freshjj2

Program_error_updating (0,0,I/O)

23 posts in this topic

Hello... please help me.... i want to update malwarebytes... i think i m infected.... i have made the dss thing and here are the result:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Owner at 21:10:44 on 2012-05-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1797 [GMT -5:00]

.

AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\system32\taskeng.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\DatacardService\HWDeviceService64.exe

C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\igfxtray.exe

C:\windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\NATCOM 3G\UIExec.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\NATCOM 3G\UIMain.exe

C:\Program Files (x86)\NATCOM 3G\CMUpdater.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe

C:\PROGRA~2\Yahoo!\MESSEN~1\MESSEN~1\ymsgr_tray.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://www.google.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

uSearch Bar =

mDefault_Search_URL = hxxp://mywwwsites.com

mDefault_Page_URL = hxxp://mywwwsites.com

mStart Page = hxxp://www.google.fr

mSearch Page = hxxp://mywwwsites.com

mURLSearchHooks: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll

mURLSearchHooks: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll

mWinlogon: Userinit=C:\windows\SysWOW64\userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll

BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - C:\PROGRA~2\SEARCH~2\SEARCH~1.DLL

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\grabber.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

TB: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll

TB: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [iSUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [uIExec] "C:\Program Files (x86)\NATCOM 3G\UIExec.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [<NO NAME>]

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

uPolicies-explorer: HideClock = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldpt-br.cab

TCP: Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C} : DhcpNameServer = 10.35.1.254

TCP: Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}\0556163686541676C656D27657563747 : DhcpNameServer = 192.168.33.1 200.4.175.2 200.4.174.12

TCP: Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.64.150 68.87.75.198

TCP: Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll

BHO-X64: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~2\SEARCH~1.DLL

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll

BHO-X64: SBCONVERT - No File

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

BHO-X64: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\grabber.dll

BHO-X64: GrabberObj Class - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

TB-X64: mywebsites.pro-FR Toolbar: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll

TB-X64: Soft-Search Toolbar: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [uIExec] "C:\Program Files (x86)\NATCOM 3G\UIExec.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys --> C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111026.030\IDSviA64.sys [2011-10-26 488568]

R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS --> C:\windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-30 654408]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2010-10-30 126392]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe [2012-1-21 270672]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [?]

R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [?]

R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\windows\system32\DRIVERS\HSPADataCardusbser.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbser.sys [?]

R3 HSPADataCardusbvoice;HSPADataCard VoUSB Port;C:\windows\system32\DRIVERS\HSPADataCardusbvoice.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbvoice.sys [?]

R3 LgBttPort;LGE Bluetooth TransPort;C:\windows\system32\DRIVERS\lgbtpt64.sys --> C:\windows\system32\DRIVERS\lgbtpt64.sys [?]

R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\windows\system32\DRIVERS\lgbtbs64.sys --> C:\windows\system32\DRIVERS\lgbtbs64.sys [?]

R3 LGVMODEM;LGE Virtual Modem;C:\windows\system32\DRIVERS\lgvmdm64.sys --> C:\windows\system32\DRIVERS\lgvmdm64.sys [?]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam_x64.sys --> C:\windows\system32\DRIVERS\ManyCam_x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-3-16 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-5 135664]

S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\windows\system32\DRIVERS\athurx.sys --> C:\windows\system32\DRIVERS\athurx.sys [?]

S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\windows\system32\DRIVERS\br3gmdm.sys --> C:\windows\system32\DRIVERS\br3gmdm.sys [?]

S3 ew_mbbusbdev;MBB USB PNP Device;C:\windows\system32\DRIVERS\ew_mbbusbdev.sys --> C:\windows\system32\DRIVERS\ew_mbbusbdev.sys [?]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\windows\system32\DRIVERS\ewusbnet.sys --> C:\windows\system32\DRIVERS\ewusbnet.sys [?]

S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-5 135664]

S3 massfilter;Mass Storage Filter Driver;C:\windows\system32\drivers\massfilter.sys --> C:\windows\system32\drivers\massfilter.sys [?]

S3 mbbdatacard;MBB DataCard USB Modem and USB Serial;C:\windows\system32\DRIVERS\ewusbmdm.sys --> C:\windows\system32\DRIVERS\ewusbmdm.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\windows\system32\DRIVERS\PTDUBus.sys --> C:\windows\system32\DRIVERS\PTDUBus.sys [?]

S3 PTDUMdm;PANTECH UM175 Drivers;C:\windows\system32\DRIVERS\PTDUMdm.sys --> C:\windows\system32\DRIVERS\PTDUMdm.sys [?]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\windows\system32\DRIVERS\PTDUVsp.sys --> C:\windows\system32\DRIVERS\PTDUVsp.sys [?]

S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\windows\system32\DRIVERS\PTDUWFLT.sys --> C:\windows\system32\DRIVERS\PTDUWFLT.sys [?]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\windows\system32\DRIVERS\PTDUWWAN.sys --> C:\windows\system32\DRIVERS\PTDUWWAN.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-05-08 01:13:54 -------- d-----w- C:\Program Files (x86)\Ares

2012-05-07 23:38:32 -------- d-----w- C:\Users\Owner\AppData\Local\{6474F9FB-8562-4B73-B5A1-915604865234}

2012-05-07 23:38:23 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBF69FBB-26E3-4077-9501-99B9866CDB2D}\offreg.dll

2012-05-07 22:27:55 -------- d-----w- C:\Users\Owner\AppData\Local\{AE38245A-F547-4CE9-8C37-6B464BE5EE13}

2012-05-07 19:51:22 -------- d-----w- C:\Users\Owner\AppData\Local\{E56EE51B-88C2-46AA-9BA2-3F0F4492C438}

2012-05-07 17:52:22 -------- d-----w- C:\Users\Owner\AppData\Local\{50F829F2-269E-4BC5-97CA-234E43D2F8A6}

2012-05-07 17:11:32 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBF69FBB-26E3-4077-9501-99B9866CDB2D}\mpengine.dll

2012-05-06 17:30:59 -------- d-----w- C:\Users\Owner\AppData\Local\{B788AE40-892D-43BE-B5CC-3D4328E53527}

2012-05-04 00:45:30 -------- d-----w- C:\Program Files (x86)\1ClickDownload

2012-05-03 21:55:51 -------- d-----w- C:\Users\Owner\AppData\Local\{18003BC1-568F-41C9-B622-5CCFE607021C}

2012-05-03 21:05:03 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A01FFE5-F898-4A0F-B6B6-3B84BFEEB9E1}\gapaengine.dll

2012-05-03 21:04:40 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-03 21:03:18 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-05-03 20:52:50 -------- d-----w- C:\Users\Owner\AppData\Local\{8580011D-1D14-40F5-B493-C43725C187F5}

2012-05-02 18:07:18 -------- d-----w- C:\Users\Owner\AppData\Local\{DA38E2A4-DE9B-42EB-88B5-A3C104C7FCEC}

2012-05-01 09:41:31 -------- d-----w- C:\Users\Owner\AppData\Local\{7E26C572-A38A-4850-817D-691FA764389F}

2012-05-01 09:09:03 -------- d-----w- C:\Users\Owner\AppData\Local\{D9CB827F-7951-4021-8FB7-C470F8E2381B}

2012-04-30 23:53:10 -------- d-----w- C:\Users\Owner\AppData\Local\{F57DD59F-52EA-4C1F-B758-BAA6A6096157}

2012-04-30 23:29:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2012-04-30 23:28:59 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-30 23:28:58 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-04-30 23:28:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-30 22:59:46 -------- d-----w- C:\Users\Owner\AppData\Local\{F7FAE55A-D523-4265-9306-F83AB721683C}

2012-04-30 22:54:25 -------- d-----w- C:\Users\Owner\AppData\Local\{36A13C98-D58A-41D0-A17A-29366968423B}

2012-04-30 22:04:45 -------- d-----w- C:\Users\Owner\AppData\Local\{BE420872-AEB8-4FFA-ABE9-8069959194F7}

2012-04-30 21:51:18 -------- d-----w- C:\Users\Owner\AppData\Local\{9AD0601A-4D45-414C-8EFF-0B93568FBD6E}

2012-04-30 20:11:25 -------- d-----w- C:\Users\Owner\AppData\Local\{8963C8D1-F0ED-4D8D-A69E-97451AE91A14}

2012-04-30 07:42:39 -------- d-----w- C:\Users\Owner\AppData\Local\{3F718C40-6061-483F-AAD9-A7C0AA50432B}

2012-04-30 04:05:51 -------- d-----w- C:\Users\Owner\AppData\Local\{A212CAE9-0DDC-47D7-B2E1-9A287B4BA646}

2012-04-30 02:28:34 -------- d-----w- C:\Users\Owner\AppData\Local\{6D83336F-5F4A-4600-A9EA-EF5B7C4BDEEC}

2012-04-29 14:42:45 -------- d-----w- C:\Users\Owner\AppData\Local\{7DB36190-9F99-40B0-8562-BA24ED8C03F8}

2012-04-29 02:53:56 -------- d-----w- C:\Users\Owner\AppData\Local\{87A0B7CE-1EE3-418B-A95D-6F4AA5509496}

2012-04-28 12:16:58 -------- d-----w- C:\Users\Owner\AppData\Local\{C888A2B0-2706-44E5-80BC-31F621930E49}

2012-04-28 05:47:28 -------- d-----w- C:\Users\Owner\AppData\Local\{E30D829E-E299-4362-87C7-B48B0389F47D}

2012-04-27 23:04:06 -------- d-----w- C:\Users\Owner\AppData\Local\{7180A2A8-4351-438B-8FCA-EF07FA3C96EA}

2012-04-27 04:43:48 -------- d-----w- C:\Users\Owner\AppData\Local\{79A670EB-D327-48B9-BA24-A27AC1642EFB}

2012-04-27 03:46:29 -------- d-----w- C:\Users\Owner\AppData\Local\{020D4D20-B6ED-4DB4-9157-51029F00FAAE}

2012-04-26 18:46:05 -------- d-----w- C:\Users\Owner\AppData\Local\{A07CCA34-0F9E-42C8-9BDB-482D67F4587C}

2012-04-26 18:34:39 -------- d-----w- C:\Users\Owner\AppData\Local\{C029163C-8AF3-40D2-9ECC-638DEB9957FF}

2012-04-26 15:04:02 -------- d-----w- C:\Users\Owner\AppData\Local\{822ACAB3-5087-4331-9FA0-F52CA34D2715}

2012-04-26 13:49:52 -------- d-----w- C:\Users\Owner\AppData\Local\{2C78BAC3-3734-4F13-925A-EFDE6F03D787}

2012-04-25 14:59:21 -------- d-----w- C:\Users\Owner\AppData\Local\{EE39779C-DE3D-4B71-9140-03B61D867111}

2012-04-24 16:03:05 512 ----a-w- C:\PhysicalMBR.bin

2012-04-24 14:12:00 -------- d-----w- C:\Users\Owner\AppData\Local\{23C1D592-30C4-4D2F-AA64-886B5414A3B7}

2012-04-24 07:21:32 -------- d-----w- C:\Users\Owner\AppData\Local\{5806EEB1-791E-498F-93FA-3CA8C4D71C32}

2012-04-24 03:36:38 -------- d-----w- C:\Users\Owner\AppData\Local\{D443E067-72C0-47BC-A7C2-79E56D9AD8A2}

2012-04-24 03:34:09 -------- d-sh--w- C:\found.000

2012-04-23 14:43:14 -------- d-----w- C:\Users\Owner\AppData\Local\{5C78C654-F08A-4D4A-A722-EFA3EC01F56C}

2012-04-23 01:26:57 -------- d-----w- C:\Users\Owner\AppData\Local\{4A5F4A5F-4BC4-449F-8C2D-DA64BB69F7F7}

2012-04-22 12:34:05 -------- d-----w- C:\Users\Owner\AppData\Local\{4C9789E5-9413-4BC9-9F0D-72EB7C2E0BE4}

2012-04-21 23:11:06 -------- d-----w- C:\Users\Owner\AppData\Local\{DCD677BB-9A87-4699-AD55-E36E8848346C}

2012-04-21 20:46:39 -------- d-----w- C:\Users\Owner\AppData\Local\{5D10F88D-9243-416E-AC0B-E2B49D6367A5}

2012-04-21 20:42:03 -------- d-----w- C:\windows\en

2012-04-21 20:37:24 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys

2012-04-21 20:30:20 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\922e4ef81cd1ffd02\MeshBetaRemover.exe

2012-04-21 20:30:19 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DSETUP.dll

2012-04-21 20:30:19 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DXSETUP.exe

2012-04-21 20:30:19 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\dsetup32.dll

2012-04-21 19:56:51 -------- d-----w- C:\Users\Owner\AppData\Local\{CE9CAA05-3689-4484-851E-17ACC8094586}

2012-04-21 17:43:54 -------- d-----w- C:\Users\Owner\AppData\Local\{4530F39C-6DDE-4A39-B839-8705B187E29C}

2012-04-21 17:43:40 -------- d-----w- C:\Users\Owner\AppData\Local\{7C98AF00-D11E-4DF3-80C9-2CE6639E4192}

2012-04-21 00:38:22 -------- d-----w- C:\Users\Owner\AppData\Local\{E8C4241C-3AC0-4DBD-9A65-A2114FF18E20}

2012-04-20 23:45:16 -------- d-----w- C:\Users\Owner\AppData\Local\{1466326D-C639-449B-8E97-310D8B9D7176}

2012-04-20 21:06:41 -------- d-----w- C:\Users\Owner\AppData\Local\{5A8D1EDA-EEB5-4C10-95A0-5EB10E216DCA}

2012-04-20 05:10:03 -------- d-----w- C:\Users\Owner\AppData\Local\{4C924245-1911-47EC-8D0C-4BE13A916171}

2012-04-19 23:59:30 -------- d-----w- C:\Users\Owner\AppData\Local\{595479AE-17FE-4A40-8965-D717702BAB56}

2012-04-19 22:12:55 -------- d-----w- C:\Users\Owner\AppData\Local\{9E276BF7-D23E-4419-A91D-633307630F12}

2012-04-19 04:14:32 -------- d-----w- C:\Users\Owner\AppData\Local\{9E0549D9-08C8-4671-B55E-9B731EAAC7BC}

2012-04-17 00:35:13 -------- d-----w- C:\ZHP

2012-04-17 00:32:14 -------- d-----w- C:\Program Files (x86)\ZHPDiag

2012-04-16 22:27:17 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2012-04-13 07:38:31 -------- d-----w- C:\Users\Owner\AppData\Local\{DF5B74EE-E53E-4EAB-9F6E-83DE740D802D}

2012-04-13 07:19:53 -------- d-----w- C:\Users\Owner\AppData\Local\{A0F9B318-0FD9-416F-86AE-7EA0C9CE644D}

2012-04-13 07:18:33 -------- d-----w- C:\Users\Owner\AppData\Local\{9D363018-5442-413A-BD00-EB31BD6A9CFA}

2012-04-13 04:46:25 -------- d-----w- C:\Users\Owner\AppData\Local\{490D3667-1337-4F6D-B7C5-C68CB4FADDBA}

2012-04-13 01:48:55 -------- d-----w- C:\Users\Owner\AppData\Local\{78133044-B6D0-48A6-813C-8A66547354CE}

2012-04-12 23:41:21 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-04-12 23:41:20 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-04-12 23:41:20 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-04-12 23:41:19 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-04-12 23:41:19 5120 ----a-w- C:\windows\System32\wmi.dll

2012-04-12 23:41:19 220672 ----a-w- C:\windows\System32\wintrust.dll

2012-04-12 23:41:19 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-04-12 14:09:25 -------- d-----w- C:\Users\Owner\AppData\Local\{B1F702B5-D72B-4315-8CB4-36C97DEDC6E2}

2012-04-11 23:13:59 -------- d-----w- C:\Users\Owner\AppData\Local\{57603CD1-3F93-47C0-862A-B83E9FCCD219}

2012-04-11 15:48:59 -------- d-----w- C:\Users\Owner\AppData\Local\{7A18FD82-26D4-4161-923C-822D7123266F}

2012-04-11 15:05:01 -------- d-----w- C:\Users\Owner\AppData\Local\{3CBC11A7-2D37-4E42-8067-D2848FD12F62}

2012-04-10 19:23:37 -------- d-----w- C:\Users\Owner\AppData\Local\{476A415E-110B-49B3-96BE-1FEF980A2B6C}

2012-04-10 03:37:00 -------- d-----w- C:\Users\Owner\AppData\Local\{A7E2F03F-DCB2-48A4-ADC9-A169B3F4E722}

2012-04-09 20:17:30 -------- d-----w- C:\Users\Owner\AppData\Local\{1D892337-AC66-4015-8B3D-9B8156D1B192}

2012-04-08 19:08:55 -------- d-----w- C:\Users\Owner\AppData\Local\{EC5207CA-8DBA-4C84-A7F1-01CCA5253D3A}

2012-04-08 07:29:17 -------- d-----w- C:\Users\Owner\AppData\Local\{93068D32-4BD8-4D12-BA4C-48CD54CD25B6}

2012-04-08 02:57:58 -------- d-----w- C:\Users\Owner\AppData\Local\{FAF61067-9FD8-48A3-8960-01EF1C799A60}

.

==================== Find3M ====================

.

2012-03-21 01:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys

2012-03-21 01:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys

2012-03-08 23:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll

2012-03-08 23:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR

2012-03-06 06:53:37 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

.

============= FINISH: 21:12:34.44 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 4/4/2010 10:52:23 PM

System Uptime: 5/7/2012 6:36:38 PM (3 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | CPU | 2200/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 2.773 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: BHDrvx64

Device ID: ROOT\LEGACY_BHDRVX64\0000

Manufacturer:

Name: BHDrvx64

PNP Device ID: ROOT\LEGACY_BHDRVX64\0000

Service: BHDrvx64

.

==== System Restore Points ===================

.

RP289: 4/30/2012 1:22:15 AM - Windows Update

RP290: 4/30/2012 6:46:02 PM - Removed Voila 2.0 HSDPA Utility R1.

RP291: 5/1/2012 3:00:20 AM - Windows Update

RP292: 5/7/2012 12:10:29 PM - Windows Update

RP293: 5/7/2012 5:47:48 PM - DLL-Files.com Fixer Mon, May 07, 12 17:47

.

==== Installed Programs ======================

.

1ClickDownloader

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.6

Apple Application Support

Apple Software Update

Ares 3.1.7.3042

Ashampoo Burning Studio 6 FREE

AviSynth 2.5

Best Buy Software Installer

Bing Bar

CamfrogWEB Advanced ActiveX Plugin (remove only)

Compatibility Pack for the 2007 Office system

D3DX10

Dealio Toolbar v4.9

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Désinst. LG PC Suite III

Epi Info 7

Facebook Video Calling 1.2.0.159

Feedback Tool

FIFA 12 © EA version 1

Folder Lock

Free Mp3 Wma Converter V 1.9

Free MP3 WMA Cutter 3.7.2.5

GIMP 2.6.8

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Kabisa_V_81b 13/04/2010

Larousse Médical

LG Bluetooth Drivers

LG Internet Kit

LG MC USB U330 driver

LG United Mobile Driver

LG USB Modem Drivers

Macromedia Shockwave Player

Malwarebytes Anti-Malware version 1.61.0.1400

ManyCam 2.6.65 (remove only)

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mywebsites.pro-FR Toolbar

NATCOM 3G

Norton Security Suite

ObjectDock

ooVoo

OpenOffice.org 3.2

Picasa 3

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Revo Uninstaller 1.93

Roxio Burn

Roxio Express Labeler 3

Roxio Roxio Burn

Roxio Update Manager

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Soft-Search Toolbar

SpeedBit Video Downloader

Spelling Dictionaries Support For Adobe Reader 9

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA DVD PLAYER

TOSHIBA eco Utility

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Quality Application

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

Uniblue RegistryBooster

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update Manager

USB INTERNET

VLC media player 1.1.11

Votre santé au quotidien

VZAccess Manager

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

ZHPDiag 1.30

.

==== Event Viewer Messages From Past Week ========

.

5/7/2012 8:48:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/7/2012 8:21:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/7/2012 6:37:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SRTSP

5/7/2012 6:37:24 PM, Error: Service Control Manager [7000] - The windrvNT service failed to start due to the following error: The system cannot find the file specified.

5/7/2012 6:37:21 PM, Error: Service Control Manager [7000] - The npf service failed to start due to the following error: The system cannot find the file specified.

5/7/2012 6:36:49 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

5/7/2012 6:36:49 PM, Error: SRTSP [4] - Error loading virus definitions.

5/7/2012 6:01:38 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

5/7/2012 6:01:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/7/2012 6:01:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/7/2012 6:01:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/7/2012 6:01:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

5/7/2012 6:01:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/7/2012 6:01:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/7/2012 6:01:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/7/2012 6:01:05 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/6/2012 9:39:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/6/2012 8:52:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/6/2012 12:39:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/5/2012 8:29:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

5/1/2012 3:06:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2691905.

4/30/2012 5:59:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/30/2012 5:53:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/30/2012 5:04:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/30/2012 4:51:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/30/2012 3:18:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/30/2012 3:10:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Thx for helping me...

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

hi thx.

here for the report:

RogueKiller V7.4.4 [05/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Remove -- Date: 05/09/2012 17:30:26

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

Share this post


Link to post
Share on other sites

...see if this works

If you have the pro version of MB....make sure you have your license key

-----------------------

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

image514.png

Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot

Download and run this cleaner:

mbam-clean.exe

Reboot <---very important

Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)

http://www.malwareby...am-download.php

Let me know, MrC

Share this post


Link to post
Share on other sites

hi... did all...

Same message... :-( error updating etc.....

Share this post


Link to post
Share on other sites

You can get the latest updates from the link below:

http://data.mbamupda.../mbam-rules.exe

See if you can download and install them.

Then run a Full Scan and make sure that everything is checked, and click Remove Selected.

Post the log.

---------------------------------------------

Next.......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

Hi... After dowloading the latest updates for malwarebytes, the report is:

Malwarebytes Anti-Malware (Essai) 1.61.0.1400

www.malwarebytes.org

Version de la base de données: v2012.05.07.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrateur]

Protection: Désactivé

5/13/2012 2:25:07 PM

mbam-log-2012-05-13 (14-25-07).txt

Type d'examen: Examen complet

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

Options d'examen désactivées: P2P

Elément(s) analysé(s): 479415

Temps écoulé: 1 heure(s), 50 minute(s), 25 seconde(s)

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0

(Aucun élément nuisible détecté)

(fin)

The report for tdss killer is (no malicious objects found):

16:48:31.0976 6188 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

16:48:32.0191 6188 ============================================================

16:48:32.0191 6188 Current date / time: 2012/05/13 16:48:32.0191

16:48:32.0191 6188 SystemInfo:

16:48:32.0191 6188

16:48:32.0191 6188 OS Version: 6.1.7601 ServicePack: 1.0

16:48:32.0191 6188 Product type: Workstation

16:48:32.0191 6188 ComputerName: OWNER-PC

16:48:32.0191 6188 UserName: Owner

16:48:32.0191 6188 Windows directory: C:\windows

16:48:32.0191 6188 System windows directory: C:\windows

16:48:32.0191 6188 Running under WOW64

16:48:32.0191 6188 Processor architecture: Intel x64

16:48:32.0191 6188 Number of processors: 2

16:48:32.0191 6188 Page size: 0x1000

16:48:32.0191 6188 Boot type: Normal boot

16:48:32.0191 6188 ============================================================

16:48:34.0048 6188 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:48:34.0065 6188 ============================================================

16:48:34.0065 6188 \Device\Harddisk0\DR0:

16:48:34.0065 6188 MBR partitions:

16:48:34.0065 6188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F1B000

16:48:34.0065 6188 ============================================================

16:48:34.0170 6188 C: <-> \Device\Harddisk0\DR0\Partition0

16:48:36.0342 6188 ============================================================

16:48:36.0342 6188 Initialize success

16:48:36.0342 6188 ============================================================

16:49:27.0837 4212 ============================================================

16:49:27.0837 4212 Scan started

16:49:27.0837 4212 Mode: Manual;

16:49:27.0837 4212 ============================================================

16:49:29.0023 4212 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

16:49:29.0026 4212 1394ohci - ok

16:49:29.0177 4212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

16:49:29.0181 4212 ACPI - ok

16:49:29.0272 4212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

16:49:29.0274 4212 AcpiPmi - ok

16:49:29.0307 4212 Scan interrupted by user!

16:49:29.0307 4212 Scan interrupted by user!

16:49:29.0307 4212 Scan interrupted by user!

16:49:29.0307 4212 ============================================================

16:49:29.0307 4212 Scan finished

16:49:29.0307 4212 ============================================================

16:49:29.0325 0920 Detected object count: 0

16:49:29.0325 0920 Actual detected object count: 0

16:49:41.0300 1664 ============================================================

16:49:41.0300 1664 Scan started

16:49:41.0300 1664 Mode: Manual; SigCheck; TDLFS;

16:49:41.0300 1664 ============================================================

16:49:41.0715 1664 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

16:49:42.0047 1664 1394ohci - ok

16:49:42.0056 1664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

16:49:42.0166 1664 ACPI - ok

16:49:42.0180 1664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

16:49:42.0373 1664 AcpiPmi - ok

16:49:42.0455 1664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

16:49:42.0496 1664 adp94xx - ok

16:49:42.0605 1664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

16:49:42.0628 1664 adpahci - ok

16:49:42.0717 1664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

16:49:42.0737 1664 adpu320 - ok

16:49:42.0782 1664 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

16:49:42.0996 1664 AeLookupSvc - ok

16:49:43.0111 1664 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

16:49:43.0215 1664 AFD - ok

16:49:43.0387 1664 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys

16:49:43.0529 1664 AgereSoftModem - ok

16:49:43.0643 1664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

16:49:43.0669 1664 agp440 - ok

16:49:43.0756 1664 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

16:49:43.0824 1664 ALG - ok

16:49:43.0905 1664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

16:49:43.0922 1664 aliide - ok

16:49:44.0011 1664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

16:49:44.0027 1664 amdide - ok

16:49:44.0119 1664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

16:49:44.0205 1664 AmdK8 - ok

16:49:44.0249 1664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

16:49:44.0413 1664 AmdPPM - ok

16:49:44.0496 1664 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

16:49:44.0522 1664 amdsata - ok

16:49:44.0576 1664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

16:49:44.0602 1664 amdsbs - ok

16:49:44.0622 1664 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

16:49:44.0643 1664 amdxata - ok

16:49:44.0728 1664 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

16:49:44.0905 1664 AppID - ok

16:49:44.0932 1664 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

16:49:45.0041 1664 AppIDSvc - ok

16:49:45.0133 1664 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

16:49:45.0216 1664 Appinfo - ok

16:49:45.0437 1664 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:49:45.0463 1664 Apple Mobile Device - ok

16:49:45.0548 1664 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

16:49:45.0587 1664 arc - ok

16:49:45.0614 1664 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

16:49:45.0648 1664 arcsas - ok

16:49:45.0977 1664 aspnet_state - ok

16:49:46.0055 1664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

16:49:46.0235 1664 AsyncMac - ok

16:49:46.0417 1664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

16:49:46.0455 1664 atapi - ok

16:49:46.0766 1664 athur (36322190763845975e0d001e90687bf2) C:\windows\system32\DRIVERS\athurx.sys

16:49:46.0911 1664 athur - ok

16:49:47.0321 1664 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

16:49:47.0469 1664 AudioEndpointBuilder - ok

16:49:47.0479 1664 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

16:49:47.0536 1664 AudioSrv - ok

16:49:47.0619 1664 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

16:49:47.0770 1664 AxInstSV - ok

16:49:47.0904 1664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

16:49:47.0994 1664 b06bdrv - ok

16:49:48.0096 1664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

16:49:48.0160 1664 b57nd60a - ok

16:49:48.0389 1664 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

16:49:48.0412 1664 BBSvc - ok

16:49:48.0492 1664 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

16:49:48.0521 1664 BBUpdate - ok

16:49:48.0541 1664 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

16:49:48.0630 1664 BDESVC - ok

16:49:48.0700 1664 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

16:49:48.0782 1664 Beep - ok

16:49:48.0925 1664 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

16:49:49.0021 1664 BFE - ok

16:49:49.0481 1664 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx64.sys

16:49:49.0658 1664 BHDrvx64 - ok

16:49:49.0955 1664 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

16:49:50.0145 1664 BITS - ok

16:49:50.0280 1664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

16:49:50.0346 1664 blbdrive - ok

16:49:50.0557 1664 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

16:49:50.0577 1664 Bonjour Service - ok

16:49:50.0642 1664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

16:49:50.0685 1664 bowser - ok

16:49:50.0763 1664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

16:49:50.0859 1664 BrFiltLo - ok

16:49:50.0872 1664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

16:49:50.0895 1664 BrFiltUp - ok

16:49:50.0956 1664 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

16:49:51.0053 1664 Browser - ok

16:49:51.0113 1664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

16:49:51.0179 1664 Brserid - ok

16:49:51.0208 1664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

16:49:51.0261 1664 BrSerWdm - ok

16:49:51.0338 1664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

16:49:51.0384 1664 BrUsbMdm - ok

16:49:51.0415 1664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

16:49:51.0464 1664 BrUsbSer - ok

16:49:51.0502 1664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

16:49:51.0567 1664 BTHMODEM - ok

16:49:51.0644 1664 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

16:49:51.0722 1664 bthserv - ok

16:49:51.0885 1664 ccHP (da66e851e76766d2c84502fe682ab175) C:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys

16:49:51.0915 1664 ccHP - ok

16:49:51.0993 1664 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

16:49:52.0071 1664 cdfs - ok

16:49:52.0143 1664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

16:49:52.0200 1664 cdrom - ok

16:49:52.0270 1664 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

16:49:52.0364 1664 CertPropSvc - ok

16:49:52.0476 1664 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

16:49:52.0491 1664 cfWiMAXService - ok

16:49:52.0579 1664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

16:49:52.0637 1664 circlass - ok

16:49:52.0697 1664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

16:49:52.0727 1664 CLFS - ok

16:49:52.0786 1664 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:49:52.0811 1664 clr_optimization_v2.0.50727_32 - ok

16:49:52.0858 1664 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:49:52.0874 1664 clr_optimization_v2.0.50727_64 - ok

16:49:53.0020 1664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:49:53.0037 1664 clr_optimization_v4.0.30319_32 - ok

16:49:53.0063 1664 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:49:53.0079 1664 clr_optimization_v4.0.30319_64 - ok

16:49:53.0148 1664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

16:49:53.0205 1664 CmBatt - ok

16:49:53.0249 1664 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

16:49:53.0264 1664 cmdide - ok

16:49:53.0355 1664 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

16:49:53.0428 1664 CNG - ok

16:49:53.0543 1664 cnnctfy2 (040ff3b09f26926a3792e047db0f47dd) C:\windows\system32\DRIVERS\cnnctfy2.sys

16:49:53.0564 1664 cnnctfy2 - ok

16:49:53.0644 1664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

16:49:53.0670 1664 Compbatt - ok

16:49:53.0745 1664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

16:49:53.0787 1664 CompositeBus - ok

16:49:53.0815 1664 COMSysApp - ok

16:49:53.0900 1664 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

16:49:53.0910 1664 ConfigFree Gadget Service - ok

16:49:53.0924 1664 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

16:49:53.0940 1664 ConfigFree Service - ok

16:49:54.0177 1664 Connectify (452d0996f0bbf20dd6c142662b748e37) C:\Program Files (x86)\Connectify\ConnectifyService.exe

16:49:54.0207 1664 Connectify ( UnsignedFile.Multi.Generic ) - warning

16:49:54.0207 1664 Connectify - detected UnsignedFile.Multi.Generic (1)

16:49:54.0246 1664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

16:49:54.0265 1664 crcdisk - ok

16:49:54.0383 1664 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

16:49:54.0466 1664 CryptSvc - ok

16:49:54.0569 1664 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

16:49:54.0671 1664 DcomLaunch - ok

16:49:54.0751 1664 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

16:49:54.0840 1664 defragsvc - ok

16:49:54.0924 1664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

16:49:54.0997 1664 DfsC - ok

16:49:55.0091 1664 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

16:49:55.0178 1664 Dhcp - ok

16:49:55.0231 1664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

16:49:55.0309 1664 discache - ok

16:49:55.0402 1664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

16:49:55.0420 1664 Disk - ok

16:49:55.0486 1664 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

16:49:55.0571 1664 Dnscache - ok

16:49:55.0662 1664 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

16:49:55.0741 1664 dot3svc - ok

16:49:55.0821 1664 dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys

16:49:55.0868 1664 dot4 - ok

16:49:55.0950 1664 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\drivers\Dot4Prt.sys

16:49:56.0008 1664 Dot4Print - ok

16:49:56.0072 1664 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\windows\system32\DRIVERS\Dot4Scan.sys

16:49:56.0123 1664 Dot4Scan - ok

16:49:56.0199 1664 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys

16:49:56.0247 1664 dot4usb - ok

16:49:56.0295 1664 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

16:49:56.0381 1664 DPS - ok

16:49:56.0452 1664 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

16:49:56.0503 1664 drmkaud - ok

16:49:56.0616 1664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

16:49:56.0666 1664 DXGKrnl - ok

16:49:56.0758 1664 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

16:49:56.0837 1664 EapHost - ok

16:49:57.0048 1664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

16:49:57.0166 1664 ebdrv - ok

16:49:57.0293 1664 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

16:49:57.0323 1664 eeCtrl - ok

16:49:57.0511 1664 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

16:49:57.0584 1664 EFS - ok

16:49:57.0764 1664 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

16:49:57.0864 1664 ehRecvr - ok

16:49:57.0889 1664 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

16:49:57.0924 1664 ehSched - ok

16:49:58.0065 1664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

16:49:58.0098 1664 elxstor - ok

16:49:58.0153 1664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

16:49:58.0204 1664 ErrDev - ok

16:49:58.0293 1664 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

16:49:58.0377 1664 EventSystem - ok

16:49:58.0458 1664 ewusbnet (50fcbbedad133d6bf402a7ce08ea95a3) C:\windows\system32\DRIVERS\ewusbnet.sys

16:49:58.0543 1664 ewusbnet - ok

16:49:58.0642 1664 ew_mbbusbdev (296dfceece424cd630cf8fdaf0cb0c09) C:\windows\system32\DRIVERS\ew_mbbusbdev.sys

16:49:58.0723 1664 ew_mbbusbdev - ok

16:49:58.0770 1664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

16:49:58.0859 1664 exfat - ok

16:49:58.0892 1664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

16:49:58.0984 1664 fastfat - ok

16:49:59.0085 1664 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

16:49:59.0162 1664 Fax - ok

16:49:59.0223 1664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

16:49:59.0287 1664 fdc - ok

16:49:59.0342 1664 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

16:49:59.0421 1664 fdPHost - ok

16:49:59.0460 1664 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

16:49:59.0530 1664 FDResPub - ok

16:49:59.0577 1664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

16:49:59.0593 1664 FileInfo - ok

16:49:59.0613 1664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

16:49:59.0666 1664 Filetrace - ok

16:49:59.0724 1664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

16:49:59.0741 1664 flpydisk - ok

16:49:59.0830 1664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

16:49:59.0860 1664 FltMgr - ok

16:49:59.0982 1664 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

16:50:00.0025 1664 FontCache - ok

16:50:00.0126 1664 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:50:00.0137 1664 FontCache3.0.0.0 - ok

16:50:00.0186 1664 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

16:50:00.0203 1664 FsDepends - ok

16:50:00.0277 1664 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys

16:50:00.0298 1664 fssfltr - ok

16:50:00.0516 1664 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

16:50:00.0570 1664 fsssvc - ok

16:50:00.0713 1664 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

16:50:00.0731 1664 Fs_Rec - ok

16:50:00.0820 1664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

16:50:00.0843 1664 fvevol - ok

16:50:00.0929 1664 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys

16:50:01.0001 1664 FwLnk - ok

16:50:01.0072 1664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

16:50:01.0089 1664 gagp30kx - ok

16:50:01.0130 1664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

16:50:01.0141 1664 GEARAspiWDM - ok

16:50:01.0237 1664 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

16:50:01.0325 1664 gpsvc - ok

16:50:01.0500 1664 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:50:01.0513 1664 gupdate - ok

16:50:01.0600 1664 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:50:01.0613 1664 gupdatem - ok

16:50:01.0692 1664 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

16:50:01.0708 1664 gusvc - ok

16:50:01.0736 1664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

16:50:01.0815 1664 hcw85cir - ok

16:50:01.0911 1664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

16:50:01.0975 1664 HdAudAddService - ok

16:50:02.0060 1664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

16:50:02.0114 1664 HDAudBus - ok

16:50:02.0147 1664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

16:50:02.0190 1664 HidBatt - ok

16:50:02.0238 1664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

16:50:02.0294 1664 HidBth - ok

16:50:02.0324 1664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

16:50:02.0380 1664 HidIr - ok

16:50:02.0422 1664 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

16:50:02.0498 1664 hidserv - ok

16:50:02.0567 1664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

16:50:02.0588 1664 HidUsb - ok

16:50:02.0646 1664 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

16:50:02.0735 1664 hkmsvc - ok

16:50:02.0781 1664 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

16:50:02.0865 1664 HomeGroupListener - ok

16:50:02.0934 1664 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

16:50:02.0985 1664 HomeGroupProvider - ok

16:50:03.0052 1664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

16:50:03.0073 1664 HpSAMD - ok

16:50:03.0156 1664 HSPADataCardusbmdm (65120337e224a686f87ddd635f17c81b) C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys

16:50:03.0230 1664 HSPADataCardusbmdm - ok

16:50:03.0322 1664 HSPADataCardusbnmea (65120337e224a686f87ddd635f17c81b) C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys

16:50:03.0336 1664 HSPADataCardusbnmea - ok

16:50:03.0360 1664 HSPADataCardusbser (65120337e224a686f87ddd635f17c81b) C:\windows\system32\DRIVERS\HSPADataCardusbser.sys

16:50:03.0375 1664 HSPADataCardusbser - ok

16:50:03.0448 1664 HSPADataCardusbvoice (65120337e224a686f87ddd635f17c81b) C:\windows\system32\DRIVERS\HSPADataCardusbvoice.sys

16:50:03.0482 1664 HSPADataCardusbvoice - ok

16:50:03.0578 1664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

16:50:03.0636 1664 HTTP - ok

16:50:03.0677 1664 huawei_enumerator - ok

16:50:03.0744 1664 hwdatacard (aa379e6e47d1594f489b0e9215230a6a) C:\windows\system32\DRIVERS\ewusbmdm.sys

16:50:03.0814 1664 hwdatacard - ok

16:50:03.0906 1664 HWDeviceService64.exe - ok

16:50:03.0974 1664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

16:50:03.0994 1664 hwpolicy - ok

16:50:04.0071 1664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

16:50:04.0089 1664 i8042prt - ok

16:50:04.0181 1664 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys

16:50:04.0204 1664 iaStor - ok

16:50:04.0306 1664 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

16:50:04.0336 1664 iaStorV - ok

16:50:04.0526 1664 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:50:04.0573 1664 idsvc - ok

16:50:04.0869 1664 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111026.030\IDSvia64.sys

16:50:04.0900 1664 IDSVia64 - ok

16:50:05.0841 1664 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys

16:50:06.0325 1664 igfx - ok

16:50:06.0489 1664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

16:50:06.0512 1664 iirsp - ok

16:50:06.0660 1664 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

16:50:06.0761 1664 IKEEXT - ok

16:50:06.0951 1664 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys

16:50:07.0017 1664 IntcAzAudAddService - ok

16:50:07.0178 1664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

16:50:07.0196 1664 intelide - ok

16:50:07.0274 1664 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

16:50:07.0330 1664 intelppm - ok

16:50:07.0362 1664 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

16:50:07.0417 1664 IPBusEnum - ok

16:50:07.0494 1664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

16:50:07.0627 1664 IpFilterDriver - ok

16:50:07.0710 1664 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

16:50:07.0815 1664 iphlpsvc - ok

16:50:07.0865 1664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

16:50:07.0897 1664 IPMIDRV - ok

16:50:07.0928 1664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

16:50:08.0022 1664 IPNAT - ok

16:50:08.0152 1664 iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe

16:50:08.0195 1664 iPod Service - ok

16:50:08.0258 1664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

16:50:08.0358 1664 IRENUM - ok

16:50:08.0412 1664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

16:50:08.0427 1664 isapnp - ok

16:50:08.0493 1664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

16:50:08.0524 1664 iScsiPrt - ok

16:50:08.0583 1664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

16:50:08.0599 1664 kbdclass - ok

16:50:08.0662 1664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

16:50:08.0682 1664 kbdhid - ok

16:50:08.0744 1664 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

16:50:08.0762 1664 KeyIso - ok

16:50:08.0784 1664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

16:50:08.0802 1664 KSecDD - ok

16:50:08.0872 1664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

16:50:08.0901 1664 KSecPkg - ok

16:50:08.0923 1664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

16:50:09.0007 1664 ksthunk - ok

16:50:09.0073 1664 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

16:50:09.0148 1664 KtmRm - ok

16:50:09.0244 1664 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

16:50:09.0324 1664 LanmanServer - ok

16:50:09.0374 1664 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

16:50:09.0453 1664 LanmanWorkstation - ok

16:50:09.0534 1664 LgBttPort (174803f2eea3b22165dfe0e5a1f20685) C:\windows\system32\DRIVERS\lgbtpt64.sys

16:50:09.0617 1664 LgBttPort - ok

16:50:09.0739 1664 lgbusenum (565f93bb7c0361e61b3daea670c354d6) C:\windows\system32\DRIVERS\lgbtbs64.sys

16:50:09.0752 1664 lgbusenum - ok

16:50:09.0813 1664 LGVMODEM (abf477857b7ced873362ec92c6ce10a7) C:\windows\system32\DRIVERS\lgvmdm64.sys

16:50:09.0828 1664 LGVMODEM - ok

16:50:09.0913 1664 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

16:50:09.0968 1664 lltdio - ok

16:50:10.0008 1664 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

16:50:10.0084 1664 lltdsvc - ok

16:50:10.0121 1664 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

16:50:10.0179 1664 lmhosts - ok

16:50:10.0268 1664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

16:50:10.0292 1664 LSI_FC - ok

16:50:10.0317 1664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

16:50:10.0337 1664 LSI_SAS - ok

16:50:10.0357 1664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

16:50:10.0379 1664 LSI_SAS2 - ok

16:50:10.0400 1664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

16:50:10.0425 1664 LSI_SCSI - ok

16:50:10.0450 1664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

16:50:10.0527 1664 luafv - ok

16:50:10.0643 1664 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\windows\system32\DRIVERS\ManyCam_x64.sys

16:50:10.0683 1664 ManyCam - ok

16:50:10.0781 1664 massfilter (035c83cd72e06c47000793d32b1a642d) C:\windows\system32\drivers\massfilter.sys

16:50:10.0863 1664 massfilter - ok

16:50:10.0934 1664 mbbdatacard (aa379e6e47d1594f489b0e9215230a6a) C:\windows\system32\DRIVERS\ewusbmdm.sys

16:50:10.0970 1664 mbbdatacard - ok

16:50:11.0031 1664 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

16:50:11.0082 1664 Mcx2Svc - ok

16:50:11.0108 1664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

16:50:11.0125 1664 megasas - ok

16:50:11.0171 1664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

16:50:11.0192 1664 MegaSR - ok

16:50:11.0332 1664 Microsoft SharePoint Workspace Audit Service - ok

16:50:11.0411 1664 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

16:50:11.0495 1664 MMCSS - ok

16:50:11.0529 1664 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

16:50:11.0610 1664 Modem - ok

16:50:11.0654 1664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

16:50:11.0720 1664 monitor - ok

16:50:11.0800 1664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

16:50:11.0817 1664 mouclass - ok

16:50:11.0882 1664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

16:50:11.0926 1664 mouhid - ok

16:50:11.0979 1664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

16:50:11.0994 1664 mountmgr - ok

16:50:12.0108 1664 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys

16:50:12.0136 1664 MpFilter - ok

16:50:12.0198 1664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

16:50:12.0218 1664 mpio - ok

16:50:12.0255 1664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

16:50:12.0312 1664 mpsdrv - ok

16:50:12.0425 1664 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

16:50:12.0528 1664 MpsSvc - ok

16:50:12.0581 1664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

16:50:12.0629 1664 MRxDAV - ok

16:50:12.0678 1664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

16:50:12.0751 1664 mrxsmb - ok

16:50:12.0817 1664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

16:50:12.0879 1664 mrxsmb10 - ok

16:50:12.0937 1664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

16:50:12.0961 1664 mrxsmb20 - ok

16:50:13.0021 1664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

16:50:13.0047 1664 msahci - ok

16:50:13.0106 1664 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

16:50:13.0132 1664 msdsm - ok

16:50:13.0164 1664 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

16:50:13.0219 1664 MSDTC - ok

16:50:13.0282 1664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

16:50:13.0352 1664 Msfs - ok

16:50:13.0421 1664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

16:50:13.0496 1664 mshidkmdf - ok

16:50:13.0533 1664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

16:50:13.0549 1664 msisadrv - ok

16:50:13.0591 1664 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

16:50:13.0674 1664 MSiSCSI - ok

16:50:13.0683 1664 msiserver - ok

16:50:13.0763 1664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

16:50:13.0843 1664 MSKSSRV - ok

16:50:14.0077 1664 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

16:50:14.0105 1664 MsMpSvc - ok

16:50:14.0181 1664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

16:50:14.0269 1664 MSPCLOCK - ok

16:50:14.0303 1664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

16:50:14.0376 1664 MSPQM - ok

16:50:14.0457 1664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

16:50:14.0494 1664 MsRPC - ok

16:50:14.0564 1664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

16:50:14.0581 1664 mssmbios - ok

16:50:14.0604 1664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

16:50:14.0681 1664 MSTEE - ok

16:50:14.0716 1664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

16:50:14.0742 1664 MTConfig - ok

16:50:14.0774 1664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

16:50:14.0794 1664 Mup - ok

16:50:15.0022 1664 N360 (8e643fd5f38fa9a2eda27268a1e9499f) C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

16:50:15.0043 1664 N360 - ok

16:50:15.0128 1664 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

16:50:15.0220 1664 napagent - ok

16:50:15.0308 1664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

16:50:15.0379 1664 NativeWifiP - ok

16:50:15.0482 1664 NAVENG - ok

16:50:15.0516 1664 NAVEX15 - ok

16:50:15.0625 1664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

16:50:15.0668 1664 NDIS - ok

16:50:15.0756 1664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

16:50:15.0835 1664 NdisCap - ok

16:50:15.0889 1664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

16:50:15.0953 1664 NdisTapi - ok

16:50:16.0024 1664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

16:50:16.0109 1664 Ndisuio - ok

16:50:16.0170 1664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

16:50:16.0263 1664 NdisWan - ok

16:50:16.0314 1664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

16:50:16.0369 1664 NDProxy - ok

16:50:16.0439 1664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

16:50:16.0535 1664 NetBIOS - ok

16:50:16.0588 1664 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

16:50:16.0672 1664 NetBT - ok

16:50:16.0712 1664 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

16:50:16.0731 1664 Netlogon - ok

16:50:16.0820 1664 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

16:50:16.0908 1664 Netman - ok

16:50:16.0966 1664 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

16:50:17.0065 1664 netprofm - ok

16:50:17.0148 1664 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:50:17.0167 1664 NetTcpPortSharing - ok

16:50:17.0245 1664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

16:50:17.0265 1664 nfrd960 - ok

16:50:17.0367 1664 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys

16:50:17.0387 1664 NisDrv - ok

16:50:17.0616 1664 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

16:50:17.0639 1664 NisSrv - ok

16:50:17.0736 1664 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

16:50:17.0792 1664 NlaSvc - ok

16:50:17.0844 1664 npf - ok

16:50:17.0888 1664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

16:50:17.0947 1664 Npfs - ok

16:50:17.0968 1664 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

16:50:18.0057 1664 nsi - ok

16:50:18.0087 1664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

16:50:18.0181 1664 nsiproxy - ok

16:50:18.0328 1664 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

16:50:18.0386 1664 Ntfs - ok

16:50:18.0491 1664 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

16:50:18.0573 1664 Null - ok

16:50:18.0655 1664 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

16:50:18.0675 1664 nvraid - ok

16:50:18.0763 1664 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

16:50:18.0784 1664 nvstor - ok

16:50:18.0854 1664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

16:50:18.0875 1664 nv_agp - ok

16:50:18.0942 1664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

16:50:18.0969 1664 ohci1394 - ok

16:50:19.0108 1664 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:50:19.0128 1664 ose - ok

16:50:19.0532 1664 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:50:19.0821 1664 osppsvc - ok

16:50:20.0057 1664 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

16:50:20.0157 1664 p2pimsvc - ok

16:50:20.0214 1664 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

16:50:20.0253 1664 p2psvc - ok

16:50:20.0316 1664 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

16:50:20.0344 1664 Parport - ok

16:50:20.0416 1664 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

16:50:20.0445 1664 partmgr - ok

16:50:20.0487 1664 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

16:50:20.0554 1664 PcaSvc - ok

16:50:20.0600 1664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

16:50:20.0624 1664 pci - ok

16:50:20.0691 1664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

16:50:20.0710 1664 pciide - ok

16:50:20.0763 1664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

16:50:20.0784 1664 pcmcia - ok

16:50:20.0810 1664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

16:50:20.0833 1664 pcw - ok

16:50:20.0883 1664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

16:50:20.0955 1664 PEAUTH - ok

16:50:21.0016 1664 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

16:50:21.0069 1664 PerfHost - ok

16:50:21.0201 1664 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

16:50:21.0217 1664 PGEffect - ok

16:50:21.0463 1664 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

16:50:21.0591 1664 pla - ok

16:50:21.0694 1664 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

16:50:21.0794 1664 PlugPlay - ok

16:50:21.0816 1664 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

16:50:21.0845 1664 PNRPAutoReg - ok

16:50:21.0865 1664 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

16:50:21.0895 1664 PNRPsvc - ok

16:50:21.0971 1664 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

16:50:22.0052 1664 PolicyAgent - ok

16:50:22.0109 1664 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

16:50:22.0200 1664 Power - ok

16:50:22.0329 1664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

16:50:22.0403 1664 PptpMiniport - ok

16:50:22.0442 1664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

16:50:22.0483 1664 Processor - ok

16:50:22.0546 1664 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

16:50:22.0619 1664 ProfSvc - ok

16:50:22.0667 1664 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

16:50:22.0697 1664 ProtectedStorage - ok

16:50:22.0783 1664 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

16:50:22.0839 1664 Psched - ok

16:50:22.0934 1664 PTDUBus (bccea08c45bea866ffd2af32d23611b5) C:\windows\system32\DRIVERS\PTDUBus.sys

16:50:22.0952 1664 PTDUBus - ok

16:50:23.0034 1664 PTDUMdm (f94a0753921e97cebb9002682097149a) C:\windows\system32\DRIVERS\PTDUMdm.sys

16:50:23.0057 1664 PTDUMdm - ok

16:50:23.0138 1664 PTDUVsp (ac70cdae9e26d26ef6f41c3c23087aae) C:\windows\system32\DRIVERS\PTDUVsp.sys

16:50:23.0160 1664 PTDUVsp - ok

16:50:23.0243 1664 PTDUWFLT (1d2bd34a8e5c9efd75085af598a7d9b4) C:\windows\system32\DRIVERS\PTDUWFLT.sys

16:50:23.0261 1664 PTDUWFLT - ok

16:50:23.0327 1664 PTDUWWAN (3d47d2ae93fdf671c3c997b2fac4e13f) C:\windows\system32\DRIVERS\PTDUWWAN.sys

16:50:23.0346 1664 PTDUWWAN - ok

16:50:23.0432 1664 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys

16:50:23.0453 1664 PxHlpa64 - ok

16:50:23.0601 1664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

16:50:23.0669 1664 ql2300 - ok

16:50:23.0775 1664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

16:50:23.0793 1664 ql40xx - ok

16:50:23.0835 1664 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

16:50:23.0875 1664 QWAVE - ok

16:50:23.0895 1664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

16:50:23.0956 1664 QWAVEdrv - ok

16:50:23.0996 1664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

16:50:24.0078 1664 RasAcd - ok

16:50:24.0144 1664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

16:50:24.0196 1664 RasAgileVpn - ok

16:50:24.0212 1664 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

16:50:24.0294 1664 RasAuto - ok

16:50:24.0345 1664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

16:50:24.0424 1664 Rasl2tp - ok

16:50:24.0512 1664 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

16:50:24.0576 1664 RasMan - ok

16:50:24.0664 1664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

16:50:24.0743 1664 RasPppoe - ok

16:50:24.0774 1664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

16:50:24.0861 1664 RasSstp - ok

16:50:24.0941 1664 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

16:50:25.0032 1664 rdbss - ok

16:50:25.0066 1664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

16:50:25.0119 1664 rdpbus - ok

16:50:25.0151 1664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

16:50:25.0212 1664 RDPCDD - ok

16:50:25.0288 1664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

16:50:25.0367 1664 RDPENCDD - ok

16:50:25.0402 1664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

16:50:25.0451 1664 RDPREFMP - ok

16:50:25.0513 1664 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys

16:50:25.0586 1664 RDPWD - ok

16:50:25.0655 1664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

16:50:25.0679 1664 rdyboost - ok

16:50:25.0725 1664 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

16:50:25.0802 1664 RemoteAccess - ok

16:50:25.0850 1664 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

16:50:25.0937 1664 RemoteRegistry - ok

16:50:26.0020 1664 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\windows\system32\Drivers\RimUsb_AMD64.sys

16:50:26.0101 1664 RimUsb - ok

16:50:26.0167 1664 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

16:50:26.0269 1664 RpcEptMapper - ok

16:50:26.0314 1664 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

16:50:26.0357 1664 RpcLocator - ok

16:50:26.0427 1664 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

16:50:26.0503 1664 RpcSs - ok

16:50:26.0532 1664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

16:50:26.0580 1664 rspndr - ok

16:50:26.0669 1664 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\windows\system32\Drivers\RtsUStor.sys

16:50:26.0740 1664 RSUSBSTOR - ok

16:50:26.0884 1664 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\windows\system32\DRIVERS\Rt64win7.sys

16:50:26.0910 1664 RTL8167 - ok

16:50:27.0115 1664 rtl8192se (9d2a069a116289a5c0776488007f62be) C:\windows\system32\DRIVERS\rtl8192se.sys

16:50:27.0209 1664 rtl8192se - ok

16:50:27.0214 1664 RtsUIR - ok

16:50:27.0282 1664 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

16:50:27.0299 1664 SamSs - ok

16:50:27.0370 1664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

16:50:27.0388 1664 sbp2port - ok

16:50:27.0419 1664 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

16:50:27.0505 1664 SCardSvr - ok

16:50:27.0558 1664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

16:50:27.0658 1664 scfilter - ok

16:50:27.0822 1664 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

16:50:27.0929 1664 Schedule - ok

16:50:27.0989 1664 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

16:50:28.0047 1664 SCPolicySvc - ok

16:50:28.0071 1664 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

16:50:28.0190 1664 SDRSVC - ok

16:50:28.0299 1664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

16:50:28.0364 1664 secdrv - ok

16:50:28.0421 1664 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

16:50:28.0509 1664 seclogon - ok

16:50:28.0553 1664 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

16:50:28.0628 1664 SENS - ok

16:50:28.0711 1664 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

16:50:28.0743 1664 SensrSvc - ok

16:50:28.0833 1664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

16:50:28.0879 1664 Serenum - ok

16:50:28.0934 1664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

16:50:28.0953 1664 Serial - ok

16:50:29.0042 1664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

16:50:29.0068 1664 sermouse - ok

16:50:29.0144 1664 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

16:50:29.0225 1664 SessionEnv - ok

16:50:29.0269 1664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

16:50:29.0331 1664 sffdisk - ok

16:50:29.0359 1664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

16:50:29.0437 1664 sffp_mmc - ok

16:50:29.0473 1664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

16:50:29.0539 1664 sffp_sd - ok

16:50:29.0591 1664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

16:50:29.0611 1664 sfloppy - ok

16:50:29.0695 1664 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

16:50:29.0789 1664 SharedAccess - ok

16:50:29.0865 1664 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

16:50:29.0972 1664 ShellHWDetection - ok

16:50:30.0021 1664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

16:50:30.0041 1664 SiSRaid2 - ok

16:50:30.0084 1664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

16:50:30.0099 1664 SiSRaid4 - ok

16:50:30.0163 1664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

16:50:30.0228 1664 Smb - ok

16:50:30.0358 1664 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS

16:50:30.0379 1664 SMSIVZAM5X64 - ok

16:50:30.0460 1664 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

16:50:30.0511 1664 SNMPTRAP - ok

16:50:30.0552 1664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

16:50:30.0567 1664 spldr - ok

16:50:30.0657 1664 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

16:50:30.0715 1664 Spooler - ok

16:50:31.0018 1664 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

16:50:31.0225 1664 sppsvc - ok

16:50:31.0344 1664 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

16:50:31.0397 1664 sppuinotify - ok

16:50:31.0641 1664 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS

16:50:31.0678 1664 SRTSP - ok

16:50:31.0705 1664 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS

16:50:31.0722 1664 SRTSPX - ok

16:50:31.0801 1664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

16:50:31.0882 1664 srv - ok

16:50:31.0919 1664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

16:50:31.0974 1664 srv2 - ok

16:50:32.0028 1664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

16:50:32.0053 1664 srvnet - ok

16:50:32.0135 1664 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

16:50:32.0228 1664 SSDPSRV - ok

16:50:32.0266 1664 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

16:50:32.0337 1664 SstpSvc - ok

16:50:32.0371 1664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

16:50:32.0386 1664 stexstor - ok

16:50:32.0497 1664 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

16:50:32.0567 1664 stisvc - ok

16:50:32.0664 1664 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

16:50:32.0683 1664 stllssvr - ok

16:50:32.0738 1664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

16:50:32.0754 1664 swenum - ok

16:50:32.0800 1664 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

16:50:32.0892 1664 swprv - ok

16:50:32.0998 1664 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS

16:50:33.0026 1664 SymDS - ok

16:50:33.0106 1664 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS

16:50:33.0148 1664 SymEFA - ok

16:50:33.0232 1664 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

16:50:33.0254 1664 SymEvent - ok

16:50:33.0357 1664 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS

16:50:33.0388 1664 SymIRON - ok

16:50:33.0424 1664 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS

16:50:33.0453 1664 SYMTDIv - ok

16:50:33.0549 1664 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys

16:50:33.0575 1664 SynTP - ok

16:50:33.0839 1664 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

16:50:33.0953 1664 SysMain - ok

16:50:34.0125 1664 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

16:50:34.0181 1664 TabletInputService - ok

16:50:34.0232 1664 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

16:50:34.0330 1664 TapiSrv - ok

16:50:34.0392 1664 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

16:50:34.0449 1664 TBS - ok

16:50:34.0688 1664 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

16:50:34.0763 1664 Tcpip - ok

16:50:35.0165 1664 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

16:50:35.0247 1664 TCPIP6 - ok

16:50:35.0580 1664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

16:50:35.0656 1664 tcpipreg - ok

16:50:35.0759 1664 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

16:50:35.0795 1664 tdcmdpst - ok

16:50:35.0844 1664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

16:50:35.0930 1664 TDPIPE - ok

16:50:35.0989 1664 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

16:50:36.0043 1664 TDTCP - ok

16:50:36.0117 1664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

16:50:36.0175 1664 tdx - ok

16:50:36.0243 1664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

16:50:36.0260 1664 TermDD - ok

16:50:36.0346 1664 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

16:50:36.0455 1664 TermService - ok

16:50:36.0498 1664 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

16:50:36.0559 1664 Themes - ok

16:50:36.0616 1664 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

16:50:36.0668 1664 THREADORDER - ok

16:50:36.0895 1664 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

16:50:36.0909 1664 TMachInfo - ok

16:50:36.0939 1664 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe

16:50:36.0955 1664 TODDSrv - ok

16:50:37.0049 1664 TosCoSrv (4db8c79bcea76063b83b13410366a1f7) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

16:50:37.0073 1664 TosCoSrv - ok

16:50:37.0129 1664 TOSHIBA eco Utility Service (32ff64d06a91daa0331c624aff442679) C:\Program Files\TOSHIBA\TECO\TecoService.exe

16:50:37.0155 1664 TOSHIBA eco Utility Service - ok

16:50:37.0248 1664 TOSHIBA HDD SSD Alert Service (dd58e1250f604cbbadda04575e5e2376) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

16:50:37.0273 1664 TOSHIBA HDD SSD Alert Service - ok

16:50:37.0396 1664 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

16:50:37.0436 1664 tos_sps64 - ok

16:50:37.0516 1664 TPCHSrv (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

16:50:37.0550 1664 TPCHSrv - ok

16:50:37.0740 1664 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

16:50:37.0834 1664 TrkWks - ok

16:50:37.0929 1664 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

16:50:38.0021 1664 TrustedInstaller - ok

16:50:38.0124 1664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

16:50:38.0199 1664 tssecsrv - ok

16:50:38.0276 1664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

16:50:38.0321 1664 TsUsbFlt - ok

16:50:38.0417 1664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

16:50:38.0504 1664 tunnel - ok

16:50:38.0566 1664 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

16:50:38.0587 1664 TVALZ - ok

16:50:38.0672 1664 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

16:50:38.0691 1664 TVALZFL - ok

16:50:38.0726 1664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

16:50:38.0747 1664 uagp35 - ok

16:50:38.0822 1664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

16:50:38.0906 1664 udfs - ok

16:50:39.0100 1664 UI Assistant Service (75d143f71e9c92405af82e3ab1129d8c) C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe

16:50:39.0128 1664 UI Assistant Service - ok

16:50:39.0158 1664 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

16:50:39.0182 1664 UI0Detect - ok

16:50:39.0266 1664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

16:50:39.0292 1664 uliagpkx - ok

16:50:39.0356 1664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

16:50:39.0426 1664 umbus - ok

16:50:39.0470 1664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

16:50:39.0525 1664 UmPass - ok

16:50:39.0614 1664 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

16:50:39.0734 1664 upnphost - ok

16:50:39.0830 1664 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\windows\system32\Drivers\usbaapl64.sys

16:50:39.0852 1664 USBAAPL64 - ok

16:50:39.0950 1664 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys

16:50:39.0982 1664 usbaudio - ok

16:50:40.0068 1664 usbbus (5fcc71487888589a9244af54cfefab29) C:\windows\system32\DRIVERS\lgx64bus.sys

16:50:40.0141 1664 usbbus - ok

16:50:40.0204 1664 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

16:50:40.0242 1664 usbccgp - ok

16:50:40.0248 1664 USBCCID - ok

16:50:40.0352 1664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

16:50:40.0375 1664 usbcir - ok

16:50:40.0440 1664 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\windows\system32\DRIVERS\lgx64diag.sys

16:50:40.0476 1664 UsbDiag - ok

16:50:40.0531 1664 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

16:50:40.0582 1664 usbehci - ok

16:50:40.0657 1664 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

16:50:40.0707 1664 usbhub - ok

16:50:40.0791 1664 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\windows\system32\DRIVERS\lgx64modem.sys

16:50:40.0806 1664 USBModem - ok

16:50:40.0820 1664 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

16:50:40.0864 1664 usbohci - ok

16:50:40.0933 1664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

16:50:40.0980 1664 usbprint - ok

16:50:41.0036 1664 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

16:50:41.0092 1664 usbscan - ok

16:50:41.0128 1664 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

16:50:41.0216 1664 USBSTOR - ok

16:50:41.0278 1664 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys

16:50:41.0325 1664 usbuhci - ok

16:50:41.0454 1664 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

16:50:41.0481 1664 usbvideo - ok

16:50:41.0500 1664 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

16:50:41.0643 1664 UxSms - ok

16:50:41.0692 1664 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

16:50:41.0745 1664 VaultSvc - ok

16:50:41.0815 1664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

16:50:41.0838 1664 vdrvroot - ok

16:50:41.0926 1664 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

16:50:41.0998 1664 vds - ok

16:50:42.0022 1664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

16:50:42.0049 1664 vga - ok

16:50:42.0071 1664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

16:50:42.0152 1664 VgaSave - ok

16:50:42.0205 1664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

16:50:42.0227 1664 vhdmp - ok

16:50:42.0316 1664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

16:50:42.0346 1664 viaide - ok

16:50:42.0406 1664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

16:50:42.0433 1664 volmgr - ok

16:50:42.0512 1664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

16:50:42.0539 1664 volmgrx - ok

16:50:42.0613 1664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

16:50:42.0643 1664 volsnap - ok

16:50:42.0734 1664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

16:50:42.0760 1664 vsmraid - ok

16:50:42.0918 1664 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

16:50:43.0079 1664 VSS - ok

16:50:43.0204 1664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

16:50:43.0256 1664 vwifibus - ok

16:50:43.0317 1664 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

16:50:43.0374 1664 vwififlt - ok

16:50:43.0408 1664 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

16:50:43.0437 1664 vwifimp - ok

16:50:43.0480 1664 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

16:50:43.0541 1664 W32Time - ok

16:50:43.0573 1664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

16:50:43.0591 1664 WacomPen - ok

16:50:43.0672 1664 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

16:50:43.0748 1664 WANARP - ok

16:50:43.0757 1664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

16:50:43.0806 1664 Wanarpv6 - ok

16:50:43.0947 1664 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

16:50:44.0006 1664 WatAdminSvc - ok

16:50:44.0129 1664 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

16:50:44.0267 1664 wbengine - ok

16:50:44.0397 1664 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

16:50:44.0436 1664 WbioSrvc - ok

16:50:44.0517 1664 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

16:50:44.0597 1664 wcncsvc - ok

16:50:44.0629 1664 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

16:50:44.0655 1664 WcsPlugInService - ok

16:50:44.0704 1664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

16:50:44.0725 1664 Wd - ok

16:50:44.0820 1664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

16:50:44.0870 1664 Wdf01000 - ok

16:50:44.0893 1664 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

16:50:45.0015 1664 WdiServiceHost - ok

16:50:45.0018 1664 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

16:50:45.0052 1664 WdiSystemHost - ok

16:50:45.0121 1664 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

16:50:45.0155 1664 WebClient - ok

16:50:45.0198 1664 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

16:50:45.0286 1664 Wecsvc - ok

16:50:45.0335 1664 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

16:50:45.0434 1664 wercplsupport - ok

16:50:45.0505 1664 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

16:50:45.0572 1664 WerSvc - ok

16:50:45.0616 1664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

16:50:45.0671 1664 WfpLwf - ok

16:50:45.0690 1664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

16:50:45.0710 1664 WIMMount - ok

16:50:45.0734 1664 WinDefend - ok

16:50:45.0786 1664 windrvNT - ok

16:50:45.0790 1664 WinHttpAutoProxySvc - ok

16:50:45.0875 1664 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

16:50:45.0968 1664 Winmgmt - ok

16:50:46.0114 1664 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

16:50:46.0292 1664 WinRM - ok

16:50:46.0631 1664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

16:50:46.0677 1664 WinUsb - ok

16:50:46.0759 1664 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

16:50:46.0805 1664 Wlansvc - ok

16:50:46.0948 1664 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:50:46.0976 1664 wlcrasvc - ok

16:50:47.0266 1664 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:50:47.0339 1664 wlidsvc - ok

16:50:47.0547 1664 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\windows\system32\drivers\WmBEnum.sys

16:50:47.0567 1664 WmBEnum - ok

16:50:47.0676 1664 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\windows\system32\drivers\WmFilter.sys

16:50:47.0694 1664 WmFilter - ok

16:50:47.0751 1664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

16:50:47.0791 1664 WmiAcpi - ok

16:50:47.0862 1664 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

16:50:47.0914 1664 wmiApSrv - ok

16:50:47.0996 1664 WMPNetworkSvc - ok

16:50:48.0078 1664 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\windows\system32\drivers\WmVirHid.sys

16:50:48.0097 1664 WmVirHid - ok

16:50:48.0180 1664 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\windows\system32\drivers\WmXlCore.sys

16:50:48.0198 1664 WmXlCore - ok

16:50:48.0220 1664 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

16:50:48.0249 1664 WPCSvc - ok

16:50:48.0314 1664 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

16:50:48.0337 1664 WPDBusEnum - ok

16:50:48.0368 1664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

16:50:48.0429 1664 ws2ifsl - ok

16:50:48.0446 1664 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

16:50:48.0501 1664 wscsvc - ok

16:50:48.0505 1664 WSearch - ok

16:50:48.0659 1664 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

16:50:48.0789 1664 wuauserv - ok

16:50:48.0958 1664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

16:50:49.0006 1664 WudfPf - ok

16:50:49.0082 1664 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

16:50:49.0161 1664 WUDFRd - ok

16:50:49.0205 1664 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

16:50:49.0259 1664 wudfsvc - ok

16:50:49.0296 1664 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

16:50:49.0350 1664 WwanSvc - ok

16:50:49.0458 1664 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\windows\system32\DRIVERS\xnacc.sys

16:50:49.0534 1664 xnacc - ok

16:50:49.0625 1664 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\windows\system32\DRIVERS\xusb21.sys

16:50:49.0672 1664 xusb21 - ok

16:50:49.0883 1664 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

16:50:49.0911 1664 YahooAUService - ok

16:50:50.0006 1664 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

16:50:50.0240 1664 \Device\Harddisk0\DR0 - ok

16:50:50.0281 1664 Boot (0x1200) (d98d89a71f01fbc9c0e0a2ec4f8abbca) \Device\Harddisk0\DR0\Partition0

16:50:50.0282 1664 \Device\Harddisk0\DR0\Partition0 - ok

16:50:50.0283 1664 ============================================================

16:50:50.0283 1664 Scan finished

16:50:50.0283 1664 ============================================================

16:50:50.0295 6904 Detected object count: 1

16:50:50.0295 6904 Actual detected object count: 1

16:51:55.0777 6904 Connectify ( UnsignedFile.Multi.Generic ) - skipped by user

16:51:55.0777 6904 Connectify ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:04:50.0174 6376 Deinitialize success

thx

Share this post


Link to post
Share on other sites

Those scans were clean......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

After the combofix scan, i got this report:

ComboFix 12-05-14.03 - Owner 05/15/2012 0:40.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1662 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Owner\Documents\~WRL2476.tmp

c:\windows\SysWow64\SET9B26.tmp

c:\windows\SysWow64\SETA7B4.tmp

c:\windows\UA000011.DLL

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_npf

.

.

((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))

.

.

2012-05-15 05:59 . 2012-05-15 05:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-14 08:04 . 2012-05-14 08:04 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-14 08:04 . 2012-05-14 08:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-14 00:43 . 2012-05-14 00:43 -------- d-----w- c:\users\Owner\AppData\Roaming\PeerNetworking

2012-05-13 19:17 . 2012-05-13 19:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-13 19:17 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-13 03:43 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-13 03:43 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-13 03:43 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-13 03:43 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-13 03:43 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-13 03:42 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-13 03:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-13 02:52 . 2012-05-13 02:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2012-05-13 02:51 . 2012-05-13 02:51 -------- d-----w- c:\programdata\Malwarebytes

2012-05-13 02:33 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-13 02:33 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-13 02:33 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-13 02:33 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-13 02:33 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-13 02:33 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-08 04:28 . 2012-05-08 04:28 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-08 04:16 . 2012-05-08 04:16 116016 ----a-w- c:\windows\system32\drivers\87617208.sys

2012-05-04 00:45 . 2012-05-08 05:11 -------- d-----w- c:\program files (x86)\1ClickDownload

2012-05-03 21:03 . 2012-05-03 21:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-24 16:03 . 2012-04-24 16:03 512 ----a-w- C:\PhysicalMBR.bin

2012-04-24 03:34 . 2012-04-24 03:34 -------- d-----w- C:\found.000

2012-04-21 20:42 . 2012-04-21 20:42 -------- d-----w- c:\windows\en

2012-04-21 20:37 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-04-21 20:30 . 2012-04-21 20:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\922e4ef81cd1ffd02\MeshBetaRemover.exe

2012-04-21 20:30 . 2012-04-21 20:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DXSETUP.exe

2012-04-21 20:30 . 2012-04-21 20:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\DSETUP.dll

2012-04-21 20:30 . 2012-04-21 20:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\91d63c0e1cd1ffd01\dsetup32.dll

2012-04-17 00:35 . 2012-04-30 22:01 -------- d-----w- C:\ZHP

2012-04-17 00:32 . 2012-04-30 22:01 -------- d-----w- c:\program files (x86)\ZHPDiag

2012-04-17 00:06 . 2012-04-24 07:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype

2012-04-16 22:27 . 2012-04-16 22:27 -------- d-----w- c:\program files (x86)\VS Revo Group

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-03 21:04 . 2012-05-03 21:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A01FFE5-F898-4A0F-B6B6-3B84BFEEB9E1}\gapaengine.dll

2012-04-13 08:46 . 2012-05-15 02:49 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D80D9C4C-AA47-4B6B-8656-E70ED5428AF8}\mpengine.dll

2012-04-13 08:46 . 2012-05-13 22:05 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-21 01:44 . 2012-03-21 01:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 01:44 . 2012-03-21 01:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-01 06:46 . 2012-04-12 23:41 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-12 23:41 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-12 23:41 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-12 23:41 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-12 23:41 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-12 23:41 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 23:41 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-12 23:46 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 23:46 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 23:46 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 23:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 23:46 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 23:46 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 23:46 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 23:46 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-17 06:38 . 2012-03-19 22:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-19 22:44 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-19 22:44 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-19 22:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]

2010-06-11 03:41 2515552 ----a-w- c:\program files (x86)\Soft-Search\tbSof1.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}]

2010-09-27 17:11 2735200 ----a-w- c:\program files (x86)\mywebsites.pro-FR\tbmyw0.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]

2011-10-20 03:05 2660016 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{33727f97-486d-4d19-97c3-23f432ef93fc}"= "c:\program files (x86)\mywebsites.pro-FR\tbmyw0.dll" [2010-09-27 2735200]

"{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}"= "c:\program files (x86)\Soft-Search\tbSof1.dll" [2010-06-11 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]

.

[HKEY_CLASSES_ROOT\clsid\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-07 137536]

"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"UIExec"="c:\program files (x86)\NATCOM 3G\UIExec.exe" [2011-11-18 153424]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-4-4 3450608]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 135664]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 ew_mbbusbdev;MBB USB PNP Device;c:\windows\system32\DRIVERS\ew_mbbusbdev.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 135664]

R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]

R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]

R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [x]

R3 HSPADataCardusbvoice;HSPADataCard VoUSB Port;c:\windows\system32\DRIVERS\HSPADataCardusbvoice.sys [x]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 mbbdatacard;MBB DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [x]

R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [x]

R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [x]

R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDUWFLT.sys [x]

R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111026.030\IDSvia64.sys [2011-08-23 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\NATCOM 3G\AssistantServices.exe [2011-11-18 270672]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]

S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]

S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job

- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 02:45]

.

2012-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job

- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-07 02:45]

.

2012-05-14 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-13 01:20]

.

2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 05:06]

.

2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 05:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"combofix"="c:\combofix\CF5378.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.fr

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe

SafeBoot-42060062.sys

Toolbar-Locked - (no file)

WebBrowser-{33727F97-486D-4D19-97C3-23F432EF93FC} - (no file)

WebBrowser-{09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-Macromedia Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe

c:\program files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2012-05-15 01:24:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-15 06:24

.

Pre-Run: 16,463,269,888 bytes free

Post-Run: 16,629,927,936 bytes free

.

- - End Of File - - 77B1C32B51F0D8E440A7E9CD254B3929

Share this post


Link to post
Share on other sites

Reboot the computer if you haven't and let me know how it is, MrC

Share this post


Link to post
Share on other sites

:-( :-( :-( malwarebytes still can't update.... same message.... program error updating etc...:-(

And i was on another forum at zebulon.fr for another problem "ntdll.ddl" when trying using zhpdiag to resolve a problem connecting with skype, so the expert has recommended me to scan with combofix too, it's hasnt been resolved either....

I guess ther's no more solution and that i should throw it out :-(.... nooooooooooo...

thx to have try to help me... wish ther's another solution...

Share this post


Link to post
Share on other sites

1. > Please post the exact error message again...just to be sure.

2. > Are you using a router?

3. > Can you give me a link to the post where you were helped before.

4. > Try disabling your firewall and see if you can update

5. > Click on the link that pertains to your country and see if it comes up green.

http://www.dns-ok.us/ <--------for USA

http://www.dcwg.org/detect/ <---other countries

---------------------------------------

It looks like you have Norton, MSE and Defender installed.

I hope you have Defender permanently disabled.

Pick Norton or MSE as your AV and uninstall the other

I suggest you uninstall Norton and run their uninstaller tool:

https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

Then.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

Please be patient, we'll find a solution.....MrC

Share this post


Link to post
Share on other sites

1) The message:

An error has occured. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission).

Program_error_updating (0,0,I/0 error)

2)I m not using a router, no....

3)the link: http://forum.zebulon.fr/probleme-ntdlldll-t193127.html&st=10&gopid=1616394#entry1616394

4)with firewall disable, no change, same message

5)it s green...

i have deleted norton because it was crashed before...

i have done the scan two times ans there was only one report, otl.txt :

OTL logfile created on: 5/16/2012 10:33:59 AM - Run 2

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.56% Memory free

5.74 Gb Paging File | 3.90 Gb Available in Paging File | 67.96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.55 Gb Total Space | 15.62 Gb Free Space | 5.43% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 09:26:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/02/23 00:19:07 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2012/01/26 14:51:34 | 000,092,320 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe

PRC - [2011/11/18 10:24:26 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe

PRC - [2011/11/18 10:24:26 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\UIExec.exe

PRC - [2011/06/16 06:55:12 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Messenger\Ymsgr_tray.exe

PRC - [2010/11/16 08:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe

PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe

PRC - [2009/07/13 17:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2007/04/30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/18 10:24:26 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\UIExec.exe

MOD - [2011/10/19 22:05:36 | 000,084,480 | ---- | M] () -- C:\Windows\SysWOW64\EasyHook32.dll

MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\Messenger\yui.dll

MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2007/04/30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll

MOD - [2007/04/21 12:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll

MOD - [2007/04/19 13:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll

MOD - [2002/11/19 13:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODimg.dll

MOD - [2002/03/13 18:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\ODimg.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/08/11 18:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2009/08/05 16:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/08/04 13:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/11/18 10:24:26 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe -- (UI Assistant Service)

SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/11/16 08:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)

SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbvoice.sys -- (HSPADataCardusbvoice)

DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)

DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)

DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)

DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/09/27 06:58:47 | 000,121,600 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (mbbdatacard)

DRV:64bit: - [2010/09/27 06:58:47 | 000,121,600 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2010/09/27 06:34:00 | 000,256,000 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)

DRV:64bit: - [2010/09/26 22:53:34 | 000,115,584 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_mbbusbdev.sys -- (ew_mbbusbdev)

DRV:64bit: - [2010/05/05 23:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)

DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2010/04/21 22:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)

DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2010/04/05 16:46:11 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/02/25 19:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)

DRV:64bit: - [2010/01/29 01:46:46 | 001,089,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2010/01/05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)

DRV:64bit: - [2009/10/14 22:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)

DRV:64bit: - [2009/09/29 07:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)

DRV:64bit: - [2009/09/29 07:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)

DRV:64bit: - [2009/09/29 07:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)

DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/12 06:14:16 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUMdm.sys -- (PTDUMdm)

DRV:64bit: - [2009/08/12 06:14:16 | 000,141,840 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWWAN.sys -- (PTDUWWAN)

DRV:64bit: - [2009/08/12 06:14:16 | 000,070,672 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUBus.sys -- (PTDUBus)

DRV:64bit: - [2009/08/12 06:14:16 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWFLT.sys -- (PTDUWFLT)

DRV:64bit: - [2009/08/12 06:14:12 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUVsp.sys -- (PTDUVsp)

DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/08/05 21:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)

DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2008/11/19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2008/11/19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2008/11/19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)

DRV - [2011/10/14 18:10:08 | 001,155,704 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111026.030\IDSviA64.sys -- (IDSVia64)

DRV - [2011/07/31 11:36:41 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/01/04 20:47:51 | 000,035,363 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\windrvNT.sys -- (windrvNT)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/05/25 14:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {91666140-44D5-410A-A0B8-D7D017877451}

IE:64bit: - HKLM\..\SearchScopes\{91666140-44D5-410A-A0B8-D7D017877451}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr

IE - HKLM\..\URLSearchHook: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{4667CC2A-B714-45CD-83DA-B6768B7FF82C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes,DefaultScope = {4667CC2A-B714-45CD-83DA-B6768B7FF82C}

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{4667CC2A-B714-45CD-83DA-B6768B7FF82C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS373

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q={searchTerms}

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{9ABEDED2-4DF0-4538-993F-72EA48AEF693}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{EF8201DF-449D-49C4-B705-D2AAEACF5DAF}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034&ilc=12"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/31 11:00:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/11/05 23:36:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files (x86)\CrazyLoader\spointer\extensions\crazyloader@spointer.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox [2011/10/19 22:06:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2011/10/19 22:06:11 | 000,000,000 | ---D | M]

[2012/05/03 19:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

[2012/01/28 21:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fuqpj7lv.default\extensions

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: SpeedBit Search (Enabled)

CHR - default_search_provider: search_url = http://home.speedbit.com/search.aspx?aff=115&q={searchTerms}

CHR - default_search_provider: suggest_url = http://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.3_0\lib/npdapchrome.dll

CHR - plugin: Interest Recognizer for Crazyloader (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\

CHR - Extension: SpeedBit Video Downloader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\

CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\

CHR - Extension: Interest Recognizer for Crazyloader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\

CHR - Extension: SpeedBit Search Predict = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\

CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/05/15 01:14:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)

O2 - BHO: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)

O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)

O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\Grabber.dll (SpeedBit)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()

O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (Soft-Search Toolbar) - {09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)

O3:64bit: - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (mywebsites.pro-FR Toolbar) - {33727F97-486D-4D19-97C3-23F432EF93FC} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [uIExec] C:\Program Files (x86)\NATCOM 3G\UIExec.exe ()

O4 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe (CamfrogWEB Advanced Unicode Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldpt-br.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.35.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}: DhcpNameServer = 10.35.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 09:26:11 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com

[2012/05/16 02:46:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com_files

[2012/05/15 17:34:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/05/15 01:24:53 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/05/15 00:36:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/05/15 00:36:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/05/15 00:36:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/05/15 00:36:06 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2012/05/15 00:36:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/14 15:07:18 | 004,492,858 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/05/14 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt_files

[2012/05/14 14:57:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix_files

[2012/05/14 13:57:53 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/05/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3CB64636-84BB-43EB-9944-2303D41FC449}

[2012/05/14 09:28:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\FRINGE SAISON 01 FRENCH

[2012/05/14 09:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B0B93C11-08CF-4555-8CBD-8B9E5F80A4B8}

[2012/05/14 03:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/05/14 03:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/05/14 03:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012/05/13 19:46:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[www.Cpasbien.com] Red.Tails.2012.FRENCH.BRRIP.XVID.ArRoWs

[2012/05/13 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PeerNetworking

[2012/05/13 14:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/13 14:17:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/05/13 14:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/05/13 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EFDB32B4-A363-48F9-9BED-9F79B351F0DB}

[2012/05/13 13:19:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{42BA1423-83D9-480E-AE8C-69F9087C66C6}

[2012/05/13 13:13:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\connectify

[2012/05/13 12:57:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{78B1FA86-49AD-492D-8D9D-658E2D7D8140}

[2012/05/13 12:15:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2C1C076C-CE1E-4A89-8226-8952DC6E641B}

[2012/05/13 09:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{955356CB-B8BB-4212-AE58-488C0B204FCD}

[2012/05/12 22:24:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr_files

[2012/05/12 21:52:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes

[2012/05/12 21:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/12 21:36:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F30CFFDF-F135-4EF8-965C-A65879F8ED78}

[2012/05/12 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DD438431-7884-4A1A-ADA0-EF8F0EE2FF31}

[2012/05/12 20:19:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{47C484F2-4E69-479E-B975-EBC2BCE9AF51}

[2012/05/11 23:30:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DC07C48B-82FE-433A-8B93-3000BEA10D1F}

[2012/05/10 21:49:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B74451CD-7B91-4987-925B-22FBD6F525DE}

[2012/05/10 19:33:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{411EB123-1310-4B98-90DC-304B7DA97A87}

[2012/05/09 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine

[2012/05/09 13:00:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[www.Cpasbien.com] The.Avengers.2012.TRUEFRENCH.TS.MD.XviD-BLOODYMARY

[2012/05/07 23:28:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/05/07 23:16:00 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\87617208.sys

[2012/05/07 20:51:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr

[2012/05/07 17:42:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\original ntdll.dll

[2012/05/07 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC_files

[2012/05/07 07:41:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Toussaint_Louverture

[2012/05/03 19:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload

[2012/05/03 16:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/04/23 22:34:09 | 000,000,000 | ---D | C] -- C:\found.000

[2012/04/21 15:42:03 | 000,000,000 | ---D | C] -- C:\windows\en

[2012/04/21 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

[2012/04/17 09:13:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus - Méthode préliminaire de désinfection_files

[2012/04/16 19:35:13 | 000,000,000 | ---D | C] -- C:\ZHP

[2012/04/16 19:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag

[2012/04/16 19:28:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Saamu - Procédure de Décontamination du Saamu_files

[2012/04/16 19:06:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Skype

[2012/04/16 17:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2012/04/16 17:27:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 10:28:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/05/16 10:21:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/16 09:54:37 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job

[2012/05/16 09:26:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com

[2012/05/16 08:19:30 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/16 08:19:30 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/16 08:11:53 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/16 08:11:46 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl

[2012/05/16 08:11:24 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/16 02:47:00 | 000,052,051 | ---- | M] () -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com.htm

[2012/05/15 21:51:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job

[2012/05/15 19:53:29 | 000,743,354 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/05/15 19:53:29 | 000,635,308 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/05/15 19:53:29 | 000,111,810 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/05/15 01:14:42 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/05/14 15:17:09 | 004,492,858 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/05/14 14:58:35 | 000,055,825 | ---- | M] () -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.htm

[2012/05/14 14:58:02 | 000,063,797 | ---- | M] () -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix.htm

[2012/05/14 13:59:20 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/05/14 12:57:00 | 000,000,832 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job

[2012/05/13 19:43:01 | 000,008,428 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2012/05/13 14:17:02 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/13 09:46:13 | 000,473,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/05/12 22:24:31 | 000,155,656 | ---- | M] () -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr.html

[2012/05/09 14:06:46 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf

[2012/05/07 23:16:00 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\87617208.sys

[2012/05/07 20:51:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr

[2012/05/07 17:41:36 | 000,585,039 | ---- | M] () -- C:\Users\Owner\Desktop\ntdll.zip

[2012/05/07 16:24:53 | 000,022,283 | ---- | M] () -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC.html

[2012/05/03 16:03:46 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif

[2012/05/03 16:03:20 | 000,757,504 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/04/26 09:57:21 | 000,566,699 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe

[2012/04/24 12:06:43 | 000,910,522 | ---- | M] () -- C:\Users\Owner\Desktop\PC lent - Forums Zebulon_fr_html&pid=1610161#entry1610161.mht

[2012/04/24 11:24:57 | 000,051,425 | ---- | M] () -- C:\Users\Owner\Desktop\coaco appendice.pdf

[2012/04/24 11:21:09 | 002,106,189 | ---- | M] () -- C:\Users\Owner\Desktop\peritonite appendiculaire.pdf

[2012/04/24 11:03:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2012/04/21 15:31:53 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk

[2012/04/21 15:31:53 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk

[2012/04/21 15:31:52 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk

[2012/04/20 19:30:46 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Larousse Médical.lnk

[2012/04/17 09:13:35 | 000,036,543 | ---- | M] () -- C:\Users\Owner\Desktop\Virus - Méthode préliminaire de désinfection.htm

[2012/04/16 19:28:25 | 000,044,040 | ---- | M] () -- C:\Users\Owner\Desktop\Saamu - Procédure de Décontamination du Saamu.html

[2012/04/16 18:19:38 | 001,266,224 | ---- | M] () -- C:\Users\Owner\Desktop\Skype ne peut pas se connecter - Skype Support Network.mht

[2012/04/16 17:27:17 | 000,001,239 | ---- | M] () -- C:\Users\Owner\Desktop\Revo Uninstaller.lnk

[2012/04/16 14:05:31 | 000,193,174 | ---- | M] () -- C:\Users\Owner\Desktop\Modele Lettre sponsors.zip

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 02:46:59 | 000,052,051 | ---- | C] () -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com.htm

[2012/05/15 00:36:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/05/15 00:36:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/05/15 00:36:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/05/15 00:36:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/05/15 00:36:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/05/14 14:58:21 | 000,055,825 | ---- | C] () -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.htm

[2012/05/14 14:57:49 | 000,063,797 | ---- | C] () -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix.htm

[2012/05/14 13:58:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012/05/14 13:58:35 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/05/13 19:45:19 | 730,234,250 | ---- | C] () -- C:\Users\Owner\Desktop\[www.CpasBien.com] The.Darkest.Hour.2011.FRENCH.BDRiP.MD.XViD-SERUM.avi

[2012/05/13 19:43:00 | 000,008,428 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2012/05/13 14:17:02 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/12 22:24:18 | 000,155,656 | ---- | C] () -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr.html

[2012/05/09 14:06:46 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf

[2012/05/07 17:41:32 | 000,585,039 | ---- | C] () -- C:\Users\Owner\Desktop\ntdll.zip

[2012/05/07 16:24:47 | 000,022,283 | ---- | C] () -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC.html

[2012/05/03 16:03:32 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/04/26 09:56:42 | 000,566,699 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe

[2012/04/24 12:06:36 | 000,910,522 | ---- | C] () -- C:\Users\Owner\Desktop\PC lent - Forums Zebulon_fr_html&pid=1610161#entry1610161.mht

[2012/04/24 11:24:57 | 000,051,425 | ---- | C] () -- C:\Users\Owner\Desktop\coaco appendice.pdf

[2012/04/24 11:21:08 | 002,106,189 | ---- | C] () -- C:\Users\Owner\Desktop\peritonite appendiculaire.pdf

[2012/04/24 11:03:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2012/04/21 15:31:53 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk

[2012/04/21 15:31:53 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk

[2012/04/21 15:31:52 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk

[2012/04/20 19:30:46 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Larousse Médical.lnk

[2012/04/17 09:13:22 | 000,036,543 | ---- | C] () -- C:\Users\Owner\Desktop\Virus - Méthode préliminaire de désinfection.htm

[2012/04/16 19:28:14 | 000,044,040 | ---- | C] () -- C:\Users\Owner\Desktop\Saamu - Procédure de Décontamination du Saamu.html

[2012/04/16 18:19:38 | 001,266,224 | ---- | C] () -- C:\Users\Owner\Desktop\Skype ne peut pas se connecter - Skype Support Network.mht

[2012/04/16 17:27:17 | 000,001,239 | ---- | C] () -- C:\Users\Owner\Desktop\Revo Uninstaller.lnk

[2012/04/16 14:05:30 | 000,193,174 | ---- | C] () -- C:\Users\Owner\Desktop\Modele Lettre sponsors.zip

[2012/01/26 14:25:44 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE

[2011/10/26 00:11:59 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll

[2011/10/19 22:06:23 | 000,102,912 | ---- | C] () -- C:\windows\SysWow64\EasyHook64.dll

[2011/10/19 22:06:23 | 000,084,480 | ---- | C] () -- C:\windows\SysWow64\EasyHook32.dll

[2011/07/31 11:40:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll

[2011/07/31 11:40:28 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini

[2011/05/20 16:52:29 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/05/15 19:07:26 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{5F094ED4-FC9B-4D45-B386-5D4D5BDC3DD6}

[2011/01/04 20:47:41 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\suppdll.dll

[2011/01/04 20:47:41 | 000,035,363 | ---- | C] () -- C:\windows\SysWow64\windrvNT.sys

[2010/10/28 14:15:37 | 000,000,196 | ---- | C] () -- C:\windows\ulead32.ini

[2010/10/19 20:54:19 | 000,757,504 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2010/09/07 11:57:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/05/18 15:13:55 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/04/26 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\aHisoft

[2010/04/04 23:47:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo

[2012/03/30 19:51:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity

[2012/05/16 01:35:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox

[2011/11/28 01:28:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free MP3 WMA Cutter

[2010/05/07 16:49:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeAudioPack

[2010/05/11 10:29:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeCDRipper

[2010/11/28 08:26:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0

[2011/10/14 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech

[2011/12/07 01:17:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leawo

[2011/04/23 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics

[2011/10/11 12:56:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ManyCam

[2011/07/09 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mjusbsp

[2012/01/08 20:08:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details

[2010/07/04 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org

[2012/05/13 19:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking

[2011/04/16 10:02:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smith Micro

[2012/03/07 02:40:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy

[2011/11/06 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp

[2010/07/16 16:13:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific

[2011/12/07 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tiger-k

[2011/07/17 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba

[2012/01/21 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software

[2010/06/12 16:47:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue

[2010/04/04 22:53:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

[2011/12/12 13:08:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Youtube Downloader HD

[2011/04/23 14:54:17 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}

[2012/05/15 21:51:00 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job

[2012/05/16 09:54:37 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job

[2012/03/29 08:24:15 | 000,032,598 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:862BDB1A

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Share this post


Link to post
Share on other sites

There's still signs of Norton Security Suite running on the system.

Make sure the Norton firewall is uninstalled also, enable Windows firewall.

Download and run their uninstaller, reboot and re-scan with OTL > post the log and we'll clean up the rest of it:

https://www-secure.s...n=1&pvid=f-home

MrC

Share this post


Link to post
Share on other sites

hi.

The new otl report:

OTL logfile created on: 5/17/2012 11:19:42 AM - Run 3

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 59.93% Memory free

5.74 Gb Paging File | 4.47 Gb Available in Paging File | 77.83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 287.55 Gb Total Space | 17.42 Gb Free Space | 6.06% Space Free | Partition Type: NTFS

Drive E: | 12.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 09:26:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

PRC - [2012/01/26 14:51:34 | 000,092,320 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe

PRC - [2011/11/18 10:24:26 | 000,270,672 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe

PRC - [2011/11/18 10:24:26 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\UIExec.exe

PRC - [2011/06/16 06:55:12 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\Messenger\Ymsgr_tray.exe

PRC - [2010/11/16 08:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe

PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe

PRC - [2009/07/13 17:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2007/04/30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/18 10:24:26 | 000,153,424 | ---- | M] () -- C:\Program Files (x86)\NATCOM 3G\UIExec.exe

MOD - [2011/10/19 22:05:36 | 000,084,480 | ---- | M] () -- C:\Windows\SysWOW64\EasyHook32.dll

MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\Messenger\yui.dll

MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2007/04/30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll

MOD - [2007/04/21 12:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll

MOD - [2007/04/19 13:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll

MOD - [2002/11/19 13:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODimg.dll

MOD - [2002/03/13 18:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\ODimg.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/08/11 18:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2009/08/05 16:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/08/04 13:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/11/18 10:24:26 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NATCOM 3G\AssistantServices.exe -- (UI Assistant Service)

SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/11/16 08:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbvoice.sys -- (HSPADataCardusbvoice)

DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)

DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)

DRV:64bit: - [2011/03/28 10:16:52 | 000,123,648 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)

DRV:64bit: - [2011/03/26 10:37:12 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/09/27 06:58:47 | 000,121,600 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (mbbdatacard)

DRV:64bit: - [2010/09/27 06:58:47 | 000,121,600 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2010/09/27 06:34:00 | 000,256,000 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)

DRV:64bit: - [2010/09/26 22:53:34 | 000,115,584 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_mbbusbdev.sys -- (ew_mbbusbdev)

DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/01/29 01:46:46 | 001,089,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2010/01/05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)

DRV:64bit: - [2009/09/29 07:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)

DRV:64bit: - [2009/09/29 07:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)

DRV:64bit: - [2009/09/29 07:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)

DRV:64bit: - [2009/08/27 10:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/12 06:14:16 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUMdm.sys -- (PTDUMdm)

DRV:64bit: - [2009/08/12 06:14:16 | 000,141,840 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWWAN.sys -- (PTDUWWAN)

DRV:64bit: - [2009/08/12 06:14:16 | 000,070,672 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUBus.sys -- (PTDUBus)

DRV:64bit: - [2009/08/12 06:14:16 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUWFLT.sys -- (PTDUWFLT)

DRV:64bit: - [2009/08/12 06:14:12 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTDUVsp.sys -- (PTDUVsp)

DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/08/05 21:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)

DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2008/11/19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2008/11/19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2008/11/19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)

DRV - [2011/01/04 20:47:51 | 000,035,363 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\windrvNT.sys -- (windrvNT)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/05/25 14:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {91666140-44D5-410A-A0B8-D7D017877451}

IE:64bit: - HKLM\..\SearchScopes\{91666140-44D5-410A-A0B8-D7D017877451}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr

IE - HKLM\..\URLSearchHook: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{4667CC2A-B714-45CD-83DA-B6768B7FF82C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes,DefaultScope = {4667CC2A-B714-45CD-83DA-B6768B7FF82C}

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{4667CC2A-B714-45CD-83DA-B6768B7FF82C}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS373

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q={searchTerms}

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{9ABEDED2-4DF0-4538-993F-72EA48AEF693}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://fr.search.yahoo.com/search?p={searchTerms}

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\SearchScopes\{EF8201DF-449D-49C4-B705-D2AAEACF5DAF}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034&ilc=12"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files (x86)\CrazyLoader\spointer\extensions\crazyloader@spointer.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox [2011/10/19 22:06:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2011/10/19 22:06:11 | 000,000,000 | ---D | M]

[2012/05/03 19:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

[2012/01/28 21:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fuqpj7lv.default\extensions

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: SpeedBit Search (Enabled)

CHR - default_search_provider: search_url = http://home.speedbit.com/search.aspx?aff=115&q={searchTerms}

CHR - default_search_provider: suggest_url = http://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.3_0\lib/npdapchrome.dll

CHR - plugin: Interest Recognizer for Crazyloader (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\crazyloader_air_chrome.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\

CHR - Extension: SpeedBit Video Downloader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.5_0\

CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\

CHR - Extension: Interest Recognizer for Crazyloader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikmanfpkongnopggnndbikhhicdpfka\3.4.1545.153_0\

CHR - Extension: SpeedBit Search Predict = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\

CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/05/15 01:14:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)

O2 - BHO: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)

O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)

O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\Grabber.dll (SpeedBit)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU89\tbcore3.dll ()

O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (Soft-Search Toolbar) - {09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - C:\Program Files (x86)\Soft-Search\tbSof1.dll (Conduit Ltd.)

O3:64bit: - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\..\Toolbar\WebBrowser: (mywebsites.pro-FR Toolbar) - {33727F97-486D-4D19-97C3-23F432EF93FC} - C:\Program Files (x86)\mywebsites.pro-FR\tbmyw0.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [uIExec] C:\Program Files (x86)\NATCOM 3G\UIExec.exe ()

O4 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-4118694408-3330837379-2833417039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe (CamfrogWEB Advanced Unicode Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldpt-br.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F12E325-8DBA-4F70-B584-B80EBB8731FF}: NameServer = 186.1.192.1 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{670CA8A4-122A-4CC3-A5F2-B51A2FC2880C}: DhcpNameServer = 10.35.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 09:26:11 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com

[2012/05/16 02:46:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com_files

[2012/05/15 17:34:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/05/15 01:24:53 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/05/15 00:36:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/05/15 00:36:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/05/15 00:36:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/05/15 00:36:06 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2012/05/15 00:36:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/14 15:07:18 | 004,492,858 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/05/14 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt_files

[2012/05/14 14:57:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix_files

[2012/05/14 13:57:53 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/05/14 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3CB64636-84BB-43EB-9944-2303D41FC449}

[2012/05/14 09:28:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\FRINGE SAISON 01 FRENCH

[2012/05/14 09:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B0B93C11-08CF-4555-8CBD-8B9E5F80A4B8}

[2012/05/14 03:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/05/14 03:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/05/14 03:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012/05/13 19:46:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[www.Cpasbien.com] Red.Tails.2012.FRENCH.BRRIP.XVID.ArRoWs

[2012/05/13 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PeerNetworking

[2012/05/13 14:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/13 14:17:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/05/13 14:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/05/13 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EFDB32B4-A363-48F9-9BED-9F79B351F0DB}

[2012/05/13 13:19:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{42BA1423-83D9-480E-AE8C-69F9087C66C6}

[2012/05/13 13:13:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\connectify

[2012/05/13 12:57:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{78B1FA86-49AD-492D-8D9D-658E2D7D8140}

[2012/05/13 12:15:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2C1C076C-CE1E-4A89-8226-8952DC6E641B}

[2012/05/13 09:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{955356CB-B8BB-4212-AE58-488C0B204FCD}

[2012/05/12 22:24:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr_files

[2012/05/12 21:52:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes

[2012/05/12 21:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/12 21:36:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F30CFFDF-F135-4EF8-965C-A65879F8ED78}

[2012/05/12 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DD438431-7884-4A1A-ADA0-EF8F0EE2FF31}

[2012/05/12 20:19:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{47C484F2-4E69-479E-B975-EBC2BCE9AF51}

[2012/05/11 23:30:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DC07C48B-82FE-433A-8B93-3000BEA10D1F}

[2012/05/10 21:49:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B74451CD-7B91-4987-925B-22FBD6F525DE}

[2012/05/10 19:33:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{411EB123-1310-4B98-90DC-304B7DA97A87}

[2012/05/09 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine

[2012/05/09 13:00:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[www.Cpasbien.com] The.Avengers.2012.TRUEFRENCH.TS.MD.XviD-BLOODYMARY

[2012/05/07 23:28:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/05/07 23:16:00 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\87617208.sys

[2012/05/07 20:51:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr

[2012/05/07 17:42:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\original ntdll.dll

[2012/05/07 16:24:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC_files

[2012/05/07 07:41:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Toussaint_Louverture

[2012/05/03 19:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload

[2012/05/03 16:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/04/23 22:34:09 | 000,000,000 | ---D | C] -- C:\found.000

[2012/04/21 15:42:03 | 000,000,000 | ---D | C] -- C:\windows\en

[2012/04/21 15:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/17 11:24:34 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/17 11:24:34 | 000,018,736 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/17 11:21:13 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/17 11:17:02 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/17 11:16:59 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl

[2012/05/17 11:16:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/05/17 11:16:04 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/17 10:54:44 | 000,920,096 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe

[2012/05/16 21:51:05 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job

[2012/05/16 21:51:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job

[2012/05/16 18:35:20 | 000,743,354 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/05/16 18:35:20 | 000,635,308 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/05/16 18:35:20 | 000,111,810 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/05/16 09:26:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com

[2012/05/16 02:47:00 | 000,052,051 | ---- | M] () -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com.htm

[2012/05/15 01:14:42 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/05/14 15:17:09 | 004,492,858 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/05/14 14:58:35 | 000,055,825 | ---- | M] () -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.htm

[2012/05/14 14:58:02 | 000,063,797 | ---- | M] () -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix.htm

[2012/05/14 13:59:20 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/05/14 12:57:00 | 000,000,832 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job

[2012/05/13 19:43:01 | 000,008,428 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2012/05/13 14:17:02 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/13 09:46:13 | 000,473,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/05/12 22:24:31 | 000,155,656 | ---- | M] () -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr.html

[2012/05/09 14:06:46 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf

[2012/05/07 23:16:00 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\87617208.sys

[2012/05/07 20:51:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr

[2012/05/07 17:41:36 | 000,585,039 | ---- | M] () -- C:\Users\Owner\Desktop\ntdll.zip

[2012/05/07 16:24:53 | 000,022,283 | ---- | M] () -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC.html

[2012/05/03 16:03:46 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif

[2012/05/03 16:03:20 | 000,757,504 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/04/26 09:57:21 | 000,566,699 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe

[2012/04/24 12:06:43 | 000,910,522 | ---- | M] () -- C:\Users\Owner\Desktop\PC lent - Forums Zebulon_fr_html&pid=1610161#entry1610161.mht

[2012/04/24 11:24:57 | 000,051,425 | ---- | M] () -- C:\Users\Owner\Desktop\coaco appendice.pdf

[2012/04/24 11:21:09 | 002,106,189 | ---- | M] () -- C:\Users\Owner\Desktop\peritonite appendiculaire.pdf

[2012/04/24 11:03:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2012/04/21 15:31:53 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk

[2012/04/21 15:31:53 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk

[2012/04/21 15:31:52 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk

[2012/04/20 19:30:46 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Larousse Médical.lnk

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/17 10:53:06 | 000,920,096 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe

[2012/05/16 02:46:59 | 000,052,051 | ---- | C] () -- C:\Users\Owner\Desktop\How to Access a Violation at the Address Module Ntdll Dll eHow_com.htm

[2012/05/15 00:36:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/05/15 00:36:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/05/15 00:36:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/05/15 00:36:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/05/15 00:36:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/05/14 14:58:21 | 000,055,825 | ---- | C] () -- C:\Users\Owner\Desktop\How to use the Windows 7 System Recovery Environment Command Prompt.htm

[2012/05/14 14:57:49 | 000,063,797 | ---- | C] () -- C:\Users\Owner\Desktop\Un guide et un tutoriel sur l'utilisation de ComboFix.htm

[2012/05/14 13:58:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012/05/14 13:58:35 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/05/13 19:45:19 | 730,234,250 | ---- | C] () -- C:\Users\Owner\Desktop\[www.CpasBien.com] The.Darkest.Hour.2011.FRENCH.BDRiP.MD.XViD-SERUM.avi

[2012/05/13 19:43:00 | 000,008,428 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2012/05/13 14:17:02 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/12 22:24:18 | 000,155,656 | ---- | C] () -- C:\Users\Owner\Desktop\Problème ntdll_dll - Forums Zebulon_fr.html

[2012/05/09 14:06:46 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf

[2012/05/07 17:41:32 | 000,585,039 | ---- | C] () -- C:\Users\Owner\Desktop\ntdll.zip

[2012/05/07 16:24:47 | 000,022,283 | ---- | C] () -- C:\Users\Owner\Desktop\Désactiver l'UAC sous Windows 7 Désactiver l'UAC sous Windows 7 - DepanneTonPC.html

[2012/05/03 16:03:32 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/04/26 09:56:42 | 000,566,699 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe

[2012/04/24 12:06:36 | 000,910,522 | ---- | C] () -- C:\Users\Owner\Desktop\PC lent - Forums Zebulon_fr_html&pid=1610161#entry1610161.mht

[2012/04/24 11:24:57 | 000,051,425 | ---- | C] () -- C:\Users\Owner\Desktop\coaco appendice.pdf

[2012/04/24 11:21:08 | 002,106,189 | ---- | C] () -- C:\Users\Owner\Desktop\peritonite appendiculaire.pdf

[2012/04/24 11:03:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2012/04/21 15:31:53 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk

[2012/04/21 15:31:53 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk

[2012/04/21 15:31:52 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk

[2012/04/20 19:30:46 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Larousse Médical.lnk

[2012/01/26 14:25:44 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE

[2011/10/26 00:11:59 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll

[2011/10/19 22:06:23 | 000,102,912 | ---- | C] () -- C:\windows\SysWow64\EasyHook64.dll

[2011/10/19 22:06:23 | 000,084,480 | ---- | C] () -- C:\windows\SysWow64\EasyHook32.dll

[2011/07/31 11:40:28 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll

[2011/07/31 11:40:28 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini

[2011/05/20 16:52:29 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/05/15 19:07:26 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{5F094ED4-FC9B-4D45-B386-5D4D5BDC3DD6}

[2011/01/04 20:47:41 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\suppdll.dll

[2011/01/04 20:47:41 | 000,035,363 | ---- | C] () -- C:\windows\SysWow64\windrvNT.sys

[2010/10/28 14:15:37 | 000,000,196 | ---- | C] () -- C:\windows\ulead32.ini

[2010/10/19 20:54:19 | 000,757,504 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2010/09/07 11:57:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/05/18 15:13:55 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/04/26 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\aHisoft

[2010/04/04 23:47:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo

[2012/03/30 19:51:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity

[2012/05/16 01:35:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox

[2011/11/28 01:28:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free MP3 WMA Cutter

[2010/05/07 16:49:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeAudioPack

[2010/05/11 10:29:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeCDRipper

[2010/11/28 08:26:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0

[2011/10/14 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech

[2011/12/07 01:17:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leawo

[2011/04/23 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics

[2011/10/11 12:56:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ManyCam

[2011/07/09 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mjusbsp

[2012/01/08 20:08:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details

[2010/07/04 11:21:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org

[2012/05/13 19:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking

[2011/04/16 10:02:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smith Micro

[2012/03/07 02:40:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy

[2011/11/06 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp

[2010/07/16 16:13:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific

[2011/12/07 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tiger-k

[2011/07/17 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba

[2012/01/21 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software

[2010/06/12 16:47:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue

[2010/04/04 22:53:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

[2011/12/12 13:08:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Youtube Downloader HD

[2011/04/23 14:54:17 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}

[2012/05/16 21:51:00 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001Core.job

[2012/05/16 21:51:05 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4118694408-3330837379-2833417039-1001UA.job

[2012/03/29 08:24:15 | 000,032,598 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:862BDB1A

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Share this post


Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Share this post


Link to post
Share on other sites

hi. the new otl report:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Owner

->Java cache emptied: 544175 bytes

User: Public

Total Java Files Cleaned = 1.00 mb

[EMPTYTEMP]

User: All Users

User: AppData

->Temp folder emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Owner

->Temp folder emptied: 27658591 bytes

->Temporary Internet Files folder emptied: 1224697887 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 55888520 bytes

->Apple Safari cache emptied: 201728 bytes

->Flash cache emptied: 217280 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 75256 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes

RecycleBin emptied: 92274894 bytes

Total Files Cleaned = 1,336.00 mb

OTL by OldTimer - Version 3.2.43.0 log created on 05172012_142900

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Owner\AppData\Local\Temp\WER92C7.tmp.resp.erc.xml not found!

File\Folder C:\Users\Owner\AppData\Local\Temp\WER92C8.tmp.resp not found!

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\0[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\a045f1f1e001a3c656db597f7279a291[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\cdx10b[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\cdx10b[2].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YO86N31H\offerScript[1].txt moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJGM0J0P\cdx10b[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJGM0J0P\hub[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLI5YAD4\cdx10b[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLI5YAD4\derefbkcookie[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLI5YAD4\derefbkcookie[2].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLTKGZAE\g[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLTKGZAE\rdr12[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWUKIKS4\0[1].htm moved successfully.

File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWUKIKS4\3328[1].htm not found!

File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWUKIKS4\search[3].htm not found!

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUF5Y3DG\launch[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUF5Y3DG\rdr12[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUF5Y3DG\rdr12[2].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\cdx10b[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\cdx10b[2].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\isInternalUser[1].js moved successfully.

File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\like[1].htm not found!

File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\like[2].htm not found!

File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\like[3].htm not found!

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX97K6MB\yql[2].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB4HEFTQ\0[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB4HEFTQ\rdr12[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HB4HEFTQ\rdr12[2].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4XXZHS3\ads[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4XXZHS3\csc-render[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4XXZHS3\hub[1].htm moved successfully.

File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4XXZHS3\ManyCamSetup[1].exe not found!

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\8u6MwFSvaR2[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\cdx10b[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\jsonp[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\offerScript[1].txt moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGOSVWBD\xd_arbiter[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\cdx10b[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\ext-render-secure[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\fc[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\st[1] moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YPNNFDY\st[2] moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\0[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\0[2].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\0[3].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\981[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\addyn_3[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\cdx10b[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\offerScript[1].txt moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\rdr12[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73A273VQ\xframe-proxy_20110929[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CT241VQ\0[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CT241VQ\xd_arbiter[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28HG72PU\derefbkcookie[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28HG72PU\pdr_light[1].css moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T1M7OV7\1714[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T1M7OV7\492[1].js moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T1M7OV7\follow_button.1336551279[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ISHW7S2\pd_light[1].css moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ISHW7S2\xframe-proxy_20110929[1].htm moved successfully.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

It has update!!! thank you a lot MrCharlie!!!!! thank youuuuuuuuuuuuuu to have been so patient with me... i was desesperate! Just can't believe!!!! You the best! :-) :-)

Share this post


Link to post
Share on other sites

Great :)

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java Auto Updater

Java™ 6 Update 29

Then download and install the latest version Java™ 7 Update 4.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Thx again MrCharlie... i have really appreciate... much respect and love... :-)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.