Jump to content


Photo
- - - - -

Malware redirector removal help needed


  • This topic is locked This topic is locked
26 replies to this topic

#1 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 07 May 2012 - 09:00 PM

Can't seem to ditch the damn thing. Help is greatly appreciated.

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 May 2012 - 04:19 AM

Hello friedmal and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Step 1

First, uninstall µTorrent and LimeWire 5.5.16, because of our policy:
http://forums.malwar...showtopic=97700

Second, Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. You have ZoneAlarm Antivirus and Norton AntiVirus. I suggest you to uninstall ZoneAlarm Antivirus. If you think so, uninstall the following applications:

Free Antivirus + Firewall
ZoneAlarm Antivirus
ZoneAlarm Security Toolbar



Step 2

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.


Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 May 2012 - 08:50 AM

what was found? did i miss in your response?

#4 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 May 2012 - 04:11 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.08.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
lmf1 :: LMF-DELL [administrator]
Protection: Enabled
05/08/12 04:57:04 PM
mbam-log-2012-05-08 (16-57-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230616
Time elapsed: 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#5 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 May 2012 - 04:12 PM

17:03:15.0820 7664 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:03:16.0091 7664 ============================================================
17:03:16.0092 7664 Current date / time: 2012/05/08 17:03:16.0091
17:03:16.0092 7664 SystemInfo:
17:03:16.0092 7664
17:03:16.0092 7664 OS Version: 6.1.7601 ServicePack: 1.0
17:03:16.0092 7664 Product type: Workstation
17:03:16.0092 7664 ComputerName: LMF-DELL
17:03:16.0092 7664 UserName: lmf1
17:03:16.0092 7664 Windows directory: C:\Windows
17:03:16.0092 7664 System windows directory: C:\Windows
17:03:16.0092 7664 Running under WOW64
17:03:16.0092 7664 Processor architecture: Intel x64
17:03:16.0092 7664 Number of processors: 8
17:03:16.0092 7664 Page size: 0x1000
17:03:16.0092 7664 Boot type: Normal boot
17:03:16.0092 7664 ============================================================
17:03:16.0285 7664 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:03:16.0292 7664 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:03:16.0317 7664 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:03:16.0321 7664 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:03:16.0907 7664 ============================================================
17:03:16.0907 7664 \Device\Harddisk0\DR0:
17:03:16.0909 7664 MBR partitions:
17:03:16.0909 7664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
17:03:16.0909 7664 \Device\Harddisk1\DR1:
17:03:16.0909 7664 MBR partitions:
17:03:16.0909 7664 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1E00000
17:03:16.0909 7664 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1E170AC, BlocksNum 0xACC6F695
17:03:16.0909 7664 \Device\Harddisk2\DR2:
17:03:16.0909 7664 MBR partitions:
17:03:16.0909 7664 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705C02
17:03:16.0909 7664 \Device\Harddisk3\DR3:
17:03:16.0910 7664 MBR partitions:
17:03:16.0910 7664 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
17:03:16.0910 7664 ============================================================
17:03:16.0911 7664 C: <-> \Device\Harddisk0\DR0\Partition0
17:03:16.0932 7664 J: <-> \Device\Harddisk3\DR3\Partition0
17:03:16.0942 7664 E: <-> \Device\Harddisk2\DR2\Partition0
17:03:16.0964 7664 D: <-> \Device\Harddisk1\DR1\Partition1
17:03:16.0964 7664 ============================================================
17:03:16.0964 7664 Initialize success
17:03:16.0964 7664 ============================================================
17:03:25.0106 7564 ============================================================
17:03:25.0106 7564 Scan started
17:03:25.0106 7564 Mode: Manual; SigCheck; TDLFS;
17:03:25.0106 7564 ============================================================
17:03:25.0417 7564 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:03:25.0468 7564 1394ohci - ok
17:03:25.0481 7564 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:03:25.0491 7564 ACPI - ok
17:03:25.0493 7564 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:03:25.0501 7564 AcpiPmi - ok
17:03:25.0509 7564 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:03:25.0514 7564 AdobeARMservice - ok
17:03:25.0543 7564 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:03:25.0550 7564 AdobeFlashPlayerUpdateSvc - ok
17:03:25.0567 7564 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:03:25.0578 7564 adp94xx - ok
17:03:25.0591 7564 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:03:25.0600 7564 adpahci - ok
17:03:25.0607 7564 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:03:25.0615 7564 adpu320 - ok
17:03:25.0620 7564 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:03:25.0642 7564 AeLookupSvc - ok
17:03:25.0659 7564 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:03:25.0669 7564 AFD - ok
17:03:25.0674 7564 AGCoreService (ead9c3ab25a3159abd7b05dcac607a61) C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe
17:03:25.0677 7564 AGCoreService ( UnsignedFile.Multi.Generic ) - warning
17:03:25.0677 7564 AGCoreService - detected UnsignedFile.Multi.Generic (1)
17:03:25.0680 7564 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe
17:03:25.0709 7564 AgereModemAudio - ok
17:03:25.0744 7564 AGERESoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
17:03:25.0760 7564 AGERESoftModem - ok
17:03:25.0764 7564 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:03:25.0771 7564 agp440 - ok
17:03:25.0776 7564 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:03:25.0784 7564 ALG - ok
17:03:25.0786 7564 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:03:25.0792 7564 aliide - ok
17:03:25.0801 7564 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
17:03:25.0811 7564 AMD External Events Utility - ok
17:03:25.0813 7564 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:03:25.0819 7564 amdide - ok
17:03:25.0823 7564 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:03:25.0831 7564 AmdK8 - ok
17:03:26.0090 7564 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
17:03:26.0159 7564 amdkmdag - ok
17:03:26.0195 7564 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
17:03:26.0206 7564 amdkmdap - ok
17:03:26.0210 7564 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:03:26.0217 7564 AmdPPM - ok
17:03:26.0222 7564 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:03:26.0229 7564 amdsata - ok
17:03:26.0236 7564 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:03:26.0244 7564 amdsbs - ok
17:03:26.0246 7564 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:03:26.0253 7564 amdxata - ok
17:03:26.0256 7564 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:03:26.0277 7564 AppID - ok
17:03:26.0279 7564 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:03:26.0300 7564 AppIDSvc - ok
17:03:26.0304 7564 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:03:26.0325 7564 Appinfo - ok
17:03:26.0332 7564 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:03:26.0338 7564 Apple Mobile Device - ok
17:03:26.0344 7564 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:03:26.0351 7564 arc - ok
17:03:26.0356 7564 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:03:26.0363 7564 arcsas - ok
17:03:26.0376 7564 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:03:26.0382 7564 aspnet_state - ok
17:03:26.0384 7564 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:03:26.0405 7564 AsyncMac - ok
17:03:26.0407 7564 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:03:26.0414 7564 atapi - ok
17:03:26.0421 7564 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
17:03:26.0427 7564 AtiHDAudioService - ok
17:03:26.0450 7564 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:03:26.0475 7564 AudioEndpointBuilder - ok
17:03:26.0479 7564 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:03:26.0502 7564 AudioSrv - ok
17:03:26.0515 7564 awhost32 (9c2ce606e4e7e572799f33aee5a59c3c) C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
17:03:26.0519 7564 awhost32 ( UnsignedFile.Multi.Generic ) - warning
17:03:26.0519 7564 awhost32 - detected UnsignedFile.Multi.Generic (1)
17:03:26.0520 7564 awlegacy - ok
17:03:26.0526 7564 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:03:26.0536 7564 AxInstSV - ok
17:03:26.0552 7564 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:03:26.0562 7564 b06bdrv - ok
17:03:26.0574 7564 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:03:26.0582 7564 b57nd60a - ok
17:03:26.0586 7564 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
17:03:26.0591 7564 BCM42RLY - ok
17:03:26.0678 7564 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:03:26.0711 7564 BCM43XX - ok
17:03:26.0741 7564 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:03:26.0749 7564 BDESVC - ok
17:03:26.0754 7564 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:03:26.0774 7564 Beep - ok
17:03:26.0796 7564 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:03:26.0821 7564 BFE - ok
17:03:26.0859 7564 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
17:03:26.0874 7564 BHDrvx64 - ok
17:03:26.0922 7564 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:03:26.0948 7564 BITS - ok
17:03:26.0955 7564 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:03:26.0963 7564 blbdrive - ok
17:03:26.0979 7564 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:03:26.0987 7564 Bonjour Service - ok
17:03:26.0993 7564 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:03:27.0001 7564 bowser - ok
17:03:27.0003 7564 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:03:27.0012 7564 BrFiltLo - ok
17:03:27.0014 7564 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:03:27.0022 7564 BrFiltUp - ok
17:03:27.0028 7564 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:03:27.0049 7564 BridgeMP - ok
17:03:27.0057 7564 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:03:27.0078 7564 Browser - ok
17:03:27.0089 7564 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:03:27.0097 7564 Brserid - ok
17:03:27.0101 7564 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:03:27.0110 7564 BrSerWdm - ok
17:03:27.0112 7564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:03:27.0121 7564 BrUsbMdm - ok
17:03:27.0123 7564 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:03:27.0130 7564 BrUsbSer - ok
17:03:27.0133 7564 BthAudioHF (07dcb3c254d584e3949fe2c0ee3963f2) C:\Windows\system32\DRIVERS\BthAudioHF.sys
17:03:27.0139 7564 BthAudioHF - ok
17:03:27.0142 7564 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
17:03:27.0148 7564 BthAvrcp - ok
17:03:27.0151 7564 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:03:27.0158 7564 BthEnum - ok
17:03:27.0162 7564 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:03:27.0171 7564 BTHMODEM - ok
17:03:27.0178 7564 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:03:27.0187 7564 BthPan - ok
17:03:27.0205 7564 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:03:27.0217 7564 BTHPORT - ok
17:03:27.0222 7564 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:03:27.0243 7564 bthserv - ok
17:03:27.0247 7564 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:03:27.0254 7564 BTHUSB - ok
17:03:27.0262 7564 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys
17:03:27.0269 7564 ccSet_NAV - ok
17:03:27.0276 7564 ccSet_NST (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys
17:03:27.0282 7564 ccSet_NST - ok
17:03:27.0289 7564 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:03:27.0310 7564 cdfs - ok
17:03:27.0316 7564 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:03:27.0324 7564 cdrom - ok
17:03:27.0329 7564 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:03:27.0350 7564 CertPropSvc - ok
17:03:27.0353 7564 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:03:27.0363 7564 circlass - ok
17:03:27.0377 7564 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:03:27.0386 7564 CLFS - ok
17:03:27.0396 7564 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:03:27.0402 7564 clr_optimization_v2.0.50727_32 - ok
17:03:27.0410 7564 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:03:27.0416 7564 clr_optimization_v2.0.50727_64 - ok
17:03:27.0427 7564 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:03:27.0434 7564 clr_optimization_v4.0.30319_32 - ok
17:03:27.0447 7564 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:03:27.0453 7564 clr_optimization_v4.0.30319_64 - ok
17:03:27.0456 7564 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:03:27.0463 7564 CmBatt - ok
17:03:27.0465 7564 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:03:27.0471 7564 cmdide - ok
17:03:27.0487 7564 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:03:27.0501 7564 CNG - ok
17:03:27.0505 7564 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:03:27.0511 7564 Compbatt - ok
17:03:27.0514 7564 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:03:27.0523 7564 CompositeBus - ok
17:03:27.0524 7564 COMSysApp - ok
17:03:27.0527 7564 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:03:27.0533 7564 crcdisk - ok
17:03:27.0542 7564 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:03:27.0564 7564 CryptSvc - ok
17:03:27.0569 7564 csr_a2dp (df07c6d98ba7f81d0571e366b1cd6672) C:\Windows\system32\drivers\bthav.sys
17:03:27.0575 7564 csr_a2dp - ok
17:03:27.0593 7564 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:03:27.0617 7564 DcomLaunch - ok
17:03:27.0631 7564 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:03:27.0653 7564 defragsvc - ok
17:03:27.0664 7564 DellDigitalDelivery (fc72d309e86e5caecbbbbc37f7be038d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
17:03:27.0668 7564 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
17:03:27.0668 7564 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
17:03:27.0674 7564 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:03:27.0695 7564 DfsC - ok
17:03:27.0709 7564 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:03:27.0731 7564 Dhcp - ok
17:03:27.0734 7564 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:03:27.0755 7564 discache - ok
17:03:27.0759 7564 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:03:27.0765 7564 Disk - ok
17:03:27.0834 7564 Diskeeper (e1d08ebc5d2c11d7e49b28ea5303d1cd) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
17:03:27.0861 7564 Diskeeper - ok
17:03:27.0889 7564 DKRtWrt (0172038dabf0df25b2d95cd886b8aa56) C:\Windows\system32\DRIVERS\DKRtWrt.sys
17:03:27.0895 7564 DKRtWrt - ok
17:03:27.0903 7564 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:03:27.0912 7564 Dnscache - ok
17:03:27.0925 7564 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:03:27.0947 7564 dot3svc - ok
17:03:27.0955 7564 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:03:27.0976 7564 DPS - ok
17:03:27.0989 7564 DragonSvc (b123656688d67df3a08fe5912203f71b) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
17:03:27.0997 7564 DragonSvc - ok
17:03:27.0999 7564 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:03:28.0007 7564 drmkaud - ok
17:03:28.0036 7564 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:03:28.0051 7564 DXGKrnl - ok
17:03:28.0053 7564 EACMOS - ok
17:03:28.0061 7564 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:03:28.0082 7564 EapHost - ok
17:03:28.0084 7564 EAWDMFD - ok
17:03:28.0170 7564 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:03:28.0198 7564 ebdrv - ok
17:03:28.0219 7564 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:03:28.0228 7564 eeCtrl - ok
17:03:28.0253 7564 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:03:28.0260 7564 EFS - ok
17:03:28.0282 7564 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:03:28.0293 7564 ehRecvr - ok
17:03:28.0300 7564 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:03:28.0308 7564 ehSched - ok
17:03:28.0326 7564 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:03:28.0337 7564 elxstor - ok
17:03:28.0340 7564 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
17:03:28.0344 7564 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
17:03:28.0344 7564 epmntdrv - detected UnsignedFile.Multi.Generic (1)
17:03:28.0355 7564 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:03:28.0361 7564 EraserUtilRebootDrv - ok
17:03:28.0363 7564 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:03:28.0370 7564 ErrDev - ok
17:03:28.0374 7564 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
17:03:28.0378 7564 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
17:03:28.0378 7564 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
17:03:28.0392 7564 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:03:28.0415 7564 EventSystem - ok
17:03:28.0428 7564 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:03:28.0450 7564 exfat - ok
17:03:28.0460 7564 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:03:28.0482 7564 fastfat - ok
17:03:28.0503 7564 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:03:28.0514 7564 Fax - ok
17:03:28.0517 7564 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:03:28.0524 7564 fdc - ok
17:03:28.0527 7564 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:03:28.0548 7564 fdPHost - ok
17:03:28.0551 7564 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:03:28.0572 7564 FDResPub - ok
17:03:28.0578 7564 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:03:28.0585 7564 FileInfo - ok
17:03:28.0588 7564 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:03:28.0609 7564 Filetrace - ok
17:03:28.0640 7564 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:03:28.0654 7564 FLEXnet Licensing Service - ok
17:03:28.0658 7564 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:03:28.0665 7564 flpydisk - ok
17:03:28.0676 7564 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:03:28.0685 7564 FltMgr - ok
17:03:28.0719 7564 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:03:28.0733 7564 FontCache - ok
17:03:28.0739 7564 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:03:28.0745 7564 FontCache3.0.0.0 - ok
17:03:28.0752 7564 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:03:28.0758 7564 FsDepends - ok
17:03:28.0761 7564 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:03:28.0767 7564 Fs_Rec - ok
17:03:28.0777 7564 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:03:28.0787 7564 fvevol - ok
17:03:28.0793 7564 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:03:28.0800 7564 gagp30kx - ok
17:03:28.0803 7564 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:03:28.0808 7564 GEARAspiWDM - ok
17:03:28.0813 7564 GenericMount (9ba50351af95c9df28c8bcd382427d11) C:\Windows\system32\DRIVERS\GenericMount.sys
17:03:28.0819 7564 GenericMount - ok
17:03:28.0884 7564 GenericMount Helper Service (9573dc01b6baa0371ed4afbaebee4dcc) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe
17:03:28.0909 7564 GenericMount Helper Service - ok
17:03:28.0938 7564 Gernuwa - ok
17:03:28.0962 7564 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:03:28.0987 7564 gpsvc - ok
17:03:28.0996 7564 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:03:29.0002 7564 gupdate - ok
17:03:29.0004 7564 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:03:29.0010 7564 gupdatem - ok
17:03:29.0017 7564 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:03:29.0023 7564 gusvc - ok
17:03:29.0027 7564 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:03:29.0034 7564 hcw85cir - ok
17:03:29.0046 7564 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:03:29.0057 7564 HdAudAddService - ok
17:03:29.0065 7564 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:03:29.0074 7564 HDAudBus - ok
17:03:29.0094 7564 HFGService (ee8c05f926521a0e24edaf40f45d01e6) C:\Windows\System32\HFGService.dll
17:03:29.0104 7564 HFGService - ok
17:03:29.0107 7564 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:03:29.0114 7564 HidBatt - ok
17:03:29.0120 7564 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:03:29.0129 7564 HidBth - ok
17:03:29.0134 7564 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:03:29.0142 7564 HidIr - ok
17:03:29.0146 7564 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:03:29.0167 7564 hidserv - ok
17:03:29.0170 7564 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:03:29.0177 7564 HidUsb - ok
17:03:29.0183 7564 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:03:29.0204 7564 hkmsvc - ok
17:03:29.0215 7564 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:03:29.0223 7564 HomeGroupListener - ok
17:03:29.0232 7564 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:03:29.0240 7564 HomeGroupProvider - ok
17:03:29.0245 7564 hotcore3 (493e56dd377ab330873ae659004b134c) C:\Windows\system32\DRIVERS\hotcore3.sys
17:03:29.0251 7564 hotcore3 - ok
17:03:29.0255 7564 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:03:29.0262 7564 HpSAMD - ok
17:03:29.0284 7564 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:03:29.0309 7564 HTTP - ok
17:03:29.0312 7564 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:03:29.0319 7564 hwpolicy - ok
17:03:29.0324 7564 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:03:29.0332 7564 i8042prt - ok
17:03:29.0351 7564 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
17:03:29.0361 7564 iaStor - ok
17:03:29.0367 7564 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:03:29.0372 7564 IAStorDataMgrSvc - ok
17:03:29.0389 7564 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\DRIVERS\iaStorV.sys
17:03:29.0399 7564 iaStorV - ok
17:03:29.0406 7564 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:03:29.0409 7564 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:03:29.0409 7564 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:03:29.0435 7564 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:03:29.0448 7564 idsvc - ok
17:03:29.0470 7564 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120507.001\IDSvia64.sys
17:03:29.0480 7564 IDSVia64 - ok
17:03:29.0506 7564 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:03:29.0513 7564 iirsp - ok
17:03:29.0539 7564 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:03:29.0565 7564 IKEEXT - ok
17:03:29.0572 7564 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
17:03:29.0579 7564 Impcd - ok
17:03:29.0656 7564 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
17:03:29.0684 7564 IntcAzAudAddService - ok
17:03:29.0717 7564 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:03:29.0725 7564 IntcDAud - ok
17:03:29.0728 7564 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:03:29.0734 7564 intelide - ok
17:03:29.0739 7564 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:03:29.0747 7564 intelppm - ok
17:03:29.0753 7564 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:03:29.0774 7564 IPBusEnum - ok
17:03:29.0780 7564 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:03:29.0800 7564 IpFilterDriver - ok
17:03:29.0819 7564 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:03:29.0843 7564 iphlpsvc - ok
17:03:29.0850 7564 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:03:29.0857 7564 IPMIDRV - ok
17:03:29.0864 7564 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:03:29.0885 7564 IPNAT - ok
17:03:29.0919 7564 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:03:29.0932 7564 iPod Service - ok
17:03:29.0935 7564 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:03:29.0945 7564 IRENUM - ok
17:03:29.0948 7564 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:03:29.0955 7564 isapnp - ok
17:03:29.0968 7564 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:03:29.0976 7564 iScsiPrt - ok
17:03:29.0993 7564 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
17:03:30.0002 7564 k57nd60a - ok
17:03:30.0006 7564 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:03:30.0013 7564 kbdclass - ok
17:03:30.0016 7564 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:03:30.0023 7564 kbdhid - ok
17:03:30.0027 7564 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:03:30.0034 7564 KeyIso - ok
17:03:30.0039 7564 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:03:30.0046 7564 KSecDD - ok
17:03:30.0054 7564 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:03:30.0062 7564 KSecPkg - ok
17:03:30.0065 7564 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:03:30.0086 7564 ksthunk - ok
17:03:30.0101 7564 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:03:30.0125 7564 KtmRm - ok
17:03:30.0134 7564 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:03:30.0156 7564 LanmanServer - ok
17:03:30.0163 7564 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:03:30.0184 7564 LanmanWorkstation - ok
17:03:30.0270 7564 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:03:30.0302 7564 LiveUpdate - ok
17:03:30.0329 7564 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:03:30.0350 7564 lltdio - ok
17:03:30.0364 7564 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:03:30.0387 7564 lltdsvc - ok
17:03:30.0390 7564 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:03:30.0411 7564 lmhosts - ok
17:03:30.0420 7564 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:03:30.0427 7564 LSI_FC - ok
17:03:30.0435 7564 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:03:30.0441 7564 LSI_SAS - ok
17:03:30.0446 7564 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:03:30.0453 7564 LSI_SAS2 - ok
17:03:30.0459 7564 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:03:30.0466 7564 LSI_SCSI - ok
17:03:30.0473 7564 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:03:30.0494 7564 luafv - ok
17:03:30.0498 7564 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:03:30.0504 7564 MBAMProtector - ok
17:03:30.0529 7564 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:03:30.0539 7564 MBAMService - ok
17:03:30.0546 7564 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:03:30.0554 7564 Mcx2Svc - ok
17:03:30.0558 7564 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:03:30.0565 7564 megasas - ok
17:03:30.0577 7564 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:03:30.0586 7564 MegaSR - ok
17:03:30.0590 7564 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:03:30.0596 7564 MEIx64 - ok
17:03:30.0600 7564 MemeoBackgroundService (8329d3f6ae70ffab1259f18ba9c6b29a) C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
17:03:30.0605 7564 MemeoBackgroundService - ok
17:03:30.0612 7564 Microsoft SharePoint Workspace Audit Service - ok
17:03:30.0617 7564 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:03:30.0638 7564 MMCSS - ok
17:03:30.0643 7564 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:03:30.0663 7564 Modem - ok
17:03:30.0667 7564 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:03:30.0675 7564 monitor - ok
17:03:30.0680 7564 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:03:30.0686 7564 mouclass - ok
17:03:30.0690 7564 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:03:30.0697 7564 mouhid - ok
17:03:30.0703 7564 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:03:30.0710 7564 mountmgr - ok
17:03:30.0717 7564 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:03:30.0724 7564 MozillaMaintenance - ok
17:03:30.0733 7564 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:03:30.0741 7564 mpio - ok
17:03:30.0746 7564 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:03:30.0767 7564 mpsdrv - ok
17:03:30.0793 7564 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:03:30.0820 7564 MpsSvc - ok
17:03:30.0830 7564 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:03:30.0841 7564 MRxDAV - ok
17:03:30.0849 7564 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:03:30.0857 7564 mrxsmb - ok
17:03:30.0870 7564 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:03:30.0878 7564 mrxsmb10 - ok
17:03:30.0886 7564 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:03:30.0893 7564 mrxsmb20 - ok
17:03:30.0897 7564 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
17:03:30.0903 7564 msahci - ok
17:03:30.0928 7564 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:03:30.0936 7564 msdsm - ok
17:03:30.0945 7564 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:03:30.0954 7564 MSDTC - ok
17:03:30.0960 7564 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:03:30.0980 7564 Msfs - ok
17:03:30.0983 7564 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:03:31.0003 7564 mshidkmdf - ok
[size="1"]17:03:31.0007 7564 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys[/size]
[size="1"]17:03:31.0013 7564 msisadrv - ok[/size]
[size="1"]17:03:31.0022 7564 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll[/size]
[size="1"]17:03:31.0044 7564 MSiSCSI - ok[/size]
[size="1"]17:03:31.0046 7564 msiserver - ok[/size]
[size="1"]17:03:31.0050 7564 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys[/size]
[size="1"]17:03:31.0071 7564 MSKSSRV - ok[/size]
[size="1"]17:03:31.0074 7564 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys[/size]
[size="1"]17:03:31.0095 7564 MSPCLOCK - ok[/size]
[size="1"]17:03:31.0097 7564 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys[/size]
[size="1"]17:03:31.0118 7564 MSPQM - ok[/size]
[size="1"]17:03:31.0131 7564 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys[/size]
[size="1"]17:03:31.0141 7564 MsRPC - ok[/size]
[size="1"]17:03:31.0146 7564 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys[/size]
[size="1"]17:03:31.0152 7564 mssmbios - ok[/size]
[size="1"]17:03:31.0155 7564 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys[/size]
[size="1"]17:03:31.0176 7564 MSTEE - ok[/size]
[size="1"]17:03:31.0179 7564 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys[/size]
[size="1"]17:03:31.0186 7564 MTConfig - ok[/size]
[size="1"]17:03:31.0190 7564 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys[/size]
[size="1"]17:03:31.0197 7564 Mup - ok[/size]
[size="1"]17:03:31.0214 7564 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll[/size]
[size="1"]17:03:31.0238 7564 napagent - ok[/size]
[size="1"]17:03:31.0251 7564 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys[/size]
[size="1"]17:03:31.0263 7564 NativeWifiP - ok[/size]
[size="1"]17:03:31.0277 7564 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe[/size]
[size="1"]17:03:31.0283 7564 NAV - ok[/size]
[size="1"]17:03:31.0295 7564 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120507.038\ENG64.SYS[/size]
[size="1"]17:03:31.0300 7564 NAVENG - ok[/size]
[size="1"]17:03:31.0362 7564 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120507.038\EX64.SYS[/size]
[size="1"]17:03:31.0385 7564 NAVEX15 - ok[/size]
[size="1"]17:03:31.0439 7564 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys[/size]
[size="1"]17:03:31.0455 7564 NDIS - ok[/size]
[size="1"]17:03:31.0459 7564 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys[/size]
[size="1"]17:03:31.0480 7564 NdisCap - ok[/size]
[size="1"]17:03:31.0483 7564 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys[/size]
[size="1"]17:03:31.0503 7564 NdisTapi - ok[/size]
[size="1"]17:03:31.0508 7564 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys[/size]
[size="1"]17:03:31.0528 7564 Ndisuio - ok[/size]
[size="1"]17:03:31.0538 7564 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys[/size]
[size="1"]17:03:31.0559 7564 NdisWan - ok[/size]
[size="1"]17:03:31.0565 7564 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys[/size]
[size="1"]17:03:31.0585 7564 NDProxy - ok[/size]
[size="1"]17:03:31.0589 7564 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys[/size]
[size="1"]17:03:31.0609 7564 NetBIOS - ok[/size]
[size="1"]17:03:31.0621 7564 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys[/size]
[size="1"]17:03:31.0643 7564 NetBT - ok[/size]
[size="1"]17:03:31.0647 7564 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe[/size]
[size="1"]17:03:31.0654 7564 Netlogon - ok[/size]
[size="1"]17:03:31.0670 7564 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll[/size]
[size="1"]17:03:31.0693 7564 Netman - ok[/size]
[size="1"]17:03:31.0707 7564 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size]
[size="1"]17:03:31.0713 7564 NetMsmqActivator - ok[/size]
[size="1"]17:03:31.0716 7564 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size]
[size="1"]17:03:31.0722 7564 NetPipeActivator - ok[/size]
[size="1"]17:03:31.0739 7564 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll[/size]
[size="1"]17:03:31.0763 7564 netprofm - ok[/size]
[size="1"]17:03:31.0766 7564 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size]
[size="1"]17:03:31.0772 7564 NetTcpActivator - ok[/size]
[size="1"]17:03:31.0775 7564 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[/size]
[size="1"]17:03:31.0781 7564 NetTcpPortSharing - ok[/size]
[size="1"]17:03:31.0787 7564 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys[/size]
[size="1"]17:03:31.0794 7564 nfrd960 - ok[/size]
[size="1"]17:03:31.0806 7564 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll[/size]
[size="1"]17:03:31.0828 7564 NlaSvc - ok[/size]
[size="1"]17:03:31.0910 7564 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe[/size]
[size="1"]17:03:31.0940 7564 NOBU - ok[/size]
[size="1"]17:03:32.0106 7564 Norton Ghost (a1787754952a0b700e386dc7c5fa5726) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe[/size]
[size="1"]17:03:32.0153 7564 Norton Ghost - ok[/size]
[size="1"]17:03:32.0182 7564 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys[/size]
[size="1"]17:03:32.0203 7564 Npfs - ok[/size]
[size="1"]17:03:32.0207 7564 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll[/size]
[size="1"]17:03:32.0228 7564 nsi - ok[/size]
[size="1"]17:03:32.0232 7564 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys[/size]
[size="1"]17:03:32.0252 7564 nsiproxy - ok[/size]
[size="1"]17:03:32.0262 7564 NSL (e127420b7feb65c7f279eaac183bbc0e) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe[/size]
[size="1"]17:03:32.0268 7564 NSL - ok[/size]
[size="1"]17:03:32.0320 7564 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys[/size]
[size="1"]17:03:32.0341 7564 Ntfs - ok[/size]
[size="1"]17:03:32.0369 7564 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys[/size]
[size="1"]17:03:32.0389 7564 Null - ok[/size]
[size="1"]17:03:32.0396 7564 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys[/size]
[size="1"]17:03:32.0402 7564 nusb3hub - ok[/size]
[size="1"]17:03:32.0412 7564 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys[/size]
[size="1"]17:03:32.0419 7564 nusb3xhc - ok[/size]
[size="1"]17:03:32.0430 7564 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys[/size]
[size="1"]17:03:32.0437 7564 nvraid - ok[/size]
[size="1"]17:03:32.0447 7564 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys[/size]
[size="1"]17:03:32.0454 7564 nvstor - ok[/size]
[size="1"]17:03:32.0466 7564 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys[/size]
[size="1"]17:03:32.0474 7564 nv_agp - ok[/size]
[size="1"]17:03:32.0480 7564 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys[/size]
[size="1"]17:03:32.0487 7564 ohci1394 - ok[/size]
[size="1"]17:03:32.0499 7564 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[/size]
[size="1"]17:03:32.0505 7564 ose - ok[/size]
[size="1"]17:03:32.0655 7564 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[/size]
[size="1"]17:03:32.0706 7564 osppsvc - ok[/size]
[size="1"]17:03:32.0745 7564 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll[/size]
[size="1"]17:03:32.0754 7564 p2pimsvc - ok[/size]
[size="1"]17:03:32.0772 7564 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll[/size]
[size="1"]17:03:32.0782 7564 p2psvc - ok[/size]
[size="1"]17:03:32.0790 7564 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys[/size]
[size="1"]17:03:32.0798 7564 Parport - ok[/size]
[size="1"]17:03:32.0804 7564 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys[/size]
[size="1"]17:03:32.0810 7564 partmgr - ok[/size]
[size="1"]17:03:32.0816 7564 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys[/size]
[size="1"]17:03:32.0822 7564 pbfilter - ok[/size]
[size="1"]17:03:32.0832 7564 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll[/size]
[size="1"]17:03:32.0843 7564 PcaSvc - ok[/size]
[size="1"]17:03:32.0854 7564 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys[/size]
[size="1"]17:03:32.0862 7564 pci - ok[/size]
[size="1"]17:03:32.0865 7564 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys[/size]
[size="1"]17:03:32.0872 7564 pciide - ok[/size]
[size="1"]17:03:32.0881 7564 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys[/size]
[size="1"]17:03:32.0889 7564 pcmcia - ok[/size]
[size="1"]17:03:32.0894 7564 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys[/size]
[size="1"]17:03:32.0900 7564 pcw - ok[/size]
[size="1"]17:03:32.0916 7564 PDFProFiltSrv (34e3696102334ce84367336e309f1a0d) C:\Program Files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe[/size]
[size="1"]17:03:32.0921 7564 PDFProFiltSrv - ok[/size]
[size="1"]17:03:32.0944 7564 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys[/size]
[size="1"]17:03:32.0968 7564 PEAUTH - ok[/size]
[size="1"]17:03:32.0991 7564 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe[/size]
[size="1"]17:03:32.0999 7564 PerfHost - ok[/size]
[size="1"]17:03:33.0047 7564 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll[/size]
[size="1"]17:03:33.0076 7564 pla - ok[/size]
[size="1"]17:03:33.0093 7564 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll[/size]
[size="1"]17:03:33.0103 7564 PlugPlay - ok[/size]
[size="1"]17:03:33.0124 7564 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\Windows\SysWOW64\drivers\pmemnt.sys[/size]
[size="1"]17:03:33.0126 7564 PMEM ( UnsignedFile.Multi.Generic ) - warning[/size]
[size="1"]17:03:33.0126 7564 PMEM - detected UnsignedFile.Multi.Generic (1)[/size]
[size="1"]17:03:33.0132 7564 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys[/size]
[size="1"]17:03:33.0138 7564 pmxdrv - ok[/size]
[size="1"]17:03:33.0141 7564 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll[/size]
[size="1"]17:03:33.0148 7564 PNRPAutoReg - ok[/size]
[size="1"]17:03:33.0162 7564 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll[/size]
[size="1"]17:03:33.0171 7564 PNRPsvc - ok[/size]
[size="1"]17:03:33.0188 7564 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll[/size]
[size="1"]17:03:33.0211 7564 PolicyAgent - ok[/size]
[size="1"]17:03:33.0222 7564 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll[/size]
[size="1"]17:03:33.0244 7564 Power - ok[/size]
[size="1"]17:03:33.0296 7564 PowerAlert Agent (9e5361639c74eb9cc1b656f73af8e21f) C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe[/size]
[size="1"]17:03:33.0315 7564 PowerAlert Agent - ok[/size]
[size="1"]17:03:33.0347 7564 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys[/size]
[size="1"]17:03:33.0368 7564 PptpMiniport - ok[/size]
[size="1"]17:03:33.0374 7564 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys[/size]
[size="1"]17:03:33.0381 7564 Processor - ok[/size]
[size="1"]17:03:33.0392 7564 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll[/size]
[size="1"]17:03:33.0413 7564 ProfSvc - ok[/size]
[size="1"]17:03:33.0418 7564 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe[/size]
[size="1"]17:03:33.0425 7564 ProtectedStorage - ok[/size]
[size="1"]17:03:33.0432 7564 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys[/size]
[size="1"]17:03:33.0453 7564 Psched - ok[/size]
[size="1"]17:03:33.0498 7564 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys[/size]
[size="1"]17:03:33.0519 7564 ql2300 - ok[/size]
[size="1"]17:03:33.0551 7564 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys[/size]
[size="1"]17:03:33.0559 7564 ql40xx - ok[/size]
[size="1"]17:03:33.0573 7564 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll[/size]
[size="1"]17:03:33.0585 7564 QWAVE - ok[/size]
[size="1"]17:03:33.0590 7564 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys[/size]
[size="1"]17:03:33.0600 7564 QWAVEdrv - ok[/size]
[size="1"]17:03:33.0603 7564 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys[/size]
[size="1"]17:03:33.0624 7564 RasAcd - ok[/size]
[size="1"]17:03:33.0630 7564 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys[/size]
[size="1"]17:03:33.0650 7564 RasAgileVpn - ok[/size]
[size="1"]17:03:33.0659 7564 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll[/size]
[size="1"]17:03:33.0681 7564 RasAuto - ok[/size]
[size="1"]17:03:33.0690 7564 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys[/size]
[size="1"]17:03:33.0711 7564 Rasl2tp - ok[/size]
[size="1"]17:03:33.0729 7564 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll[/size]
[size="1"]17:03:33.0754 7564 RasMan - ok[/size]
[size="1"]17:03:33.0760 7564 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys[/size]
[size="1"]17:03:33.0781 7564 RasPppoe - ok[/size]
[size="1"]17:03:33.0788 7564 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys[/size]
[size="1"]17:03:33.0808 7564 RasSstp - ok[/size]
[size="1"]17:03:33.0823 7564 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys[/size]
[size="1"]17:03:33.0845 7564 rdbss - ok[/size]
[size="1"]17:03:33.0849 7564 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys[/size]
[size="1"]17:03:33.0858 7564 rdpbus - ok[/size]
[size="1"]17:03:33.0861 7564 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys[/size]
[size="1"]17:03:33.0881 7564 RDPCDD - ok[/size]
[size="1"]17:03:33.0886 7564 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys[/size]
[size="1"]17:03:33.0907 7564 RDPENCDD - ok[/size]
[size="1"]17:03:33.0913 7564 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys[/size]
[size="1"]17:03:33.0933 7564 RDPREFMP - ok[/size]
[size="1"]17:03:33.0946 7564 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys[/size]
[size="1"]17:03:33.0954 7564 RDPWD - ok[/size]
[size="1"]17:03:33.0964 7564 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys[/size]
[size="1"]17:03:33.0972 7564 rdyboost - ok[/size]
[size="1"]17:03:33.0980 7564 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll[/size]
[size="1"]17:03:34.0002 7564 RemoteAccess - ok[/size]
[size="1"]17:03:34.0010 7564 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll[/size]
[size="1"]17:03:34.0032 7564 RemoteRegistry - ok[/size]
[size="1"]17:03:34.0042 7564 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys[/size]
[size="1"]17:03:34.0051 7564 RFCOMM - ok[/size]
[size="1"]17:03:34.0057 7564 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll[/size]
[size="1"]17:03:34.0079 7564 RpcEptMapper - ok[/size]
[size="1"]17:03:34.0082 7564 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe[/size]
[size="1"]17:03:34.0090 7564 RpcLocator - ok[/size]
[size="1"]17:03:34.0108 7564 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll[/size]
[size="1"]17:03:34.0133 7564 RpcSs - ok[/size]
[size="1"]17:03:34.0139 7564 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys[/size]
[size="1"]17:03:34.0160 7564 rspndr - ok[/size]
[size="1"]17:03:34.0164 7564 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe[/size]
[size="1"]17:03:34.0171 7564 SamSs - ok[/size]
[size="1"]17:03:34.0178 7564 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys[/size]
[size="1"]17:03:34.0185 7564 sbp2port - ok[/size]
[size="1"]17:03:34.0196 7564 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll[/size]
[size="1"]17:03:34.0219 7564 SCardSvr - ok[/size]
[size="1"]17:03:34.0223 7564 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys[/size]
[size="1"]17:03:34.0243 7564 scfilter - ok[/size]
[size="1"]17:03:34.0282 7564 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll[/size]
[size="1"]17:03:34.0310 7564 Schedule - ok[/size]
[size="1"]17:03:34.0317 7564 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll[/size]
[size="1"]17:03:34.0337 7564 SCPolicySvc - ok[/size]
[size="1"]17:03:34.0340 7564 SDdriver - ok[/size]
[size="1"]17:03:34.0352 7564 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll[/size]
[size="1"]17:03:34.0360 7564 SDRSVC - ok[/size]
[size="1"]17:03:34.0364 7564 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys[/size]
[size="1"]17:03:34.0385 7564 secdrv - ok[/size]
[size="1"]17:03:34.0389 7564 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll[/size]
[size="1"]17:03:34.0410 7564 seclogon - ok[/size]
[size="1"]17:03:34.0416 7564 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll[/size]
[size="1"]17:03:34.0438 7564 SENS - ok[/size]
[size="1"]17:03:34.0442 7564 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll[/size]
[size="1"]17:03:34.0450 7564 SensrSvc - ok[/size]
[size="1"]17:03:34.0453 7564 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys[/size]
[size="1"]17:03:34.0461 7564 Serenum - ok[/size]
[size="1"]17:03:34.0467 7564 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys[/size]
[size="1"]17:03:34.0475 7564 Serial - ok[/size]
[size="1"]17:03:34.0479 7564 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys[/size]
[size="1"]17:03:34.0486 7564 sermouse - ok[/size]
[size="1"]17:03:34.0502 7564 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll[/size]
[size="1"]17:03:34.0523 7564 SessionEnv - ok[/size]
[size="1"]17:03:34.0527 7564 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys[/size]
[size="1"]17:03:34.0535 7564 sffdisk - ok[/size]
[size="1"]17:03:34.0539 7564 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys[/size]
[size="1"]17:03:34.0547 7564 sffp_mmc - ok[/size]
[size="1"]17:03:34.0551 7564 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys[/size]
[size="1"]17:03:34.0560 7564 sffp_sd - ok[/size]
[size="1"]17:03:34.0563 7564 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys[/size]
[size="1"]17:03:34.0571 7564 sfloppy - ok[/size]
[size="1"]17:03:34.0627 7564 SftService (1968e6ebbeecf61d5f7d8603467e2ad0) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[/size]
[size="1"]17:03:34.0647 7564 SftService - ok[/size]
[size="1"]17:03:34.0684 7564 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll[/size]
[size="1"]17:03:34.0707 7564 SharedAccess - ok[/size]
[size="1"]17:03:34.0724 7564 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll[/size]
[size="1"]17:03:34.0747 7564 ShellHWDetection - ok[/size]
[size="1"]17:03:34.0751 7564 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe[/size]
[size="1"]17:03:34.0759 7564 simptcp - ok[/size]
[size="1"]17:03:34.0769 7564 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys[/size]
[size="1"]17:03:34.0775 7564 SiSRaid2 - ok[/size]
[size="1"]17:03:34.0782 7564 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys[/size]
[size="1"]17:03:34.0788 7564 SiSRaid4 - ok[/size]
[size="1"]17:03:34.0796 7564 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys[/size]
[size="1"]17:03:34.0817 7564 Smb - ok[/size]
[size="1"]17:03:34.0825 7564 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe[/size]
[size="1"]17:03:34.0833 7564 SNMPTRAP - ok[/size]
[size="1"]17:03:34.0837 7564 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys[/size]
[size="1"]17:03:34.0844 7564 spldr - ok[/size]
[size="1"]17:03:34.0864 7564 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe[/size]
[size="1"]17:03:34.0888 7564 Spooler - ok[/size]
[size="1"]17:03:34.0994 7564 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe[/size]
[size="1"]17:03:35.0038 7564 sppsvc - ok[/size]
[size="1"]17:03:35.0065 7564 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll[/size]
[size="1"]17:03:35.0087 7564 sppuinotify - ok[/size]
[size="1"]17:03:35.0116 7564 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307000.009\SRTSP64.SYS[/size]
[size="1"]17:03:35.0127 7564 SRTSP - ok[/size]
[size="1"]17:03:35.0132 7564 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307000.009\SRTSPX64.SYS[/size]
[size="1"]17:03:35.0137 7564 SRTSPX - ok[/size]
[size="1"]17:03:35.0153 7564 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys[/size]
[size="1"]17:03:35.0163 7564 srv - ok[/size]
[size="1"]17:03:35.0181 7564 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys[/size]
[size="1"]17:03:35.0190 7564 srv2 - ok[/size]
[size="1"]17:03:35.0200 7564 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys[/size]
[size="1"]17:03:35.0207 7564 srvnet - ok[/size]
[size="1"]17:03:35.0218 7564 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll[/size]
[size="1"]17:03:35.0241 7564 SSDPSRV - ok[/size]
[size="1"]17:03:35.0248 7564 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll[/size]
[size="1"]17:03:35.0270 7564 SstpSvc - ok[/size]
[size="1"]17:03:35.0274 7564 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys[/size]
[size="1"]17:03:35.0281 7564 stexstor - ok[/size]
[size="1"]17:03:35.0299 7564 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll[/size]
[size="1"]17:03:35.0313 7564 stisvc - ok[/size]
[size="1"]17:03:35.0317 7564 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys[/size]
[size="1"]17:03:35.0324 7564 swenum - ok[/size]
[size="1"]17:03:35.0342 7564 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll[/size]
[size="1"]17:03:35.0366 7564 swprv - ok[/size]
[size="1"]17:03:35.0370 7564 Symantec SymSnap VSS Provider - ok[/size]
[size="1"]17:03:35.0389 7564 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS[/size]
[size="1"]17:03:35.0398 7564 SymDS - ok[/size]
[size="1"]17:03:35.0433 7564 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS[/size]
[size="1"]17:03:35.0448 7564 SymEFA - ok[/size]
[size="1"]17:03:35.0459 7564 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS[/size]
[size="1"]17:03:35.0465 7564 SymEvent - ok[/size]
[size="1"]17:03:35.0474 7564 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS[/size]
[size="1"]17:03:35.0480 7564 SymIRON - ok[/size]
[size="1"]17:03:35.0495 7564 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS[/size]
[size="1"]17:03:35.0503 7564 SymNetS - ok[/size]
[size="1"]17:03:35.0514 7564 symsnap (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys[/size]
[size="1"]17:03:35.0520 7564 symsnap - ok[/size]
[size="1"]17:03:35.0608 7564 SymSnapService (ea1a479651ca2e0409c29d586c91901d) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe[/size]
[size="1"]17:03:35.0639 7564 SymSnapService - ok[/size]
[size="1"]17:03:35.0714 7564 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll[/size]
[size="1"]17:03:35.0737 7564 SysMain - ok[/size]
[size="1"]17:03:35.0764 7564 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll[/size]
[size="1"]17:03:35.0776 7564 TabletInputService - ok[/size]
[size="1"]17:03:35.0791 7564 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll[/size]
[size="1"]17:03:35.0814 7564 TapiSrv - ok[/size]
[size="1"]17:03:35.0820 7564 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll[/size]
[size="1"]17:03:35.0842 7564 TBS - ok[/size]
[size="1"]17:03:35.0904 7564 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys[/size]
[size="1"]17:03:35.0928 7564 Tcpip - ok[/size]
[size="1"]17:03:36.0053 7564 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys[/size]
[size="1"]17:03:36.0077 7564 TCPIP6 - ok[/size]
[size="1"]17:03:36.0109 7564 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys[/size]
[size="1"]17:03:36.0129 7564 tcpipreg - ok[/size]
[size="1"]17:03:36.0135 7564 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys[/size]
[size="1"]17:03:36.0142 7564 TDPIPE - ok[/size]
[size="1"]17:03:36.0147 7564 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys[/size]
[size="1"]17:03:36.0154 7564 TDTCP - ok[/size]
[size="1"]17:03:36.0163 7564 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys[/size]
[size="1"]17:03:36.0184 7564 tdx - ok[/size]
[size="1"]17:03:36.0189 7564 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys[/size]
[size="1"]17:03:36.0196 7564 TermDD - ok[/size]
[size="1"]17:03:36.0219 7564 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll[/size]
[size="1"]17:03:36.0244 7564 TermService - ok[/size]
[size="1"]17:03:36.0250 7564 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll[/size]
[size="1"]17:03:36.0261 7564 Themes - ok[/size]
[size="1"]17:03:36.0267 7564 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll[/size]
[size="1"]17:03:36.0288 7564 THREADORDER - ok[/size]
[size="1"]17:03:36.0326 7564 TivoBeacon2 (4de3faee834e9ef5151a71866f6db55d) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe[/size]
[size="1"]17:03:36.0341 7564 TivoBeacon2 - ok[/size]
[size="1"]17:03:36.0349 7564 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll[/size]
[size="1"]17:03:36.0372 7564 TrkWks - ok[/size]
[size="1"]17:03:36.0387 7564 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys[/size]
[size="1"]17:03:36.0395 7564 truecrypt - ok[/size]
[size="1"]17:03:36.0405 7564 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe[/size]
[size="1"]17:03:36.0426 7564 TrustedInstaller - ok[/size]
[size="1"]17:03:36.0434 7564 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys[/size]
[size="1"]17:03:36.0454 7564 tssecsrv - ok[/size]
[size="1"]17:03:36.0461 7564 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys[/size]
[size="1"]17:03:36.0468 7564 TsUsbFlt - ok[/size]
[size="1"]17:03:36.0472 7564 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys[/size]
[size="1"]17:03:36.0479 7564 TsUsbGD - ok[/size]
[size="1"]17:03:36.0486 7564 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys[/size]
[size="1"]17:03:36.0506 7564 tunnel - ok[/size]
[size="1"]17:03:36.0513 7564 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys[/size]
[size="1"]17:03:36.0519 7564 uagp35 - ok[/size]
[size="1"]17:03:36.0533 7564 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys[/size]
[size="1"]17:03:36.0555 7564 udfs - ok[/size]
[size="1"]17:03:36.0565 7564 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe[/size]
[size="1"]17:03:36.0573 7564 UI0Detect - ok[/size]
[size="1"]17:03:36.0580 7564 UimBus (6d5e0269f2b97011800b788accf2eaf6) C:\Windows\system32\DRIVERS\uimx64.sys[/size]
[size="1"]17:03:36.0586 7564 UimBus - ok[/size]
[size="1"]17:03:36.0612 7564 Uim_IM (a30ac921d38e6f3eacff0d0ff5510f1a) C:\Windows\system32\Drivers\Uim_IMx64.sys[/size]
[size="1"]17:03:36.0623 7564 Uim_IM - ok[/size]
[size="1"]17:03:36.0639 7564 Uim_VIM (5525963e10cca6c8551b986a2cf39c59) C:\Windows\system32\Drivers\uim_vimx64.sys[/size]
[size="1"]17:03:36.0648 7564 Uim_VIM - ok[/size]
[size="1"]17:03:36.0655 7564 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys[/size]
[size="1"]17:03:36.0661 7564 uliagpkx - ok[/size]
[size="1"]17:03:36.0667 7564 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys[/size]
[size="1"]17:03:36.0674 7564 umbus - ok[/size]
[size="1"]17:03:36.0678 7564 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys[/size]
[size="1"]17:03:36.0685 7564 UmPass - ok[/size]
[size="1"]17:03:36.0701 7564 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll[/size]
[size="1"]17:03:36.0725 7564 upnphost - ok[/size]
[size="1"]17:03:36.0730 7564 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys[/size]
[size="1"]17:03:36.0736 7564 USBAAPL64 - ok[/size]
[size="1"]17:03:36.0745 7564 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys[/size]
[size="1"]17:03:36.0755 7564 usbaudio - ok[/size]
[size="1"]17:03:36.0762 7564 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys[/size]
[size="1"]17:03:36.0770 7564 usbccgp - ok[/size]
[size="1"]17:03:36.0778 7564 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys[/size]
[size="1"]17:03:36.0787 7564 usbcir - ok[/size]
[size="1"]17:03:36.0793 7564 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys[/size]
[size="1"]17:03:36.0799 7564 usbehci - ok[/size]
[size="1"]17:03:36.0813 7564 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys[/size]
[size="1"]17:03:36.0822 7564 usbhub - ok[/size]
[size="1"]17:03:36.0827 7564 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys[/size]
[size="1"]17:03:36.0834 7564 usbohci - ok[/size]
[size="1"]17:03:36.0838 7564 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys[/size]
[size="1"]17:03:36.0847 7564 usbprint - ok[/size]
[size="1"]17:03:36.0852 7564 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys[/size]
[size="1"]17:03:36.0861 7564 usbscan - ok[/size]
[size="1"]17:03:36.0867 7564 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS[/size]
[size="1"]17:03:36.0874 7564 USBSTOR - ok[/size]
[size="1"]17:03:36.0879 7564 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys[/size]
[size="1"]17:03:36.0886 7564 usbuhci - ok[/size]
[size="1"]17:03:36.0891 7564 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll[/size]
[size="1"]17:03:36.0913 7564 UxSms - ok[/size]
[size="1"]17:03:36.0920 7564 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe[/size]
[size="1"]17:03:36.0927 7564 VaultSvc - ok[/size]
[size="1"]17:03:36.0932 7564 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys[/size]
[size="1"]17:03:36.0938 7564 vdrvroot - ok[/size]
[size="1"]17:03:36.0957 7564 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe[/size]
[size="1"]17:03:36.0982 7564 vds - ok[/size]
[size="1"]17:03:36.0987 7564 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys[/size]
[size="1"]17:03:36.0996 7564 vga - ok[/size]
[size="1"]17:03:37.0000 7564 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys[/size]
[size="1"]17:03:37.0021 7564 VgaSave - ok[/size]
[size="1"]17:03:37.0032 7564 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys[/size]
[size="1"]17:03:37.0040 7564 vhdmp - ok[/size]
[size="1"]17:03:37.0044 7564 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys[/size]
[size="1"]17:03:37.0050 7564 viaide - ok[/size]
[size="1"]17:03:37.0057 7564 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys[/size]
[size="1"]17:03:37.0064 7564 volmgr - ok[/size]
[size="1"]17:03:37.0081 7564 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys[/size]
[size="1"]17:03:37.0091 7564 volmgrx - ok[/size]
[size="1"]17:03:37.0104 7564 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys[/size]
[size="1"]17:03:37.0113 7564 volsnap - ok[/size]
[size="1"]17:03:37.0118 7564 VProEventMonitor (8b7454930230db4bc4ba35a467be09aa) C:\Windows\system32\DRIVERS\vproeventmonitor.sys[/size]
[size="1"]17:03:37.0123 7564 VProEventMonitor - ok[/size]
[size="1"]17:03:37.0133 7564 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys[/size]
[size="1"]17:03:37.0140 7564 vsmraid - ok[/size]
[size="1"]17:03:37.0184 7564 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe[/size]
[size="1"]17:03:37.0216 7564 VSS - ok[/size]
[size="1"]17:03:37.0244 7564 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys[/size]
[size="1"]17:03:37.0253 7564 vwifibus - ok[/size]
[size="1"]17:03:37.0259 7564 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys[/size]
[size="1"]17:03:37.0269 7564 vwififlt - ok[/size]
[size="1"]17:03:37.0273 7564 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys[/size]
[size="1"]17:03:37.0283 7564 vwifimp - ok[/size]
[size="1"]17:03:37.0300 7564 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll[/size]
[size="1"]17:03:37.0324 7564 W32Time - ok[/size]
[size="1"]17:03:37.0331 7564 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys[/size]
[size="1"]17:03:37.0338 7564 WacomPen - ok[/size]
[size="1"]17:03:37.0345 7564 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="1"]17:03:37.0366 7564 WANARP - ok[/size]
[size="1"]17:03:37.0369 7564 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size="1"]17:03:37.0389 7564 Wanarpv6 - ok[/size]
[size="1"]17:03:37.0433 7564 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe[/size]
[size="1"]17:03:37.0450 7564 WatAdminSvc - ok[/size]
[size="1"]17:03:37.0496 7564 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe[/size]
[size="1"]17:03:37.0514 7564 wbengine - ok[/size]
[size="1"]17:03:37.0547 7564 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll[/size]
[size="1"]17:03:37.0559 7564 WbioSrvc - ok[/size]
[size="1"]17:03:37.0573 7564 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll[/size]
[size="1"]17:03:37.0586 7564 wcncsvc - ok[/size]
[size="1"]17:03:37.0592 7564 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll[/size]
[size="1"]17:03:37.0600 7564 WcsPlugInService - ok[/size]
[size="1"]17:03:37.0608 7564 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys[/size]
[size="1"]17:03:37.0614 7564 Wd - ok[/size]
[size="1"]17:03:37.0636 7564 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys[/size]
[size="1"]17:03:37.0648 7564 Wdf01000 - ok[/size]
[size="1"]17:03:37.0656 7564 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll[/size]
[size="1"]17:03:37.0667 7564 WdiServiceHost - ok[/size]
[size="1"]17:03:37.0670 7564 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll[/size]
[size="1"]17:03:37.0681 7564 WdiSystemHost - ok[/size]
[size="1"]17:03:37.0693 7564 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll[/size]
[size="1"]17:03:37.0705 7564 WebClient - ok[/size]
[size="1"]17:03:37.0718 7564 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll[/size]
[size="1"]17:03:37.0741 7564 Wecsvc - ok[/size]
[size="1"]17:03:37.0749 7564 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll[/size]
[size="1"]17:03:37.0771 7564 wercplsupport - ok[/size]
[size="1"]17:03:37.0777 7564 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll[/size]
[size="1"]17:03:37.0799 7564 WerSvc - ok[/size]
[size="1"]17:03:37.0806 7564 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys[/size]
[size="1"]17:03:37.0826 7564 WfpLwf - ok[/size]
[size="1"]17:03:37.0836 7564 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys[/size]
[size="1"]17:03:37.0844 7564 WimFltr - ok[/size]
[size="1"]17:03:37.0848 7564 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys[/size]
[size="1"]17:03:37.0854 7564 WIMMount - ok[/size]
[size="1"]17:03:37.0860 7564 WinDefend - ok[/size]
[size="1"]17:03:37.0868 7564 WinHttpAutoProxySvc - ok[/size]
[size="1"]17:03:37.0884 7564 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll[/size]
[size="1"]17:03:37.0906 7564 Winmgmt - ok[/size]
[size="1"]17:03:37.0965 7564 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll[/size]
[size="1"]17:03:37.0999 7564 WinRM - ok[/size]
[size="1"]17:03:38.0033 7564 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys[/size]
[size="1"]17:03:38.0042 7564 WinUsb - ok[/size]
[size="1"]17:03:38.0072 7564 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll[/size]
[size="1"]17:03:38.0089 7564 Wlansvc - ok[/size]
[size="1"]17:03:38.0097 7564 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe[/size]
[size="1"]17:03:38.0102 7564 wlcrasvc - ok[/size]
[size="1"]17:03:38.0170 7564 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[/size]
[size="1"]17:03:38.0196 7564 wlidsvc - ok[/size]
[size="1"]17:03:38.0204 7564 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE[/size]
[size="1"]17:03:38.0207 7564 wltrysvc ( UnsignedFile.Multi.Generic ) - warning[/size]
[size="1"]17:03:38.0207 7564 wltrysvc - detected UnsignedFile.Multi.Generic (1)[/size]
[size="1"]17:03:38.0233 7564 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys[/size]
[size="1"]17:03:38.0240 7564 WmiAcpi - ok[/size]
[size="1"]17:03:38.0255 7564 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe[/size]
[size="1"]17:03:38.0264 7564 wmiApSrv - ok[/size]
[size="1"]17:03:38.0269 7564 WMPNetworkSvc - ok[/size]
[size="1"]17:03:38.0274 7564 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll[/size]
[size="1"]17:03:38.0282 7564 WPCSvc - ok[/size]
[size="1"]17:03:38.0291 7564 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll[/size]
[size="1"]17:03:38.0300 7564 WPDBusEnum - ok[/size]
[size="1"]17:03:38.0305 7564 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys[/size]
[size="1"]17:03:38.0325 7564 ws2ifsl - ok[/size]
[size="1"]17:03:38.0333 7564 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll[/size]
[size="1"]17:03:38.0344 7564 wscsvc - ok[/size]
[size="1"]17:03:38.0348 7564 WSearch - ok[/size]
[size="1"]17:03:38.0416 7564 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll[/size]
[size="1"]17:03:38.0454 7564 wuauserv - ok[/size]
[size="1"]17:03:38.0486 7564 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys[/size]
[size="1"]17:03:38.0506 7564 WudfPf - ok[/size]
[size="1"]17:03:38.0519 7564 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys[/size]
[size="1"]17:03:38.0540 7564 WUDFRd - ok[/size]
[size="1"]17:03:38.0547 7564 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll[/size]
[size="1"]17:03:38.0569 7564 wudfsvc - ok[/size]
[size="1"]17:03:38.0581 7564 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll[/size]
[size="1"]17:03:38.0592 7564 WwanSvc - ok[/size]
[size="1"]17:03:38.0603 7564 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys[/size]
[size="1"]17:03:38.0609 7564 xusb21 - ok[/size]
[size="1"]17:03:38.0631 7564 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[/size]
[size="1"]17:03:38.0640 7564 YahooAUService - ok[/size]
[size="1"]17:03:38.0652 7564 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0[/size]
[size="1"]17:03:38.0665 7564 \Device\Harddisk0\DR0 - ok[/size]
[size="1"]17:03:38.0667 7564 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1[/size]
[size="1"]17:03:38.0783 7564 \Device\Harddisk1\DR1 - ok[/size]
[size="1"]17:03:38.0809 7564 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2[/size]
[size="1"]17:03:38.0861 7564 \Device\Harddisk2\DR2 - ok[/size]
[size="1"]17:03:39.0428 7564 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk3\DR3[/size]
[size="1"]17:03:40.0693 7564 \Device\Harddisk3\DR3 - ok[/size]
[size="1"]17:03:40.0697 7564 Boot (0x1200) (75833aeeba04646fccb6700a44f57a1f) \Device\Harddisk0\DR0\Partition0[/size]
[size="1"]17:03:40.0698 7564 \Device\Harddisk0\DR0\Partition0 - ok[/size]
[size="1"]17:03:40.0727 7564 Boot (0x1200) (4887e986014c0fe7eb50f1cc7aaa3be9) \Device\Harddisk1\DR1\Partition0[/size]
[size="1"]17:03:40.0729 7564 \Device\Harddisk1\DR1\Partition0 - ok[/size]
[size="1"]17:03:40.0731 7564 Boot (0x1200) (c9448b3045b38628cdd9b2e772bf1384) \Device\Harddisk1\DR1\Partition1[/size]
[size="1"]17:03:40.0732 7564 \Device\Harddisk1\DR1\Partition1 - ok[/size]
[size="1"]17:03:40.0734 7564 Boot (0x1200) (62327f75a9ee1cd1472e9d15b1f7a9b4) \Device\Harddisk2\DR2\Partition0[/size]
[size="1"]17:03:40.0735 7564 \Device\Harddisk2\DR2\Partition0 - ok[/size]
[size="1"]17:03:40.0736 7564 Boot (0x1200) (5f46207087cef4d3d76391100c3dec7c) \Device\Harddisk3\DR3\Partition0[/size]
[size="1"]17:03:40.0737 7564 \Device\Harddisk3\DR3\Partition0 - ok[/size]
[size="1"]17:03:40.0738 7564 ============================================================[/size]
[size="1"]17:03:40.0738 7564 Scan finished[/size]
[size="1"]17:03:40.0738 7564 ============================================================[/size]
[size="1"]17:03:40.0742 4812 Detected object count: 8[/size]
[size="1"]17:03:40.0742 4812 Actual detected object count: 8[/size]
[size="1"]17:03:44.0320 4812 AGCoreService ( UnsignedFile.Multi.Generic ) - skipped by user[/size]
[size="1"]17:03:44.0320 4812 AGCoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip [/size]
[size="1"]17:03:44.0320 4812 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user[/size]
[size="1"]17:03:44.0320 4812 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip [/size]
[size="1"]17:03:44.0321 4812 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user[/size]
[size="1"]17:03:44.0321 4812 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip [/size]
[size="1"]17:03:44.0325 4812 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user[/size]
[size="1"]17:03:44.0325 4812 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip [/size]
[size="1"]17:03:44.0326 4812 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user[/size]
[size="1"]17:03:44.0326 4812 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip [/size]
[size="1"]17:03:44.0326 4812 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user[/size]
[size="1"]17:03:44.0326 4812 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip [/size]
[size="1"]17:03:44.0327 4812 PMEM ( UnsignedFile.Multi.Generic ) - skipped by user[/size]
[size="1"]17:03:44.0327 4812 PMEM ( UnsignedFile.Multi.Generic ) - User select action: Skip [/size]
[size="1"]17:03:44.0327 4812 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user[/size]
[size="1"]17:03:44.0327 4812 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip [/size]

#6 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 08 May 2012 - 04:12 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by lmf1 at 17:07:20 on 2012-05-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.7724 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe
C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\fxssvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\CompanionLink\CompanionLink.exe
C:\PROGRA~2\Webshots\315~1.761\webshots.scr
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\ScanSoft\PDF Converter 5\PdfPro5Hook.exe
C:\Program Files (x86)\COMPAQ\Easy Access Button Support\STARTEAK.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~2\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\dllhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\notepad.exe
D:\Downloads\tdsskiller\TDSSKiller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [MusicManager] "C:\Users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PDFHook] C:\Program Files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe
mRun: [CPQEASYACC] C:\Program Files (x86)\Compaq\Easy Access Button Support\StartEAK.exe
mRun: [Memeo Backup Pro] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\lmf1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COMPAN~1.LNK - C:\Program Files (x86)\CompanionLink\CompanionLink.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)
mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\lmf1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Open with PDF Converter 5.2 - C:\Program Files (x86)\ScanSoft\PDF Converter 5\cnvres_eng.dll /100
IE: Open with PDF Professional 5.2 - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{30BDBFD5-7CA6-4660-A52E-D131EA8A0574} : DhcpNameServer = 192.168.1.1 68.237.161.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: PCANotify - PCANotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO-X64: WinZip Courier BHO - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PDFHook] C:\Program Files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe
mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe
mRun-x64: [CPQEASYACC] C:\Program Files (x86)\Compaq\Easy Access Button Support\StartEAK.exe
mRun-x64: [Memeo Backup Pro] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL -
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\lmf1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\lmf1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26195060060425-1001&toolbarId=base&affiliateId=1500&Lan=en&utid=7ba4ed40000000000000782bcba8b546&q=
FF - user.js: extensions.zonealarm.id - 7ba4ed40000000000000782bcba8b546
FF - user.js: extensions.zonealarm.instlDay - 15414
FF - user.js: extensions.zonealarm.vrsn - 1.5.19.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.19.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.19.318:04:44
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1500
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN26195060060425-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-8 1160824]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [?]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys --> C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120507.001\IDSviA64.sys [2012-5-7 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1307000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [?]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\system32\Drivers\uim_vimx64.sys --> C:\Windows\system32\Drivers\uim_vimx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2012-1-30 20480]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-21 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-7 654408]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-7-26 25824]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [2012-4-23 138232]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-2-3 138760]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe [2008-12-23 144672]
R2 PowerAlert Agent;PowerAlert Agent;C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-5-9 1658704]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys --> C:\Windows\system32\drivers\bthav.sys [?]
R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-16 138360]
R3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-3-9 24176]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 7168]
R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-3-11 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-3-11 8456]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-29 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-21 1692480]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-07 23:12:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-07 23:12:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-06 19:11:38 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-05-06 18:42:37 -------- d-----w- C:\Users\lmf1\AppData\Roaming\SUPERAntiSpyware.com
2012-05-06 03:12:49 -------- d-----w- C:\Users\lmf1\AppData\Roaming\SpeedyPC Software
2012-05-06 03:12:49 -------- d-----w- C:\Users\lmf1\AppData\Roaming\DriverCure
2012-05-06 03:12:42 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-05-05 17:59:26 -------- d-----w- C:\Users\lmf1\AppData\Roaming\Anvisoft
2012-05-05 17:58:54 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-05-05 17:31:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-05 17:31:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-05 16:45:16 -------- d-----w- C:\Users\lmf1\AppData\Roaming\Malwarebytes
2012-05-05 16:45:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-04 23:45:14 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-05-01 22:18:36 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-04-24 21:37:50 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-24 21:37:49 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 21:37:49 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-23 22:17:30 737912 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\srtsp64.sys
2012-04-23 22:17:30 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1307000.009\symds64.sys
2012-04-23 22:17:30 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\symnets.sys
2012-04-23 22:17:30 37496 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\srtspx64.sys
2012-04-23 22:17:30 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\ironx64.sys
2012-04-23 22:17:30 167048 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\ccsetx64.sys
2012-04-23 22:17:30 1092728 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\symefa64.sys
2012-04-23 22:17:28 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1307000.009
2012-04-11 22:51:28 -------- d-----w- C:\Users\lmf1\AppData\Roaming\Juniper Networks
2012-04-10 22:49:58 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-10 22:49:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 22:49:58 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-10 22:49:58 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-10 22:49:58 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-10 22:49:58 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-10 22:49:58 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
==================== Find3M ====================
.
2012-04-20 21:54:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-20 21:54:51 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-23 15:12:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-13 18:36:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-08 20:51:50 2469760 ----a-w- C:\Windows\SysWow64\BootMan.exe
2012-03-08 20:51:40 3321728 ----a-w- C:\Windows\System32\BootMan.exe
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-27 17:14:42 251696 ----a-w- C:\Windows\SysWow64\prgiso.dll
2012-02-27 17:14:28 90928 ----a-w- C:\Windows\System32\drivers\uimx64.sys
2012-02-27 17:14:28 471728 ----a-w- C:\Windows\System32\drivers\UimFIO.sys
2012-02-27 17:14:26 632752 ----a-w- C:\Windows\System32\drivers\Uim_IMx64.sys
2012-02-27 17:14:26 379696 ----a-w- C:\Windows\System32\drivers\uim_vimx64.sys
2012-02-27 17:14:22 39216 ----a-w- C:\Windows\System32\drivers\hotcore3.sys
2012-02-25 00:17:00 8075776 ----a-w- C:\Windows\System32\BCMWLCPL.CPL
2012-02-25 00:17:00 73728 ----a-w- C:\Windows\System32\wltrynt.dll
2012-02-25 00:17:00 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2012-02-25 00:17:00 60928 ----a-w- C:\Windows\System32\bcmwlrmt.dll
2012-02-25 00:17:00 4961800 ----a-w- C:\Windows\SysWow64\vcredist_x64.exe
2012-02-25 00:17:00 47632 ----a-w- C:\Windows\System32\drivers\npf.sys
2012-02-25 00:17:00 4750848 ----a-w- C:\Windows\System32\bcmttls.dll
2012-02-25 00:17:00 459 ----a-w- C:\Windows\SysWow64\vcredist_x64.bat
2012-02-25 00:17:00 457 ----a-w- C:\Windows\System32\vcredist_x64.bat
2012-02-25 00:17:00 3161088 ----a-w- C:\Windows\System32\vcredist_x64.exe
2012-02-25 00:17:00 22520 ----a-w- C:\Windows\System32\drivers\bcm42rly.sys
2012-02-25 00:17:00 1089024 ----a-w- C:\Windows\System32\BCMLogon.dll
2012-02-24 23:36:26 31152 ----a-w- C:\Windows\System32\drivers\pmxdrv.sys
2012-02-20 01:22:19 197120 ----a-w- C:\Windows\SysWow64\System47.scr
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-09 03:55:30 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
.
============= FINISH: 17:07:43.28 ===============

#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 May 2012 - 04:36 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 09 May 2012 - 05:42 AM

ComboFix 12-05-08.02 - lmf1 05/09/12 6:35.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.8558 [GMT -4:00]
Running from: d:\downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Collections.html
c:\data\PlayList.txt
c:\programdata\ntuser.dat
c:\users\adminstrator\Desktop\weather.lnk
c:\windows\command
c:\windows\command\EXTRACT.PIF
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RtlUpd64.exe
c:\windows\system32\fxsst.dll
c:\windows\system32\slwga.dll
c:\windows\system32\srrstr.dll
c:\windows\system32\systemcpl.dll
c:\windows\system32\termsrv.dll
c:\windows\SysWow64\odbcad32.exe
.
----- File Replicators -----
.
c:\dell\drivers\R282239\Vista64\RAVBg64.exe
c:\dell\drivers\R282239\Vista64\RtlUpd64.exe
c:\drivers\audio\R282239\Vista64\RAVBg64.exe
c:\drivers\audio\R282239\Vista64\RtlUpd64.exe
c:\program files (x86)\Realtek\Audio\Drivers\RtlUpd64.exe
c:\program files (x86)\Realtek\Audio\InstallShield\Rtkupd64.exe
c:\program files\Realtek\Audio\HDA\RAVBg64.exe
c:\program files\Realtek\Audio\HDA\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RtlUpd64.exe
c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVBg64.exe
c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RtlUpd64.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 10:39 . 2012-05-09 10:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 10:39 . 2012-05-09 10:39 -------- d-----w- c:\users\adminstrator\AppData\Local\temp
2012-05-09 10:39 . 2012-05-09 10:39 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2012-05-09 10:39 . 2012-05-09 10:40 -------- d-----w- C:\Data
2012-05-09 02:21 . 2012-05-09 02:21 -------- d-----w- C:\NBRT
2012-05-09 02:19 . 2012-05-09 02:20 -------- d-----w- c:\users\lmf1\AppData\Roaming\AVG
2012-05-09 01:33 . 2012-05-09 01:33 -------- d--h--w- c:\programdata\Common Files
2012-05-09 01:33 . 2012-05-09 02:18 -------- d-----w- c:\program files (x86)\AVG
2012-05-09 01:31 . 2012-05-09 03:23 -------- d-----w- c:\programdata\MFAData
2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-05-08 21:40 . 2012-05-08 21:53 -------- d-----w- c:\users\lmf1\AppData\Local\NPE
2012-05-07 23:12 . 2012-05-07 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-07 23:12 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-06 19:11 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-05-06 18:42 . 2012-05-06 18:42 -------- d-----w- c:\users\lmf1\AppData\Roaming\SUPERAntiSpyware.com
2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\SpeedyPC Software
2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\DriverCure
2012-05-06 03:12 . 2012-05-06 03:16 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-05 17:59 . 2012-05-05 17:59 -------- d-----w- c:\users\lmf1\AppData\Roaming\Anvisoft
2012-05-05 17:58 . 2012-05-06 02:59 -------- d-----w- c:\program files (x86)\Anvisoft
2012-05-05 17:31 . 2012-05-08 21:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-05 17:31 . 2012-05-05 17:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\users\lmf1\AppData\Roaming\Malwarebytes
2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\programdata\Malwarebytes
2012-05-04 23:45 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-01 22:18 . 2012-05-01 22:18 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-04-24 21:37 . 2012-04-24 21:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-24 21:37 . 2012-04-24 21:37 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 21:37 . 2012-04-24 21:37 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-23 22:17 . 2012-04-24 21:32 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009
2012-04-11 22:51 . 2012-04-11 22:51 -------- d-----w- c:\users\lmf1\AppData\Roaming\Juniper Networks
2012-04-10 22:49 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 22:49 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 22:49 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 22:49 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 22:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 22:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 22:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-20 21:54 . 2012-03-29 21:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-20 21:54 . 2011-10-21 23:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 15:12 . 2012-02-03 18:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-13 18:36 . 2012-01-30 02:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-08 20:51 . 2012-03-11 22:18 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe
2012-03-08 20:51 . 2012-03-11 22:18 3321728 ----a-w- c:\windows\system32\BootMan.exe
2012-02-29 08:02 . 2012-02-29 08:02 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-27 17:14 . 2012-02-27 17:14 251696 ----a-w- c:\windows\SysWow64\prgiso.dll
2012-02-27 17:14 . 2012-02-27 17:14 90928 ----a-w- c:\windows\system32\drivers\uimx64.sys
2012-02-27 17:14 . 2012-02-27 17:14 471728 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2012-02-27 17:14 . 2012-02-27 17:14 632752 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys
2012-02-27 17:14 . 2012-02-27 17:14 379696 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys
2012-02-27 17:14 . 2012-03-06 21:34 39216 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2012-02-25 00:17 . 2012-02-25 00:17 1089024 ----a-w- c:\windows\system32\BCMLogon.dll
2012-02-25 00:17 . 2012-02-25 00:17 8075776 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-02-25 00:17 . 2012-02-25 00:17 73728 ----a-w- c:\windows\system32\wltrynt.dll
2012-02-25 00:17 . 2012-02-25 00:17 60928 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-02-25 00:17 . 2012-02-25 00:17 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe
2012-02-25 00:17 . 2012-02-25 00:17 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2012-02-25 00:17 . 2012-02-25 00:17 4750848 ----a-w- c:\windows\system32\bcmttls.dll
2012-02-25 00:17 . 2012-02-25 00:17 459 ----a-w- c:\windows\SysWow64\vcredist_x64.bat
2012-02-25 00:17 . 2012-02-25 00:17 457 ----a-w- c:\windows\system32\vcredist_x64.bat
2012-02-25 00:17 . 2012-02-25 00:17 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe
2012-02-25 00:17 . 2012-02-25 00:17 22520 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-02-25 00:17 . 2011-10-22 00:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-02-24 23:36 . 2012-02-24 23:36 31152 ----a-w- c:\windows\system32\drivers\pmxdrv.sys
2012-02-21 08:25 . 2012-02-21 08:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662DF3E6-1AAB-4189-B9EC-1A53F2D64220}\offreg.dll
2012-02-20 01:22 . 2012-02-20 01:22 197120 ----a-w- c:\windows\SysWow64\System47.scr
2012-02-17 06:38 . 2012-03-15 22:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 22:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 22:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 22:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-15 22:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 22:04 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
.
c:\windows\system32\termsrv.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2010-11-21 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-30 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"MusicManager"="c:\users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2009-02-20 24576]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2009-02-20 40960]
"PDFHook"="c:\program files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe" [2008-12-23 628000]
"PDF5 Registry Controller"="c:\program files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe" [2008-12-23 58656]
"CPQEASYACC"="c:\program files (x86)\Compaq\Easy Access Button Support\StartEAK.exe" [2001-10-10 28672]
"Memeo Backup Pro"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-07-26 136416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\lmf1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files (x86)\Webshots\3.1.5.7619\Launcher.exe [2012-1-30 157088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CompanionLink Setup.lnk - c:\program files (x86)\CompanionLink\CompanionLink.exe [2011-12-27 52896768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 15:51 24638 ----a-w- c:\windows\System32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS [x]
R2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2010-06-29 20480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120508.002\IDSvia64.sys [2012-04-28 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-07-26 25824]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe [2008-12-23 144672]
S2 PowerAlert Agent;PowerAlert Agent;c:\program files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-05-09 1658704]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 138360]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-02-11 2963960]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:54]
.
2012-05-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-30 01:06]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000Core.job
- c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000UA.job
- c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append the content of the link to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\lmf1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Open with PDF Converter 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\cnvres_eng.dll /100
IE: Open with PDF Professional 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26195060060425-1001&toolbarId=base&affiliateId=1500&Lan=en&utid=7ba4ed40000000000000782bcba8b546&q=
FF - user.js: extensions.zonealarm.id - 7ba4ed40000000000000782bcba8b546
FF - user.js: extensions.zonealarm.instlDay - 15414
FF - user.js: extensions.zonealarm.vrsn - 1.5.19.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.19.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.19.318:04
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1500
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN26195060060425-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Juniper_Setup_Client Activex Control - c:\windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
AddRemove-System47 - c:\windows\system32\System47.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-09 06:41:38
ComboFix-quarantined-files.txt 2012-05-09 10:41
.
Pre-Run: 62,703,800,320 bytes free
Post-Run: 62,093,082,624 bytes free
.
- - End Of File - - AE5CAFBA43ABECA80537109A3FF6008F

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 May 2012 - 08:07 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll | c:\windows\system32\termsrv.dll

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"=-

[-HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[-HKEY_CLASSES_ROOT\agihelper.AGUtils]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

FireFox::
FF - ProfilePath - c:\users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26195060060425-1001&toolbarId=base&affiliateId=1500&Lan=en&utid=7ba4ed40000000000000782bcba8b546&q=
FF - user.js: extensions.zonealarm.id - 7ba4ed40000000000000782bcba8b546
FF - user.js: extensions.zonealarm.instlDay - 15414
FF - user.js: extensions.zonealarm.vrsn - 1.5.19.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.19.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.19.318:04
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1500
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN26195060060425-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 09 May 2012 - 03:41 PM

ComboFix 12-05-09.01 - lmf1 05/09/12 16:30:13.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.8767 [GMT -4:00]
Running from: d:\downloads\ComboFix.exe
Command switches used :: d:\downloads\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Collections.html
c:\data\PlayList.txt
c:\program files\Realtek\Audio\HDA\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVCpl64.exe
c:\windows\system32\termsrv.dll
.
----- File Replicators -----
.
c:\dell\drivers\R282239\Vista64\RAVCpl64.exe
c:\drivers\audio\R282239\Vista64\RAVCpl64.exe
c:\program files\Realtek\Audio\HDA\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVCpl64.exe
c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVCpl64.exe
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll --> c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 20:34 . 2012-05-09 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 20:34 . 2012-05-09 20:34 -------- d-----w- c:\users\adminstrator\AppData\Local\temp
2012-05-09 20:34 . 2012-05-09 20:34 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2012-05-09 20:34 . 2012-05-09 20:38 -------- d-----w- C:\Data
2012-05-09 02:21 . 2012-05-09 02:21 -------- d-----w- C:\NBRT
2012-05-09 02:19 . 2012-05-09 02:20 -------- d-----w- c:\users\lmf1\AppData\Roaming\AVG
2012-05-09 01:33 . 2012-05-09 01:33 -------- d--h--w- c:\programdata\Common Files
2012-05-09 01:33 . 2012-05-09 02:18 -------- d-----w- c:\program files (x86)\AVG
2012-05-09 01:31 . 2012-05-09 03:23 -------- d-----w- c:\programdata\MFAData
2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-05-08 21:40 . 2012-05-08 21:53 -------- d-----w- c:\users\lmf1\AppData\Local\NPE
2012-05-07 23:12 . 2012-05-07 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-07 23:12 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-06 19:11 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-05-06 18:42 . 2012-05-06 18:42 -------- d-----w- c:\users\lmf1\AppData\Roaming\SUPERAntiSpyware.com
2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\SpeedyPC Software
2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\DriverCure
2012-05-06 03:12 . 2012-05-06 03:16 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-05 17:59 . 2012-05-05 17:59 -------- d-----w- c:\users\lmf1\AppData\Roaming\Anvisoft
2012-05-05 17:58 . 2012-05-06 02:59 -------- d-----w- c:\program files (x86)\Anvisoft
2012-05-05 17:31 . 2012-05-08 21:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-05 17:31 . 2012-05-05 17:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\users\lmf1\AppData\Roaming\Malwarebytes
2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\programdata\Malwarebytes
2012-05-04 23:45 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-01 22:18 . 2012-05-01 22:18 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-04-24 21:37 . 2012-04-24 21:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-24 21:37 . 2012-04-24 21:37 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 21:37 . 2012-04-24 21:37 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-23 22:17 . 2012-04-24 21:32 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009
2012-04-11 22:51 . 2012-04-11 22:51 -------- d-----w- c:\users\lmf1\AppData\Roaming\Juniper Networks
2012-04-10 22:49 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 22:49 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 22:49 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 22:49 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 22:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 22:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 22:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-20 21:54 . 2012-03-29 21:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-20 21:54 . 2011-10-21 23:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 15:12 . 2012-02-03 18:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-13 18:36 . 2012-01-30 02:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-08 20:51 . 2012-03-11 22:18 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe
2012-03-08 20:51 . 2012-03-11 22:18 3321728 ----a-w- c:\windows\system32\BootMan.exe
2012-02-29 08:02 . 2012-02-29 08:02 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-27 17:14 . 2012-02-27 17:14 251696 ----a-w- c:\windows\SysWow64\prgiso.dll
2012-02-27 17:14 . 2012-02-27 17:14 90928 ----a-w- c:\windows\system32\drivers\uimx64.sys
2012-02-27 17:14 . 2012-02-27 17:14 471728 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2012-02-27 17:14 . 2012-02-27 17:14 632752 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys
2012-02-27 17:14 . 2012-02-27 17:14 379696 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys
2012-02-27 17:14 . 2012-03-06 21:34 39216 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2012-02-25 00:17 . 2012-02-25 00:17 1089024 ----a-w- c:\windows\system32\BCMLogon.dll
2012-02-25 00:17 . 2012-02-25 00:17 8075776 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-02-25 00:17 . 2012-02-25 00:17 73728 ----a-w- c:\windows\system32\wltrynt.dll
2012-02-25 00:17 . 2012-02-25 00:17 60928 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-02-25 00:17 . 2012-02-25 00:17 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe
2012-02-25 00:17 . 2012-02-25 00:17 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2012-02-25 00:17 . 2012-02-25 00:17 4750848 ----a-w- c:\windows\system32\bcmttls.dll
2012-02-25 00:17 . 2012-02-25 00:17 459 ----a-w- c:\windows\SysWow64\vcredist_x64.bat
2012-02-25 00:17 . 2012-02-25 00:17 457 ----a-w- c:\windows\system32\vcredist_x64.bat
2012-02-25 00:17 . 2012-02-25 00:17 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe
2012-02-25 00:17 . 2012-02-25 00:17 22520 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-02-25 00:17 . 2011-10-22 00:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-02-24 23:36 . 2012-02-24 23:36 31152 ----a-w- c:\windows\system32\drivers\pmxdrv.sys
2012-02-21 08:25 . 2012-02-21 08:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662DF3E6-1AAB-4189-B9EC-1A53F2D64220}\offreg.dll
2012-02-20 01:22 . 2012-02-20 01:22 197120 ----a-w- c:\windows\SysWow64\System47.scr
2012-02-17 06:38 . 2012-03-15 22:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 22:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 22:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 22:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-15 22:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 22:04 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-09_10.40.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-09 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-09 20:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-09 20:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-09 03:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-09 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-09 20:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-09 20:20 68280 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-09 03:29 68280 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-29 23:24 . 2012-05-09 20:20 18260 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2759553128-3175843188-3636004894-1000_UserData.bin
- 2012-02-02 11:17 . 2012-05-09 03:24 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-02-02 11:17 . 2012-05-09 20:34 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-05-09 20:38 . 2012-05-09 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-09 03:28 . 2012-05-09 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:12 . 2012-05-09 20:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-05-09 03:30 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-05-09 03:24 711264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-09 20:34 711264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-30 00:43 . 2012-05-09 03:24 18010224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759553128-3175843188-3636004894-1000-12288.dat
+ 2012-01-30 00:43 . 2012-05-09 20:34 18010224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759553128-3175843188-3636004894-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-30 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"MusicManager"="c:\users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2009-02-20 24576]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2009-02-20 40960]
"PDFHook"="c:\program files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe" [2008-12-23 628000]
"PDF5 Registry Controller"="c:\program files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe" [2008-12-23 58656]
"CPQEASYACC"="c:\program files (x86)\Compaq\Easy Access Button Support\StartEAK.exe" [2001-10-10 28672]
"Memeo Backup Pro"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-07-26 136416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\lmf1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files (x86)\Webshots\3.1.5.7619\Launcher.exe [2012-1-30 157088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CompanionLink Setup.lnk - c:\program files (x86)\CompanionLink\CompanionLink.exe [2011-12-27 52896768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 15:51 24638 ----a-w- c:\windows\System32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS [x]
R2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2010-06-29 20480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120508.002\IDSvia64.sys [2012-04-28 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-07-26 25824]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe [2008-12-23 144672]
S2 PowerAlert Agent;PowerAlert Agent;c:\program files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-05-09 1658704]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 138360]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-02-11 2963960]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:54]
.
2012-05-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-30 01:06]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000Core.job
- c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000UA.job
- c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append the content of the link to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\lmf1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Open with PDF Converter 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\cnvres_eng.dll /100
IE: Open with PDF Professional 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RAVCpl64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\progra~2\Webshots\315~1.761\webshots.scr
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
c:\program files (x86)\Compaq\Easy Access Button Support\CPQEADM.EXE
c:\compaq\CPQINET\CPQInet.exe
c:\progra~2\Compaq\EASYAC~1\BttnServ.exe
.
**************************************************************************
.
Completion time: 2012-05-09 16:39:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 20:39
ComboFix2.txt 2012-05-09 10:41
.
Pre-Run: 62,114,779,136 bytes free
Post-Run: 61,963,624,448 bytes free
.
- - End Of File - - B411306263188A66158F201933605636

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 May 2012 - 06:43 AM

How is your system now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 10 May 2012 - 11:23 AM

no change

#13 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 May 2012 - 11:28 AM

Step 1

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Step 2

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


In your next reply, post the following log files:

  • ESET Online Scanner log
  • aswMBR log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#14 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 10 May 2012 - 04:51 PM

OK, I don't know if this was too eassy but I de-installed chrome. Wiped out the appdata directory for google under my profile and reinstalled and now so far it seems to be working?

Will watch for a few days...

#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 11 May 2012 - 06:09 AM

Okay, but it is not a problem to follow my last instructions. Let me know.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 13 May 2012 - 07:22 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-13 11:49:56
# local_time=2012-05-13 07:49:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 6218574 88492767 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=431624
# found=1
# cleaned=1
# scan_time=3679
D:\Zips\Windows 7\Utils\freeopener.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#17 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 13 May 2012 - 07:34 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-13 20:22:54
-----------------------------
20:22:54.831 OS Version: Windows x64 6.1.7601 Service Pack 1
20:22:54.832 Number of processors: 8 586 0x2A07
20:22:54.832 ComputerName: LMF-DELL UserName: lmf1
20:22:55.282 Initialize success
20:22:57.722 AVAST engine defs: 12051301
20:23:00.065 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:23:00.066 Disk 0 Vendor: Patriot_ 332A Size: 114473MB BusType: 3
20:23:00.067 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
20:23:00.068 Disk 1 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3
20:23:00.069 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
20:23:00.071 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
20:23:00.097 Disk 0 MBR read successfully
20:23:00.099 Disk 0 MBR scan
20:23:00.101 Disk 0 Windows 7 default MBR code
20:23:00.117 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
20:23:00.165 Disk 0 scanning C:\Windows\system32\drivers
20:23:25.419 Service scanning
20:23:32.261 Modules scanning
20:23:32.268 Disk 0 trace - called modules:
20:23:32.286 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:23:32.289 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800bbd8790]
20:23:32.292 3 CLASSPNP.SYS[fffff88001f9243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a104050]
20:23:32.745 AVAST engine scan C:\Windows
20:23:47.336 AVAST engine scan C:\Windows\system32
20:30:16.860 AVAST engine scan C:\Windows\system32\drivers
20:30:54.527 AVAST engine scan C:\Users\lmf1
20:33:28.053 AVAST engine scan C:\ProgramData
20:33:39.096 Scan finished successfully
20:33:51.757 Disk 0 MBR has been saved successfully to "D:\Downloads\MBR.dat"
20:33:51.759 The log file has been saved successfully to "D:\Downloads\aswMBR.txt"

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 14 May 2012 - 01:48 AM

Good!

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 14 May 2012 - 05:27 AM

No further instances since I sinstalled chrome, deleted its appdata and reinstalled.

#20 friedmal

friedmal

    New Member

  • Members
  • Pip
  • 15 posts

Posted 14 May 2012 - 05:28 AM

You never told me what you saw in the logs? What do you beleive I was infected with?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users