Jump to content


Photo
- - - - -

Program_error_updating (0,0,I/O)

update Malwarebytes

  • This topic is locked This topic is locked
22 replies to this topic

#1 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 07 May 2012 - 08:25 PM

Hello... please help me.... i want to update malwarebytes... i think i m infected.... i have made the dss thing and here are the result:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Owner at 21:10:44 on 2012-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1797 [GMT -5:00]
.
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\NATCOM 3G\UIExec.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NATCOM 3G\UIMain.exe
C:\Program Files (x86)\NATCOM 3G\CMUpdater.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\PROGRA~2\Yahoo!\MESSEN~1\MESSEN~1\ymsgr_tray.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar =
mDefault_Search_URL = hxxp://mywwwsites.com
mDefault_Page_URL = hxxp://mywwwsites.com
mStart Page = hxxp://www.google.fr
mSearch Page = hxxp://mywwwsites.com
mURLSearchHooks: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll
mURLSearchHooks: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll
mWinlogon: Userinit=C:\windows\SysWOW64\userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - C:\PROGRA~2\SEARCH~2\SEARCH~1.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\grabber.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
TB: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll
TB: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [UIExec] "C:\Program Files (x86)\NATCOM 3G\UIExec.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [<NO NAME>]
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldpt-br.cab
TCP: Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C} : DhcpNameServer = 10.35.1.254
TCP: Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}\0556163686541676C656D27657563747 : DhcpNameServer = 192.168.33.1 200.4.175.2 200.4.174.12
TCP: Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.64.150 68.87.75.198
TCP: Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll
BHO-X64: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~2\SEARCH~1.DLL
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll
BHO-X64: SBCONVERT - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\grabber.dll
BHO-X64: GrabberObj Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
TB-X64: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll
TB-X64: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [UIExec] "C:\Program Files (x86)\NATCOM 3G\UIExec.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys --> C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111026.030\IDSviA64.sys [2011-10-26 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS --> C:\windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-30 654408]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2010-10-30 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe [2012-1-21 270672]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [?]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [?]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\windows\system32\DRIVERS\HSPADataCardusbser.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbser.sys [?]
R3 HSPADataCardusbvoice;HSPADataCard VoUSB Port;C:\windows\system32\DRIVERS\HSPADataCardusbvoice.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbvoice.sys [?]
R3 LgBttPort;LGE Bluetooth TransPort;C:\windows\system32\DRIVERS\lgbtpt64.sys --> C:\windows\system32\DRIVERS\lgbtpt64.sys [?]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\windows\system32\DRIVERS\lgbtbs64.sys --> C:\windows\system32\DRIVERS\lgbtbs64.sys [?]
R3 LGVMODEM;LGE Virtual Modem;C:\windows\system32\DRIVERS\lgvmdm64.sys --> C:\windows\system32\DRIVERS\lgvmdm64.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam_x64.sys --> C:\windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-3-16 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-5 135664]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\windows\system32\DRIVERS\athurx.sys --> C:\windows\system32\DRIVERS\athurx.sys [?]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\windows\system32\DRIVERS\br3gmdm.sys --> C:\windows\system32\DRIVERS\br3gmdm.sys [?]
S3 ew_mbbusbdev;MBB USB PNP Device;C:\windows\system32\DRIVERS\ew_mbbusbdev.sys --> C:\windows\system32\DRIVERS\ew_mbbusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\windows\system32\DRIVERS\ewusbnet.sys --> C:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-5 135664]
S3 massfilter;Mass Storage Filter Driver;C:\windows\system32\drivers\massfilter.sys --> C:\windows\system32\drivers\massfilter.sys [?]
S3 mbbdatacard;MBB DataCard USB Modem and USB Serial;C:\windows\system32\DRIVERS\ewusbmdm.sys --> C:\windows\system32\DRIVERS\ewusbmdm.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\windows\system32\DRIVERS\PTDUBus.sys --> C:\windows\system32\DRIVERS\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;C:\windows\system32\DRIVERS\PTDUMdm.sys --> C:\windows\system32\DRIVERS\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\windows\system32\DRIVERS\PTDUVsp.sys --> C:\windows\system32\DRIVERS\PTDUVsp.sys [?]
S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\windows\system32\DRIVERS\PTDUWFLT.sys --> C:\windows\system32\DRIVERS\PTDUWFLT.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\windows\system32\DRIVERS\PTDUWWAN.sys --> C:\windows\system32\DRIVERS\PTDUWWAN.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-08 01:13:54 -------- d-----w- C:\Program Files (x86)\Ares
2012-05-07 23:38:32 -------- d-----w- C:\Users\Owner\AppData\Local\{6474F9FB-8562-4B73-B5A1-915604865234}
2012-05-07 23:38:23 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBF69FBB-26E3-4077-9501-99B9866CDB2D}\offreg.dll
2012-05-07 22:27:55 -------- d-----w- C:\Users\Owner\AppData\Local\{AE38245A-F547-4CE9-8C37-6B464BE5EE13}
2012-05-07 19:51:22 -------- d-----w- C:\Users\Owner\AppData\Local\{E56EE51B-88C2-46AA-9BA2-3F0F4492C438}
2012-05-07 17:52:22 -------- d-----w- C:\Users\Owner\AppData\Local\{50F829F2-269E-4BC5-97CA-234E43D2F8A6}
2012-05-07 17:11:32 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBF69FBB-26E3-4077-9501-99B9866CDB2D}\mpengine.dll
2012-05-06 17:30:59 -------- d-----w- C:\Users\Owner\AppData\Local\{B788AE40-892D-43BE-B5CC-3D4328E53527}
2012-05-04 00:45:30 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-05-03 21:55:51 -------- d-----w- C:\Users\Owner\AppData\Local\{18003BC1-568F-41C9-B622-5CCFE607021C}
2012-05-03 21:05:03 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A01FFE5-F898-4A0F-B6B6-3B84BFEEB9E1}\gapaengine.dll
2012-05-03 21:04:40 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-03 21:03:18 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-03 20:52:50 -------- d-----w- C:\Users\Owner\AppData\Local\{8580011D-1D14-40F5-B493-C43725C187F5}
2012-05-02 18:07:18 -------- d-----w- C:\Users\Owner\AppData\Local\{DA38E2A4-DE9B-42EB-88B5-A3C104C7FCEC}
2012-05-01 09:41:31 -------- d-----w- C:\Users\Owner\AppData\Local\{7E26C572-A38A-4850-817D-691FA764389F}
2012-05-01 09:09:03 -------- d-----w- C:\Users\Owner\AppData\Local\{D9CB827F-7951-4021-8FB7-C470F8E2381B}
2012-04-30 23:53:10 -------- d-----w- C:\Users\Owner\AppData\Local\{F57DD59F-52EA-4C1F-B758-BAA6A6096157}
2012-04-30 23:29:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-04-30 23:28:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-30 23:28:58 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-04-30 23:28:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-30 22:59:46 -------- d-----w- C:\Users\Owner\AppData\Local\{F7FAE55A-D523-4265-9306-F83AB721683C}
2012-04-30 22:54:25 -------- d-----w- C:\Users\Owner\AppData\Local\{36A13C98-D58A-41D0-A17A-29366968423B}
2012-04-30 22:04:45 -------- d-----w- C:\Users\Owner\AppData\Local\{BE420872-AEB8-4FFA-ABE9-8069959194F7}
2012-04-30 21:51:18 -------- d-----w- C:\Users\Owner\AppData\Local\{9AD0601A-4D45-414C-8EFF-0B93568FBD6E}
2012-04-30 20:11:25 -------- d-----w- C:\Users\Owner\AppData\Local\{8963C8D1-F0ED-4D8D-A69E-97451AE91A14}
2012-04-30 07:42:39 -------- d-----w- C:\Users\Owner\AppData\Local\{3F718C40-6061-483F-AAD9-A7C0AA50432B}
2012-04-30 04:05:51 -------- d-----w- C:\Users\Owner\AppData\Local\{A212CAE9-0DDC-47D7-B2E1-9A287B4BA646}
2012-04-30 02:28:34 -------- d-----w- C:\Users\Owner\AppData\Local\{6D83336F-5F4A-4600-A9EA-EF5B7C4BDEEC}
2012-04-29 14:42:45 -------- d-----w- C:\Users\Owner\AppData\Local\{7DB36190-9F99-40B0-8562-BA24ED8C03F8}
2012-04-29 02:53:56 -------- d-----w- C:\Users\Owner\AppData\Local\{87A0B7CE-1EE3-418B-A95D-6F4AA5509496}
2012-04-28 12:16:58 -------- d-----w- C:\Users\Owner\AppData\Local\{C888A2B0-2706-44E5-80BC-31F621930E49}
2012-04-28 05:47:28 -------- d-----w- C:\Users\Owner\AppData\Local\{E30D829E-E299-4362-87C7-B48B0389F47D}
2012-04-27 23:04:06 -------- d-----w- C:\Users\Owner\AppData\Local\{7180A2A8-4351-438B-8FCA-EF07FA3C96EA}
2012-04-27 04:43:48 -------- d-----w- C:\Users\Owner\AppData\Local\{79A670EB-D327-48B9-BA24-A27AC1642EFB}
2012-04-27 03:46:29 -------- d-----w- C:\Users\Owner\AppData\Local\{020D4D20-B6ED-4DB4-9157-51029F00FAAE}
2012-04-26 18:46:05 -------- d-----w- C:\Users\Owner\AppData\Local\{A07CCA34-0F9E-42C8-9BDB-482D67F4587C}
2012-04-26 18:34:39 -------- d-----w- C:\Users\Owner\AppData\Local\{C029163C-8AF3-40D2-9ECC-638DEB9957FF}
2012-04-26 15:04:02 -------- d-----w- C:\Users\Owner\AppData\Local\{822ACAB3-5087-4331-9FA0-F52CA34D2715}
2012-04-26 13:49:52 -------- d-----w- C:\Users\Owner\AppData\Local\{2C78BAC3-3734-4F13-925A-EFDE6F03D787}
2012-04-25 14:59:21 -------- d-----w- C:\Users\Owner\AppData\Local\{EE39779C-DE3D-4B71-9140-03B61D867111}
2012-04-24 16:03:05 512 ----a-w- C:\PhysicalMBR.bin
2012-04-24 14:12:00 -------- d-----w- C:\Users\Owner\AppData\Local\{23C1D592-30C4-4D2F-AA64-886B5414A3B7}
2012-04-24 07:21:32 -------- d-----w- C:\Users\Owner\AppData\Local\{5806EEB1-791E-498F-93FA-3CA8C4D71C32}
2012-04-24 03:36:38 -------- d-----w- C:\Users\Owner\AppData\Local\{D443E067-72C0-47BC-A7C2-79E56D9AD8A2}
2012-04-24 03:34:09 -------- d-sh--w- C:\found.000
2012-04-23 14:43:14 -------- d-----w- C:\Users\Owner\AppData\Local\{5C78C654-F08A-4D4A-A722-EFA3EC01F56C}
2012-04-23 01:26:57 -------- d-----w- C:\Users\Owner\AppData\Local\{4A5F4A5F-4BC4-449F-8C2D-DA64BB69F7F7}
2012-04-22 12:34:05 -------- d-----w- C:\Users\Owner\AppData\Local\{4C9789E5-9413-4BC9-9F0D-72EB7C2E0BE4}
2012-04-21 23:11:06 -------- d-----w- C:\Users\Owner\AppData\Local\{DCD677BB-9A87-4699-AD55-E36E8848346C}
2012-04-21 20:46:39 -------- d-----w- C:\Users\Owner\AppData\Local\{5D10F88D-9243-416E-AC0B-E2B49D6367A5}
2012-04-21 20:42:03 -------- d-----w- C:\windows\en
2012-04-21 20:37:24 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2012-04-21 20:30:20 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\922e4ef81cd1ffd02\MeshBetaRemover.exe
2012-04-21 20:30:19 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DSETUP.dll
2012-04-21 20:30:19 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DXSETUP.exe
2012-04-21 20:30:19 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\dsetup32.dll
2012-04-21 19:56:51 -------- d-----w- C:\Users\Owner\AppData\Local\{CE9CAA05-3689-4484-851E-17ACC8094586}
2012-04-21 17:43:54 -------- d-----w- C:\Users\Owner\AppData\Local\{4530F39C-6DDE-4A39-B839-8705B187E29C}
2012-04-21 17:43:40 -------- d-----w- C:\Users\Owner\AppData\Local\{7C98AF00-D11E-4DF3-80C9-2CE6639E4192}
2012-04-21 00:38:22 -------- d-----w- C:\Users\Owner\AppData\Local\{E8C4241C-3AC0-4DBD-9A65-A2114FF18E20}
2012-04-20 23:45:16 -------- d-----w- C:\Users\Owner\AppData\Local\{1466326D-C639-449B-8E97-310D8B9D7176}
2012-04-20 21:06:41 -------- d-----w- C:\Users\Owner\AppData\Local\{5A8D1EDA-EEB5-4C10-95A0-5EB10E216DCA}
2012-04-20 05:10:03 -------- d-----w- C:\Users\Owner\AppData\Local\{4C924245-1911-47EC-8D0C-4BE13A916171}
2012-04-19 23:59:30 -------- d-----w- C:\Users\Owner\AppData\Local\{595479AE-17FE-4A40-8965-D717702BAB56}
2012-04-19 22:12:55 -------- d-----w- C:\Users\Owner\AppData\Local\{9E276BF7-D23E-4419-A91D-633307630F12}
2012-04-19 04:14:32 -------- d-----w- C:\Users\Owner\AppData\Local\{9E0549D9-08C8-4671-B55E-9B731EAAC7BC}
2012-04-17 00:35:13 -------- d-----w- C:\ZHP
2012-04-17 00:32:14 -------- d-----w- C:\Program Files (x86)\ZHPDiag
2012-04-16 22:27:17 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-04-13 07:38:31 -------- d-----w- C:\Users\Owner\AppData\Local\{DF5B74EE-E53E-4EAB-9F6E-83DE740D802D}
2012-04-13 07:19:53 -------- d-----w- C:\Users\Owner\AppData\Local\{A0F9B318-0FD9-416F-86AE-7EA0C9CE644D}
2012-04-13 07:18:33 -------- d-----w- C:\Users\Owner\AppData\Local\{9D363018-5442-413A-BD00-EB31BD6A9CFA}
2012-04-13 04:46:25 -------- d-----w- C:\Users\Owner\AppData\Local\{490D3667-1337-4F6D-B7C5-C68CB4FADDBA}
2012-04-13 01:48:55 -------- d-----w- C:\Users\Owner\AppData\Local\{78133044-B6D0-48A6-813C-8A66547354CE}
2012-04-12 23:41:21 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 23:41:20 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 23:41:20 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 23:41:19 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 23:41:19 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 23:41:19 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 23:41:19 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-12 14:09:25 -------- d-----w- C:\Users\Owner\AppData\Local\{B1F702B5-D72B-4315-8CB4-36C97DEDC6E2}
2012-04-11 23:13:59 -------- d-----w- C:\Users\Owner\AppData\Local\{57603CD1-3F93-47C0-862A-B83E9FCCD219}
2012-04-11 15:48:59 -------- d-----w- C:\Users\Owner\AppData\Local\{7A18FD82-26D4-4161-923C-822D7123266F}
2012-04-11 15:05:01 -------- d-----w- C:\Users\Owner\AppData\Local\{3CBC11A7-2D37-4E42-8067-D2848FD12F62}
2012-04-10 19:23:37 -------- d-----w- C:\Users\Owner\AppData\Local\{476A415E-110B-49B3-96BE-1FEF980A2B6C}
2012-04-10 03:37:00 -------- d-----w- C:\Users\Owner\AppData\Local\{A7E2F03F-DCB2-48A4-ADC9-A169B3F4E722}
2012-04-09 20:17:30 -------- d-----w- C:\Users\Owner\AppData\Local\{1D892337-AC66-4015-8B3D-9B8156D1B192}
2012-04-08 19:08:55 -------- d-----w- C:\Users\Owner\AppData\Local\{EC5207CA-8DBA-4C84-A7F1-01CCA5253D3A}
2012-04-08 07:29:17 -------- d-----w- C:\Users\Owner\AppData\Local\{93068D32-4BD8-4D12-BA4C-48CD54CD25B6}
2012-04-08 02:57:58 -------- d-----w- C:\Users\Owner\AppData\Local\{FAF61067-9FD8-48A3-8960-01EF1C799A60}
.
==================== Find3M ====================
.
2012-03-21 01:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-03-08 23:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR
2012-03-06 06:53:37 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
.
============= FINISH: 21:12:34.44 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2010 10:52:23 PM
System Uptime: 5/7/2012 6:36:38 PM (3 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 2.773 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: BHDrvx64
Device ID: ROOT\LEGACY_BHDRVX64\0000
Manufacturer:
Name: BHDrvx64
PNP Device ID: ROOT\LEGACY_BHDRVX64\0000
Service: BHDrvx64
.
==== System Restore Points ===================
.
RP289: 4/30/2012 1:22:15 AM - Windows Update
RP290: 4/30/2012 6:46:02 PM - Removed Voila 2.0 HSDPA Utility R1.
RP291: 5/1/2012 3:00:20 AM - Windows Update
RP292: 5/7/2012 12:10:29 PM - Windows Update
RP293: 5/7/2012 5:47:48 PM - DLL-Files.com Fixer Mon, May 07, 12 17:47
.
==== Installed Programs ======================
.
1ClickDownloader
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Apple Application Support
Apple Software Update
Ares 3.1.7.3042
Ashampoo Burning Studio 6 FREE
AviSynth 2.5
Best Buy Software Installer
Bing Bar
CamfrogWEB Advanced ActiveX Plugin (remove only)
Compatibility Pack for the 2007 Office system
D3DX10
Dealio Toolbar v4.9
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Désinst. LG PC Suite III
Epi Info 7
Facebook Video Calling 1.2.0.159
Feedback Tool
FIFA 12 © EA version 1
Folder Lock
Free Mp3 Wma Converter V 1.9
Free MP3 WMA Cutter 3.7.2.5
GIMP 2.6.8
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Kabisa_V_81b 13/04/2010
Larousse Médical
LG Bluetooth Drivers
LG Internet Kit
LG MC USB U330 driver
LG United Mobile Driver
LG USB Modem Drivers
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.61.0.1400
ManyCam 2.6.65 (remove only)
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mywebsites.pro-FR Toolbar
NATCOM 3G
Norton Security Suite
ObjectDock
ooVoo
OpenOffice.org 3.2
Picasa 3
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Revo Uninstaller 1.93
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Soft-Search Toolbar
SpeedBit Video Downloader
Spelling Dictionaries Support For Adobe Reader 9
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Uniblue RegistryBooster
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update Manager
USB INTERNET
VLC media player 1.1.11
Votre santé au quotidien
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
ZHPDiag 1.30
.
==== Event Viewer Messages From Past Week ========
.
5/7/2012 8:48:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/7/2012 8:21:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/7/2012 6:37:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SRTSP
5/7/2012 6:37:24 PM, Error: Service Control Manager [7000] - The windrvNT service failed to start due to the following error: The system cannot find the file specified.
5/7/2012 6:37:21 PM, Error: Service Control Manager [7000] - The npf service failed to start due to the following error: The system cannot find the file specified.
5/7/2012 6:36:49 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
5/7/2012 6:36:49 PM, Error: SRTSP [4] - Error loading virus definitions.
5/7/2012 6:01:38 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2012 6:01:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/7/2012 6:01:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/7/2012 6:01:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/7/2012 6:01:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/7/2012 6:01:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/7/2012 6:01:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/7/2012 6:01:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2012 9:39:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/6/2012 8:52:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/6/2012 12:39:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/5/2012 8:29:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/1/2012 3:06:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2691905.
4/30/2012 5:59:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/30/2012 5:53:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/30/2012 5:04:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/30/2012 4:51:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/30/2012 3:18:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/30/2012 3:10:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

Thx for helping me...

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 08 May 2012 - 07:00 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 09 May 2012 - 04:32 PM

hi thx.
here for the report:
RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Remove -- Date: 05/09/2012 17:30:26
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 May 2012 - 04:40 PM

...see if this works

If you have the pro version of MB....make sure you have your license key

-----------------------

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")
Posted Image



Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot

Download and run this cleaner:
mbam-clean.exe


Reboot <---very important

Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)

http://www.malwareby...am-download.php

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 12 May 2012 - 09:05 PM

hi... did all...
Same message... :-( error updating etc.....

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 May 2012 - 03:36 AM

edit

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 May 2012 - 05:34 AM

You can get the latest updates from the link below:

http://data.mbamupda.../mbam-rules.exe

See if you can download and install them.

Then run a Full Scan and make sure that everything is checked, and click Remove Selected.

Post the log.

---------------------------------------------

Next.......

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:


If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 14 May 2012 - 01:00 PM

Hi... After dowloading the latest updates for malwarebytes, the report is:
Malwarebytes Anti-Malware (Essai) 1.61.0.1400
www.malwarebytes.org
Version de la base de données: v2012.05.07.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrateur]
Protection: Désactivé
5/13/2012 2:25:07 PM
mbam-log-2012-05-13 (14-25-07).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 479415
Temps écoulé: 1 heure(s), 50 minute(s), 25 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)

The report for tdss killer is (no malicious objects found):
16:48:31.0976 6188 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:48:32.0191 6188 ============================================================
16:48:32.0191 6188 Current date / time: 2012/05/13 16:48:32.0191
16:48:32.0191 6188 SystemInfo:
16:48:32.0191 6188
16:48:32.0191 6188 OS Version: 6.1.7601 ServicePack: 1.0
16:48:32.0191 6188 Product type: Workstation
16:48:32.0191 6188 ComputerName: OWNER-PC
16:48:32.0191 6188 UserName: Owner
16:48:32.0191 6188 Windows directory: C:\windows
16:48:32.0191 6188 System windows directory: C:\windows
16:48:32.0191 6188 Running under WOW64
16:48:32.0191 6188 Processor architecture: Intel x64
16:48:32.0191 6188 Number of processors: 2
16:48:32.0191 6188 Page size: 0x1000
16:48:32.0191 6188 Boot type: Normal boot
16:48:32.0191 6188 ============================================================
16:48:34.0048 6188 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:48:34.0065 6188 ============================================================
16:48:34.0065 6188 \Device\Harddisk0\DR0:
16:48:34.0065 6188 MBR partitions:
16:48:34.0065 6188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F1B000
16:48:34.0065 6188 ============================================================
16:48:34.0170 6188 C: <-> \Device\Harddisk0\DR0\Partition0
16:48:36.0342 6188 ============================================================
16:48:36.0342 6188 Initialize success
16:48:36.0342 6188 ============================================================
16:49:27.0837 4212 ============================================================
16:49:27.0837 4212 Scan started
16:49:27.0837 4212 Mode: Manual;
16:49:27.0837 4212 ============================================================
16:49:29.0023 4212 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:49:29.0026 4212 1394ohci - ok
16:49:29.0177 4212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:49:29.0181 4212 ACPI - ok
16:49:29.0272 4212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:49:29.0274 4212 AcpiPmi - ok
16:49:29.0307 4212 Scan interrupted by user!
16:49:29.0307 4212 Scan interrupted by user!
16:49:29.0307 4212 Scan interrupted by user!
16:49:29.0307 4212 ============================================================
16:49:29.0307 4212 Scan finished
16:49:29.0307 4212 ============================================================
16:49:29.0325 0920 Detected object count: 0
16:49:29.0325 0920 Actual detected object count: 0
16:49:41.0300 1664 ============================================================
16:49:41.0300 1664 Scan started
16:49:41.0300 1664 Mode: Manual; SigCheck; TDLFS;
16:49:41.0300 1664 ============================================================
16:49:41.0715 1664 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:49:42.0047 1664 1394ohci - ok
16:49:42.0056 1664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:49:42.0166 1664 ACPI - ok
16:49:42.0180 1664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:49:42.0373 1664 AcpiPmi - ok
16:49:42.0455 1664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
16:49:42.0496 1664 adp94xx - ok
16:49:42.0605 1664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
16:49:42.0628 1664 adpahci - ok
16:49:42.0717 1664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
16:49:42.0737 1664 adpu320 - ok
16:49:42.0782 1664 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:49:42.0996 1664 AeLookupSvc - ok
16:49:43.0111 1664 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:49:43.0215 1664 AFD - ok
16:49:43.0387 1664 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
16:49:43.0529 1664 AgereSoftModem - ok
16:49:43.0643 1664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:49:43.0669 1664 agp440 - ok
16:49:43.0756 1664 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:49:43.0824 1664 ALG - ok
16:49:43.0905 1664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:49:43.0922 1664 aliide - ok
16:49:44.0011 1664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:49:44.0027 1664 amdide - ok
16:49:44.0119 1664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
16:49:44.0205 1664 AmdK8 - ok
16:49:44.0249 1664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:49:44.0413 1664 AmdPPM - ok
16:49:44.0496 1664 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:49:44.0522 1664 amdsata - ok
16:49:44.0576 1664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
16:49:44.0602 1664 amdsbs - ok
16:49:44.0622 1664 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:49:44.0643 1664 amdxata - ok
16:49:44.0728 1664 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:49:44.0905 1664 AppID - ok
16:49:44.0932 1664 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:49:45.0041 1664 AppIDSvc - ok
16:49:45.0133 1664 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
16:49:45.0216 1664 Appinfo - ok
16:49:45.0437 1664 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:49:45.0463 1664 Apple Mobile Device - ok
16:49:45.0548 1664 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
16:49:45.0587 1664 arc - ok
16:49:45.0614 1664 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
16:49:45.0648 1664 arcsas - ok
16:49:45.0977 1664 aspnet_state - ok
16:49:46.0055 1664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:49:46.0235 1664 AsyncMac - ok
16:49:46.0417 1664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:49:46.0455 1664 atapi - ok
16:49:46.0766 1664 athur (36322190763845975e0d001e90687bf2) C:\windows\system32\DRIVERS\athurx.sys
16:49:46.0911 1664 athur - ok
16:49:47.0321 1664 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:49:47.0469 1664 AudioEndpointBuilder - ok
16:49:47.0479 1664 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:49:47.0536 1664 AudioSrv - ok
16:49:47.0619 1664 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
16:49:47.0770 1664 AxInstSV - ok
16:49:47.0904 1664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
16:49:47.0994 1664 b06bdrv - ok
16:49:48.0096 1664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:49:48.0160 1664 b57nd60a - ok
16:49:48.0389 1664 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
16:49:48.0412 1664 BBSvc - ok
16:49:48.0492 1664 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
16:49:48.0521 1664 BBUpdate - ok
16:49:48.0541 1664 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:49:48.0630 1664 BDESVC - ok
16:49:48.0700 1664 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:49:48.0782 1664 Beep - ok
16:49:48.0925 1664 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
16:49:49.0021 1664 BFE - ok
16:49:49.0481 1664 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx64.sys
16:49:49.0658 1664 BHDrvx64 - ok
16:49:49.0955 1664 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
16:49:50.0145 1664 BITS - ok
16:49:50.0280 1664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:49:50.0346 1664 blbdrive - ok
16:49:50.0557 1664 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:49:50.0577 1664 Bonjour Service - ok
16:49:50.0642 1664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:49:50.0685 1664 bowser - ok
16:49:50.0763 1664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:49:50.0859 1664 BrFiltLo - ok
16:49:50.0872 1664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:49:50.0895 1664 BrFiltUp - ok
16:49:50.0956 1664 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
16:49:51.0053 1664 Browser - ok
16:49:51.0113 1664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:49:51.0179 1664 Brserid - ok
16:49:51.0208 1664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:49:51.0261 1664 BrSerWdm - ok
16:49:51.0338 1664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:49:51.0384 1664 BrUsbMdm - ok
16:49:51.0415 1664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:49:51.0464 1664 BrUsbSer - ok
16:49:51.0502 1664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
16:49:51.0567 1664 BTHMODEM - ok
16:49:51.0644 1664 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:49:51.0722 1664 bthserv - ok
16:49:51.0885 1664 ccHP (da66e851e76766d2c84502fe682ab175) C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys
16:49:51.0915 1664 ccHP - ok
16:49:51.0993 1664 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:49:52.0071 1664 cdfs - ok
16:49:52.0143 1664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:49:52.0200 1664 cdrom - ok
16:49:52.0270 1664 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:49:52.0364 1664 CertPropSvc - ok
16:49:52.0476 1664 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
16:49:52.0491 1664 cfWiMAXService - ok
16:49:52.0579 1664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
16:49:52.0637 1664 circlass - ok
16:49:52.0697 1664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:49:52.0727 1664 CLFS - ok
16:49:52.0786 1664 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:49:52.0811 1664 clr_optimization_v2.0.50727_32 - ok
16:49:52.0858 1664 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:49:52.0874 1664 clr_optimization_v2.0.50727_64 - ok
16:49:53.0020 1664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:49:53.0037 1664 clr_optimization_v4.0.30319_32 - ok
16:49:53.0063 1664 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:49:53.0079 1664 clr_optimization_v4.0.30319_64 - ok
16:49:53.0148 1664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:49:53.0205 1664 CmBatt - ok
16:49:53.0249 1664 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:49:53.0264 1664 cmdide - ok
16:49:53.0355 1664 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
16:49:53.0428 1664 CNG - ok
16:49:53.0543 1664 cnnctfy2 (040ff3b09f26926a3792e047db0f47dd) C:\windows\system32\DRIVERS\cnnctfy2.sys
16:49:53.0564 1664 cnnctfy2 - ok
16:49:53.0644 1664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
16:49:53.0670 1664 Compbatt - ok
16:49:53.0745 1664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
16:49:53.0787 1664 CompositeBus - ok
16:49:53.0815 1664 COMSysApp - ok
16:49:53.0900 1664 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
16:49:53.0910 1664 ConfigFree Gadget Service - ok
16:49:53.0924 1664 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
16:49:53.0940 1664 ConfigFree Service - ok
16:49:54.0177 1664 Connectify (452d0996f0bbf20dd6c142662b748e37) C:\Program Files (x86)\Connectify\ConnectifyService.exe
16:49:54.0207 1664 Connectify ( UnsignedFile.Multi.Generic ) - warning
16:49:54.0207 1664 Connectify - detected UnsignedFile.Multi.Generic (1)
16:49:54.0246 1664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
16:49:54.0265 1664 crcdisk - ok
16:49:54.0383 1664 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
16:49:54.0466 1664 CryptSvc - ok
16:49:54.0569 1664 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:49:54.0671 1664 DcomLaunch - ok
16:49:54.0751 1664 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:49:54.0840 1664 defragsvc - ok
16:49:54.0924 1664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:49:54.0997 1664 DfsC - ok
16:49:55.0091 1664 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
16:49:55.0178 1664 Dhcp - ok
16:49:55.0231 1664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:49:55.0309 1664 discache - ok
16:49:55.0402 1664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
16:49:55.0420 1664 Disk - ok
16:49:55.0486 1664 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
16:49:55.0571 1664 Dnscache - ok
16:49:55.0662 1664 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
16:49:55.0741 1664 dot3svc - ok
16:49:55.0821 1664 dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
16:49:55.0868 1664 dot4 - ok
16:49:55.0950 1664 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\drivers\Dot4Prt.sys
16:49:56.0008 1664 Dot4Print - ok
16:49:56.0072 1664 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\windows\system32\DRIVERS\Dot4Scan.sys
16:49:56.0123 1664 Dot4Scan - ok
16:49:56.0199 1664 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
16:49:56.0247 1664 dot4usb - ok
16:49:56.0295 1664 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
16:49:56.0381 1664 DPS - ok
16:49:56.0452 1664 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:49:56.0503 1664 drmkaud - ok
16:49:56.0616 1664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:49:56.0666 1664 DXGKrnl - ok
16:49:56.0758 1664 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:49:56.0837 1664 EapHost - ok
16:49:57.0048 1664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
16:49:57.0166 1664 ebdrv - ok
16:49:57.0293 1664 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:49:57.0323 1664 eeCtrl - ok
16:49:57.0511 1664 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
16:49:57.0584 1664 EFS - ok
16:49:57.0764 1664 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
16:49:57.0864 1664 ehRecvr - ok
16:49:57.0889 1664 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:49:57.0924 1664 ehSched - ok
16:49:58.0065 1664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
16:49:58.0098 1664 elxstor - ok
16:49:58.0153 1664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:49:58.0204 1664 ErrDev - ok
16:49:58.0293 1664 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:49:58.0377 1664 EventSystem - ok
16:49:58.0458 1664 ewusbnet (50fcbbedad133d6bf402a7ce08ea95a3) C:\windows\system32\DRIVERS\ewusbnet.sys
16:49:58.0543 1664 ewusbnet - ok
16:49:58.0642 1664 ew_mbbusbdev (296dfceece424cd630cf8fdaf0cb0c09) C:\windows\system32\DRIVERS\ew_mbbusbdev.sys
16:49:58.0723 1664 ew_mbbusbdev - ok
16:49:58.0770 1664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:49:58.0859 1664 exfat - ok
16:49:58.0892 1664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:49:58.0984 1664 fastfat - ok
16:49:59.0085 1664 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
16:49:59.0162 1664 Fax - ok
16:49:59.0223 1664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
16:49:59.0287 1664 fdc - ok
16:49:59.0342 1664 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:49:59.0421 1664 fdPHost - ok
16:49:59.0460 1664 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:49:59.0530 1664 FDResPub - ok
16:49:59.0577 1664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:49:59.0593 1664 FileInfo - ok
16:49:59.0613 1664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:49:59.0666 1664 Filetrace - ok
16:49:59.0724 1664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
16:49:59.0741 1664 flpydisk - ok
16:49:59.0830 1664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:49:59.0860 1664 FltMgr - ok
16:49:59.0982 1664 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
16:50:00.0025 1664 FontCache - ok
16:50:00.0126 1664 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:50:00.0137 1664 FontCache3.0.0.0 - ok
16:50:00.0186 1664 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:50:00.0203 1664 FsDepends - ok
16:50:00.0277 1664 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys
16:50:00.0298 1664 fssfltr - ok
16:50:00.0516 1664 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:50:00.0570 1664 fsssvc - ok
16:50:00.0713 1664 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
16:50:00.0731 1664 Fs_Rec - ok
16:50:00.0820 1664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:50:00.0843 1664 fvevol - ok
16:50:00.0929 1664 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
16:50:01.0001 1664 FwLnk - ok
16:50:01.0072 1664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
16:50:01.0089 1664 gagp30kx - ok
16:50:01.0130 1664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:01.0141 1664 GEARAspiWDM - ok
16:50:01.0237 1664 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
16:50:01.0325 1664 gpsvc - ok
16:50:01.0500 1664 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:50:01.0513 1664 gupdate - ok
16:50:01.0600 1664 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:50:01.0613 1664 gupdatem - ok
16:50:01.0692 1664 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:50:01.0708 1664 gusvc - ok
16:50:01.0736 1664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:50:01.0815 1664 hcw85cir - ok
16:50:01.0911 1664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:50:01.0975 1664 HdAudAddService - ok
16:50:02.0060 1664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
16:50:02.0114 1664 HDAudBus - ok
16:50:02.0147 1664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
16:50:02.0190 1664 HidBatt - ok
16:50:02.0238 1664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
16:50:02.0294 1664 HidBth - ok
16:50:02.0324 1664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
16:50:02.0380 1664 HidIr - ok
16:50:02.0422 1664 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
16:50:02.0498 1664 hidserv - ok
16:50:02.0567 1664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
16:50:02.0588 1664 HidUsb - ok
16:50:02.0646 1664 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
16:50:02.0735 1664 hkmsvc - ok
16:50:02.0781 1664 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
16:50:02.0865 1664 HomeGroupListener - ok
16:50:02.0934 1664 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
16:50:02.0985 1664 HomeGroupProvider - ok
16:50:03.0052 1664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:50:03.0073 1664 HpSAMD - ok
16:50:03.0156 1664 HSPADataCardusbmdm (65120337e224a686f87ddd635f17c81b) C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys
16:50:03.0230 1664 HSPADataCardusbmdm - ok
16:50:03.0322 1664 HSPADataCardusbnmea (65120337e224a686f87ddd635f17c81b) C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys
16:50:03.0336 1664 HSPADataCardusbnmea - ok
16:50:03.0360 1664 HSPADataCardusbser (65120337e224a686f87ddd635f17c81b) C:\windows\system32\DRIVERS\HSPADataCardusbser.sys
16:50:03.0375 1664 HSPADataCardusbser - ok
16:50:03.0448 1664 HSPADataCardusbvoice (65120337e224a686f87ddd635f17c81b) C:\windows\system32\DRIVERS\HSPADataCardusbvoice.sys
16:50:03.0482 1664 HSPADataCardusbvoice - ok
16:50:03.0578 1664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:50:03.0636 1664 HTTP - ok
16:50:03.0677 1664 huawei_enumerator - ok
16:50:03.0744 1664 hwdatacard (aa379e6e47d1594f489b0e9215230a6a) C:\windows\system32\DRIVERS\ewusbmdm.sys
16:50:03.0814 1664 hwdatacard - ok
16:50:03.0906 1664 HWDeviceService64.exe - ok
16:50:03.0974 1664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:50:03.0994 1664 hwpolicy - ok
16:50:04.0071 1664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
16:50:04.0089 1664 i8042prt - ok
16:50:04.0181 1664 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
16:50:04.0204 1664 iaStor - ok
16:50:04.0306 1664 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:50:04.0336 1664 iaStorV - ok
16:50:04.0526 1664 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:50:04.0573 1664 idsvc - ok
16:50:04.0869 1664 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111026.030\IDSvia64.sys
16:50:04.0900 1664 IDSVia64 - ok
16:50:05.0841 1664 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys
16:50:06.0325 1664 igfx - ok
16:50:06.0489 1664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
16:50:06.0512 1664 iirsp - ok
16:50:06.0660 1664 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
16:50:06.0761 1664 IKEEXT - ok
16:50:06.0951 1664 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
16:50:07.0017 1664 IntcAzAudAddService - ok
16:50:07.0178 1664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:50:07.0196 1664 intelide - ok
16:50:07.0274 1664 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:50:07.0330 1664 intelppm - ok
16:50:07.0362 1664 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:50:07.0417 1664 IPBusEnum - ok
16:50:07.0494 1664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:50:07.0627 1664 IpFilterDriver - ok
16:50:07.0710 1664 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
16:50:07.0815 1664 iphlpsvc - ok
16:50:07.0865 1664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:50:07.0897 1664 IPMIDRV - ok
16:50:07.0928 1664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:50:08.0022 1664 IPNAT - ok
16:50:08.0152 1664 iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe
16:50:08.0195 1664 iPod Service - ok
16:50:08.0258 1664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:50:08.0358 1664 IRENUM - ok
16:50:08.0412 1664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:50:08.0427 1664 isapnp - ok
16:50:08.0493 1664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:50:08.0524 1664 iScsiPrt - ok
16:50:08.0583 1664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:50:08.0599 1664 kbdclass - ok
16:50:08.0662 1664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
16:50:08.0682 1664 kbdhid - ok
16:50:08.0744 1664 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:50:08.0762 1664 KeyIso - ok
16:50:08.0784 1664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
16:50:08.0802 1664 KSecDD - ok
16:50:08.0872 1664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
16:50:08.0901 1664 KSecPkg - ok
16:50:08.0923 1664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:50:09.0007 1664 ksthunk - ok
16:50:09.0073 1664 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:50:09.0148 1664 KtmRm - ok
16:50:09.0244 1664 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
16:50:09.0324 1664 LanmanServer - ok
16:50:09.0374 1664 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
16:50:09.0453 1664 LanmanWorkstation - ok
16:50:09.0534 1664 LgBttPort (174803f2eea3b22165dfe0e5a1f20685) C:\windows\system32\DRIVERS\lgbtpt64.sys
16:50:09.0617 1664 LgBttPort - ok
16:50:09.0739 1664 lgbusenum (565f93bb7c0361e61b3daea670c354d6) C:\windows\system32\DRIVERS\lgbtbs64.sys
16:50:09.0752 1664 lgbusenum - ok
16:50:09.0813 1664 LGVMODEM (abf477857b7ced873362ec92c6ce10a7) C:\windows\system32\DRIVERS\lgvmdm64.sys
16:50:09.0828 1664 LGVMODEM - ok
16:50:09.0913 1664 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:50:09.0968 1664 lltdio - ok
16:50:10.0008 1664 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:50:10.0084 1664 lltdsvc - ok
16:50:10.0121 1664 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:50:10.0179 1664 lmhosts - ok
16:50:10.0268 1664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
16:50:10.0292 1664 LSI_FC - ok
16:50:10.0317 1664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
16:50:10.0337 1664 LSI_SAS - ok
16:50:10.0357 1664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:50:10.0379 1664 LSI_SAS2 - ok
16:50:10.0400 1664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:50:10.0425 1664 LSI_SCSI - ok
16:50:10.0450 1664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:50:10.0527 1664 luafv - ok
16:50:10.0643 1664 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\windows\system32\DRIVERS\ManyCam_x64.sys
16:50:10.0683 1664 ManyCam - ok
16:50:10.0781 1664 massfilter (035c83cd72e06c47000793d32b1a642d) C:\windows\system32\drivers\massfilter.sys
16:50:10.0863 1664 massfilter - ok
16:50:10.0934 1664 mbbdatacard (aa379e6e47d1594f489b0e9215230a6a) C:\windows\system32\DRIVERS\ewusbmdm.sys
16:50:10.0970 1664 mbbdatacard - ok
16:50:11.0031 1664 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
16:50:11.0082 1664 Mcx2Svc - ok
16:50:11.0108 1664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
16:50:11.0125 1664 megasas - ok
16:50:11.0171 1664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
16:50:11.0192 1664 MegaSR - ok
16:50:11.0332 1664 Microsoft SharePoint Workspace Audit Service - ok
16:50:11.0411 1664 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:50:11.0495 1664 MMCSS - ok
16:50:11.0529 1664 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:50:11.0610 1664 Modem - ok
16:50:11.0654 1664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:50:11.0720 1664 monitor - ok
16:50:11.0800 1664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:50:11.0817 1664 mouclass - ok
16:50:11.0882 1664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:50:11.0926 1664 mouhid - ok
16:50:11.0979 1664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:50:11.0994 1664 mountmgr - ok
16:50:12.0108 1664 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
16:50:12.0136 1664 MpFilter - ok
16:50:12.0198 1664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:50:12.0218 1664 mpio - ok
16:50:12.0255 1664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:50:12.0312 1664 mpsdrv - ok
16:50:12.0425 1664 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
16:50:12.0528 1664 MpsSvc - ok
16:50:12.0581 1664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:50:12.0629 1664 MRxDAV - ok
16:50:12.0678 1664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:50:12.0751 1664 mrxsmb - ok
16:50:12.0817 1664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:50:12.0879 1664 mrxsmb10 - ok
16:50:12.0937 1664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:50:12.0961 1664 mrxsmb20 - ok
16:50:13.0021 1664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
16:50:13.0047 1664 msahci - ok
16:50:13.0106 1664 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:50:13.0132 1664 msdsm - ok
16:50:13.0164 1664 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:50:13.0219 1664 MSDTC - ok
16:50:13.0282 1664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:50:13.0352 1664 Msfs - ok
16:50:13.0421 1664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:50:13.0496 1664 mshidkmdf - ok
16:50:13.0533 1664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:50:13.0549 1664 msisadrv - ok
16:50:13.0591 1664 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:50:13.0674 1664 MSiSCSI - ok
16:50:13.0683 1664 msiserver - ok
16:50:13.0763 1664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:50:13.0843 1664 MSKSSRV - ok
16:50:14.0077 1664 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:50:14.0105 1664 MsMpSvc - ok
16:50:14.0181 1664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:50:14.0269 1664 MSPCLOCK - ok
16:50:14.0303 1664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:50:14.0376 1664 MSPQM - ok
16:50:14.0457 1664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:50:14.0494 1664 MsRPC - ok
16:50:14.0564 1664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
16:50:14.0581 1664 mssmbios - ok
16:50:14.0604 1664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:50:14.0681 1664 MSTEE - ok
16:50:14.0716 1664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
16:50:14.0742 1664 MTConfig - ok
16:50:14.0774 1664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:50:14.0794 1664 Mup - ok
16:50:15.0022 1664 N360 (8e643fd5f38fa9a2eda27268a1e9499f) C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
16:50:15.0043 1664 N360 - ok
16:50:15.0128 1664 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
16:50:15.0220 1664 napagent - ok
16:50:15.0308 1664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:50:15.0379 1664 NativeWifiP - ok
16:50:15.0482 1664 NAVENG - ok
16:50:15.0516 1664 NAVEX15 - ok
16:50:15.0625 1664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
16:50:15.0668 1664 NDIS - ok
16:50:15.0756 1664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:50:15.0835 1664 NdisCap - ok
16:50:15.0889 1664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:50:15.0953 1664 NdisTapi - ok
16:50:16.0024 1664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:50:16.0109 1664 Ndisuio - ok
16:50:16.0170 1664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:50:16.0263 1664 NdisWan - ok
16:50:16.0314 1664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:50:16.0369 1664 NDProxy - ok
16:50:16.0439 1664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:50:16.0535 1664 NetBIOS - ok
16:50:16.0588 1664 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:50:16.0672 1664 NetBT - ok
16:50:16.0712 1664 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:50:16.0731 1664 Netlogon - ok
16:50:16.0820 1664 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:50:16.0908 1664 Netman - ok
16:50:16.0966 1664 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:50:17.0065 1664 netprofm - ok
16:50:17.0148 1664 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:50:17.0167 1664 NetTcpPortSharing - ok
16:50:17.0245 1664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
16:50:17.0265 1664 nfrd960 - ok
16:50:17.0367 1664 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
16:50:17.0387 1664 NisDrv - ok
16:50:17.0616 1664 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:50:17.0639 1664 NisSrv - ok
16:50:17.0736 1664 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
16:50:17.0792 1664 NlaSvc - ok
16:50:17.0844 1664 npf - ok
16:50:17.0888 1664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:50:17.0947 1664 Npfs - ok
16:50:17.0968 1664 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:50:18.0057 1664 nsi - ok
16:50:18.0087 1664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:50:18.0181 1664 nsiproxy - ok
16:50:18.0328 1664 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:50:18.0386 1664 Ntfs - ok
16:50:18.0491 1664 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:50:18.0573 1664 Null - ok
16:50:18.0655 1664 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:50:18.0675 1664 nvraid - ok
16:50:18.0763 1664 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:50:18.0784 1664 nvstor - ok
16:50:18.0854 1664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:50:18.0875 1664 nv_agp - ok
16:50:18.0942 1664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:50:18.0969 1664 ohci1394 - ok
16:50:19.0108 1664 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:50:19.0128 1664 ose - ok
16:50:19.0532 1664 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:50:19.0821 1664 osppsvc - ok
16:50:20.0057 1664 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:50:20.0157 1664 p2pimsvc - ok
16:50:20.0214 1664 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:50:20.0253 1664 p2psvc - ok
16:50:20.0316 1664 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
16:50:20.0344 1664 Parport - ok
16:50:20.0416 1664 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
16:50:20.0445 1664 partmgr - ok
16:50:20.0487 1664 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:50:20.0554 1664 PcaSvc - ok
16:50:20.0600 1664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:50:20.0624 1664 pci - ok
16:50:20.0691 1664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
16:50:20.0710 1664 pciide - ok
16:50:20.0763 1664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
16:50:20.0784 1664 pcmcia - ok
16:50:20.0810 1664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:50:20.0833 1664 pcw - ok
16:50:20.0883 1664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:50:20.0955 1664 PEAUTH - ok
16:50:21.0016 1664 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:50:21.0069 1664 PerfHost - ok
16:50:21.0201 1664 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
16:50:21.0217 1664 PGEffect - ok
16:50:21.0463 1664 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
16:50:21.0591 1664 pla - ok
16:50:21.0694 1664 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
16:50:21.0794 1664 PlugPlay - ok
16:50:21.0816 1664 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:50:21.0845 1664 PNRPAutoReg - ok
16:50:21.0865 1664 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:50:21.0895 1664 PNRPsvc - ok
16:50:21.0971 1664 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
16:50:22.0052 1664 PolicyAgent - ok
16:50:22.0109 1664 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:50:22.0200 1664 Power - ok
16:50:22.0329 1664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:50:22.0403 1664 PptpMiniport - ok
16:50:22.0442 1664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
16:50:22.0483 1664 Processor - ok
16:50:22.0546 1664 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
16:50:22.0619 1664 ProfSvc - ok
16:50:22.0667 1664 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:50:22.0697 1664 ProtectedStorage - ok
16:50:22.0783 1664 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:50:22.0839 1664 Psched - ok
16:50:22.0934 1664 PTDUBus (bccea08c45bea866ffd2af32d23611b5) C:\windows\system32\DRIVERS\PTDUBus.sys
16:50:22.0952 1664 PTDUBus - ok
16:50:23.0034 1664 PTDUMdm (f94a0753921e97cebb9002682097149a) C:\windows\system32\DRIVERS\PTDUMdm.sys
16:50:23.0057 1664 PTDUMdm - ok
16:50:23.0138 1664 PTDUVsp (ac70cdae9e26d26ef6f41c3c23087aae) C:\windows\system32\DRIVERS\PTDUVsp.sys
16:50:23.0160 1664 PTDUVsp - ok
16:50:23.0243 1664 PTDUWFLT (1d2bd34a8e5c9efd75085af598a7d9b4) C:\windows\system32\DRIVERS\PTDUWFLT.sys
16:50:23.0261 1664 PTDUWFLT - ok
16:50:23.0327 1664 PTDUWWAN (3d47d2ae93fdf671c3c997b2fac4e13f) C:\windows\system32\DRIVERS\PTDUWWAN.sys
16:50:23.0346 1664 PTDUWWAN - ok
16:50:23.0432 1664 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
16:50:23.0453 1664 PxHlpa64 - ok
16:50:23.0601 1664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
16:50:23.0669 1664 ql2300 - ok
16:50:23.0775 1664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
16:50:23.0793 1664 ql40xx - ok
16:50:23.0835 1664 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:50:23.0875 1664 QWAVE - ok
16:50:23.0895 1664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:50:23.0956 1664 QWAVEdrv - ok
16:50:23.0996 1664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:50:24.0078 1664 RasAcd - ok
16:50:24.0144 1664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:50:24.0196 1664 RasAgileVpn - ok
16:50:24.0212 1664 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:50:24.0294 1664 RasAuto - ok
16:50:24.0345 1664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:50:24.0424 1664 Rasl2tp - ok
16:50:24.0512 1664 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
16:50:24.0576 1664 RasMan - ok
16:50:24.0664 1664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:50:24.0743 1664 RasPppoe - ok
16:50:24.0774 1664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:50:24.0861 1664 RasSstp - ok
16:50:24.0941 1664 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:50:25.0032 1664 rdbss - ok
16:50:25.0066 1664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
16:50:25.0119 1664 rdpbus - ok
16:50:25.0151 1664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:50:25.0212 1664 RDPCDD - ok
16:50:25.0288 1664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:50:25.0367 1664 RDPENCDD - ok
16:50:25.0402 1664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:50:25.0451 1664 RDPREFMP - ok
16:50:25.0513 1664 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
16:50:25.0586 1664 RDPWD - ok
16:50:25.0655 1664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:50:25.0679 1664 rdyboost - ok
16:50:25.0725 1664 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:50:25.0802 1664 RemoteAccess - ok
16:50:25.0850 1664 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:50:25.0937 1664 RemoteRegistry - ok
16:50:26.0020 1664 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\windows\system32\Drivers\RimUsb_AMD64.sys
16:50:26.0101 1664 RimUsb - ok
16:50:26.0167 1664 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:50:26.0269 1664 RpcEptMapper - ok
16:50:26.0314 1664 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:50:26.0357 1664 RpcLocator - ok
16:50:26.0427 1664 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:50:26.0503 1664 RpcSs - ok
16:50:26.0532 1664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:50:26.0580 1664 rspndr - ok
16:50:26.0669 1664 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\windows\system32\Drivers\RtsUStor.sys
16:50:26.0740 1664 RSUSBSTOR - ok
16:50:26.0884 1664 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\windows\system32\DRIVERS\Rt64win7.sys
16:50:26.0910 1664 RTL8167 - ok
16:50:27.0115 1664 rtl8192se (9d2a069a116289a5c0776488007f62be) C:\windows\system32\DRIVERS\rtl8192se.sys
16:50:27.0209 1664 rtl8192se - ok
16:50:27.0214 1664 RtsUIR - ok
16:50:27.0282 1664 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:50:27.0299 1664 SamSs - ok
16:50:27.0370 1664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:50:27.0388 1664 sbp2port - ok
16:50:27.0419 1664 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:50:27.0505 1664 SCardSvr - ok
16:50:27.0558 1664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:50:27.0658 1664 scfilter - ok
16:50:27.0822 1664 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
16:50:27.0929 1664 Schedule - ok
16:50:27.0989 1664 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:50:28.0047 1664 SCPolicySvc - ok
16:50:28.0071 1664 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
16:50:28.0190 1664 SDRSVC - ok
16:50:28.0299 1664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:50:28.0364 1664 secdrv - ok
16:50:28.0421 1664 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
16:50:28.0509 1664 seclogon - ok
16:50:28.0553 1664 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
16:50:28.0628 1664 SENS - ok
16:50:28.0711 1664 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:50:28.0743 1664 SensrSvc - ok
16:50:28.0833 1664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
16:50:28.0879 1664 Serenum - ok
16:50:28.0934 1664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
16:50:28.0953 1664 Serial - ok
16:50:29.0042 1664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
16:50:29.0068 1664 sermouse - ok
16:50:29.0144 1664 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
16:50:29.0225 1664 SessionEnv - ok
16:50:29.0269 1664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:50:29.0331 1664 sffdisk - ok
16:50:29.0359 1664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:50:29.0437 1664 sffp_mmc - ok
16:50:29.0473 1664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:50:29.0539 1664 sffp_sd - ok
16:50:29.0591 1664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
16:50:29.0611 1664 sfloppy - ok
16:50:29.0695 1664 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
16:50:29.0789 1664 SharedAccess - ok
16:50:29.0865 1664 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
16:50:29.0972 1664 ShellHWDetection - ok
16:50:30.0021 1664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:50:30.0041 1664 SiSRaid2 - ok
16:50:30.0084 1664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
16:50:30.0099 1664 SiSRaid4 - ok
16:50:30.0163 1664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:50:30.0228 1664 Smb - ok
16:50:30.0358 1664 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
16:50:30.0379 1664 SMSIVZAM5X64 - ok
16:50:30.0460 1664 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
16:50:30.0511 1664 SNMPTRAP - ok
16:50:30.0552 1664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:50:30.0567 1664 spldr - ok
16:50:30.0657 1664 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
16:50:30.0715 1664 Spooler - ok
16:50:31.0018 1664 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
16:50:31.0225 1664 sppsvc - ok
16:50:31.0344 1664 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
16:50:31.0397 1664 sppuinotify - ok
16:50:31.0641 1664 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS
16:50:31.0678 1664 SRTSP - ok
16:50:31.0705 1664 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS
16:50:31.0722 1664 SRTSPX - ok
16:50:31.0801 1664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:50:31.0882 1664 srv - ok
16:50:31.0919 1664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:50:31.0974 1664 srv2 - ok
16:50:32.0028 1664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:50:32.0053 1664 srvnet - ok
16:50:32.0135 1664 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
16:50:32.0228 1664 SSDPSRV - ok
16:50:32.0266 1664 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
16:50:32.0337 1664 SstpSvc - ok
16:50:32.0371 1664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
16:50:32.0386 1664 stexstor - ok
16:50:32.0497 1664 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
16:50:32.0567 1664 stisvc - ok
16:50:32.0664 1664 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:50:32.0683 1664 stllssvr - ok
16:50:32.0738 1664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
16:50:32.0754 1664 swenum - ok
16:50:32.0800 1664 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
16:50:32.0892 1664 swprv - ok
16:50:32.0998 1664 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
16:50:33.0026 1664 SymDS - ok
16:50:33.0106 1664 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
16:50:33.0148 1664 SymEFA - ok
16:50:33.0232 1664 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
16:50:33.0254 1664 SymEvent - ok
16:50:33.0357 1664 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS
16:50:33.0388 1664 SymIRON - ok
16:50:33.0424 1664 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS
16:50:33.0453 1664 SYMTDIv - ok
16:50:33.0549 1664 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
16:50:33.0575 1664 SynTP - ok
16:50:33.0839 1664 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
16:50:33.0953 1664 SysMain - ok
16:50:34.0125 1664 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
16:50:34.0181 1664 TabletInputService - ok
16:50:34.0232 1664 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
16:50:34.0330 1664 TapiSrv - ok
16:50:34.0392 1664 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
16:50:34.0449 1664 TBS - ok
16:50:34.0688 1664 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
16:50:34.0763 1664 Tcpip - ok
16:50:35.0165 1664 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
16:50:35.0247 1664 TCPIP6 - ok
16:50:35.0580 1664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:50:35.0656 1664 tcpipreg - ok
16:50:35.0759 1664 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:50:35.0795 1664 tdcmdpst - ok
16:50:35.0844 1664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:50:35.0930 1664 TDPIPE - ok
16:50:35.0989 1664 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
16:50:36.0043 1664 TDTCP - ok
16:50:36.0117 1664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:50:36.0175 1664 tdx - ok
16:50:36.0243 1664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
16:50:36.0260 1664 TermDD - ok
16:50:36.0346 1664 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
16:50:36.0455 1664 TermService - ok
16:50:36.0498 1664 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
16:50:36.0559 1664 Themes - ok
16:50:36.0616 1664 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:50:36.0668 1664 THREADORDER - ok
16:50:36.0895 1664 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:50:36.0909 1664 TMachInfo - ok
16:50:36.0939 1664 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
16:50:36.0955 1664 TODDSrv - ok
16:50:37.0049 1664 TosCoSrv (4db8c79bcea76063b83b13410366a1f7) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:50:37.0073 1664 TosCoSrv - ok
16:50:37.0129 1664 TOSHIBA eco Utility Service (32ff64d06a91daa0331c624aff442679) C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:50:37.0155 1664 TOSHIBA eco Utility Service - ok
16:50:37.0248 1664 TOSHIBA HDD SSD Alert Service (dd58e1250f604cbbadda04575e5e2376) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:50:37.0273 1664 TOSHIBA HDD SSD Alert Service - ok
16:50:37.0396 1664 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
16:50:37.0436 1664 tos_sps64 - ok
16:50:37.0516 1664 TPCHSrv (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:50:37.0550 1664 TPCHSrv - ok
16:50:37.0740 1664 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
16:50:37.0834 1664 TrkWks - ok
16:50:37.0929 1664 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
16:50:38.0021 1664 TrustedInstaller - ok
16:50:38.0124 1664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:50:38.0199 1664 tssecsrv - ok
16:50:38.0276 1664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:50:38.0321 1664 TsUsbFlt - ok
16:50:38.0417 1664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:50:38.0504 1664 tunnel - ok
16:50:38.0566 1664 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:50:38.0587 1664 TVALZ - ok
16:50:38.0672 1664 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
16:50:38.0691 1664 TVALZFL - ok
16:50:38.0726 1664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
16:50:38.0747 1664 uagp35 - ok
16:50:38.0822 1664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:50:38.0906 1664 udfs - ok
16:50:39.0100 1664 UI Assistant Service (75d143f71e9c92405af82e3ab1129d8c) C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe
16:50:39.0128 1664 UI Assistant Service - ok
16:50:39.0158 1664 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
16:50:39.0182 1664 UI0Detect - ok
16:50:39.0266 1664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:50:39.0292 1664 uliagpkx - ok
16:50:39.0356 1664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
16:50:39.0426 1664 umbus - ok
16:50:39.0470 1664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
16:50:39.0525 1664 UmPass - ok
16:50:39.0614 1664 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
16:50:39.0734 1664 upnphost - ok
16:50:39.0830 1664 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\windows\system32\Drivers\usbaapl64.sys
16:50:39.0852 1664 USBAAPL64 - ok
16:50:39.0950 1664 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
16:50:39.0982 1664 usbaudio - ok
16:50:40.0068 1664 usbbus (5fcc71487888589a9244af54cfefab29) C:\windows\system32\DRIVERS\lgx64bus.sys
16:50:40.0141 1664 usbbus - ok
16:50:40.0204 1664 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
16:50:40.0242 1664 usbccgp - ok
16:50:40.0248 1664 USBCCID - ok
16:50:40.0352 1664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:50:40.0375 1664 usbcir - ok
16:50:40.0440 1664 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\windows\system32\DRIVERS\lgx64diag.sys
16:50:40.0476 1664 UsbDiag - ok
16:50:40.0531 1664 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
16:50:40.0582 1664 usbehci - ok
16:50:40.0657 1664 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
16:50:40.0707 1664 usbhub - ok
16:50:40.0791 1664 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\windows\system32\DRIVERS\lgx64modem.sys
16:50:40.0806 1664 USBModem - ok
16:50:40.0820 1664 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
16:50:40.0864 1664 usbohci - ok
16:50:40.0933 1664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:50:40.0980 1664 usbprint - ok
16:50:41.0036 1664 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
16:50:41.0092 1664 usbscan - ok
16:50:41.0128 1664 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:50:41.0216 1664 USBSTOR - ok
16:50:41.0278 1664 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
16:50:41.0325 1664 usbuhci - ok
16:50:41.0454 1664 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
16:50:41.0481 1664 usbvideo - ok
16:50:41.0500 1664 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
16:50:41.0643 1664 UxSms - ok
16:50:41.0692 1664 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:50:41.0745 1664 VaultSvc - ok
16:50:41.0815 1664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:50:41.0838 1664 vdrvroot - ok
16:50:41.0926 1664 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
16:50:41.0998 1664 vds - ok
16:50:42.0022 1664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:50:42.0049 1664 vga - ok
16:50:42.0071 1664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:50:42.0152 1664 VgaSave - ok
16:50:42.0205 1664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:50:42.0227 1664 vhdmp - ok
16:50:42.0316 1664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:50:42.0346 1664 viaide - ok
16:50:42.0406 1664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:50:42.0433 1664 volmgr - ok
16:50:42.0512 1664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:50:42.0539 1664 volmgrx - ok
16:50:42.0613 1664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
16:50:42.0643 1664 volsnap - ok
16:50:42.0734 1664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
16:50:42.0760 1664 vsmraid - ok
16:50:42.0918 1664 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
16:50:43.0079 1664 VSS - ok
16:50:43.0204 1664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:50:43.0256 1664 vwifibus - ok
16:50:43.0317 1664 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:50:43.0374 1664 vwififlt - ok
16:50:43.0408 1664 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
16:50:43.0437 1664 vwifimp - ok
16:50:43.0480 1664 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
16:50:43.0541 1664 W32Time - ok
16:50:43.0573 1664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
16:50:43.0591 1664 WacomPen - ok
16:50:43.0672 1664 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:50:43.0748 1664 WANARP - ok
16:50:43.0757 1664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:50:43.0806 1664 Wanarpv6 - ok
16:50:43.0947 1664 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
16:50:44.0006 1664 WatAdminSvc - ok
16:50:44.0129 1664 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
16:50:44.0267 1664 wbengine - ok
16:50:44.0397 1664 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
16:50:44.0436 1664 WbioSrvc - ok
16:50:44.0517 1664 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
16:50:44.0597 1664 wcncsvc - ok
16:50:44.0629 1664 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
16:50:44.0655 1664 WcsPlugInService - ok
16:50:44.0704 1664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
16:50:44.0725 1664 Wd - ok
16:50:44.0820 1664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:50:44.0870 1664 Wdf01000 - ok
16:50:44.0893 1664 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:50:45.0015 1664 WdiServiceHost - ok
16:50:45.0018 1664 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:50:45.0052 1664 WdiSystemHost - ok
16:50:45.0121 1664 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
16:50:45.0155 1664 WebClient - ok
16:50:45.0198 1664 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
16:50:45.0286 1664 Wecsvc - ok
16:50:45.0335 1664 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
16:50:45.0434 1664 wercplsupport - ok
16:50:45.0505 1664 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
16:50:45.0572 1664 WerSvc - ok
16:50:45.0616 1664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:50:45.0671 1664 WfpLwf - ok
16:50:45.0690 1664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:50:45.0710 1664 WIMMount - ok
16:50:45.0734 1664 WinDefend - ok
16:50:45.0786 1664 windrvNT - ok
16:50:45.0790 1664 WinHttpAutoProxySvc - ok
16:50:45.0875 1664 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
16:50:45.0968 1664 Winmgmt - ok
16:50:46.0114 1664 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
16:50:46.0292 1664 WinRM - ok
16:50:46.0631 1664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
16:50:46.0677 1664 WinUsb - ok
16:50:46.0759 1664 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
16:50:46.0805 1664 Wlansvc - ok
16:50:46.0948 1664 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:50:46.0976 1664 wlcrasvc - ok
16:50:47.0266 1664 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:50:47.0339 1664 wlidsvc - ok
16:50:47.0547 1664 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\windows\system32\drivers\WmBEnum.sys
16:50:47.0567 1664 WmBEnum - ok
16:50:47.0676 1664 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\windows\system32\drivers\WmFilter.sys
16:50:47.0694 1664 WmFilter - ok
16:50:47.0751 1664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
16:50:47.0791 1664 WmiAcpi - ok
16:50:47.0862 1664 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
16:50:47.0914 1664 wmiApSrv - ok
16:50:47.0996 1664 WMPNetworkSvc - ok
16:50:48.0078 1664 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\windows\system32\drivers\WmVirHid.sys
16:50:48.0097 1664 WmVirHid - ok
16:50:48.0180 1664 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\windows\system32\drivers\WmXlCore.sys
16:50:48.0198 1664 WmXlCore - ok
16:50:48.0220 1664 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
16:50:48.0249 1664 WPCSvc - ok
16:50:48.0314 1664 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
16:50:48.0337 1664 WPDBusEnum - ok
16:50:48.0368 1664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:50:48.0429 1664 ws2ifsl - ok
16:50:48.0446 1664 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
16:50:48.0501 1664 wscsvc - ok
16:50:48.0505 1664 WSearch - ok
16:50:48.0659 1664 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
16:50:48.0789 1664 wuauserv - ok
16:50:48.0958 1664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:50:49.0006 1664 WudfPf - ok
16:50:49.0082 1664 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:50:49.0161 1664 WUDFRd - ok
16:50:49.0205 1664 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
16:50:49.0259 1664 wudfsvc - ok
16:50:49.0296 1664 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
16:50:49.0350 1664 WwanSvc - ok
16:50:49.0458 1664 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\windows\system32\DRIVERS\xnacc.sys
16:50:49.0534 1664 xnacc - ok
16:50:49.0625 1664 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\windows\system32\DRIVERS\xusb21.sys
16:50:49.0672 1664 xusb21 - ok
16:50:49.0883 1664 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:50:49.0911 1664 YahooAUService - ok
16:50:50.0006 1664 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
16:50:50.0240 1664 \Device\Harddisk0\DR0 - ok
16:50:50.0281 1664 Boot (0x1200) (d98d89a71f01fbc9c0e0a2ec4f8abbca) \Device\Harddisk0\DR0\Partition0
16:50:50.0282 1664 \Device\Harddisk0\DR0\Partition0 - ok
16:50:50.0283 1664 ============================================================
16:50:50.0283 1664 Scan finished
16:50:50.0283 1664 ============================================================
16:50:50.0295 6904 Detected object count: 1
16:50:50.0295 6904 Actual detected object count: 1
16:51:55.0777 6904 Connectify ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:55.0777 6904 Connectify ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:04:50.0174 6376 Deinitialize success

thx

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 May 2012 - 01:27 PM

Those scans were clean......

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 15 May 2012 - 05:03 PM

After the combofix scan, i got this report:

ComboFix 12-05-14.03 - Owner 05/15/2012 0:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1662 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Owner\Documents\~WRL2476.tmp
c:\windows\SysWow64\SET9B26.tmp
c:\windows\SysWow64\SETA7B4.tmp
c:\windows\UA000011.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 05:59 . 2012-05-15 05:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 08:04 . 2012-05-14 08:04 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-14 08:04 . 2012-05-14 08:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 00:43 . 2012-05-14 00:43 -------- d-----w- c:\users\Owner\AppData\Roaming\PeerNetworking
2012-05-13 19:17 . 2012-05-13 19:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-13 19:17 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-13 03:43 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 03:43 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 03:43 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 03:43 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 03:43 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 03:42 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 03:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 02:52 . 2012-05-13 02:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-05-13 02:51 . 2012-05-13 02:51 -------- d-----w- c:\programdata\Malwarebytes
2012-05-13 02:33 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 02:33 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 02:33 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 02:33 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 02:33 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 02:33 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 04:28 . 2012-05-08 04:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-08 04:16 . 2012-05-08 04:16 116016 ----a-w- c:\windows\system32\drivers\87617208.sys
2012-05-04 00:45 . 2012-05-08 05:11 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-05-03 21:03 . 2012-05-03 21:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-24 16:03 . 2012-04-24 16:03 512 ----a-w- C:\PhysicalMBR.bin
2012-04-24 03:34 . 2012-04-24 03:34 -------- d-----w- C:\found.000
2012-04-21 20:42 . 2012-04-21 20:42 -------- d-----w- c:\windows\en
2012-04-21 20:37 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-21 20:30 . 2012-04-21 20:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\922e4ef81cd1ffd02\MeshBetaRemover.exe
2012-04-21 20:30 . 2012-04-21 20:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DXSETUP.exe
2012-04-21 20:30 . 2012-04-21 20:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DSETUP.dll
2012-04-21 20:30 . 2012-04-21 20:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\dsetup32.dll
2012-04-17 00:35 . 2012-04-30 22:01 -------- d-----w- C:\ZHP
2012-04-17 00:32 . 2012-04-30 22:01 -------- d-----w- c:\program files (x86)\ZHPDiag
2012-04-17 00:06 . 2012-04-24 07:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2012-04-16 22:27 . 2012-04-16 22:27 -------- d-----w- c:\program files (x86)\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-03 21:04 . 2012-05-03 21:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A01FFE5-F898-4A0F-B6B6-3B84BFEEB9E1}\gapaengine.dll
2012-04-13 08:46 . 2012-05-15 02:49 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D80D9C4C-AA47-4B6B-8656-E70ED5428AF8}\mpengine.dll
2012-04-13 08:46 . 2012-05-13 22:05 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-12 23:41 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 23:41 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 23:41 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 23:41 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 23:41 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 23:41 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 23:41 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 23:46 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 23:46 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 23:46 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 23:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 23:46 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 23:46 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 23:46 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 23:46 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38 . 2012-03-19 22:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-19 22:44 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-19 22:44 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-19 22:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]
2010-06-11 03:41 2515552 ----a-w- c:\program files (x86)\Soft-Search\tbSof1.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}]
2010-09-27 17:11 2735200 ----a-w- c:\program files (x86)\mywebsites.pro-FR\tbmyw0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2011-10-20 03:05 2660016 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{33727f97-486d-4d19-97c3-23f432ef93fc}"= "c:\program files (x86)\mywebsites.pro-FR\tbmyw0.dll" [2010-09-27 2735200]
"{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}"= "c:\program files (x86)\Soft-Search\tbSof1.dll" [2010-06-11 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]
.
[HKEY_CLASSES_ROOT\clsid\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-07 137536]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"UIExec"="c:\program files (x86)\NATCOM 3G\UIExec.exe" [2011-11-18 153424]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-4-4 3450608]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 135664]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 ew_mbbusbdev;MBB USB PNP Device;c:\windows\system32\DRIVERS\ew_mbbusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 135664]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [x]
R3 HSPADataCardusbvoice;HSPADataCard VoUSB Port;c:\windows\system32\DRIVERS\HSPADataCardusbvoice.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 mbbdatacard;MBB DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [x]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [x]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [x]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [x]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111026.030\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\NATCOM 3G\AssistantServices.exe [2011-11-18 270672]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 02:45]
.
2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 02:45]
.
2012-05-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-13 01:20]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 05:06]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 05:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF5378.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.fr
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
SafeBoot-42060062.sys
Toolbar-Locked - (no file)
WebBrowser-{33727F97-486D-4D19-97C3-23F432EF93FC} - (no file)
WebBrowser-{09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe
c:\program files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-05-15 01:24:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 06:24
.
Pre-Run: 16,463,269,888 bytes free
Post-Run: 16,629,927,936 bytes free
.
- - End Of File - - 77B1C32B51F0D8E440A7E9CD254B3929

#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 15 May 2012 - 05:50 PM

Reboot the computer if you haven't and let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 15 May 2012 - 11:16 PM

:-( :-( :-( malwarebytes still can't update.... same message.... program error updating etc...:-(

And i was on another forum at zebulon.fr for another problem "ntdll.ddl" when trying using zhpdiag to resolve a problem connecting with skype, so the expert has recommended me to scan with combofix too, it's hasnt been resolved either....

I guess ther's no more solution and that i should throw it out :-(.... nooooooooooo...

thx to have try to help me... wish ther's another solution...

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 16 May 2012 - 05:49 AM

1. > Please post the exact error message again...just to be sure.

2. > Are you using a router?

3. > Can you give me a link to the post where you were helped before.

4. > Try disabling your firewall and see if you can update

5. > Click on the link that pertains to your country and see if it comes up green.

http://www.dns-ok.us/ <--------for USA

http://www.dcwg.org/detect/ <---other countries

---------------------------------------

It looks like you have Norton, MSE and Defender installed.
I hope you have Defender permanently disabled.
Pick Norton or MSE as your AV and uninstall the other


I suggest you uninstall Norton and run their uninstaller tool:

https://www-secure.s...n=1&pvid=f-home


AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}


Then.......

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Please be patient, we'll find a solution.....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 16 May 2012 - 09:53 AM

1) The message:
An error has occured. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission).

Program_error_updating (0,0,I/0 error)

2)I m not using a router, no....

3)the link: http://forum.zebulon...94#entry1616394

4)with firewall disable, no change, same message

5)it s green...

i have deleted norton because it was crashed before...

i have done the scan two times ans there was only one report, otl.txt :
OTL logfile created on: 5/16/2012 10:33:59 AM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.56% Memory free
5.74 Gb Paging File | 3.90 Gb Available in Paging File | 67.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.55 Gb Total Space | 15.62 Gb Free Space | 5.43% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 09:26:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/23 00:19:07 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/01/26 14:51:34 | 000,092,320 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
PRC - [2011/11/18 10:24:26 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe
PRC - [2011/11/18 10:24:26 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\UIExec.exe
PRC - [2011/06/16 06:55:12 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Messenger\Ymsgr_tray.exe
PRC - [2010/11/16 08:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 17:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/04/30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 10:24:26 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\UIExec.exe
MOD - [2011/10/19 22:05:36 | 000,084,480 | ---- | M] () -- C:\Windows\SysWOW64\EasyHook32.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\Messenger\yui.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2007/04/30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/21 12:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 13:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002/11/19 13:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODimg.dll
MOD - [2002/03/13 18:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\ODimg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/11 18:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 16:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 13:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/11/18 10:24:26 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/16 08:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbvoice.sys -- (HSPADataCardusbvoice)
DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/27 06:58:47 | 000,121,600 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (mbbdatacard)
DRV:64bit: - [2010/09/27 06:58:47 | 000,121,600 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/09/27 06:34:00 | 000,256,000 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/09/26 22:53:34 | 000,115,584 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_mbbusbdev.sys -- (ew_mbbusbdev)
DRV:64bit: - [2010/05/05 23:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/21 22:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/05 16:46:11 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/25 19:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/01/29 01:46:46 | 001,089,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/01/05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/10/14 22:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/29 07:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 07:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 07:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/12 06:14:16 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV:64bit: - [2009/08/12 06:14:16 | 000,141,840 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV:64bit: - [2009/08/12 06:14:16 | 000,070,672 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUBus.sys -- (PTDUBus)
DRV:64bit: - [2009/08/12 06:14:16 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV:64bit: - [2009/08/12 06:14:12 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/05 21:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/11/19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2011/10/14 18:10:08 | 001,155,704 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111026.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/07/31 11:36:41 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/01/04 20:47:51 | 000,035,363 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\windrvNT.sys -- (windrvNT)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/05/25 14:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {91666140-44D5-410A-A0B8-D7D017877451}
IE:64bit: - HKLM\..\SearchScopes\{91666140-44D5-410A-A0B8-D7D017877451}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKLM\..\URLSearchHook: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{4667CC2A-B714-45CD-83DA-B6768B7FF82C}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes,DefaultScope = {4667CC2A-B714-45CD-83DA-B6768B7FF82C}
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{4667CC2A-B714-45CD-83DA-B6768B7FF82C}: "URL" = http://www.google.co...1I7TSNA_enUS373
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...&q={searchTerms}
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{9ABEDED2-4DF0-4538-993F-72EA48AEF693}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...}&o=15527&l=dis
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://fr.search.yah...?p={searchTerms}
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{EF8201DF-449D-49C4-B705-D2AAEACF5DAF}: "URL" = http://search.yahoo....&p={searchTerms}
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....2&type=867034="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034&ilc=12"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/31 11:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/11/05 23:36:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files (x86)\CrazyLoader\spointer\extensions\crazyloader@spointer.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox [2011/10/19 22:06:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2011/10/19 22:06:11 | 000,000,000 | ---D | M]

[2012/05/03 19:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/01/28 21:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fuqpj7lv.default\extensions
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: SpeedBit Search (Enabled)
CHR - default_search_provider: search_url = http://home.speedbit...&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.searchpre...nd={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.3_0\lib/npdapchrome.dll
CHR - plugin: Interest Recognizer for Crazyloader (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: SpeedBit Video Downloader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\
CHR - Extension: Interest Recognizer for Crazyloader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/05/15 01:14:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\Grabber.dll (SpeedBit)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()
O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (Soft-Search Toolbar) - {09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (mywebsites.pro-FR Toolbar) - {33727F97-486D-4D19-97C3-23F432EF93FC} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\NATCOM 3G\UIExec.exe ()
O4 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfr..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUpldpt-br.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.35.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}: DhcpNameServer = 10.35.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 09:26:11 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2012/05/16 02:46:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com_files
[2012/05/15 17:34:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/15 01:24:53 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/05/15 00:36:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/05/15 00:36:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/05/15 00:36:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/05/15 00:36:06 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/05/15 00:36:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/14 15:07:18 | 004,492,858 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/05/14 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt_files
[2012/05/14 14:57:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix_files
[2012/05/14 13:57:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3CB64636-84BB-43EB-9944-2303D41FC449}
[2012/05/14 09:28:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\FRINGE SAISON 01 FRENCH
[2012/05/14 09:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B0B93C11-08CF-4555-8CBD-8B9E5F80A4B8}
[2012/05/14 03:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 03:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/14 03:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/13 19:46:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[www.Cpasbien.com] Red.Tails.2012.FRENCH.BRRIP.XVID.ArRoWs
[2012/05/13 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2012/05/13 14:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/13 14:17:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/05/13 14:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/13 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EFDB32B4-A363-48F9-9BED-9F79B351F0DB}
[2012/05/13 13:19:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{42BA1423-83D9-480E-AE8C-69F9087C66C6}
[2012/05/13 13:13:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\connectify
[2012/05/13 12:57:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{78B1FA86-49AD-492D-8D9D-658E2D7D8140}
[2012/05/13 12:15:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2C1C076C-CE1E-4A89-8226-8952DC6E641B}
[2012/05/13 09:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{955356CB-B8BB-4212-AE58-488C0B204FCD}
[2012/05/12 22:24:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr_files
[2012/05/12 21:52:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/05/12 21:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/12 21:36:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F30CFFDF-F135-4EF8-965C-A65879F8ED78}
[2012/05/12 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DD438431-7884-4A1A-ADA0-EF8F0EE2FF31}
[2012/05/12 20:19:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{47C484F2-4E69-479E-B975-EBC2BCE9AF51}
[2012/05/11 23:30:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DC07C48B-82FE-433A-8B93-3000BEA10D1F}
[2012/05/10 21:49:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B74451CD-7B91-4987-925B-22FBD6F525DE}
[2012/05/10 19:33:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{411EB123-1310-4B98-90DC-304B7DA97A87}
[2012/05/09 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2012/05/09 13:00:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[www.Cpasbien.com] The.Avengers.2012.TRUEFRENCH.TS.MD.XviD-BLOODYMARY
[2012/05/07 23:28:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/07 23:16:00 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\87617208.sys
[2012/05/07 20:51:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/05/07 17:42:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\original ntdll.dll
[2012/05/07 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC_files
[2012/05/07 07:41:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Toussaint_Louverture
[2012/05/03 19:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/05/03 16:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/23 22:34:09 | 000,000,000 | ---D | C] -- C:\found.000
[2012/04/21 15:42:03 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/04/21 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012/04/17 09:13:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus - Méthode préliminaire de désinfection_files
[2012/04/16 19:35:13 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/04/16 19:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag
[2012/04/16 19:28:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Saamu - Procédure de Décontamination du Saamu_files
[2012/04/16 19:06:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Skype
[2012/04/16 17:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/04/16 17:27:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 10:28:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/16 10:21:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/16 09:54:37 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job
[2012/05/16 09:26:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2012/05/16 08:19:30 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 08:19:30 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 08:11:53 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/16 08:11:46 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012/05/16 08:11:24 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/16 02:47:00 | 000,052,051 | ---- | M] () -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com.htm
[2012/05/15 21:51:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job
[2012/05/15 19:53:29 | 000,743,354 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/15 19:53:29 | 000,635,308 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/15 19:53:29 | 000,111,810 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/15 01:14:42 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/05/14 15:17:09 | 004,492,858 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/05/14 14:58:35 | 000,055,825 | ---- | M] () -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.htm
[2012/05/14 14:58:02 | 000,063,797 | ---- | M] () -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix.htm
[2012/05/14 13:59:20 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/14 12:57:00 | 000,000,832 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2012/05/13 19:43:01 | 000,008,428 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2012/05/13 14:17:02 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 09:46:13 | 000,473,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/12 22:24:31 | 000,155,656 | ---- | M] () -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr.html
[2012/05/09 14:06:46 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2012/05/07 23:16:00 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\87617208.sys
[2012/05/07 20:51:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/05/07 17:41:36 | 000,585,039 | ---- | M] () -- C:\Users\Owner\Desktop\ntdll.zip
[2012/05/07 16:24:53 | 000,022,283 | ---- | M] () -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC.html
[2012/05/03 16:03:46 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/05/03 16:03:20 | 000,757,504 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/04/26 09:57:21 | 000,566,699 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2012/04/24 12:06:43 | 000,910,522 | ---- | M] () -- C:\Users\Owner\Desktop\PC lent - Forums Zebulon_fr_html&pid=1610161#entry1610161.mht
[2012/04/24 11:24:57 | 000,051,425 | ---- | M] () -- C:\Users\Owner\Desktop\coaco appendice.pdf
[2012/04/24 11:21:09 | 002,106,189 | ---- | M] () -- C:\Users\Owner\Desktop\peritonite appendiculaire.pdf
[2012/04/24 11:03:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/04/21 15:31:53 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/04/21 15:31:53 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/04/21 15:31:52 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/04/20 19:30:46 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Larousse Médical.lnk
[2012/04/17 09:13:35 | 000,036,543 | ---- | M] () -- C:\Users\Owner\Desktop\Virus - Méthode préliminaire de désinfection.htm
[2012/04/16 19:28:25 | 000,044,040 | ---- | M] () -- C:\Users\Owner\Desktop\Saamu - Procédure de Décontamination du Saamu.html
[2012/04/16 18:19:38 | 001,266,224 | ---- | M] () -- C:\Users\Owner\Desktop\Skype ne peut pas se connecter - Skype Support Network.mht
[2012/04/16 17:27:17 | 000,001,239 | ---- | M] () -- C:\Users\Owner\Desktop\Revo Uninstaller.lnk
[2012/04/16 14:05:31 | 000,193,174 | ---- | M] () -- C:\Users\Owner\Desktop\Modele Lettre sponsors.zip
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 02:46:59 | 000,052,051 | ---- | C] () -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com.htm
[2012/05/15 00:36:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/15 00:36:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/15 00:36:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/15 00:36:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/15 00:36:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/14 14:58:21 | 000,055,825 | ---- | C] () -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.htm
[2012/05/14 14:57:49 | 000,063,797 | ---- | C] () -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix.htm
[2012/05/14 13:58:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/05/14 13:58:35 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/13 19:45:19 | 730,234,250 | ---- | C] () -- C:\Users\Owner\Desktop\[www.CpasBien.com] The.Darkest.Hour.2011.FRENCH.BDRiP.MD.XViD-SERUM.avi
[2012/05/13 19:43:00 | 000,008,428 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2012/05/13 14:17:02 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 22:24:18 | 000,155,656 | ---- | C] () -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr.html
[2012/05/09 14:06:46 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2012/05/07 17:41:32 | 000,585,039 | ---- | C] () -- C:\Users\Owner\Desktop\ntdll.zip
[2012/05/07 16:24:47 | 000,022,283 | ---- | C] () -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC.html
[2012/05/03 16:03:32 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/26 09:56:42 | 000,566,699 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2012/04/24 12:06:36 | 000,910,522 | ---- | C] () -- C:\Users\Owner\Desktop\PC lent - Forums Zebulon_fr_html&pid=1610161#entry1610161.mht
[2012/04/24 11:24:57 | 000,051,425 | ---- | C] () -- C:\Users\Owner\Desktop\coaco appendice.pdf
[2012/04/24 11:21:08 | 002,106,189 | ---- | C] () -- C:\Users\Owner\Desktop\peritonite appendiculaire.pdf
[2012/04/24 11:03:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/04/21 15:31:53 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/04/21 15:31:53 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/04/21 15:31:52 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/04/20 19:30:46 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Larousse Médical.lnk
[2012/04/17 09:13:22 | 000,036,543 | ---- | C] () -- C:\Users\Owner\Desktop\Virus - Méthode préliminaire de désinfection.htm
[2012/04/16 19:28:14 | 000,044,040 | ---- | C] () -- C:\Users\Owner\Desktop\Saamu - Procédure de Décontamination du Saamu.html
[2012/04/16 18:19:38 | 001,266,224 | ---- | C] () -- C:\Users\Owner\Desktop\Skype ne peut pas se connecter - Skype Support Network.mht
[2012/04/16 17:27:17 | 000,001,239 | ---- | C] () -- C:\Users\Owner\Desktop\Revo Uninstaller.lnk
[2012/04/16 14:05:30 | 000,193,174 | ---- | C] () -- C:\Users\Owner\Desktop\Modele Lettre sponsors.zip
[2012/01/26 14:25:44 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/10/26 00:11:59 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/10/19 22:06:23 | 000,102,912 | ---- | C] () -- C:\windows\SysWow64\EasyHook64.dll
[2011/10/19 22:06:23 | 000,084,480 | ---- | C] () -- C:\windows\SysWow64\EasyHook32.dll
[2011/07/31 11:40:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll
[2011/07/31 11:40:28 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini
[2011/05/20 16:52:29 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/15 19:07:26 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{5F094ED4-FC9B-4D45-B386-5D4D5BDC3DD6}
[2011/01/04 20:47:41 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\suppdll.dll
[2011/01/04 20:47:41 | 000,035,363 | ---- | C] () -- C:\windows\SysWow64\windrvNT.sys
[2010/10/28 14:15:37 | 000,000,196 | ---- | C] () -- C:\windows\ulead32.ini
[2010/10/19 20:54:19 | 000,757,504 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/09/07 11:57:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/18 15:13:55 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/04/26 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\aHisoft
[2010/04/04 23:47:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2012/03/30 19:51:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2012/05/16 01:35:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2011/11/28 01:28:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free MP3 WMA Cutter
[2010/05/07 16:49:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeAudioPack
[2010/05/11 10:29:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeCDRipper
[2010/11/28 08:26:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2011/10/14 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2011/12/07 01:17:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leawo
[2011/04/23 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics
[2011/10/11 12:56:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ManyCam
[2011/07/09 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mjusbsp
[2012/01/08 20:08:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
[2010/07/04 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/05/13 19:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2011/04/16 10:02:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smith Micro
[2012/03/07 02:40:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy
[2011/11/06 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2010/07/16 16:13:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2011/12/07 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tiger-k
[2011/07/17 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2012/01/21 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2010/06/12 16:47:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2010/04/04 22:53:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2011/12/12 13:08:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Youtube Downloader HD
[2011/04/23 14:54:17 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2012/05/15 21:51:00 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job
[2012/05/16 09:54:37 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job
[2012/03/29 08:24:15 | 000,032,598 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:862BDB1A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 16 May 2012 - 10:11 AM

There's still signs of Norton Security Suite running on the system.


Make sure the Norton firewall is uninstalled also, enable Windows firewall.

Download and run their uninstaller, reboot and re-scan with OTL > post the log and we'll clean up the rest of it:
https://www-secure.s...n=1&pvid=f-home

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 17 May 2012 - 10:34 AM

hi.
The new otl report:
OTL logfile created on: 5/17/2012 11:19:42 AM - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 59.93% Memory free
5.74 Gb Paging File | 4.47 Gb Available in Paging File | 77.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.55 Gb Total Space | 17.42 Gb Free Space | 6.06% Space Free | Partition Type: NTFS
Drive E: | 12.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 09:26:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012/01/26 14:51:34 | 000,092,320 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
PRC - [2011/11/18 10:24:26 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe
PRC - [2011/11/18 10:24:26 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\UIExec.exe
PRC - [2011/06/16 06:55:12 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Messenger\Ymsgr_tray.exe
PRC - [2010/11/16 08:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 17:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/04/30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 10:24:26 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\UIExec.exe
MOD - [2011/10/19 22:05:36 | 000,084,480 | ---- | M] () -- C:\Windows\SysWOW64\EasyHook32.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\Messenger\yui.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2007/04/30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/21 12:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 13:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002/11/19 13:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODimg.dll
MOD - [2002/03/13 18:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\ODimg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/11 18:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 16:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 13:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/11/18 10:24:26 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/16 08:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbvoice.sys -- (HSPADataCardusbvoice)
DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/27 06:58:47 | 000,121,600 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (mbbdatacard)
DRV:64bit: - [2010/09/27 06:58:47 | 000,121,600 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/09/27 06:34:00 | 000,256,000 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/09/26 22:53:34 | 000,115,584 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_mbbusbdev.sys -- (ew_mbbusbdev)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/29 01:46:46 | 001,089,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/01/05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/09/29 07:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 07:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 07:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/12 06:14:16 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV:64bit: - [2009/08/12 06:14:16 | 000,141,840 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV:64bit: - [2009/08/12 06:14:16 | 000,070,672 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUBus.sys -- (PTDUBus)
DRV:64bit: - [2009/08/12 06:14:16 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV:64bit: - [2009/08/12 06:14:12 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/05 21:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/11/19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2011/01/04 20:47:51 | 000,035,363 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\windrvNT.sys -- (windrvNT)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/05/25 14:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {91666140-44D5-410A-A0B8-D7D017877451}
IE:64bit: - HKLM\..\SearchScopes\{91666140-44D5-410A-A0B8-D7D017877451}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKLM\..\URLSearchHook: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{4667CC2A-B714-45CD-83DA-B6768B7FF82C}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes,DefaultScope = {4667CC2A-B714-45CD-83DA-B6768B7FF82C}
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{4667CC2A-B714-45CD-83DA-B6768B7FF82C}: "URL" = http://www.google.co...1I7TSNA_enUS373
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...&q={searchTerms}
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{9ABEDED2-4DF0-4538-993F-72EA48AEF693}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...}&o=15527&l=dis
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://fr.search.yah...?p={searchTerms}
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{EF8201DF-449D-49C4-B705-D2AAEACF5DAF}: "URL" = http://search.yahoo....&p={searchTerms}
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....2&type=867034="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034&ilc=12"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files (x86)\CrazyLoader\spointer\extensions\crazyloader@spointer.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox [2011/10/19 22:06:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2011/10/19 22:06:11 | 000,000,000 | ---D | M]

[2012/05/03 19:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/01/28 21:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fuqpj7lv.default\extensions
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: SpeedBit Search (Enabled)
CHR - default_search_provider: search_url = http://home.speedbit...&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.searchpre...nd={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.3_0\lib/npdapchrome.dll
CHR - plugin: Interest Recognizer for Crazyloader (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: SpeedBit Video Downloader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\
CHR - Extension: Interest Recognizer for Crazyloader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/05/15 01:14:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\Grabber.dll (SpeedBit)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()
O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (Soft-Search Toolbar) - {09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (mywebsites.pro-FR Toolbar) - {33727F97-486D-4D19-97C3-23F432EF93FC} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\NATCOM 3G\UIExec.exe ()
O4 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfr..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUpldpt-br.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F12E325-8DBA-4F70-B584-B80EBB8731FF}: NameServer = 186.1.192.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}: DhcpNameServer = 10.35.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 09:26:11 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2012/05/16 02:46:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com_files
[2012/05/15 17:34:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/15 01:24:53 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/05/15 00:36:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/05/15 00:36:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/05/15 00:36:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/05/15 00:36:06 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/05/15 00:36:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/14 15:07:18 | 004,492,858 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/05/14 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt_files
[2012/05/14 14:57:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix_files
[2012/05/14 13:57:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3CB64636-84BB-43EB-9944-2303D41FC449}
[2012/05/14 09:28:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\FRINGE SAISON 01 FRENCH
[2012/05/14 09:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B0B93C11-08CF-4555-8CBD-8B9E5F80A4B8}
[2012/05/14 03:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 03:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/14 03:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/13 19:46:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[www.Cpasbien.com] Red.Tails.2012.FRENCH.BRRIP.XVID.ArRoWs
[2012/05/13 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2012/05/13 14:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/13 14:17:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/05/13 14:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/13 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EFDB32B4-A363-48F9-9BED-9F79B351F0DB}
[2012/05/13 13:19:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{42BA1423-83D9-480E-AE8C-69F9087C66C6}
[2012/05/13 13:13:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\connectify
[2012/05/13 12:57:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{78B1FA86-49AD-492D-8D9D-658E2D7D8140}
[2012/05/13 12:15:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2C1C076C-CE1E-4A89-8226-8952DC6E641B}
[2012/05/13 09:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{955356CB-B8BB-4212-AE58-488C0B204FCD}
[2012/05/12 22:24:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr_files
[2012/05/12 21:52:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/05/12 21:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/12 21:36:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F30CFFDF-F135-4EF8-965C-A65879F8ED78}
[2012/05/12 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DD438431-7884-4A1A-ADA0-EF8F0EE2FF31}
[2012/05/12 20:19:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{47C484F2-4E69-479E-B975-EBC2BCE9AF51}
[2012/05/11 23:30:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DC07C48B-82FE-433A-8B93-3000BEA10D1F}
[2012/05/10 21:49:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B74451CD-7B91-4987-925B-22FBD6F525DE}
[2012/05/10 19:33:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{411EB123-1310-4B98-90DC-304B7DA97A87}
[2012/05/09 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2012/05/09 13:00:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[www.Cpasbien.com] The.Avengers.2012.TRUEFRENCH.TS.MD.XviD-BLOODYMARY
[2012/05/07 23:28:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/07 23:16:00 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\87617208.sys
[2012/05/07 20:51:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/05/07 17:42:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\original ntdll.dll
[2012/05/07 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC_files
[2012/05/07 07:41:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Toussaint_Louverture
[2012/05/03 19:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/05/03 16:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/23 22:34:09 | 000,000,000 | ---D | C] -- C:\found.000
[2012/04/21 15:42:03 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/04/21 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/17 11:24:34 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/17 11:24:34 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/17 11:21:13 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/17 11:17:02 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/17 11:16:59 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012/05/17 11:16:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/17 11:16:04 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/17 10:54:44 | 000,920,096 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2012/05/16 21:51:05 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job
[2012/05/16 21:51:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job
[2012/05/16 18:35:20 | 000,743,354 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/16 18:35:20 | 000,635,308 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/16 18:35:20 | 000,111,810 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/16 09:26:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2012/05/16 02:47:00 | 000,052,051 | ---- | M] () -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com.htm
[2012/05/15 01:14:42 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/05/14 15:17:09 | 004,492,858 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/05/14 14:58:35 | 000,055,825 | ---- | M] () -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.htm
[2012/05/14 14:58:02 | 000,063,797 | ---- | M] () -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix.htm
[2012/05/14 13:59:20 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/14 12:57:00 | 000,000,832 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2012/05/13 19:43:01 | 000,008,428 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2012/05/13 14:17:02 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 09:46:13 | 000,473,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/12 22:24:31 | 000,155,656 | ---- | M] () -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr.html
[2012/05/09 14:06:46 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2012/05/07 23:16:00 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\87617208.sys
[2012/05/07 20:51:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/05/07 17:41:36 | 000,585,039 | ---- | M] () -- C:\Users\Owner\Desktop\ntdll.zip
[2012/05/07 16:24:53 | 000,022,283 | ---- | M] () -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC.html
[2012/05/03 16:03:46 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/05/03 16:03:20 | 000,757,504 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/04/26 09:57:21 | 000,566,699 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2012/04/24 12:06:43 | 000,910,522 | ---- | M] () -- C:\Users\Owner\Desktop\PC lent - Forums Zebulon_fr_html&pid=1610161#entry1610161.mht
[2012/04/24 11:24:57 | 000,051,425 | ---- | M] () -- C:\Users\Owner\Desktop\coaco appendice.pdf
[2012/04/24 11:21:09 | 002,106,189 | ---- | M] () -- C:\Users\Owner\Desktop\peritonite appendiculaire.pdf
[2012/04/24 11:03:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/04/21 15:31:53 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/04/21 15:31:53 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/04/21 15:31:52 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/04/20 19:30:46 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Larousse Médical.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/17 10:53:06 | 000,920,096 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2012/05/16 02:46:59 | 000,052,051 | ---- | C] () -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com.htm
[2012/05/15 00:36:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/15 00:36:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/15 00:36:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/15 00:36:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/15 00:36:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/14 14:58:21 | 000,055,825 | ---- | C] () -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.htm
[2012/05/14 14:57:49 | 000,063,797 | ---- | C] () -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix.htm
[2012/05/14 13:58:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/05/14 13:58:35 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/13 19:45:19 | 730,234,250 | ---- | C] () -- C:\Users\Owner\Desktop\[www.CpasBien.com] The.Darkest.Hour.2011.FRENCH.BDRiP.MD.XViD-SERUM.avi
[2012/05/13 19:43:00 | 000,008,428 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2012/05/13 14:17:02 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 22:24:18 | 000,155,656 | ---- | C] () -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr.html
[2012/05/09 14:06:46 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2012/05/07 17:41:32 | 000,585,039 | ---- | C] () -- C:\Users\Owner\Desktop\ntdll.zip
[2012/05/07 16:24:47 | 000,022,283 | ---- | C] () -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC.html
[2012/05/03 16:03:32 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/26 09:56:42 | 000,566,699 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2012/04/24 12:06:36 | 000,910,522 | ---- | C] () -- C:\Users\Owner\Desktop\PC lent - Forums Zebulon_fr_html&pid=1610161#entry1610161.mht
[2012/04/24 11:24:57 | 000,051,425 | ---- | C] () -- C:\Users\Owner\Desktop\coaco appendice.pdf
[2012/04/24 11:21:08 | 002,106,189 | ---- | C] () -- C:\Users\Owner\Desktop\peritonite appendiculaire.pdf
[2012/04/24 11:03:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/04/21 15:31:53 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/04/21 15:31:53 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/04/21 15:31:52 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/04/20 19:30:46 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Larousse Médical.lnk
[2012/01/26 14:25:44 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/10/26 00:11:59 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/10/19 22:06:23 | 000,102,912 | ---- | C] () -- C:\windows\SysWow64\EasyHook64.dll
[2011/10/19 22:06:23 | 000,084,480 | ---- | C] () -- C:\windows\SysWow64\EasyHook32.dll
[2011/07/31 11:40:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll
[2011/07/31 11:40:28 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini
[2011/05/20 16:52:29 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/15 19:07:26 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{5F094ED4-FC9B-4D45-B386-5D4D5BDC3DD6}
[2011/01/04 20:47:41 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\suppdll.dll
[2011/01/04 20:47:41 | 000,035,363 | ---- | C] () -- C:\windows\SysWow64\windrvNT.sys
[2010/10/28 14:15:37 | 000,000,196 | ---- | C] () -- C:\windows\ulead32.ini
[2010/10/19 20:54:19 | 000,757,504 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/09/07 11:57:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/18 15:13:55 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/04/26 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\aHisoft
[2010/04/04 23:47:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2012/03/30 19:51:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2012/05/16 01:35:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2011/11/28 01:28:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free MP3 WMA Cutter
[2010/05/07 16:49:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeAudioPack
[2010/05/11 10:29:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeCDRipper
[2010/11/28 08:26:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2011/10/14 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2011/12/07 01:17:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leawo
[2011/04/23 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics
[2011/10/11 12:56:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ManyCam
[2011/07/09 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mjusbsp
[2012/01/08 20:08:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
[2010/07/04 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/05/13 19:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2011/04/16 10:02:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smith Micro
[2012/03/07 02:40:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy
[2011/11/06 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2010/07/16 16:13:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2011/12/07 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tiger-k
[2011/07/17 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2012/01/21 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2010/06/12 16:47:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2010/04/04 22:53:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2011/12/12 13:08:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Youtube Downloader HD
[2011/04/23 14:54:17 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2012/05/16 21:51:00 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job
[2012/05/16 21:51:05 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job
[2012/03/29 08:24:15 | 000,032,598 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:862BDB1A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

#17 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 17 May 2012 - 11:48 AM

Please do this:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    :Commands
    [EMPTYJAVA]
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#18 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 18 May 2012 - 06:59 PM

hi. the new otl report:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Owner
->Java cache emptied: 544175 bytes

User: Public

Total Java Files Cleaned = 1.00 mb


[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 27658591 bytes
->Temporary Internet Files folder emptied: 1224697887 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 55888520 bytes
->Apple Safari cache emptied: 201728 bytes
->Flash cache emptied: 217280 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75256 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 92274894 bytes

Total Files Cleaned = 1,336.00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 05172012_142900
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Temp\WER92C7.tmp.resp.erc.xml not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\WER92C8.tmp.resp not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\0[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\a045f1f1e001a3c656db597f7279a291[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\cdx10b[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\cdx10b[2].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\offerScript[1].txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJGM0J0P\cdx10b[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJGM0J0P\hub[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLI5YAD4\cdx10b[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLI5YAD4\derefbkcookie[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLI5YAD4\derefbkcookie[2].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLTKGZAE\g[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLTKGZAE\rdr12[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWUKIKS4\0[1].htm moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWUKIKS4\3328[1].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWUKIKS4\search[3].htm not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUF5Y3DG\launch[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUF5Y3DG\rdr12[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUF5Y3DG\rdr12[2].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\cdx10b[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\cdx10b[2].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\isInternalUser[1].js moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\like[1].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\like[2].htm not found!
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\like[3].htm not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\yql[2].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB4HEFTQ\0[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB4HEFTQ\rdr12[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB4HEFTQ\rdr12[2].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4XXZHS3\ads[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4XXZHS3\csc-render[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4XXZHS3\hub[1].htm moved successfully.
File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4XXZHS3\ManyCamSetup[1].exe not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\8u6MwFSvaR2[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\cdx10b[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\jsonp[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\offerScript[1].txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\xd_arbiter[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\cdx10b[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\ext-render-secure[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\fc[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\st[1] moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\st[2] moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\0[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\0[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\0[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\981[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\addyn_3[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\cdx10b[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\offerScript[1].txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\rdr12[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CT241VQ\0[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CT241VQ\xd_arbiter[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28HG72PU\derefbkcookie[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28HG72PU\pdr_light[1].css moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T1M7OV7\1714[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T1M7OV7\492[1].js moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T1M7OV7\follow_button.1336551279[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ISHW7S2\pd_light[1].css moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ISHW7S2\xframe-proxy_20110929[1].htm moved successfully.
Registry entries deleted on Reboot...

#19 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,127 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 18 May 2012 - 07:00 PM

Any progress??? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#20 freshjj2

freshjj2

    New Member

  • Members
  • Pip
  • 13 posts

Posted 18 May 2012 - 09:46 PM

It has update!!! thank you a lot MrCharlie!!!!! thank youuuuuuuuuuuuuu to have been so patient with me... i was desesperate! Just can't believe!!!! You the best! :-) :-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users