll

[2013/05/22 17:41:52 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2013/05/22 17:41:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe

[2013/05/22 17:41:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe

[2013/05/22 17:41:52 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll

[2013/05/22 17:41:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll

[2013/05/22 17:41:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe

[2013/05/22 17:41:51 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2013/05/22 17:41:51 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2013/05/22 17:41:51 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2013/05/22 17:41:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat

[2013/05/22 17:41:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat

[2013/05/22 17:41:51 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll

[2013/05/22 17:41:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2013/05/22 17:41:51 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

[2013/05/22 17:41:51 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

[2013/05/22 17:41:51 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2013/05/22 17:41:51 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2013/05/22 17:41:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2013/05/22 17:41:51 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll

[2013/05/22 17:41:51 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec

[2013/05/22 17:41:51 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec

[2013/05/22 17:41:51 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll

[2013/05/22 17:41:51 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2013/05/22 17:41:51 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2013/05/22 17:41:51 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll

[2013/05/22 17:41:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

[2013/05/22 17:41:51 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2013/05/22 17:41:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe

[2013/05/22 17:41:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll

[2013/05/22 17:41:51 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe

[2013/05/22 17:41:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll

[2013/05/22 17:41:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll

[2013/05/22 17:41:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll

[2013/05/22 17:41:51 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll

[2013/05/22 17:41:51 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2013/05/22 17:41:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe

[2013/05/22 17:41:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe

[2013/05/22 17:41:51 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll

[2013/05/22 17:41:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx

[2013/05/22 17:41:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll

[2013/05/22 17:41:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2013/05/22 17:41:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll

[2013/05/22 17:41:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx

[2013/05/22 17:41:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2013/05/22 17:41:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2013/05/22 17:41:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll

[2013/05/22 17:41:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll

[2013/05/22 17:41:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2013/05/22 17:41:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2013/05/22 17:41:51 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll

[2013/05/22 17:41:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll

[2013/05/22 17:41:51 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe

[2013/05/22 17:41:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe

[2013/05/15 13:19:15 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2013/05/15 09:20:49 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys

[2013/05/15 09:20:49 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll

[2013/05/15 09:20:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll

[2013/05/15 09:20:32 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll

[2013/05/15 09:20:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll

[2013/05/15 09:20:28 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll

[2013/05/15 09:20:28 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/08 11:44:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/08 11:43:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PWise\Desktop\OTL.exe

[2013/06/08 11:19:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/06/08 09:49:34 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/08 09:49:34 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/08 09:42:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/08 09:41:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/06/08 09:41:35 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/08 08:54:09 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2013/06/08 08:36:29 | 005,078,669 | R--- | M] (Swearware) -- C:\Users\PWise\Desktop\ComboFix.exe

[2013/06/08 00:05:14 | 000,890,839 | ---- | M] () -- C:\Users\PWise\Desktop\SecurityCheck.exe

[2013/06/07 23:25:54 | 000,730,532 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/06/07 23:25:54 | 000,627,354 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/06/07 23:25:54 | 000,107,638 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/06/07 22:46:29 | 002,240,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\PWise\Desktop\TDSSKiller.exe

[2013/06/07 10:54:43 | 000,418,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/06/07 09:33:44 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/07 08:33:29 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/06/07 08:33:19 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2013/05/28 11:13:37 | 000,000,153 | ---- | M] () -- C:\Users\PWise\Documents\SbrPokerUpdateLog

[2013/05/23 15:59:31 | 000,744,030 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2013/05/22 17:41:52 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

[2013/05/22 17:41:52 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll

[2013/05/22 17:41:52 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2013/05/22 17:41:52 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2013/05/22 17:41:52 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll

[2013/05/22 17:41:52 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll

[2013/05/22 17:41:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

[2013/05/22 17:41:52 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe

[2013/05/22 17:41:52 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe

[2013/05/22 17:41:52 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2013/05/22 17:41:52 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll

[2013/05/22 17:41:52 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll

[2013/05/22 17:41:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll

[2013/05/22 17:41:52 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll

[2013/05/22 17:41:52 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll

[2013/05/22 17:41:52 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2013/05/22 17:41:52 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe

[2013/05/22 17:41:52 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe

[2013/05/22 17:41:52 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll

[2013/05/22 17:41:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll

[2013/05/22 17:41:52 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe

[2013/05/22 17:41:51 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2013/05/22 17:41:51 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2013/05/22 17:41:51 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2013/05/22 17:41:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat

[2013/05/22 17:41:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat

[2013/05/22 17:41:51 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll

[2013/05/22 17:41:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2013/05/22 17:41:51 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

[2013/05/22 17:41:51 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

[2013/05/22 17:41:51 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2013/05/22 17:41:51 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2013/05/22 17:41:51 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2013/05/22 17:41:51 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll

[2013/05/22 17:41:51 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec

[2013/05/22 17:41:51 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec

[2013/05/22 17:41:51 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll

[2013/05/22 17:41:51 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2013/05/22 17:41:51 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2013/05/22 17:41:51 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll

[2013/05/22 17:41:51 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

[2013/05/22 17:41:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2013/05/22 17:41:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe

[2013/05/22 17:41:51 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll

[2013/05/22 17:41:51 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe

[2013/05/22 17:41:51 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll

[2013/05/22 17:41:51 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll

[2013/05/22 17:41:51 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll

[2013/05/22 17:41:51 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll

[2013/05/22 17:41:51 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2013/05/22 17:41:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe

[2013/05/22 17:41:51 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe

[2013/05/22 17:41:51 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll

[2013/05/22 17:41:51 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx

[2013/05/22 17:41:51 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll

[2013/05/22 17:41:51 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2013/05/22 17:41:51 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll

[2013/05/22 17:41:51 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx

[2013/05/22 17:41:51 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2013/05/22 17:41:51 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2013/05/22 17:41:51 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll

[2013/05/22 17:41:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll

[2013/05/22 17:41:51 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2013/05/22 17:41:51 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2013/05/22 17:41:51 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll

[2013/05/22 17:41:51 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf

[2013/05/22 17:41:51 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

[2013/05/22 17:41:51 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll

[2013/05/22 17:41:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe

[2013/05/22 17:41:51 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe

[2013/05/17 09:29:52 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2013/05/15 13:19:23 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2013/05/15 13:19:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/05/15 13:19:15 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/08 00:05:14 | 000,890,839 | ---- | C] () -- C:\Users\PWise\Desktop\SecurityCheck.exe

[2013/06/07 23:45:34 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/06/07 23:45:34 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/06/07 23:45:34 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/06/07 23:45:34 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/06/07 23:45:34 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013/05/23 15:59:31 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2013/05/22 17:41:51 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf

[2013/05/22 17:41:51 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf

[2012/10/11 11:46:51 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat

[2012/10/11 11:46:51 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat

[2012/03/12 15:17:58 | 000,081,920 | R--- | C] () -- C:\windows\SysWow64\mvusbews.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Link to post
Share on other sites
hardworkguy

hardworkguy

Posted
  • Author
Posted

Here is the 2nd step, third step in next post. Thanks again! OTL Extras logfile created on: 6/8/2013 11:45:42 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PWise\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.79% Memory free

7.74 Gb Paging File | 5.68 Gb Available in Paging File | 73.41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285.45 Gb Total Space | 227.86 Gb Free Space | 79.83% Space Free | Partition Type: NTFS

Computer Name: PWISE-PC | User Name: PWise | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02282FD6-F501-4C54-82B8-4C6BE31DC30F}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |

"{10A6A813-7EFF-4F72-8395-F653F75F29CC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3714B82C-1F54-44A0-B5DE-4680CE47D877}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{3BD150E1-8A6B-4F96-B3AB-A58DAD5AC0A5}" = rport=139 | protocol=6 | dir=out | app=system |

"{50F33F6A-8914-4CFC-964D-47A12F273BF7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{5DDEBCB9-1F0D-48DF-80BE-D9F98480A810}" = rport=138 | protocol=17 | dir=out | app=system |

"{6ACAD163-F837-4026-AD3A-0B7AD936D809}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{70E69F28-5980-498D-8E3E-57E09BBBF66E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7748DDEB-224E-4AAD-8C17-D4D36DD4D9C9}" = lport=445 | protocol=6 | dir=in | app=system |

"{7B3F2E84-E54A-43EF-BC45-2875660D1F69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7C8F386F-D1B3-446F-8837-E3F6B447414D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{80E80665-8C0C-4D94-B196-CBE04A0E0DE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{81EDD1AC-375E-48CA-BAD1-914923016A96}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{87FE6BDA-32FF-4967-8504-01F168C1FBB5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{884503BA-5A4E-4960-8FAD-9C2C0CC01D3E}" = lport=139 | protocol=6 | dir=in | app=system |

"{95705985-653E-455B-941F-033AA22EE802}" = lport=138 | protocol=17 | dir=in | app=system |

"{97F08E81-4FDE-4E28-95FA-83D601660A5B}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |

"{992BC087-1F29-4AA3-BA5A-C891E86A7203}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9ECD01CE-240C-4BEC-8A94-102B59DE6DB5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A64EA3CE-D691-4ACD-8801-DA9B19A6B12E}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |

"{ABE8E160-227F-49A3-9FA0-7FE838A07558}" = rport=10243 | protocol=6 | dir=out | app=system |

"{B8E7ACAD-CC16-4431-B481-0D8A2E1DEEBA}" = rport=137 | protocol=17 | dir=out | app=system |

"{C113E216-D3BD-4D79-BE6A-449444F7EEDF}" = lport=10243 | protocol=6 | dir=in | app=system |

"{C1F70532-98E7-4D6C-B130-6DABF916B37B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C3DB3ED7-2738-4180-98F8-89E72099F45A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{DC84BD70-04C2-44A8-872D-95D0BFBD48C6}" = lport=137 | protocol=17 | dir=in | app=system |

"{E7F06535-C8BD-4D8E-8199-F4C04A9C1CF4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F5DCF544-AAC8-431E-AD6C-F669304A9D13}" = rport=445 | protocol=6 | dir=out | app=system |

"{FE67FF6C-DF3D-48EB-B196-A2F1A66B0193}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{093494B8-985F-41B2-9135-1036562A6F63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{0FFB7929-EC68-43EC-9712-F20614D0733B}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{1058F8B3-787F-4688-9177-C92485138E19}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{10BC266B-CCEC-436D-A14D-E090B9A27D1F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{14DB3F85-DA45-47A5-81D2-80E27D88FF59}" = protocol=6 | dir=in | app=c:\users\pwise\appdata\local\temp\7zs66b9\hpdiagnosticcoreui.exe |

"{25B4B9A3-B99C-4877-BA3E-5409421A04CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{36D5CF26-FD33-4A15-9B8C-45D92C121B7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3C407B4F-6537-4C3A-9D09-8F1898E68635}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4CFE8B0B-4BD3-452D-BBE9-D9AC428CBE50}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{536CE987-AF25-44AF-9D94-D6AC0E93E432}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{55530854-6F9A-4960-97F0-57F3A3401DEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{62354CDA-6D39-42EF-9A36-FE42ACCD32C7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{6C309A84-544D-4FEE-827E-C53274A37607}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{78ED853E-6449-4BEA-BB9E-C421F07C6969}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{7DE150EA-75A4-49AC-B1CF-83345275359B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{7E96DD40-8F22-4393-9E13-93F6F61A723C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{83221CB1-0F38-49CF-9745-5B777F6F1CC5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{843D3C7D-1447-47D2-9329-63A5E0862B55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{86ACFD25-9D0F-41A6-B652-4B5279150EB9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{889D5EBC-8D55-422C-876C-5704ECE727F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{88C66B58-DCBB-4E18-8691-910C0869BC74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8D933C92-0EEB-4D99-957A-23E300C0CE04}" = protocol=17 | dir=in | app=d:\productinst64.exe |

"{91B8F823-B9C4-4FF8-A897-AC40EAE4C9F8}" = protocol=17 | dir=in | app=c:\users\pwise\appdata\local\temp\7zsbbbf.tmp\easyinst64.exe |

"{967DB5D7-6A75-4CEF-B5A1-F2E0FDE693D6}" = protocol=6 | dir=out | app=system |

"{968DF1D7-FE0C-44F6-88DE-1900F1CE5F51}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{98251EEE-A85B-4A12-99A4-0D4A3593F178}" = protocol=6 | dir=in | app=d:\productinst64.exe |

"{A355D7CD-FA9E-4860-9F1A-7E5BF9803483}" = protocol=6 | dir=in | app=c:\users\pwise\appdata\local\temp\7zsbbbf.tmp\easyinst64.exe |

"{A896F586-6E69-407E-AE27-181B5A13EBA2}" = protocol=17 | dir=in | app=c:\users\pwise\appdata\local\temp\7zs66b9\hpdiagnosticcoreui.exe |

"{AC8096E7-C63C-4B8A-9536-15099E231D21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AD565F2B-0CF2-414E-A562-A8F63B82367A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{ADCC2586-3958-4BD6-A19A-7270876EE6EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{AF95F787-89F2-4B59-9420-CA7C21B26240}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B000F558-D47A-4726-BC12-4E4438489BF2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B6CD7FB4-4714-4185-AE41-D18EADD3D14B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{D1002BDD-BDA6-4E4B-BEAA-784011DD8179}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D5DA6164-2C4E-4DF7-9259-4B608823A5A0}" = protocol=17 | dir=in | app=c:\users\pwise\appdata\local\temp\7zs5f02\hpdiagnosticcoreui.exe |

"{D5EC2254-CAAB-4CA2-B870-B44200E2F78F}" = protocol=6 | dir=in | app=c:\users\pwise\appdata\local\temp\7zs5f02\hpdiagnosticcoreui.exe |

"{D83EF7E6-EE03-4EF3-BED7-F7AC0B191B59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{DD4A19F6-91DC-438A-9D61-3EAEA9DD7BA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{ED064780-847D-4759-82E7-EB71F7D20960}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F5B5B027-2083-4EDC-9B34-C1DB2D6E1E09}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1FA6376A-3120-45DA-8686-96DEFC8A0513}" = HP LaserJet Toolbox

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{2DD3A692-550C-4693-97E4-299A5C3D6274}" = JobDiva Outlook

"{43C4BDBB-0FA3-4E79-8E9F-6ACF0F2FC0A4}" = HP LaserJet Professional M1210 MFP Series Toolbox

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}" = WinZip 16.0

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E65099C4-9110-4C31-BD03-5C17EFB5FE92}" = HP LaserJet Professional M1210 MFP Series Fax Installer

"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CutePDF Writer Installation" = CutePDF Writer 2.8

"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{80EAA261-C294-4F0A-A5BF-830CF4C382D5}" = JobDiva Outlook Components

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile + State 2012

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E19DE9C7-C80D-4439-9E55-028D84BD3E61}" = H&R Block Minnesota 2012

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"alotAppbar" = ALOT Appbar

"avast" = avast! Free Antivirus

"ESET Online Scanner" = ESET Online Scanner v3

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Google Chrome" = Google Chrome

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"N360" = Norton 360

"Office14.SingleImage" = Microsoft Office Home and Business 2010

"sbrAppId_is1" = SBR Poker 1.0.70

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-bit)

"WinZip Self-Extractor" = WinZip Self-Extractor

"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4038842359-2132870236-758783311-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 5.4.0.1082

"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/7/2013 11:39:40 PM | Computer Name = PWise-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/7/2013 11:41:45 PM | Computer Name = PWise-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x0000000000016479 Faulting process id: 0x110 Faulting

application start time: 0x01ce63f97d733b80 Faulting application path: C:\windows\system32\svchost.exe

Faulting

module path: unknown Report Id: 56fd13a8-cfed-11e2-92a7-00266cc67c53

Error - 6/7/2013 11:42:07 PM | Computer Name = PWise-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/7/2013 11:52:03 PM | Computer Name = PWise-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/8/2013 12:29:21 AM | Computer Name = PWise-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Users\PWise\Downloads\esetsmartinstaller_enu.exe".Error

in manifest or policy file "" on line . A component version required by the application

conflicts with another component version already active. Conflicting components

are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/8/2013 12:57:06 AM | Computer Name = PWise-PC | Source = Application Error | ID = 1000

Description = Faulting application name: PEV.exe, version: 0.0.0.0, time stamp:

0x4e06cfe8 Faulting module name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8

Exception

code: 0x40000015 Fault offset: 0x0008d1c0 Faulting process id: 0xd44 Faulting application

start time: 0x01ce64049df2d8d0 Faulting application path: C:\ComboFix\PEV.exe Faulting

module path: C:\ComboFix\PEV.exe Report Id: dda23902-cff7-11e2-9891-00266cc67c53

Error - 6/8/2013 9:23:40 AM | Computer Name = PWise-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/8/2013 9:53:49 AM | Computer Name = PWise-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/8/2013 10:05:44 AM | Computer Name = PWise-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/8/2013 10:43:24 AM | Computer Name = PWise-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 6/8/2013 10:42:05 AM | Computer Name = PWise-PC | Source = Service Control Manager | ID = 7000

Description = The vToolbarUpdater14.2.0 service failed to start due to the following

error: %%2

Error - 6/8/2013 10:42:14 AM | Computer Name = PWise-PC | Source = Service Control Manager | ID = 7034

Description = The HP LaserJet Service service terminated unexpectedly. It has done

this 1 time(s).

Error - 6/8/2013 10:42:57 AM | Computer Name = PWise-PC | Source = DCOM | ID = 10016

Description =

Error - 6/8/2013 11:24:33 AM | Computer Name = PWise-PC | Source = DCOM | ID = 10016

Description =

Error - 6/8/2013 11:24:33 AM | Computer Name = PWise-PC | Source = DCOM | ID = 10016

Description =

Error - 6/8/2013 11:44:00 AM | Computer Name = PWise-PC | Source = bowser | ID = 8003

Description =

Error - 6/8/2013 11:49:09 AM | Computer Name = PWise-PC | Source = DCOM | ID = 10016

Description =

Error - 6/8/2013 11:49:09 AM | Computer Name = PWise-PC | Source = DCOM | ID = 10016

Description =

Error - 6/8/2013 12:02:21 PM | Computer Name = PWise-PC | Source = DCOM | ID = 10016

Description =

Error - 6/8/2013 12:02:21 PM | Computer Name = PWise-PC | Source = DCOM | ID = 10016

Description =

< End of report >

Link to post
Share on other sites
hardworkguy

hardworkguy

Posted
  • Author
Posted

Here is the ESET 3rd step info. C:\Users\PWise\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdgddgfgggfgbdidddfdidegbdede\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined

C:\Users\PWise\AppData\LocalLow\3D84.tmp a variant of Win64/Olmarik.AY trojan cleaned by deleting - quarantined

C:\Users\PWise\AppData\LocalLow\3D85.tmp a variant of Win64/Olmarik.AY trojan cleaned by deleting - quarantined

C:\Users\PWise\Desktop\RK_Quarantine\PhysicalDrive0_LL1.dat Win32/Olmarik.AYX trojan cleaned by deleting - quarantined

C:\Users\PWise\Desktop\RK_Quarantine\PhysicalDrive0_LL2.dat Win32/Olmarik.AYX trojan cleaned by deleting - quarantined

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :OTL
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]


    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]


  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites
hardworkguy

hardworkguy

Posted
  • Author
Posted

Here it is.

Files\Folders moved on Reboot...

C:\Users\PWise\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\PWise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y2S2YU3U\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\PWise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y2S2YU3U\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\PWise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OXS4C1X7\index[3].htm moved successfully.

C:\Users\PWise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D5VZBF84\fastbutton[2].htm moved successfully.

C:\Users\PWise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

C:\Users\PWise\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Your logs appear to be clean :).

Please take the time to install the following updates. Program updates are a critical way to keep your computer safe, as outdated applications leave you vulnerable to malware.

-------

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-------

Upgrade Java : (64 bits)

  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

-------

Please let me know how the program updates went, as unsuccesful updates may be due to malware.

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted
Hi D-FRED-BROWN, Thanks for all of your help! I followed the steps to remove Adobe and Java. Things went fine until the end. After I installed the latest version of Java, I got an error message that said Browser Error 3 and an ok box. Not sure what that means.

No problem :).

Do you get any errors while using your web browser? If not I wouldn't worry about it.

---------------------

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, however we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Microsoft Security Essentials

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept