friedmal

Malware redirector removal help needed

27 posts in this topic

Hello friedmal and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

First, uninstall µTorrent and LimeWire 5.5.16, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Second, Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. You have ZoneAlarm Antivirus and Norton AntiVirus. I suggest you to uninstall ZoneAlarm Antivirus. If you think so, uninstall the following applications:

Free Antivirus + Firewall

ZoneAlarm Antivirus

ZoneAlarm Security Toolbar

Step 2

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Share this post


Link to post
Share on other sites

what was found? did i miss in your response?

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.08.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

lmf1 :: LMF-DELL [administrator]

Protection: Enabled

05/08/12 04:57:04 PM

mbam-log-2012-05-08 (16-57-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230616

Time elapsed: 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

17:03:15.0820 7664 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

17:03:16.0091 7664 ============================================================

17:03:16.0092 7664 Current date / time: 2012/05/08 17:03:16.0091

17:03:16.0092 7664 SystemInfo:

17:03:16.0092 7664

17:03:16.0092 7664 OS Version: 6.1.7601 ServicePack: 1.0

17:03:16.0092 7664 Product type: Workstation

17:03:16.0092 7664 ComputerName: LMF-DELL

17:03:16.0092 7664 UserName: lmf1

17:03:16.0092 7664 Windows directory: C:\Windows

17:03:16.0092 7664 System windows directory: C:\Windows

17:03:16.0092 7664 Running under WOW64

17:03:16.0092 7664 Processor architecture: Intel x64

17:03:16.0092 7664 Number of processors: 8

17:03:16.0092 7664 Page size: 0x1000

17:03:16.0092 7664 Boot type: Normal boot

17:03:16.0092 7664 ============================================================

17:03:16.0285 7664 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:03:16.0292 7664 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:03:16.0317 7664 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:03:16.0321 7664 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:03:16.0907 7664 ============================================================

17:03:16.0907 7664 \Device\Harddisk0\DR0:

17:03:16.0909 7664 MBR partitions:

17:03:16.0909 7664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782

17:03:16.0909 7664 \Device\Harddisk1\DR1:

17:03:16.0909 7664 MBR partitions:

17:03:16.0909 7664 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1E00000

17:03:16.0909 7664 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1E170AC, BlocksNum 0xACC6F695

17:03:16.0909 7664 \Device\Harddisk2\DR2:

17:03:16.0909 7664 MBR partitions:

17:03:16.0909 7664 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705C02

17:03:16.0909 7664 \Device\Harddisk3\DR3:

17:03:16.0910 7664 MBR partitions:

17:03:16.0910 7664 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

17:03:16.0910 7664 ============================================================

17:03:16.0911 7664 C: <-> \Device\Harddisk0\DR0\Partition0

17:03:16.0932 7664 J: <-> \Device\Harddisk3\DR3\Partition0

17:03:16.0942 7664 E: <-> \Device\Harddisk2\DR2\Partition0

17:03:16.0964 7664 D: <-> \Device\Harddisk1\DR1\Partition1

17:03:16.0964 7664 ============================================================

17:03:16.0964 7664 Initialize success

17:03:16.0964 7664 ============================================================

17:03:25.0106 7564 ============================================================

17:03:25.0106 7564 Scan started

17:03:25.0106 7564 Mode: Manual; SigCheck; TDLFS;

17:03:25.0106 7564 ============================================================

17:03:25.0417 7564 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:03:25.0468 7564 1394ohci - ok

17:03:25.0481 7564 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:03:25.0491 7564 ACPI - ok

17:03:25.0493 7564 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:03:25.0501 7564 AcpiPmi - ok

17:03:25.0509 7564 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

17:03:25.0514 7564 AdobeARMservice - ok

17:03:25.0543 7564 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:03:25.0550 7564 AdobeFlashPlayerUpdateSvc - ok

17:03:25.0567 7564 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

17:03:25.0578 7564 adp94xx - ok

17:03:25.0591 7564 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

17:03:25.0600 7564 adpahci - ok

17:03:25.0607 7564 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

17:03:25.0615 7564 adpu320 - ok

17:03:25.0620 7564 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

17:03:25.0642 7564 AeLookupSvc - ok

17:03:25.0659 7564 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

17:03:25.0669 7564 AFD - ok

17:03:25.0674 7564 AGCoreService (ead9c3ab25a3159abd7b05dcac607a61) C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe

17:03:25.0677 7564 AGCoreService ( UnsignedFile.Multi.Generic ) - warning

17:03:25.0677 7564 AGCoreService - detected UnsignedFile.Multi.Generic (1)

17:03:25.0680 7564 AgereModemAudio (48008d4ea73c1058f36d323a644410d4) C:\Program Files\LSI SoftModem\agr64svc.exe

17:03:25.0709 7564 AgereModemAudio - ok

17:03:25.0744 7564 AGERESoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys

17:03:25.0760 7564 AGERESoftModem - ok

17:03:25.0764 7564 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:03:25.0771 7564 agp440 - ok

17:03:25.0776 7564 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

17:03:25.0784 7564 ALG - ok

17:03:25.0786 7564 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:03:25.0792 7564 aliide - ok

17:03:25.0801 7564 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe

17:03:25.0811 7564 AMD External Events Utility - ok

17:03:25.0813 7564 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:03:25.0819 7564 amdide - ok

17:03:25.0823 7564 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

17:03:25.0831 7564 AmdK8 - ok

17:03:26.0090 7564 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys

17:03:26.0159 7564 amdkmdag - ok

17:03:26.0195 7564 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys

17:03:26.0206 7564 amdkmdap - ok

17:03:26.0210 7564 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

17:03:26.0217 7564 AmdPPM - ok

17:03:26.0222 7564 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

17:03:26.0229 7564 amdsata - ok

17:03:26.0236 7564 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

17:03:26.0244 7564 amdsbs - ok

17:03:26.0246 7564 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

17:03:26.0253 7564 amdxata - ok

17:03:26.0256 7564 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:03:26.0277 7564 AppID - ok

17:03:26.0279 7564 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

17:03:26.0300 7564 AppIDSvc - ok

17:03:26.0304 7564 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

17:03:26.0325 7564 Appinfo - ok

17:03:26.0332 7564 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:03:26.0338 7564 Apple Mobile Device - ok

17:03:26.0344 7564 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

17:03:26.0351 7564 arc - ok

17:03:26.0356 7564 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

17:03:26.0363 7564 arcsas - ok

17:03:26.0376 7564 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:03:26.0382 7564 aspnet_state - ok

17:03:26.0384 7564 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:03:26.0405 7564 AsyncMac - ok

17:03:26.0407 7564 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:03:26.0414 7564 atapi - ok

17:03:26.0421 7564 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

17:03:26.0427 7564 AtiHDAudioService - ok

17:03:26.0450 7564 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

17:03:26.0475 7564 AudioEndpointBuilder - ok

17:03:26.0479 7564 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

17:03:26.0502 7564 AudioSrv - ok

17:03:26.0515 7564 awhost32 (9c2ce606e4e7e572799f33aee5a59c3c) C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe

17:03:26.0519 7564 awhost32 ( UnsignedFile.Multi.Generic ) - warning

17:03:26.0519 7564 awhost32 - detected UnsignedFile.Multi.Generic (1)

17:03:26.0520 7564 awlegacy - ok

17:03:26.0526 7564 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

17:03:26.0536 7564 AxInstSV - ok

17:03:26.0552 7564 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

17:03:26.0562 7564 b06bdrv - ok

17:03:26.0574 7564 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:03:26.0582 7564 b57nd60a - ok

17:03:26.0586 7564 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

17:03:26.0591 7564 BCM42RLY - ok

17:03:26.0678 7564 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

17:03:26.0711 7564 BCM43XX - ok

17:03:26.0741 7564 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

17:03:26.0749 7564 BDESVC - ok

17:03:26.0754 7564 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:03:26.0774 7564 Beep - ok

17:03:26.0796 7564 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

17:03:26.0821 7564 BFE - ok

17:03:26.0859 7564 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys

17:03:26.0874 7564 BHDrvx64 - ok

17:03:26.0922 7564 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

17:03:26.0948 7564 BITS - ok

17:03:26.0955 7564 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:03:26.0963 7564 blbdrive - ok

17:03:26.0979 7564 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

17:03:26.0987 7564 Bonjour Service - ok

17:03:26.0993 7564 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:03:27.0001 7564 bowser - ok

17:03:27.0003 7564 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

17:03:27.0012 7564 BrFiltLo - ok

17:03:27.0014 7564 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

17:03:27.0022 7564 BrFiltUp - ok

17:03:27.0028 7564 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

17:03:27.0049 7564 BridgeMP - ok

17:03:27.0057 7564 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

17:03:27.0078 7564 Browser - ok

17:03:27.0089 7564 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:03:27.0097 7564 Brserid - ok

17:03:27.0101 7564 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:03:27.0110 7564 BrSerWdm - ok

17:03:27.0112 7564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:03:27.0121 7564 BrUsbMdm - ok

17:03:27.0123 7564 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:03:27.0130 7564 BrUsbSer - ok

17:03:27.0133 7564 BthAudioHF (07dcb3c254d584e3949fe2c0ee3963f2) C:\Windows\system32\DRIVERS\BthAudioHF.sys

17:03:27.0139 7564 BthAudioHF - ok

17:03:27.0142 7564 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys

17:03:27.0148 7564 BthAvrcp - ok

17:03:27.0151 7564 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

17:03:27.0158 7564 BthEnum - ok

17:03:27.0162 7564 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

17:03:27.0171 7564 BTHMODEM - ok

17:03:27.0178 7564 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

17:03:27.0187 7564 BthPan - ok

17:03:27.0205 7564 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

17:03:27.0217 7564 BTHPORT - ok

17:03:27.0222 7564 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

17:03:27.0243 7564 bthserv - ok

17:03:27.0247 7564 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

17:03:27.0254 7564 BTHUSB - ok

17:03:27.0262 7564 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys

17:03:27.0269 7564 ccSet_NAV - ok

17:03:27.0276 7564 ccSet_NST (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys

17:03:27.0282 7564 ccSet_NST - ok

17:03:27.0289 7564 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:03:27.0310 7564 cdfs - ok

17:03:27.0316 7564 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

17:03:27.0324 7564 cdrom - ok

17:03:27.0329 7564 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

17:03:27.0350 7564 CertPropSvc - ok

17:03:27.0353 7564 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

17:03:27.0363 7564 circlass - ok

17:03:27.0377 7564 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:03:27.0386 7564 CLFS - ok

17:03:27.0396 7564 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:03:27.0402 7564 clr_optimization_v2.0.50727_32 - ok

17:03:27.0410 7564 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:03:27.0416 7564 clr_optimization_v2.0.50727_64 - ok

17:03:27.0427 7564 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:03:27.0434 7564 clr_optimization_v4.0.30319_32 - ok

17:03:27.0447 7564 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:03:27.0453 7564 clr_optimization_v4.0.30319_64 - ok

17:03:27.0456 7564 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

17:03:27.0463 7564 CmBatt - ok

17:03:27.0465 7564 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:03:27.0471 7564 cmdide - ok

17:03:27.0487 7564 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:03:27.0501 7564 CNG - ok

17:03:27.0505 7564 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:03:27.0511 7564 Compbatt - ok

17:03:27.0514 7564 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:03:27.0523 7564 CompositeBus - ok

17:03:27.0524 7564 COMSysApp - ok

17:03:27.0527 7564 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

17:03:27.0533 7564 crcdisk - ok

17:03:27.0542 7564 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

17:03:27.0564 7564 CryptSvc - ok

17:03:27.0569 7564 csr_a2dp (df07c6d98ba7f81d0571e366b1cd6672) C:\Windows\system32\drivers\bthav.sys

17:03:27.0575 7564 csr_a2dp - ok

17:03:27.0593 7564 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

17:03:27.0617 7564 DcomLaunch - ok

17:03:27.0631 7564 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

17:03:27.0653 7564 defragsvc - ok

17:03:27.0664 7564 DellDigitalDelivery (fc72d309e86e5caecbbbbc37f7be038d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

17:03:27.0668 7564 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning

17:03:27.0668 7564 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)

17:03:27.0674 7564 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:03:27.0695 7564 DfsC - ok

17:03:27.0709 7564 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

17:03:27.0731 7564 Dhcp - ok

17:03:27.0734 7564 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:03:27.0755 7564 discache - ok

17:03:27.0759 7564 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

17:03:27.0765 7564 Disk - ok

17:03:27.0834 7564 Diskeeper (e1d08ebc5d2c11d7e49b28ea5303d1cd) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

17:03:27.0861 7564 Diskeeper - ok

17:03:27.0889 7564 DKRtWrt (0172038dabf0df25b2d95cd886b8aa56) C:\Windows\system32\DRIVERS\DKRtWrt.sys

17:03:27.0895 7564 DKRtWrt - ok

17:03:27.0903 7564 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

17:03:27.0912 7564 Dnscache - ok

17:03:27.0925 7564 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

17:03:27.0947 7564 dot3svc - ok

17:03:27.0955 7564 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

17:03:27.0976 7564 DPS - ok

17:03:27.0989 7564 DragonSvc (b123656688d67df3a08fe5912203f71b) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

17:03:27.0997 7564 DragonSvc - ok

17:03:27.0999 7564 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:03:28.0007 7564 drmkaud - ok

17:03:28.0036 7564 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:03:28.0051 7564 DXGKrnl - ok

17:03:28.0053 7564 EACMOS - ok

17:03:28.0061 7564 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

17:03:28.0082 7564 EapHost - ok

17:03:28.0084 7564 EAWDMFD - ok

17:03:28.0170 7564 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

17:03:28.0198 7564 ebdrv - ok

17:03:28.0219 7564 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

17:03:28.0228 7564 eeCtrl - ok

17:03:28.0253 7564 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

17:03:28.0260 7564 EFS - ok

17:03:28.0282 7564 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

17:03:28.0293 7564 ehRecvr - ok

17:03:28.0300 7564 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

17:03:28.0308 7564 ehSched - ok

17:03:28.0326 7564 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

17:03:28.0337 7564 elxstor - ok

17:03:28.0340 7564 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys

17:03:28.0344 7564 epmntdrv ( UnsignedFile.Multi.Generic ) - warning

17:03:28.0344 7564 epmntdrv - detected UnsignedFile.Multi.Generic (1)

17:03:28.0355 7564 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

17:03:28.0361 7564 EraserUtilRebootDrv - ok

17:03:28.0363 7564 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:03:28.0370 7564 ErrDev - ok

17:03:28.0374 7564 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys

17:03:28.0378 7564 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning

17:03:28.0378 7564 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)

17:03:28.0392 7564 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

17:03:28.0415 7564 EventSystem - ok

17:03:28.0428 7564 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:03:28.0450 7564 exfat - ok

17:03:28.0460 7564 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:03:28.0482 7564 fastfat - ok

17:03:28.0503 7564 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

17:03:28.0514 7564 Fax - ok

17:03:28.0517 7564 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

17:03:28.0524 7564 fdc - ok

17:03:28.0527 7564 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

17:03:28.0548 7564 fdPHost - ok

17:03:28.0551 7564 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

17:03:28.0572 7564 FDResPub - ok

17:03:28.0578 7564 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:03:28.0585 7564 FileInfo - ok

17:03:28.0588 7564 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:03:28.0609 7564 Filetrace - ok

17:03:28.0640 7564 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

17:03:28.0654 7564 FLEXnet Licensing Service - ok

17:03:28.0658 7564 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

17:03:28.0665 7564 flpydisk - ok

17:03:28.0676 7564 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:03:28.0685 7564 FltMgr - ok

17:03:28.0719 7564 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

17:03:28.0733 7564 FontCache - ok

17:03:28.0739 7564 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:03:28.0745 7564 FontCache3.0.0.0 - ok

17:03:28.0752 7564 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:03:28.0758 7564 FsDepends - ok

17:03:28.0761 7564 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

17:03:28.0767 7564 Fs_Rec - ok

17:03:28.0777 7564 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:03:28.0787 7564 fvevol - ok

17:03:28.0793 7564 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

17:03:28.0800 7564 gagp30kx - ok

17:03:28.0803 7564 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:03:28.0808 7564 GEARAspiWDM - ok

17:03:28.0813 7564 GenericMount (9ba50351af95c9df28c8bcd382427d11) C:\Windows\system32\DRIVERS\GenericMount.sys

17:03:28.0819 7564 GenericMount - ok

17:03:28.0884 7564 GenericMount Helper Service (9573dc01b6baa0371ed4afbaebee4dcc) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe

17:03:28.0909 7564 GenericMount Helper Service - ok

17:03:28.0938 7564 Gernuwa - ok

17:03:28.0962 7564 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

17:03:28.0987 7564 gpsvc - ok

17:03:28.0996 7564 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:03:29.0002 7564 gupdate - ok

17:03:29.0004 7564 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:03:29.0010 7564 gupdatem - ok

17:03:29.0017 7564 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

17:03:29.0023 7564 gusvc - ok

17:03:29.0027 7564 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:03:29.0034 7564 hcw85cir - ok

17:03:29.0046 7564 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

17:03:29.0057 7564 HdAudAddService - ok

17:03:29.0065 7564 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:03:29.0074 7564 HDAudBus - ok

17:03:29.0094 7564 HFGService (ee8c05f926521a0e24edaf40f45d01e6) C:\Windows\System32\HFGService.dll

17:03:29.0104 7564 HFGService - ok

17:03:29.0107 7564 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:03:29.0114 7564 HidBatt - ok

17:03:29.0120 7564 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

17:03:29.0129 7564 HidBth - ok

17:03:29.0134 7564 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

17:03:29.0142 7564 HidIr - ok

17:03:29.0146 7564 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

17:03:29.0167 7564 hidserv - ok

17:03:29.0170 7564 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:03:29.0177 7564 HidUsb - ok

17:03:29.0183 7564 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

17:03:29.0204 7564 hkmsvc - ok

17:03:29.0215 7564 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

17:03:29.0223 7564 HomeGroupListener - ok

17:03:29.0232 7564 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

17:03:29.0240 7564 HomeGroupProvider - ok

17:03:29.0245 7564 hotcore3 (493e56dd377ab330873ae659004b134c) C:\Windows\system32\DRIVERS\hotcore3.sys

17:03:29.0251 7564 hotcore3 - ok

17:03:29.0255 7564 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:03:29.0262 7564 HpSAMD - ok

17:03:29.0284 7564 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:03:29.0309 7564 HTTP - ok

17:03:29.0312 7564 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:03:29.0319 7564 hwpolicy - ok

17:03:29.0324 7564 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

17:03:29.0332 7564 i8042prt - ok

17:03:29.0351 7564 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys

17:03:29.0361 7564 iaStor - ok

17:03:29.0367 7564 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

17:03:29.0372 7564 IAStorDataMgrSvc - ok

17:03:29.0389 7564 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\DRIVERS\iaStorV.sys

17:03:29.0399 7564 iaStorV - ok

17:03:29.0406 7564 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

17:03:29.0409 7564 IDriverT ( UnsignedFile.Multi.Generic ) - warning

17:03:29.0409 7564 IDriverT - detected UnsignedFile.Multi.Generic (1)

17:03:29.0435 7564 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:03:29.0448 7564 idsvc - ok

17:03:29.0470 7564 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120507.001\IDSvia64.sys

17:03:29.0480 7564 IDSVia64 - ok

17:03:29.0506 7564 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

17:03:29.0513 7564 iirsp - ok

17:03:29.0539 7564 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

17:03:29.0565 7564 IKEEXT - ok

17:03:29.0572 7564 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

17:03:29.0579 7564 Impcd - ok

17:03:29.0656 7564 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys

17:03:29.0684 7564 IntcAzAudAddService - ok

17:03:29.0717 7564 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

17:03:29.0725 7564 IntcDAud - ok

17:03:29.0728 7564 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:03:29.0734 7564 intelide - ok

17:03:29.0739 7564 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:03:29.0747 7564 intelppm - ok

17:03:29.0753 7564 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

17:03:29.0774 7564 IPBusEnum - ok

17:03:29.0780 7564 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:03:29.0800 7564 IpFilterDriver - ok

17:03:29.0819 7564 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

17:03:29.0843 7564 iphlpsvc - ok

17:03:29.0850 7564 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:03:29.0857 7564 IPMIDRV - ok

17:03:29.0864 7564 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:03:29.0885 7564 IPNAT - ok

17:03:29.0919 7564 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

17:03:29.0932 7564 iPod Service - ok

17:03:29.0935 7564 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:03:29.0945 7564 IRENUM - ok

17:03:29.0948 7564 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:03:29.0955 7564 isapnp - ok

17:03:29.0968 7564 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:03:29.0976 7564 iScsiPrt - ok

17:03:29.0993 7564 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys

17:03:30.0002 7564 k57nd60a - ok

17:03:30.0006 7564 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:03:30.0013 7564 kbdclass - ok

17:03:30.0016 7564 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

17:03:30.0023 7564 kbdhid - ok

17:03:30.0027 7564 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:03:30.0034 7564 KeyIso - ok

17:03:30.0039 7564 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:03:30.0046 7564 KSecDD - ok

17:03:30.0054 7564 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:03:30.0062 7564 KSecPkg - ok

17:03:30.0065 7564 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:03:30.0086 7564 ksthunk - ok

17:03:30.0101 7564 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

17:03:30.0125 7564 KtmRm - ok

17:03:30.0134 7564 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

17:03:30.0156 7564 LanmanServer - ok

17:03:30.0163 7564 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

17:03:30.0184 7564 LanmanWorkstation - ok

17:03:30.0270 7564 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

17:03:30.0302 7564 LiveUpdate - ok

17:03:30.0329 7564 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:03:30.0350 7564 lltdio - ok

17:03:30.0364 7564 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

17:03:30.0387 7564 lltdsvc - ok

17:03:30.0390 7564 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

17:03:30.0411 7564 lmhosts - ok

17:03:30.0420 7564 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

17:03:30.0427 7564 LSI_FC - ok

17:03:30.0435 7564 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

17:03:30.0441 7564 LSI_SAS - ok

17:03:30.0446 7564 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

17:03:30.0453 7564 LSI_SAS2 - ok

17:03:30.0459 7564 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

17:03:30.0466 7564 LSI_SCSI - ok

17:03:30.0473 7564 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:03:30.0494 7564 luafv - ok

17:03:30.0498 7564 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

17:03:30.0504 7564 MBAMProtector - ok

17:03:30.0529 7564 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

17:03:30.0539 7564 MBAMService - ok

17:03:30.0546 7564 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

17:03:30.0554 7564 Mcx2Svc - ok

17:03:30.0558 7564 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

17:03:30.0565 7564 megasas - ok

17:03:30.0577 7564 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

17:03:30.0586 7564 MegaSR - ok

17:03:30.0590 7564 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

17:03:30.0596 7564 MEIx64 - ok

17:03:30.0600 7564 MemeoBackgroundService (8329d3f6ae70ffab1259f18ba9c6b29a) C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe

17:03:30.0605 7564 MemeoBackgroundService - ok

17:03:30.0612 7564 Microsoft SharePoint Workspace Audit Service - ok

17:03:30.0617 7564 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:03:30.0638 7564 MMCSS - ok

17:03:30.0643 7564 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:03:30.0663 7564 Modem - ok

17:03:30.0667 7564 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:03:30.0675 7564 monitor - ok

17:03:30.0680 7564 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:03:30.0686 7564 mouclass - ok

17:03:30.0690 7564 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:03:30.0697 7564 mouhid - ok

17:03:30.0703 7564 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:03:30.0710 7564 mountmgr - ok

17:03:30.0717 7564 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:03:30.0724 7564 MozillaMaintenance - ok

17:03:30.0733 7564 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:03:30.0741 7564 mpio - ok

17:03:30.0746 7564 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:03:30.0767 7564 mpsdrv - ok

17:03:30.0793 7564 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

17:03:30.0820 7564 MpsSvc - ok

17:03:30.0830 7564 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:03:30.0841 7564 MRxDAV - ok

17:03:30.0849 7564 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:03:30.0857 7564 mrxsmb - ok

17:03:30.0870 7564 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:03:30.0878 7564 mrxsmb10 - ok

17:03:30.0886 7564 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:03:30.0893 7564 mrxsmb20 - ok

17:03:30.0897 7564 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys

17:03:30.0903 7564 msahci - ok

17:03:30.0928 7564 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:03:30.0936 7564 msdsm - ok

17:03:30.0945 7564 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

17:03:30.0954 7564 MSDTC - ok

17:03:30.0960 7564 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:03:30.0980 7564 Msfs - ok

17:03:30.0983 7564 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:03:31.0003 7564 mshidkmdf - ok

17:03:31.0007 7564 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:03:31.0013 7564 msisadrv - ok

17:03:31.0022 7564 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

17:03:31.0044 7564 MSiSCSI - ok

17:03:31.0046 7564 msiserver - ok

17:03:31.0050 7564 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:03:31.0071 7564 MSKSSRV - ok

17:03:31.0074 7564 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:03:31.0095 7564 MSPCLOCK - ok

17:03:31.0097 7564 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:03:31.0118 7564 MSPQM - ok

17:03:31.0131 7564 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:03:31.0141 7564 MsRPC - ok

17:03:31.0146 7564 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:03:31.0152 7564 mssmbios - ok

17:03:31.0155 7564 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:03:31.0176 7564 MSTEE - ok

17:03:31.0179 7564 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

17:03:31.0186 7564 MTConfig - ok

17:03:31.0190 7564 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:03:31.0197 7564 Mup - ok

17:03:31.0214 7564 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

17:03:31.0238 7564 napagent - ok

17:03:31.0251 7564 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:03:31.0263 7564 NativeWifiP - ok

17:03:31.0277 7564 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe

17:03:31.0283 7564 NAV - ok

17:03:31.0295 7564 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120507.038\ENG64.SYS

17:03:31.0300 7564 NAVENG - ok

17:03:31.0362 7564 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\VirusDefs\20120507.038\EX64.SYS

17:03:31.0385 7564 NAVEX15 - ok

17:03:31.0439 7564 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

17:03:31.0455 7564 NDIS - ok

17:03:31.0459 7564 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:03:31.0480 7564 NdisCap - ok

17:03:31.0483 7564 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:03:31.0503 7564 NdisTapi - ok

17:03:31.0508 7564 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:03:31.0528 7564 Ndisuio - ok

17:03:31.0538 7564 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:03:31.0559 7564 NdisWan - ok

17:03:31.0565 7564 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:03:31.0585 7564 NDProxy - ok

17:03:31.0589 7564 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:03:31.0609 7564 NetBIOS - ok

17:03:31.0621 7564 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:03:31.0643 7564 NetBT - ok

17:03:31.0647 7564 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:03:31.0654 7564 Netlogon - ok

17:03:31.0670 7564 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

17:03:31.0693 7564 Netman - ok

17:03:31.0707 7564 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:03:31.0713 7564 NetMsmqActivator - ok

17:03:31.0716 7564 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:03:31.0722 7564 NetPipeActivator - ok

17:03:31.0739 7564 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

17:03:31.0763 7564 netprofm - ok

17:03:31.0766 7564 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:03:31.0772 7564 NetTcpActivator - ok

17:03:31.0775 7564 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:03:31.0781 7564 NetTcpPortSharing - ok

17:03:31.0787 7564 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

17:03:31.0794 7564 nfrd960 - ok

17:03:31.0806 7564 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

17:03:31.0828 7564 NlaSvc - ok

17:03:31.0910 7564 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

17:03:31.0940 7564 NOBU - ok

17:03:32.0106 7564 Norton Ghost (a1787754952a0b700e386dc7c5fa5726) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe

17:03:32.0153 7564 Norton Ghost - ok

17:03:32.0182 7564 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:03:32.0203 7564 Npfs - ok

17:03:32.0207 7564 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

17:03:32.0228 7564 nsi - ok

17:03:32.0232 7564 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:03:32.0252 7564 nsiproxy - ok

17:03:32.0262 7564 NSL (e127420b7feb65c7f279eaac183bbc0e) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe

17:03:32.0268 7564 NSL - ok

17:03:32.0320 7564 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

17:03:32.0341 7564 Ntfs - ok

17:03:32.0369 7564 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:03:32.0389 7564 Null - ok

17:03:32.0396 7564 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys

17:03:32.0402 7564 nusb3hub - ok

17:03:32.0412 7564 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys

17:03:32.0419 7564 nusb3xhc - ok

17:03:32.0430 7564 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

17:03:32.0437 7564 nvraid - ok

17:03:32.0447 7564 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

17:03:32.0454 7564 nvstor - ok

17:03:32.0466 7564 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:03:32.0474 7564 nv_agp - ok

17:03:32.0480 7564 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:03:32.0487 7564 ohci1394 - ok

17:03:32.0499 7564 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:03:32.0505 7564 ose - ok

17:03:32.0655 7564 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:03:32.0706 7564 osppsvc - ok

17:03:32.0745 7564 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:03:32.0754 7564 p2pimsvc - ok

17:03:32.0772 7564 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

17:03:32.0782 7564 p2psvc - ok

17:03:32.0790 7564 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

17:03:32.0798 7564 Parport - ok

17:03:32.0804 7564 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:03:32.0810 7564 partmgr - ok

17:03:32.0816 7564 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys

17:03:32.0822 7564 pbfilter - ok

17:03:32.0832 7564 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

17:03:32.0843 7564 PcaSvc - ok

17:03:32.0854 7564 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:03:32.0862 7564 pci - ok

17:03:32.0865 7564 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:03:32.0872 7564 pciide - ok

17:03:32.0881 7564 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

17:03:32.0889 7564 pcmcia - ok

17:03:32.0894 7564 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:03:32.0900 7564 pcw - ok

17:03:32.0916 7564 PDFProFiltSrv (34e3696102334ce84367336e309f1a0d) C:\Program Files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe

17:03:32.0921 7564 PDFProFiltSrv - ok

17:03:32.0944 7564 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:03:32.0968 7564 PEAUTH - ok

17:03:32.0991 7564 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

17:03:32.0999 7564 PerfHost - ok

17:03:33.0047 7564 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

17:03:33.0076 7564 pla - ok

17:03:33.0093 7564 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

17:03:33.0103 7564 PlugPlay - ok

17:03:33.0124 7564 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\Windows\SysWOW64\drivers\pmemnt.sys

17:03:33.0126 7564 PMEM ( UnsignedFile.Multi.Generic ) - warning

17:03:33.0126 7564 PMEM - detected UnsignedFile.Multi.Generic (1)

17:03:33.0132 7564 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys

17:03:33.0138 7564 pmxdrv - ok

17:03:33.0141 7564 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

17:03:33.0148 7564 PNRPAutoReg - ok

17:03:33.0162 7564 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:03:33.0171 7564 PNRPsvc - ok

17:03:33.0188 7564 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

17:03:33.0211 7564 PolicyAgent - ok

17:03:33.0222 7564 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

17:03:33.0244 7564 Power - ok

17:03:33.0296 7564 PowerAlert Agent (9e5361639c74eb9cc1b656f73af8e21f) C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe

17:03:33.0315 7564 PowerAlert Agent - ok

17:03:33.0347 7564 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:03:33.0368 7564 PptpMiniport - ok

17:03:33.0374 7564 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

17:03:33.0381 7564 Processor - ok

17:03:33.0392 7564 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

17:03:33.0413 7564 ProfSvc - ok

17:03:33.0418 7564 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:03:33.0425 7564 ProtectedStorage - ok

17:03:33.0432 7564 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:03:33.0453 7564 Psched - ok

17:03:33.0498 7564 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

17:03:33.0519 7564 ql2300 - ok

17:03:33.0551 7564 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

17:03:33.0559 7564 ql40xx - ok

17:03:33.0573 7564 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

17:03:33.0585 7564 QWAVE - ok

17:03:33.0590 7564 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:03:33.0600 7564 QWAVEdrv - ok

17:03:33.0603 7564 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:03:33.0624 7564 RasAcd - ok

17:03:33.0630 7564 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:03:33.0650 7564 RasAgileVpn - ok

17:03:33.0659 7564 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

17:03:33.0681 7564 RasAuto - ok

17:03:33.0690 7564 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:03:33.0711 7564 Rasl2tp - ok

17:03:33.0729 7564 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

17:03:33.0754 7564 RasMan - ok

17:03:33.0760 7564 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:03:33.0781 7564 RasPppoe - ok

17:03:33.0788 7564 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:03:33.0808 7564 RasSstp - ok

17:03:33.0823 7564 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:03:33.0845 7564 rdbss - ok

17:03:33.0849 7564 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

17:03:33.0858 7564 rdpbus - ok

17:03:33.0861 7564 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:03:33.0881 7564 RDPCDD - ok

17:03:33.0886 7564 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:03:33.0907 7564 RDPENCDD - ok

17:03:33.0913 7564 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:03:33.0933 7564 RDPREFMP - ok

17:03:33.0946 7564 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

17:03:33.0954 7564 RDPWD - ok

17:03:33.0964 7564 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:03:33.0972 7564 rdyboost - ok

17:03:33.0980 7564 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

17:03:34.0002 7564 RemoteAccess - ok

17:03:34.0010 7564 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

17:03:34.0032 7564 RemoteRegistry - ok

17:03:34.0042 7564 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

17:03:34.0051 7564 RFCOMM - ok

17:03:34.0057 7564 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

17:03:34.0079 7564 RpcEptMapper - ok

17:03:34.0082 7564 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

17:03:34.0090 7564 RpcLocator - ok

17:03:34.0108 7564 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

17:03:34.0133 7564 RpcSs - ok

17:03:34.0139 7564 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:03:34.0160 7564 rspndr - ok

17:03:34.0164 7564 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:03:34.0171 7564 SamSs - ok

17:03:34.0178 7564 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:03:34.0185 7564 sbp2port - ok

17:03:34.0196 7564 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

17:03:34.0219 7564 SCardSvr - ok

17:03:34.0223 7564 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:03:34.0243 7564 scfilter - ok

17:03:34.0282 7564 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

17:03:34.0310 7564 Schedule - ok

17:03:34.0317 7564 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

17:03:34.0337 7564 SCPolicySvc - ok

17:03:34.0340 7564 SDdriver - ok

17:03:34.0352 7564 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

17:03:34.0360 7564 SDRSVC - ok

17:03:34.0364 7564 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:03:34.0385 7564 secdrv - ok

17:03:34.0389 7564 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

17:03:34.0410 7564 seclogon - ok

17:03:34.0416 7564 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

17:03:34.0438 7564 SENS - ok

17:03:34.0442 7564 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

17:03:34.0450 7564 SensrSvc - ok

17:03:34.0453 7564 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

17:03:34.0461 7564 Serenum - ok

17:03:34.0467 7564 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

17:03:34.0475 7564 Serial - ok

17:03:34.0479 7564 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

17:03:34.0486 7564 sermouse - ok

17:03:34.0502 7564 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

17:03:34.0523 7564 SessionEnv - ok

17:03:34.0527 7564 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:03:34.0535 7564 sffdisk - ok

17:03:34.0539 7564 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:03:34.0547 7564 sffp_mmc - ok

17:03:34.0551 7564 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:03:34.0560 7564 sffp_sd - ok

17:03:34.0563 7564 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

17:03:34.0571 7564 sfloppy - ok

17:03:34.0627 7564 SftService (1968e6ebbeecf61d5f7d8603467e2ad0) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

17:03:34.0647 7564 SftService - ok

17:03:34.0684 7564 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

17:03:34.0707 7564 SharedAccess - ok

17:03:34.0724 7564 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

17:03:34.0747 7564 ShellHWDetection - ok

17:03:34.0751 7564 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe

17:03:34.0759 7564 simptcp - ok

17:03:34.0769 7564 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

17:03:34.0775 7564 SiSRaid2 - ok

17:03:34.0782 7564 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

17:03:34.0788 7564 SiSRaid4 - ok

17:03:34.0796 7564 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:03:34.0817 7564 Smb - ok

17:03:34.0825 7564 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

17:03:34.0833 7564 SNMPTRAP - ok

17:03:34.0837 7564 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:03:34.0844 7564 spldr - ok

17:03:34.0864 7564 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

17:03:34.0888 7564 Spooler - ok

17:03:34.0994 7564 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

17:03:35.0038 7564 sppsvc - ok

17:03:35.0065 7564 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

17:03:35.0087 7564 sppuinotify - ok

17:03:35.0116 7564 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307000.009\SRTSP64.SYS

17:03:35.0127 7564 SRTSP - ok

17:03:35.0132 7564 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307000.009\SRTSPX64.SYS

17:03:35.0137 7564 SRTSPX - ok

17:03:35.0153 7564 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:03:35.0163 7564 srv - ok

17:03:35.0181 7564 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:03:35.0190 7564 srv2 - ok

17:03:35.0200 7564 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:03:35.0207 7564 srvnet - ok

17:03:35.0218 7564 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

17:03:35.0241 7564 SSDPSRV - ok

17:03:35.0248 7564 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

17:03:35.0270 7564 SstpSvc - ok

17:03:35.0274 7564 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

17:03:35.0281 7564 stexstor - ok

17:03:35.0299 7564 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

17:03:35.0313 7564 stisvc - ok

17:03:35.0317 7564 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:03:35.0324 7564 swenum - ok

17:03:35.0342 7564 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

17:03:35.0366 7564 swprv - ok

17:03:35.0370 7564 Symantec SymSnap VSS Provider - ok

17:03:35.0389 7564 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS

17:03:35.0398 7564 SymDS - ok

17:03:35.0433 7564 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS

17:03:35.0448 7564 SymEFA - ok

17:03:35.0459 7564 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

17:03:35.0465 7564 SymEvent - ok

17:03:35.0474 7564 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS

17:03:35.0480 7564 SymIRON - ok

17:03:35.0495 7564 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS

17:03:35.0503 7564 SymNetS - ok

17:03:35.0514 7564 symsnap (2d9b2746f7dea46d1572b84a06311566) C:\Windows\system32\DRIVERS\symsnap.sys

17:03:35.0520 7564 symsnap - ok

17:03:35.0608 7564 SymSnapService (ea1a479651ca2e0409c29d586c91901d) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe

17:03:35.0639 7564 SymSnapService - ok

17:03:35.0714 7564 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

17:03:35.0737 7564 SysMain - ok

17:03:35.0764 7564 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

17:03:35.0776 7564 TabletInputService - ok

17:03:35.0791 7564 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

17:03:35.0814 7564 TapiSrv - ok

17:03:35.0820 7564 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

17:03:35.0842 7564 TBS - ok

17:03:35.0904 7564 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:03:35.0928 7564 Tcpip - ok

17:03:36.0053 7564 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:03:36.0077 7564 TCPIP6 - ok

17:03:36.0109 7564 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:03:36.0129 7564 tcpipreg - ok

17:03:36.0135 7564 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:03:36.0142 7564 TDPIPE - ok

17:03:36.0147 7564 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

17:03:36.0154 7564 TDTCP - ok

17:03:36.0163 7564 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:03:36.0184 7564 tdx - ok

17:03:36.0189 7564 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

17:03:36.0196 7564 TermDD - ok

17:03:36.0219 7564 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

17:03:36.0244 7564 TermService - ok

17:03:36.0250 7564 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

17:03:36.0261 7564 Themes - ok

17:03:36.0267 7564 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:03:36.0288 7564 THREADORDER - ok

17:03:36.0326 7564 TivoBeacon2 (4de3faee834e9ef5151a71866f6db55d) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe

17:03:36.0341 7564 TivoBeacon2 - ok

17:03:36.0349 7564 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

17:03:36.0372 7564 TrkWks - ok

17:03:36.0387 7564 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys

17:03:36.0395 7564 truecrypt - ok

17:03:36.0405 7564 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

17:03:36.0426 7564 TrustedInstaller - ok

17:03:36.0434 7564 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:03:36.0454 7564 tssecsrv - ok

17:03:36.0461 7564 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:03:36.0468 7564 TsUsbFlt - ok

17:03:36.0472 7564 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

17:03:36.0479 7564 TsUsbGD - ok

17:03:36.0486 7564 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:03:36.0506 7564 tunnel - ok

17:03:36.0513 7564 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

17:03:36.0519 7564 uagp35 - ok

17:03:36.0533 7564 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:03:36.0555 7564 udfs - ok

17:03:36.0565 7564 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

17:03:36.0573 7564 UI0Detect - ok

17:03:36.0580 7564 UimBus (6d5e0269f2b97011800b788accf2eaf6) C:\Windows\system32\DRIVERS\uimx64.sys

17:03:36.0586 7564 UimBus - ok

17:03:36.0612 7564 Uim_IM (a30ac921d38e6f3eacff0d0ff5510f1a) C:\Windows\system32\Drivers\Uim_IMx64.sys

17:03:36.0623 7564 Uim_IM - ok

17:03:36.0639 7564 Uim_VIM (5525963e10cca6c8551b986a2cf39c59) C:\Windows\system32\Drivers\uim_vimx64.sys

17:03:36.0648 7564 Uim_VIM - ok

17:03:36.0655 7564 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:03:36.0661 7564 uliagpkx - ok

17:03:36.0667 7564 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

17:03:36.0674 7564 umbus - ok

17:03:36.0678 7564 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

17:03:36.0685 7564 UmPass - ok

17:03:36.0701 7564 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

17:03:36.0725 7564 upnphost - ok

17:03:36.0730 7564 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

17:03:36.0736 7564 USBAAPL64 - ok

17:03:36.0745 7564 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

17:03:36.0755 7564 usbaudio - ok

17:03:36.0762 7564 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

17:03:36.0770 7564 usbccgp - ok

17:03:36.0778 7564 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:03:36.0787 7564 usbcir - ok

17:03:36.0793 7564 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

17:03:36.0799 7564 usbehci - ok

17:03:36.0813 7564 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys

17:03:36.0822 7564 usbhub - ok

17:03:36.0827 7564 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

17:03:36.0834 7564 usbohci - ok

17:03:36.0838 7564 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:03:36.0847 7564 usbprint - ok

17:03:36.0852 7564 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

17:03:36.0861 7564 usbscan - ok

17:03:36.0867 7564 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:03:36.0874 7564 USBSTOR - ok

17:03:36.0879 7564 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

17:03:36.0886 7564 usbuhci - ok

17:03:36.0891 7564 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

17:03:36.0913 7564 UxSms - ok

17:03:36.0920 7564 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:03:36.0927 7564 VaultSvc - ok

17:03:36.0932 7564 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:03:36.0938 7564 vdrvroot - ok

17:03:36.0957 7564 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

17:03:36.0982 7564 vds - ok

17:03:36.0987 7564 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:03:36.0996 7564 vga - ok

17:03:37.0000 7564 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:03:37.0021 7564 VgaSave - ok

17:03:37.0032 7564 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:03:37.0040 7564 vhdmp - ok

17:03:37.0044 7564 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:03:37.0050 7564 viaide - ok

17:03:37.0057 7564 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:03:37.0064 7564 volmgr - ok

17:03:37.0081 7564 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:03:37.0091 7564 volmgrx - ok

17:03:37.0104 7564 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:03:37.0113 7564 volsnap - ok

17:03:37.0118 7564 VProEventMonitor (8b7454930230db4bc4ba35a467be09aa) C:\Windows\system32\DRIVERS\vproeventmonitor.sys

17:03:37.0123 7564 VProEventMonitor - ok

17:03:37.0133 7564 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

17:03:37.0140 7564 vsmraid - ok

17:03:37.0184 7564 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

17:03:37.0216 7564 VSS - ok

17:03:37.0244 7564 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:03:37.0253 7564 vwifibus - ok

17:03:37.0259 7564 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:03:37.0269 7564 vwififlt - ok

17:03:37.0273 7564 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:03:37.0283 7564 vwifimp - ok

17:03:37.0300 7564 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

17:03:37.0324 7564 W32Time - ok

17:03:37.0331 7564 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

17:03:37.0338 7564 WacomPen - ok

17:03:37.0345 7564 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:03:37.0366 7564 WANARP - ok

17:03:37.0369 7564 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:03:37.0389 7564 Wanarpv6 - ok

17:03:37.0433 7564 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

17:03:37.0450 7564 WatAdminSvc - ok

17:03:37.0496 7564 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

17:03:37.0514 7564 wbengine - ok

17:03:37.0547 7564 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

17:03:37.0559 7564 WbioSrvc - ok

17:03:37.0573 7564 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

17:03:37.0586 7564 wcncsvc - ok

17:03:37.0592 7564 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

17:03:37.0600 7564 WcsPlugInService - ok

17:03:37.0608 7564 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

17:03:37.0614 7564 Wd - ok

17:03:37.0636 7564 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:03:37.0648 7564 Wdf01000 - ok

17:03:37.0656 7564 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:03:37.0667 7564 WdiServiceHost - ok

17:03:37.0670 7564 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:03:37.0681 7564 WdiSystemHost - ok

17:03:37.0693 7564 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

17:03:37.0705 7564 WebClient - ok

17:03:37.0718 7564 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

17:03:37.0741 7564 Wecsvc - ok

17:03:37.0749 7564 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

17:03:37.0771 7564 wercplsupport - ok

17:03:37.0777 7564 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

17:03:37.0799 7564 WerSvc - ok

17:03:37.0806 7564 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:03:37.0826 7564 WfpLwf - ok

17:03:37.0836 7564 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

17:03:37.0844 7564 WimFltr - ok

17:03:37.0848 7564 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:03:37.0854 7564 WIMMount - ok

17:03:37.0860 7564 WinDefend - ok

17:03:37.0868 7564 WinHttpAutoProxySvc - ok

17:03:37.0884 7564 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

17:03:37.0906 7564 Winmgmt - ok

17:03:37.0965 7564 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

17:03:37.0999 7564 WinRM - ok

17:03:38.0033 7564 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

17:03:38.0042 7564 WinUsb - ok

17:03:38.0072 7564 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

17:03:38.0089 7564 Wlansvc - ok

17:03:38.0097 7564 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

17:03:38.0102 7564 wlcrasvc - ok

17:03:38.0170 7564 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:03:38.0196 7564 wlidsvc - ok

17:03:38.0204 7564 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

17:03:38.0207 7564 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

17:03:38.0207 7564 wltrysvc - detected UnsignedFile.Multi.Generic (1)

17:03:38.0233 7564 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

17:03:38.0240 7564 WmiAcpi - ok

17:03:38.0255 7564 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

17:03:38.0264 7564 wmiApSrv - ok

17:03:38.0269 7564 WMPNetworkSvc - ok

17:03:38.0274 7564 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

17:03:38.0282 7564 WPCSvc - ok

17:03:38.0291 7564 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

17:03:38.0300 7564 WPDBusEnum - ok

17:03:38.0305 7564 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:03:38.0325 7564 ws2ifsl - ok

17:03:38.0333 7564 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

17:03:38.0344 7564 wscsvc - ok

17:03:38.0348 7564 WSearch - ok

17:03:38.0416 7564 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

17:03:38.0454 7564 wuauserv - ok

17:03:38.0486 7564 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:03:38.0506 7564 WudfPf - ok

17:03:38.0519 7564 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:03:38.0540 7564 WUDFRd - ok

17:03:38.0547 7564 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

17:03:38.0569 7564 wudfsvc - ok

17:03:38.0581 7564 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

17:03:38.0592 7564 WwanSvc - ok

17:03:38.0603 7564 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

17:03:38.0609 7564 xusb21 - ok

17:03:38.0631 7564 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

17:03:38.0640 7564 YahooAUService - ok

17:03:38.0652 7564 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:03:38.0665 7564 \Device\Harddisk0\DR0 - ok

17:03:38.0667 7564 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1

17:03:38.0783 7564 \Device\Harddisk1\DR1 - ok

17:03:38.0809 7564 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2

17:03:38.0861 7564 \Device\Harddisk2\DR2 - ok

17:03:39.0428 7564 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk3\DR3

17:03:40.0693 7564 \Device\Harddisk3\DR3 - ok

17:03:40.0697 7564 Boot (0x1200) (75833aeeba04646fccb6700a44f57a1f) \Device\Harddisk0\DR0\Partition0

17:03:40.0698 7564 \Device\Harddisk0\DR0\Partition0 - ok

17:03:40.0727 7564 Boot (0x1200) (4887e986014c0fe7eb50f1cc7aaa3be9) \Device\Harddisk1\DR1\Partition0

17:03:40.0729 7564 \Device\Harddisk1\DR1\Partition0 - ok

17:03:40.0731 7564 Boot (0x1200) (c9448b3045b38628cdd9b2e772bf1384) \Device\Harddisk1\DR1\Partition1

17:03:40.0732 7564 \Device\Harddisk1\DR1\Partition1 - ok

17:03:40.0734 7564 Boot (0x1200) (62327f75a9ee1cd1472e9d15b1f7a9b4) \Device\Harddisk2\DR2\Partition0

17:03:40.0735 7564 \Device\Harddisk2\DR2\Partition0 - ok

17:03:40.0736 7564 Boot (0x1200) (5f46207087cef4d3d76391100c3dec7c) \Device\Harddisk3\DR3\Partition0

17:03:40.0737 7564 \Device\Harddisk3\DR3\Partition0 - ok

17:03:40.0738 7564 ============================================================

17:03:40.0738 7564 Scan finished

17:03:40.0738 7564 ============================================================

17:03:40.0742 4812 Detected object count: 8

17:03:40.0742 4812 Actual detected object count: 8

17:03:44.0320 4812 AGCoreService ( UnsignedFile.Multi.Generic ) - skipped by user

17:03:44.0320 4812 AGCoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:03:44.0320 4812 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user

17:03:44.0320 4812 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:03:44.0321 4812 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user

17:03:44.0321 4812 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:03:44.0325 4812 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

17:03:44.0325 4812 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:03:44.0326 4812 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

17:03:44.0326 4812 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:03:44.0326 4812 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

17:03:44.0326 4812 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:03:44.0327 4812 PMEM ( UnsignedFile.Multi.Generic ) - skipped by user

17:03:44.0327 4812 PMEM ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:03:44.0327 4812 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

17:03:44.0327 4812 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by lmf1 at 17:07:20 on 2012-05-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.7724 [GMT -4:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k bthaudiosvc

C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe

C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe

C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe

C:\Program Files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe

C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\fxssvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe

C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

C:\Users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Program Files\PeerBlock\peerblock.exe

C:\Program Files (x86)\CompanionLink\CompanionLink.exe

C:\PROGRA~2\Webshots\315~1.761\webshots.scr

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files (x86)\ScanSoft\PDF Converter 5\PdfPro5Hook.exe

C:\Program Files (x86)\COMPAQ\Easy Access Button Support\STARTEAK.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\COMPAQ\CPQINET\CPQInet.exe

C:\PROGRA~2\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Windows\system32\dllhost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\System32\msdtc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\lmf1\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\notepad.exe

D:\Downloads\tdsskiller\TDSSKiller.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\dllhost.exe

C:\Windows\system32\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll

TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer

uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify

uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe

uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

uRun: [MusicManager] "C:\Users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun: [PDFHook] C:\Program Files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] C:\Program Files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe

mRun: [CPQEASYACC] C:\Program Files (x86)\Compaq\Easy Access Button Support\StartEAK.exe

mRun: [Memeo Backup Pro] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\lmf1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\COMPAN~1.LNK - C:\Program Files (x86)\CompanionLink\CompanionLink.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1)

mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - C:\Users\lmf1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Open with PDF Converter 5.2 - C:\Program Files (x86)\ScanSoft\PDF Converter 5\cnvres_eng.dll /100

IE: Open with PDF Professional 5.2 - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{30BDBFD5-7CA6-4660-A52E-D131EA8A0574} : DhcpNameServer = 192.168.1.1 68.237.161.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: PCANotify - PCANotify.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll

BHO-X64: WinZip Courier BHO - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll

BHO-X64: Norton Safe Web Lite BHO - No File

TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun-x64: [PDFHook] C:\Program Files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe

mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe

mRun-x64: [CPQEASYACC] C:\Program Files (x86)\Compaq\Easy Access Button Support\StartEAK.exe

mRun-x64: [Memeo Backup Pro] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"

mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Users\lmf1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\lmf1\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.zonealarm.autoRvrt - true

FF - user.js: extensions.zonealarm_i.newTab - false

FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26195060060425-1001&toolbarId=base&affiliateId=1500&Lan=en&utid=7ba4ed40000000000000782bcba8b546&q=

FF - user.js: extensions.zonealarm.id - 7ba4ed40000000000000782bcba8b546

FF - user.js: extensions.zonealarm.instlDay - 15414

FF - user.js: extensions.zonealarm.vrsn - 1.5.19.3

FF - user.js: extensions.zonealarm.vrsni - 1.5.19.3

FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.19.318:04:44

FF - user.js: extensions.zonealarm.prtnrId - checkpoint

FF - user.js: extensions.zonealarm.prdct - zonealarm

FF - user.js: extensions.zonealarm.aflt - 1500

FF - user.js: extensions.zonealarm_i.smplGrp - none

FF - user.js: extensions.zonealarm.tlbrId - base

FF - user.js: extensions.zonealarm.instlRef - ZLN26195060060425-1001

FF - user.js: extensions.zonealarm.dfltLng - en

FF - user.js: extensions.zonealarm.excTlbr - false

FF - user.js: extensions.zonealarm.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-8 1160824]

R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [?]

R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys --> C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120507.001\IDSviA64.sys [2012-5-7 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1307000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [?]

R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\system32\Drivers\uim_vimx64.sys --> C:\Windows\system32\Drivers\uim_vimx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2012-1-30 20480]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808]

R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-21 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-7 654408]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-7-26 25824]

R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [2012-4-23 138232]

R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-2-3 138760]

R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe [2008-12-23 144672]

R2 PowerAlert Agent;PowerAlert Agent;C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-5-9 1658704]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?]

R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]

R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys --> C:\Windows\system32\drivers\bthav.sys [?]

R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-16 138360]

R3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-3-9 24176]

R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 7168]

R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-29 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-3-11 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-3-11 8456]

S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-29 136176]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]

S3 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-21 1692480]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-05-07 23:12:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-07 23:12:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-06 19:11:38 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-05-06 18:42:37 -------- d-----w- C:\Users\lmf1\AppData\Roaming\SUPERAntiSpyware.com

2012-05-06 03:12:49 -------- d-----w- C:\Users\lmf1\AppData\Roaming\SpeedyPC Software

2012-05-06 03:12:49 -------- d-----w- C:\Users\lmf1\AppData\Roaming\DriverCure

2012-05-06 03:12:42 -------- d-----w- C:\ProgramData\SpeedyPC Software

2012-05-05 17:59:26 -------- d-----w- C:\Users\lmf1\AppData\Roaming\Anvisoft

2012-05-05 17:58:54 -------- d-----w- C:\Program Files (x86)\Anvisoft

2012-05-05 17:31:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-05-05 17:31:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-05-05 16:45:16 -------- d-----w- C:\Users\lmf1\AppData\Roaming\Malwarebytes

2012-05-05 16:45:13 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-04 23:45:14 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys

2012-05-01 22:18:36 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery

2012-04-24 21:37:50 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-24 21:37:49 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-24 21:37:49 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-23 22:17:30 737912 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\srtsp64.sys

2012-04-23 22:17:30 451192 ----a-r- C:\Windows\System32\drivers\NAVx64\1307000.009\symds64.sys

2012-04-23 22:17:30 405624 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\symnets.sys

2012-04-23 22:17:30 37496 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\srtspx64.sys

2012-04-23 22:17:30 190072 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\ironx64.sys

2012-04-23 22:17:30 167048 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\ccsetx64.sys

2012-04-23 22:17:30 1092728 ----a-w- C:\Windows\System32\drivers\NAVx64\1307000.009\symefa64.sys

2012-04-23 22:17:28 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1307000.009

2012-04-11 22:51:28 -------- d-----w- C:\Users\lmf1\AppData\Roaming\Juniper Networks

2012-04-10 22:49:58 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-10 22:49:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-10 22:49:58 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-10 22:49:58 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-10 22:49:58 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-10 22:49:58 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-10 22:49:58 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

.

==================== Find3M ====================

.

2012-04-20 21:54:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-20 21:54:51 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-03-23 15:12:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-03-13 18:36:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-08 20:51:50 2469760 ----a-w- C:\Windows\SysWow64\BootMan.exe

2012-03-08 20:51:40 3321728 ----a-w- C:\Windows\System32\BootMan.exe

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-27 17:14:42 251696 ----a-w- C:\Windows\SysWow64\prgiso.dll

2012-02-27 17:14:28 90928 ----a-w- C:\Windows\System32\drivers\uimx64.sys

2012-02-27 17:14:28 471728 ----a-w- C:\Windows\System32\drivers\UimFIO.sys

2012-02-27 17:14:26 632752 ----a-w- C:\Windows\System32\drivers\Uim_IMx64.sys

2012-02-27 17:14:26 379696 ----a-w- C:\Windows\System32\drivers\uim_vimx64.sys

2012-02-27 17:14:22 39216 ----a-w- C:\Windows\System32\drivers\hotcore3.sys

2012-02-25 00:17:00 8075776 ----a-w- C:\Windows\System32\BCMWLCPL.CPL

2012-02-25 00:17:00 73728 ----a-w- C:\Windows\System32\wltrynt.dll

2012-02-25 00:17:00 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll

2012-02-25 00:17:00 60928 ----a-w- C:\Windows\System32\bcmwlrmt.dll

2012-02-25 00:17:00 4961800 ----a-w- C:\Windows\SysWow64\vcredist_x64.exe

2012-02-25 00:17:00 47632 ----a-w- C:\Windows\System32\drivers\npf.sys

2012-02-25 00:17:00 4750848 ----a-w- C:\Windows\System32\bcmttls.dll

2012-02-25 00:17:00 459 ----a-w- C:\Windows\SysWow64\vcredist_x64.bat

2012-02-25 00:17:00 457 ----a-w- C:\Windows\System32\vcredist_x64.bat

2012-02-25 00:17:00 3161088 ----a-w- C:\Windows\System32\vcredist_x64.exe

2012-02-25 00:17:00 22520 ----a-w- C:\Windows\System32\drivers\bcm42rly.sys

2012-02-25 00:17:00 1089024 ----a-w- C:\Windows\System32\BCMLogon.dll

2012-02-24 23:36:26 31152 ----a-w- C:\Windows\System32\drivers\pmxdrv.sys

2012-02-20 01:22:19 197120 ----a-w- C:\Windows\SysWow64\System47.scr

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-09 03:55:30 92160 ----a-w- C:\Windows\System32\ff_vfw.dll

.

============= FINISH: 17:07:43.28 ===============

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

ComboFix 12-05-08.02 - lmf1 05/09/12 6:35.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.8558 [GMT -4:00]

Running from: d:\downloads\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\Collections.html

c:\data\PlayList.txt

c:\programdata\ntuser.dat

c:\users\adminstrator\Desktop\weather.lnk

c:\windows\command

c:\windows\command\EXTRACT.PIF

c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RtlUpd64.exe

c:\windows\system32\fxsst.dll

c:\windows\system32\slwga.dll

c:\windows\system32\srrstr.dll

c:\windows\system32\systemcpl.dll

c:\windows\system32\termsrv.dll

c:\windows\SysWow64\odbcad32.exe

.

----- File Replicators -----

.

c:\dell\drivers\R282239\Vista64\RAVBg64.exe

c:\dell\drivers\R282239\Vista64\RtlUpd64.exe

c:\drivers\audio\R282239\Vista64\RAVBg64.exe

c:\drivers\audio\R282239\Vista64\RtlUpd64.exe

c:\program files (x86)\Realtek\Audio\Drivers\RtlUpd64.exe

c:\program files (x86)\Realtek\Audio\InstallShield\Rtkupd64.exe

c:\program files\Realtek\Audio\HDA\RAVBg64.exe

c:\program files\Realtek\Audio\HDA\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc2.inf_amd64_neutral_d64f4f2e6dacbe2f\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RtlUpd64.exe

c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVBg64.exe

c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RtlUpd64.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))

.

.

2012-05-09 10:39 . 2012-05-09 10:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-09 10:39 . 2012-05-09 10:39 -------- d-----w- c:\users\adminstrator\AppData\Local\temp

2012-05-09 10:39 . 2012-05-09 10:39 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp

2012-05-09 10:39 . 2012-05-09 10:40 -------- d-----w- C:\Data

2012-05-09 02:21 . 2012-05-09 02:21 -------- d-----w- C:\NBRT

2012-05-09 02:19 . 2012-05-09 02:20 -------- d-----w- c:\users\lmf1\AppData\Roaming\AVG

2012-05-09 01:33 . 2012-05-09 01:33 -------- d--h--w- c:\programdata\Common Files

2012-05-09 01:33 . 2012-05-09 02:18 -------- d-----w- c:\program files (x86)\AVG

2012-05-09 01:31 . 2012-05-09 03:23 -------- d-----w- c:\programdata\MFAData

2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64

2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard

2012-05-08 21:40 . 2012-05-08 21:53 -------- d-----w- c:\users\lmf1\AppData\Local\NPE

2012-05-07 23:12 . 2012-05-07 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-07 23:12 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-06 19:11 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-05-06 18:42 . 2012-05-06 18:42 -------- d-----w- c:\users\lmf1\AppData\Roaming\SUPERAntiSpyware.com

2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\SpeedyPC Software

2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\DriverCure

2012-05-06 03:12 . 2012-05-06 03:16 -------- d-----w- c:\programdata\SpeedyPC Software

2012-05-05 17:59 . 2012-05-05 17:59 -------- d-----w- c:\users\lmf1\AppData\Roaming\Anvisoft

2012-05-05 17:58 . 2012-05-06 02:59 -------- d-----w- c:\program files (x86)\Anvisoft

2012-05-05 17:31 . 2012-05-08 21:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-05-05 17:31 . 2012-05-05 17:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\users\lmf1\AppData\Roaming\Malwarebytes

2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\programdata\Malwarebytes

2012-05-04 23:45 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys

2012-05-01 22:18 . 2012-05-01 22:18 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

2012-04-24 21:37 . 2012-04-24 21:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-24 21:37 . 2012-04-24 21:37 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-24 21:37 . 2012-04-24 21:37 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-23 22:17 . 2012-04-24 21:32 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009

2012-04-11 22:51 . 2012-04-11 22:51 -------- d-----w- c:\users\lmf1\AppData\Roaming\Juniper Networks

2012-04-10 22:49 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-10 22:49 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-10 22:49 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-10 22:49 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-10 22:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-10 22:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-10 22:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-20 21:54 . 2012-03-29 21:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-20 21:54 . 2011-10-21 23:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-23 15:12 . 2012-02-03 18:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-03-13 18:36 . 2012-01-30 02:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-08 20:51 . 2012-03-11 22:18 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe

2012-03-08 20:51 . 2012-03-11 22:18 3321728 ----a-w- c:\windows\system32\BootMan.exe

2012-02-29 08:02 . 2012-02-29 08:02 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-27 17:14 . 2012-02-27 17:14 251696 ----a-w- c:\windows\SysWow64\prgiso.dll

2012-02-27 17:14 . 2012-02-27 17:14 90928 ----a-w- c:\windows\system32\drivers\uimx64.sys

2012-02-27 17:14 . 2012-02-27 17:14 471728 ----a-w- c:\windows\system32\drivers\UimFIO.sys

2012-02-27 17:14 . 2012-02-27 17:14 632752 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys

2012-02-27 17:14 . 2012-02-27 17:14 379696 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys

2012-02-27 17:14 . 2012-03-06 21:34 39216 ----a-w- c:\windows\system32\drivers\hotcore3.sys

2012-02-25 00:17 . 2012-02-25 00:17 1089024 ----a-w- c:\windows\system32\BCMLogon.dll

2012-02-25 00:17 . 2012-02-25 00:17 8075776 ----a-w- c:\windows\system32\BCMWLCPL.CPL

2012-02-25 00:17 . 2012-02-25 00:17 73728 ----a-w- c:\windows\system32\wltrynt.dll

2012-02-25 00:17 . 2012-02-25 00:17 60928 ----a-w- c:\windows\system32\bcmwlrmt.dll

2012-02-25 00:17 . 2012-02-25 00:17 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe

2012-02-25 00:17 . 2012-02-25 00:17 47632 ----a-w- c:\windows\system32\drivers\npf.sys

2012-02-25 00:17 . 2012-02-25 00:17 4750848 ----a-w- c:\windows\system32\bcmttls.dll

2012-02-25 00:17 . 2012-02-25 00:17 459 ----a-w- c:\windows\SysWow64\vcredist_x64.bat

2012-02-25 00:17 . 2012-02-25 00:17 457 ----a-w- c:\windows\system32\vcredist_x64.bat

2012-02-25 00:17 . 2012-02-25 00:17 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe

2012-02-25 00:17 . 2012-02-25 00:17 22520 ----a-w- c:\windows\system32\drivers\bcm42rly.sys

2012-02-25 00:17 . 2011-10-22 00:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2012-02-24 23:36 . 2012-02-24 23:36 31152 ----a-w- c:\windows\system32\drivers\pmxdrv.sys

2012-02-21 08:25 . 2012-02-21 08:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662DF3E6-1AAB-4189-B9EC-1A53F2D64220}\offreg.dll

2012-02-20 01:22 . 2012-02-20 01:22 197120 ----a-w- c:\windows\SysWow64\System47.scr

2012-02-17 06:38 . 2012-03-15 22:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-15 22:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-15 22:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-15 22:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36 . 2012-03-15 22:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-15 22:04 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll

.

c:\windows\system32\termsrv.dll ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2010-11-21 297808]

.

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

[HKEY_CLASSES_ROOT\agihelper.AGUtils]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-30 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]

"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]

"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]

"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]

"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]

"MusicManager"="c:\users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]

"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2009-02-20 24576]

"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2009-02-20 40960]

"PDFHook"="c:\program files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe" [2008-12-23 628000]

"PDF5 Registry Controller"="c:\program files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe" [2008-12-23 58656]

"CPQEASYACC"="c:\program files (x86)\Compaq\Easy Access Button Support\StartEAK.exe" [2001-10-10 28672]

"Memeo Backup Pro"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-07-26 136416]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\lmf1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Webshots.lnk - c:\program files (x86)\Webshots\3.1.5.7619\Launcher.exe [2012-1-30 157088]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

CompanionLink Setup.lnk - c:\program files (x86)\CompanionLink\CompanionLink.exe [2011-12-27 52896768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HideSCABattery"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

2002-02-15 15:51 24638 ----a-w- c:\windows\System32\PCANotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS [x]

R2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2010-06-29 20480]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]

R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x]

S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120508.002\IDSvia64.sys [2012-04-28 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x]

S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808]

S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-07-26 25824]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]

S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]

S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe [2008-12-23 144672]

S2 PowerAlert Agent;PowerAlert Agent;c:\program files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-05-09 1658704]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]

S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]

S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]

S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 138360]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]

S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-02-11 2963960]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PBFILTER

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:54]

.

2012-05-09 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-30 01:06]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000Core.job

- c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000UA.job

- c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append the content of the link to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\lmf1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Open with PDF Converter 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\cnvres_eng.dll /100

IE: Open with PDF Professional 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

FF - ProfilePath - c:\users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.zonealarm.autoRvrt - true

FF - user.js: extensions.zonealarm_i.newTab - false

FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26195060060425-1001&toolbarId=base&affiliateId=1500&Lan=en&utid=7ba4ed40000000000000782bcba8b546&q=

FF - user.js: extensions.zonealarm.id - 7ba4ed40000000000000782bcba8b546

FF - user.js: extensions.zonealarm.instlDay - 15414

FF - user.js: extensions.zonealarm.vrsn - 1.5.19.3

FF - user.js: extensions.zonealarm.vrsni - 1.5.19.3

FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.19.318:04

FF - user.js: extensions.zonealarm.prtnrId - checkpoint

FF - user.js: extensions.zonealarm.prdct - zonealarm

FF - user.js: extensions.zonealarm.aflt - 1500

FF - user.js: extensions.zonealarm_i.smplGrp - none

FF - user.js: extensions.zonealarm.tlbrId - base

FF - user.js: extensions.zonealarm.instlRef - ZLN26195060060425-1001

FF - user.js: extensions.zonealarm.dfltLng - en

FF - user.js: extensions.zonealarm.excTlbr - false

FF - user.js: extensions.zonealarm.admin - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-Juniper_Setup_Client Activex Control - c:\windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe

AddRemove-System47 - c:\windows\system32\System47.scr

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]

"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-09 06:41:38

ComboFix-quarantined-files.txt 2012-05-09 10:41

.

Pre-Run: 62,703,800,320 bytes free

Post-Run: 62,093,082,624 bytes free

.

- - End Of File - - AE5CAFBA43ABECA80537109A3FF6008F

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll | c:\windows\system32\termsrv.dll

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"=-

[-HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[-HKEY_CLASSES_ROOT\agihelper.AGUtils]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]

FireFox::
FF - ProfilePath - c:\users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26195060060425-1001&toolbarId=base&affiliateId=1500&Lan=en&utid=7ba4ed40000000000000782bcba8b546&q=
FF - user.js: extensions.zonealarm.id - 7ba4ed40000000000000782bcba8b546
FF - user.js: extensions.zonealarm.instlDay - 15414
FF - user.js: extensions.zonealarm.vrsn - 1.5.19.3
FF - user.js: extensions.zonealarm.vrsni - 1.5.19.3
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.19.318:04
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1500
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN26195060060425-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-05-09.01 - lmf1 05/09/12 16:30:13.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12270.8767 [GMT -4:00]

Running from: d:\downloads\ComboFix.exe

Command switches used :: d:\downloads\CFScript.txt

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\Collections.html

c:\data\PlayList.txt

c:\program files\Realtek\Audio\HDA\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVCpl64.exe

c:\windows\system32\termsrv.dll

.

----- File Replicators -----

.

c:\dell\drivers\R282239\Vista64\RAVCpl64.exe

c:\drivers\audio\R282239\Vista64\RAVCpl64.exe

c:\program files\Realtek\Audio\HDA\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdx861a.inf_amd64_neutral_00674e2bed5b97cc\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxbpcai.inf_amd64_neutral_ba7eef85cfc4b599\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcpc.inf_amd64_neutral_7b9ae2fb92a1afb9\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcr.inf_amd64_neutral_b385508c1ea90896\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxcrtxo.inf_amd64_neutral_1417349ec1b0c356\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxdell.inf_amd64_neutral_3b8b3295f15c39ce\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxgw.inf_amd64_neutral_56fa933f0635bed4\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai1.inf_amd64_neutral_569e1340dc0da8ae\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai2.inf_amd64_neutral_9455681812ffb661\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpai3.inf_amd64_neutral_a42ed43226365365\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpbpc.inf_amd64_neutral_2e9ca16db43926f5\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxhpnb.inf_amd64_neutral_12e2a60effa9e246\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc.inf_amd64_neutral_bbb79168a793e430\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlc3.inf_amd64_neutral_67a5f78382b67b4c\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxlcnb.inf_amd64_neutral_fcc6d1c9c706b69c\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxmaxxd.inf_amd64_neutral_f867dc2fcb382b77\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpanasonic.inf_amd64_neutral_4e596a1503161c89\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxpcee3.inf_amd64_neutral_9b065dd7164846b4\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxprmau.inf_amd64_neutral_76db2d8fda622ad8\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_efae3d638d039aec\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsf.inf_amd64_neutral_def061aae96cc8ba\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsa.inf_amd64_neutral_1a70cd80c7099875\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd.inf_amd64_neutral_3225668753e8431d\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrsd2.inf_amd64_neutral_f23c4438bb885f71\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrss.inf_amd64_neutral_06bf50df56148aff\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxsrssv.inf_amd64_neutral_8ac3ebd7418cc918\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx.inf_amd64_neutral_49adb60018aa5ad7\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthx2.inf_amd64_neutral_3d857785df466536\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxa.inf_amd64_neutral_2c9ae7efe2da4775\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxthxd.inf_amd64_neutral_9f6f3668c5af4741\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxtoshiba.inf_amd64_neutral_e5646e68ffbf13b4\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxvienna.inf_amd64_neutral_17caae5402e0c222\RAVCpl64.exe

c:\windows\System32\DriverStore\FileRepository\hdxxfm.inf_amd64_neutral_0de3d9ade90aa485\RAVCpl64.exe

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll --> c:\windows\system32\termsrv.dll

.

((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))

.

.

2012-05-09 20:34 . 2012-05-09 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-09 20:34 . 2012-05-09 20:34 -------- d-----w- c:\users\adminstrator\AppData\Local\temp

2012-05-09 20:34 . 2012-05-09 20:34 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp

2012-05-09 20:34 . 2012-05-09 20:38 -------- d-----w- C:\Data

2012-05-09 02:21 . 2012-05-09 02:21 -------- d-----w- C:\NBRT

2012-05-09 02:19 . 2012-05-09 02:20 -------- d-----w- c:\users\lmf1\AppData\Roaming\AVG

2012-05-09 01:33 . 2012-05-09 01:33 -------- d--h--w- c:\programdata\Common Files

2012-05-09 01:33 . 2012-05-09 02:18 -------- d-----w- c:\program files (x86)\AVG

2012-05-09 01:31 . 2012-05-09 03:23 -------- d-----w- c:\programdata\MFAData

2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64

2012-05-08 22:02 . 2012-05-08 22:02 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard

2012-05-08 21:40 . 2012-05-08 21:53 -------- d-----w- c:\users\lmf1\AppData\Local\NPE

2012-05-07 23:12 . 2012-05-07 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-07 23:12 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-06 19:11 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-05-06 18:42 . 2012-05-06 18:42 -------- d-----w- c:\users\lmf1\AppData\Roaming\SUPERAntiSpyware.com

2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\SpeedyPC Software

2012-05-06 03:12 . 2012-05-06 03:12 -------- d-----w- c:\users\lmf1\AppData\Roaming\DriverCure

2012-05-06 03:12 . 2012-05-06 03:16 -------- d-----w- c:\programdata\SpeedyPC Software

2012-05-05 17:59 . 2012-05-05 17:59 -------- d-----w- c:\users\lmf1\AppData\Roaming\Anvisoft

2012-05-05 17:58 . 2012-05-06 02:59 -------- d-----w- c:\program files (x86)\Anvisoft

2012-05-05 17:31 . 2012-05-08 21:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-05-05 17:31 . 2012-05-05 17:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\users\lmf1\AppData\Roaming\Malwarebytes

2012-05-05 16:45 . 2012-05-05 16:45 -------- d-----w- c:\programdata\Malwarebytes

2012-05-04 23:45 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys

2012-05-01 22:18 . 2012-05-01 22:18 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

2012-04-24 21:37 . 2012-04-24 21:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-24 21:37 . 2012-04-24 21:37 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-24 21:37 . 2012-04-24 21:37 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-23 22:17 . 2012-04-24 21:32 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009

2012-04-11 22:51 . 2012-04-11 22:51 -------- d-----w- c:\users\lmf1\AppData\Roaming\Juniper Networks

2012-04-10 22:49 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-10 22:49 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-10 22:49 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-10 22:49 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-10 22:49 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-10 22:49 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-10 22:49 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-20 21:54 . 2012-03-29 21:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-20 21:54 . 2011-10-21 23:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-23 15:12 . 2012-02-03 18:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-03-13 18:36 . 2012-01-30 02:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-08 20:51 . 2012-03-11 22:18 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe

2012-03-08 20:51 . 2012-03-11 22:18 3321728 ----a-w- c:\windows\system32\BootMan.exe

2012-02-29 08:02 . 2012-02-29 08:02 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-27 17:14 . 2012-02-27 17:14 251696 ----a-w- c:\windows\SysWow64\prgiso.dll

2012-02-27 17:14 . 2012-02-27 17:14 90928 ----a-w- c:\windows\system32\drivers\uimx64.sys

2012-02-27 17:14 . 2012-02-27 17:14 471728 ----a-w- c:\windows\system32\drivers\UimFIO.sys

2012-02-27 17:14 . 2012-02-27 17:14 632752 ----a-w- c:\windows\system32\drivers\Uim_IMx64.sys

2012-02-27 17:14 . 2012-02-27 17:14 379696 ----a-w- c:\windows\system32\drivers\uim_vimx64.sys

2012-02-27 17:14 . 2012-03-06 21:34 39216 ----a-w- c:\windows\system32\drivers\hotcore3.sys

2012-02-25 00:17 . 2012-02-25 00:17 1089024 ----a-w- c:\windows\system32\BCMLogon.dll

2012-02-25 00:17 . 2012-02-25 00:17 8075776 ----a-w- c:\windows\system32\BCMWLCPL.CPL

2012-02-25 00:17 . 2012-02-25 00:17 73728 ----a-w- c:\windows\system32\wltrynt.dll

2012-02-25 00:17 . 2012-02-25 00:17 60928 ----a-w- c:\windows\system32\bcmwlrmt.dll

2012-02-25 00:17 . 2012-02-25 00:17 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe

2012-02-25 00:17 . 2012-02-25 00:17 47632 ----a-w- c:\windows\system32\drivers\npf.sys

2012-02-25 00:17 . 2012-02-25 00:17 4750848 ----a-w- c:\windows\system32\bcmttls.dll

2012-02-25 00:17 . 2012-02-25 00:17 459 ----a-w- c:\windows\SysWow64\vcredist_x64.bat

2012-02-25 00:17 . 2012-02-25 00:17 457 ----a-w- c:\windows\system32\vcredist_x64.bat

2012-02-25 00:17 . 2012-02-25 00:17 3161088 ----a-w- c:\windows\system32\vcredist_x64.exe

2012-02-25 00:17 . 2012-02-25 00:17 22520 ----a-w- c:\windows\system32\drivers\bcm42rly.sys

2012-02-25 00:17 . 2011-10-22 00:08 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2012-02-24 23:36 . 2012-02-24 23:36 31152 ----a-w- c:\windows\system32\drivers\pmxdrv.sys

2012-02-21 08:25 . 2012-02-21 08:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{662DF3E6-1AAB-4189-B9EC-1A53F2D64220}\offreg.dll

2012-02-20 01:22 . 2012-02-20 01:22 197120 ----a-w- c:\windows\SysWow64\System47.scr

2012-02-17 06:38 . 2012-03-15 22:04 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-15 22:04 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-15 22:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-15 22:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36 . 2012-03-15 22:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-15 22:04 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-09_10.40.25 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-05-09 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-09 20:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-09 20:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-09 03:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-09 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-09 20:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-05-09 20:20 68280 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2012-05-09 03:29 68280 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-01-29 23:24 . 2012-05-09 20:20 18260 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2759553128-3175843188-3636004894-1000_UserData.bin

- 2012-02-02 11:17 . 2012-05-09 03:24 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2012-02-02 11:17 . 2012-05-09 20:34 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2012-05-09 20:38 . 2012-05-09 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-09 03:28 . 2012-05-09 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:12 . 2012-05-09 20:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:12 . 2012-05-09 03:30 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:01 . 2012-05-09 03:24 711264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-09 20:34 711264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-01-30 00:43 . 2012-05-09 03:24 18010224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759553128-3175843188-3636004894-1000-12288.dat

+ 2012-01-30 00:43 . 2012-05-09 20:34 18010224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759553128-3175843188-3636004894-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-30 39408]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]

"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]

"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]

"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]

"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]

"MusicManager"="c:\users\lmf1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]

"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2009-02-20 24576]

"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2009-02-20 40960]

"PDFHook"="c:\program files (x86)\ScanSoft\PDF Converter 5\pdfpro5hook.exe" [2008-12-23 628000]

"PDF5 Registry Controller"="c:\program files (x86)\ScanSoft\PDF Converter 5\RegistryController.exe" [2008-12-23 58656]

"CPQEASYACC"="c:\program files (x86)\Compaq\Easy Access Button Support\StartEAK.exe" [2001-10-10 28672]

"Memeo Backup Pro"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2010-07-26 136416]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\lmf1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Webshots.lnk - c:\program files (x86)\Webshots\3.1.5.7619\Launcher.exe [2012-1-30 157088]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

CompanionLink Setup.lnk - c:\program files (x86)\CompanionLink\CompanionLink.exe [2011-12-27 52896768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HideSCABattery"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

2002-02-15 15:51 24638 ----a-w- c:\windows\System32\PCANotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS [x]

R2 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe [2010-06-29 20480]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088]

R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 136176]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]

R3 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]

R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-04-02 1160824]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x]

S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20120508.002\IDSvia64.sys [2012-04-28 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x]

S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808]

S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-07-26 25824]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]

S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]

S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\ScanSoft\PDF Converter 5\PDFProFiltSrv.exe [2008-12-23 144672]

S2 PowerAlert Agent;PowerAlert Agent;c:\program files (x86)\TrippLite\PowerAlert\engine\pal.exe [2011-05-09 1658704]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]

S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]

S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-16 138360]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-02-11 2963960]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PBFILTER

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:54]

.

2012-05-09 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-30 01:06]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30 01:52]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000Core.job

- c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45]

.

2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759553128-3175843188-3636004894-1000UA.job

- c:\users\lmf1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 01:45]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Append the content of the link to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\lmf1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Open with PDF Converter 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\cnvres_eng.dll /100

IE: Open with PDF Professional 5.2 - c:\program files (x86)\ScanSoft\PDF Converter 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

FF - ProfilePath - c:\users\lmf1\AppData\Roaming\Mozilla\Firefox\Profiles\xly3uqkl.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RAVCpl64.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]

"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe

c:\progra~2\Webshots\315~1.761\webshots.scr

c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe

c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe

c:\program files (x86)\Compaq\Easy Access Button Support\CPQEADM.EXE

c:\compaq\CPQINET\CPQInet.exe

c:\progra~2\Compaq\EASYAC~1\BttnServ.exe

.

**************************************************************************

.

Completion time: 2012-05-09 16:39:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-09 20:39

ComboFix2.txt 2012-05-09 10:41

.

Pre-Run: 62,114,779,136 bytes free

Post-Run: 61,963,624,448 bytes free

.

- - End Of File - - B411306263188A66158F201933605636

Share this post


Link to post
Share on other sites

Step 1

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step 2

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • ESET Online Scanner log
  • aswMBR log

Share this post


Link to post
Share on other sites

OK, I don't know if this was too eassy but I de-installed chrome. Wiped out the appdata directory for google under my profile and reinstalled and now so far it seems to be working?

Will watch for a few days...

Share this post


Link to post
Share on other sites

Okay, but it is not a problem to follow my last instructions. Let me know.

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-13 11:49:56

# local_time=2012-05-13 07:49:56 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 6218574 88492767 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=431624

# found=1

# cleaned=1

# scan_time=3679

D:\Zips\Windows 7\Utils\freeopener.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-13 20:22:54

-----------------------------

20:22:54.831 OS Version: Windows x64 6.1.7601 Service Pack 1

20:22:54.832 Number of processors: 8 586 0x2A07

20:22:54.832 ComputerName: LMF-DELL UserName: lmf1

20:22:55.282 Initialize success

20:22:57.722 AVAST engine defs: 12051301

20:23:00.065 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

20:23:00.066 Disk 0 Vendor: Patriot_ 332A Size: 114473MB BusType: 3

20:23:00.067 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

20:23:00.068 Disk 1 Vendor: ST315003 CC4G Size: 1430799MB BusType: 3

20:23:00.069 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3

20:23:00.071 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3

20:23:00.097 Disk 0 MBR read successfully

20:23:00.099 Disk 0 MBR scan

20:23:00.101 Disk 0 Windows 7 default MBR code

20:23:00.117 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63

20:23:00.165 Disk 0 scanning C:\Windows\system32\drivers

20:23:25.419 Service scanning

20:23:32.261 Modules scanning

20:23:32.268 Disk 0 trace - called modules:

20:23:32.286 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

20:23:32.289 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800bbd8790]

20:23:32.292 3 CLASSPNP.SYS[fffff88001f9243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a104050]

20:23:32.745 AVAST engine scan C:\Windows

20:23:47.336 AVAST engine scan C:\Windows\system32

20:30:16.860 AVAST engine scan C:\Windows\system32\drivers

20:30:54.527 AVAST engine scan C:\Users\lmf1

20:33:28.053 AVAST engine scan C:\ProgramData

20:33:39.096 Scan finished successfully

20:33:51.757 Disk 0 MBR has been saved successfully to "D:\Downloads\MBR.dat"

20:33:51.759 The log file has been saved successfully to "D:\Downloads\aswMBR.txt"

Share this post


Link to post
Share on other sites

No further instances since I sinstalled chrome, deleted its appdata and reinstalled.

Share this post


Link to post
Share on other sites

You never told me what you saw in the logs? What do you beleive I was infected with?

Share this post


Link to post
Share on other sites

Nothing specific. There remains two toolbars that are inappropriate. One of them was ZoneAlarm Toolbar - a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality. The other Kiwee ​​Toolbar, which has the same features as ZoneAlarm Toolbar. For more information on their EULA:

http://ak.imgag.com/apps/installer/kiwee/eula/eula_ktb.html

The serious problem was missing terminal server service (termsrv.dll), which now is fixed.

Share this post


Link to post
Share on other sites

Got a msg from chrome today that something tried to reset my search engine, it didn't know what to do so it set it to google...

Share this post


Link to post
Share on other sites

This is because we reset your default search engine. Good choice! :)

Do you have any questions?

Share this post


Link to post
Share on other sites

But it does this most time I open chrome? How do I make it stop? You sure that does not mean there is ssomething trying to hijack the search engine stil?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.