Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Power Eraser says explorer.exe is infected


  • This topic is locked This topic is locked
65 replies to this topic

#1 SamySam

SamySam

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:11:00 AM

Posted 16 June 2012 - 07:35 AM

Hello, Samuel Here ( SamySam )

Well my computer used to have a Backdoor.ngr and used to redirect me from certain sites
i got rid of those and I thought my computer was not clean yet, so i had a go at Norton power eraser
it told me that Explorer.exe was infected and said that NPE (Norton power eraser) could not repair this file
a few hours later I came across 38 files all named after running programs + recently unistalled programs
,they all had it in there file name and after it had a "- crack" WTH?

Example:

Adobe - crack.exe
internet explorer - crack.exe
Steam - crack.exe

The logos for all these weird files was the logo for Combat Arms ( a Shooting game )

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
||||||||||||||||||||||||||||||||||||||>\
GMER Will NOT let me deselect IAT/EAT|>+---->
||||||||||||||||||||||||||||||||||||||>/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Symptoms:
on start-up I get a error saying "the program failed to start error code blah blah" I cant remember the code because the error disappears
but it goes along the lines of 0x0006 not sure of the rest.

Explorer.exe using at least 75,000-120,000 in task manager

Slow start-up times

those weird "- crack" files a reappearing after deleting And emptying the recycle Bin

Had a W32.Shadesrat that norton "supposedly" removed


DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Samuel at 20:43:56 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.5939.3763 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Users\Samuel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samuel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samuel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samuel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Samuel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Samuel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\DllHost.exe
C:\windows\explorer.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=explorer.exe C:\Users\Samuel\AppData\Local\Temp\Netwrk\RtlUId.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\coIEPlg.dll
TB: !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Samuel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [*NPE] "C:\Users\Samuel\Desktop\NPE.exe" /POSTFIX
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
StartupFolder: C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.123.254 192.168.0.1
TCP: Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18} : DhcpNameServer = 192.168.123.254 192.168.0.1
TCP: Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18}\24967605F6E64693331353 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18}\355764A70275966496 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18}\45F6D696A7F6E6560435572766149627 : DhcpNameServer = 192.168.182.1
TCP: Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18}\744565 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18}\77962756C6563737 : DhcpNameServer = 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\coIEPlg.dll
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
IE-X64: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/413
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Samuel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 SMR300;Symantec SMR Utility Service 3.0.0;C:\windows\system32\drivers\SMR300.SYS --> C:\windows\system32\drivers\SMR300.SYS [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-6-6 1160824]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120613.007\IDSviA64.sys [2012-6-13 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0502020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\ccsvchst.exe [2012-6-12 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 1262400]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2012-6-16 439632]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-1 2320920]
R3 enecir;ENE CIR Receiver;C:\windows\system32\DRIVERS\enecir.sys --> C:\windows\system32\DRIVERS\enecir.sys [?]
R3 enecirhid;ENE CIR HID Receiver;C:\windows\system32\DRIVERS\enecirhid.sys --> C:\windows\system32\DRIVERS\enecirhid.sys [?]
R3 enecirhidma;ENE CIR HIDmini Filter;C:\windows\system32\DRIVERS\enecirhidma.sys --> C:\windows\system32\DRIVERS\enecirhidma.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-1 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
R3 WSDScan;WSD Scan Support via UMB;C:\windows\system32\DRIVERS\WSDScan.sys --> C:\windows\system32\DRIVERS\WSDScan.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-1 136176]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-1 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-4-1 51512]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2073-10-27 17:55:34 2404352 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe
2073-10-27 17:55:34 1835008 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe
2073-10-27 17:55:34 1118208 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll
2012-06-17 02:54:35 96376 ----a-w- C:\windows\System32\drivers\SMR300.SYS
2012-06-17 02:14:01 -------- d-----w- C:\ProgramData\Trend Micro
2012-06-17 02:03:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-16 18:32:24 -------- d-----w- C:\Users\Samuel\AppData\Local\SniperV2
2012-06-16 18:31:24 -------- d-----w- C:\Users\Samuel\AppData\Local\SKIDROW
2012-06-16 18:20:31 -------- d-----w- C:\Program Files (x86)\Rebellion
2012-06-15 23:30:52 -------- d-----w- C:\Users\Samuel\AppData\Local\{51B91564-90D3-4AE9-AD87-194538CF4480}
2012-06-13 23:46:22 -------- d-----w- C:\Users\Samuel\AppData\Local\{10E9207C-DD67-4FCD-90FE-7F5DEEC2FE26}
2012-06-13 23:45:55 -------- d-----w- C:\Users\Samuel\AppData\Local\{3D9663D0-004F-4103-9035-F3F914919CF8}
2012-06-13 23:04:18 -------- d-----w- C:\Users\Samuel\AppData\Local\{26E2ED13-AE20-450E-90E1-D7B258DAE392}
2012-06-13 01:36:31 -------- d-----w- C:\Users\Samuel\AppData\Roaming\Hardcore
2012-06-13 00:29:32 788358 ----a-w- C:\windows\System32\PerfStringBackup.TMP
2012-06-12 23:38:36 -------- d-----w- C:\Users\Samuel\AppData\Local\cef_data
2012-06-12 19:58:10 386168 ----a-w- C:\windows\System32\drivers\N360x64\0502020.003\symnets.sys
2012-06-12 19:58:09 912504 ----a-r- C:\windows\System32\drivers\N360x64\0502020.003\symefa64.sys
2012-06-12 19:58:09 744568 ----a-r- C:\windows\System32\drivers\N360x64\0502020.003\srtsp64.sys
2012-06-12 19:58:09 450680 ----a-r- C:\windows\System32\drivers\N360x64\0502020.003\symds64.sys
2012-06-12 19:58:09 40568 ----a-r- C:\windows\System32\drivers\N360x64\0502020.003\srtspx64.sys
2012-06-12 19:58:09 171128 ----a-r- C:\windows\System32\drivers\N360x64\0502020.003\ironx64.sys
2012-06-12 19:57:40 -------- d-----w- C:\windows\System32\drivers\N360x64\0502020.003
2012-06-12 04:30:58 -------- d-----w- C:\Users\Samuel\AppData\Local\{B9389FFD-D383-45F2-B3CC-A5604785F335}
2012-06-11 18:55:39 -------- d-----w- C:\Users\Samuel\AppData\Local\{78714DC6-82DB-42F7-9808-9A9E79CF88EB}
2012-06-09 04:58:30 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-06-09 04:57:33 225280 ----a-w- C:\windows\SysWow64\rewire.dll
2012-06-09 04:57:22 1554944 ----a-w- C:\windows\SysWow64\vorbis.acm
2012-06-09 04:57:12 -------- d-----w- C:\Program Files (x86)\Vstplugins
2012-06-09 04:57:08 -------- d-----w- C:\Program Files (x86)\Outsim
2012-06-09 04:55:33 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-06-09 04:34:53 -------- d-----w- C:\Users\Samuel\AppData\Roaming\uTorrent
2012-06-09 04:34:53 -------- d-----w- C:\Users\Samuel\AppData\Local\uTorrent
2012-06-07 23:52:15 -------- d-----w- C:\Users\Samuel\AppData\Local\{55BAD532-1623-4607-A906-513E6C6B774A}
2012-06-07 23:51:41 -------- d-----w- C:\Users\Samuel\AppData\Local\{F3AD9449-2B9C-4B75-AA3E-D9A9FB8908EF}
2012-06-07 22:55:07 -------- d-----w- C:\Users\Samuel\AppData\Local\{E418DCBE-E71F-4102-8BFD-0A27FFFDD558}
2012-06-07 00:52:08 -------- d-----w- C:\Users\Samuel\AppData\Local\{B47420A6-76DA-48B6-B91D-E0F1B6607CF4}
2012-06-06 01:54:43 -------- d-----w- C:\Program Files (x86)\Drag Racer 3
2012-06-05 22:58:14 -------- d-----w- C:\Users\Samuel\AppData\Local\{5FB3E9BB-7D83-42FC-BD0A-377A639E76A1}
2012-06-05 22:58:00 -------- d-----w- C:\Users\Samuel\AppData\Local\{EA5A85F9-F777-458C-ACC4-4F9D004C43A7}
2012-06-03 18:02:00 -------- d-----w- C:\Users\Samuel\AppData\Local\{FA4805F7-BED8-4CA2-958F-26154909D189}
2012-06-03 00:50:46 -------- d-----w- C:\Users\Samuel\AppData\Local\{CDF10DBB-D149-4B67-8956-9778B1B67D99}
2012-06-03 00:50:32 -------- d-----w- C:\Users\Samuel\AppData\Local\{AC265CE9-58B2-4B07-AB49-6D10E6C714A8}
2012-06-02 03:22:24 -------- d-----w- C:\Users\Samuel\AppData\Local\{62BFEECB-98FD-4340-83CA-862787E93561}
2012-05-31 23:18:11 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10B1C242-6F4E-40CC-AF68-74C0058F5577}\mpengine.dll
2012-05-31 23:14:06 -------- d-----w- C:\Users\Samuel\AppData\Local\{A81670DA-361B-4842-95C2-2BFD78EF151C}
2012-05-31 03:18:56 -------- d-----w- C:\windows\'Full Speed' Internet Booster + Performance Tests
2012-05-31 03:18:56 -------- d-----w- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
2012-05-30 22:57:54 -------- d-----w- C:\Users\Samuel\AppData\Local\{A1F5BE35-B4F1-442B-A1E6-EDFE12FCE5DF}
2012-05-29 23:52:03 -------- d-----w- C:\Users\Samuel\AppData\Local\{07508B56-3F1A-400A-AB26-1ECAD20FD0BD}
2012-05-29 23:51:33 -------- d-----w- C:\Users\Samuel\AppData\Local\{E70C5F25-149B-4900-8055-657BBC5C23B7}
2012-05-28 23:47:45 788548 ----a-w- C:\windows\SysWow64\PerfStringBackup.TMP
2012-05-28 23:47:15 374664 ----a-w- C:\windows\System32\drivers\netio.sys
2012-05-28 22:49:01 -------- d-----w- C:\Users\Samuel\AppData\Local\{C7A24DAE-6862-4116-906A-99DBE132B977}
2012-05-28 04:35:20 -------- d-----w- C:\Users\Samuel\AppData\Local\{A3BF0F08-6A08-4718-85C1-2CE6EF65A45E}
2012-05-28 04:16:20 -------- d-----w- C:\Users\Samuel\AppData\Local\{5D2A7CAB-EFB4-40E4-B563-BB7FEFF3F1F0}
2012-05-28 03:44:59 -------- d-----w- C:\Users\Samuel\AppData\Local\{DF30248F-6262-4F83-8AA3-0A10DAF26AEA}
2012-05-27 02:56:05 -------- d-----w- C:\Users\Samuel\AppData\Local\{D2617531-0328-4661-A4F0-63B34DA1A7A3}
2012-05-27 02:55:11 -------- d-----w- C:\Users\Samuel\AppData\Local\{48F06E8C-4764-4B18-862A-3BB7463D5D30}
2012-05-25 14:16:15 -------- d-----w- C:\Users\Samuel\AppData\Local\{C7F60234-7673-4F1D-B11A-9F8B511854BE}
2012-05-24 23:43:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-24 23:43:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-24 23:43:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-24 23:43:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-24 23:43:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-24 23:43:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-24 23:43:49 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-24 23:08:59 -------- d-----w- C:\Users\Samuel\AppData\Local\{8D46D55C-2A66-4A99-8226-735FA942C454}
2012-05-23 01:39:01 -------- d-----w- C:\Users\Samuel\AppData\Local\PackageAware
2012-05-22 17:23:52 -------- d-----w- C:\Users\Samuel\AppData\Local\{2DA55E5C-48C2-45C3-8380-CAB125740C4E}
2012-05-21 09:12:43 -------- d-----w- C:\Users\Samuel\AppData\Local\{F4F27764-7344-416E-9DCB-1355E8B7FAE0}
2012-05-21 09:08:09 -------- d-----w- C:\Users\Samuel\AppData\Local\{1BDB5CE6-35EC-4AB4-B2CD-9C6E9E92E49B}
2012-05-21 08:55:35 -------- d-----w- C:\Users\Samuel\AppData\Local\{F94BF5FB-D012-4EA9-92D5-E6C49ECD19FC}
2012-05-21 08:48:23 -------- d-----w- C:\Users\Samuel\AppData\Local\{27F33549-B090-48FC-ABF9-19253091B3BE}
2012-05-21 08:29:45 -------- d-----w- C:\Users\Samuel\AppData\Local\{65D20205-4CF3-4BB1-9923-9472380AA192}
2012-05-21 08:08:05 -------- d-----w- C:\Users\Samuel\AppData\Local\{6857B969-AC4E-4D36-A8A4-AC92800B154F}
2012-05-21 07:46:46 -------- d-----w- C:\Users\Samuel\AppData\Local\{E288DCD8-E58A-4DEC-8E87-18FC453B9C35}
2012-05-21 07:32:26 -------- d-----w- C:\Users\Samuel\AppData\Local\{B3CE9D2D-619E-40DE-ADB8-7C3F788C225C}
2012-05-21 07:14:13 -------- d-----w- C:\Users\Samuel\AppData\Local\{41E8BF5E-33EE-4821-9F63-1CB8684BA983}
2012-05-21 05:21:33 -------- d-----w- C:\Program Files\CCleaner
2012-05-21 05:09:50 34152 ---ha-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-05-21 05:09:49 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-21 05:09:49 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-05-21 05:02:22 -------- d-----w- C:\Users\Samuel\AppData\Local\{A9715127-7812-4D9D-A6BD-3CBF42F57F1D}
2012-05-21 05:02:00 -------- d-----w- C:\Users\Samuel\AppData\Local\{26D7C8F3-74F1-4D68-9079-F1DD9942D3AD}
2012-05-21 00:36:24 -------- d-----w- C:\Users\Samuel\AppData\Local\NPE
2012-05-20 23:30:23 -------- d-----w- C:\Users\Samuel\AppData\Local\Symantec
2012-05-20 23:29:45 -------- d-----w- C:\Program Files\Symantec
2012-05-20 23:29:02 -------- d--h--w- C:\windows\System32\drivers\N360x64
2012-05-20 23:29:00 -------- d-----w- C:\Program Files (x86)\Norton 360
2012-05-20 23:27:53 -------- d-----w- C:\Program Files (x86)\NortonInstaller
.
==================== Find3M ====================
.
2012-06-17 02:34:47 44544 ---ha-w- C:\windows\System32\themeservice.dll
2012-06-17 02:34:47 332288 ---ha-w- C:\windows\System32\uxtheme.dll
2012-06-17 02:34:47 2851328 ---ha-w- C:\windows\System32\themeui.dll
2012-06-04 01:09:27 283304 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2012-06-04 00:12:50 283304 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2012-05-27 20:42:46 280856 ---ha-w- C:\windows\SysWow64\PnkBstrB.xtr
2012-05-15 09:29:47 889664 ----a-w- C:\windows\System32\nvvsvc.exe
2012-05-15 09:29:47 858944 ----a-w- C:\windows\System32\nv3dappshext.dll
2012-05-15 09:29:46 63296 ----a-w- C:\windows\System32\nvshext.dll
2012-05-15 09:29:46 55616 ----a-w- C:\windows\System32\nv3dappshextr.dll
2012-05-15 09:29:46 2561856 ----a-w- C:\windows\System32\nvsvcr.dll
2012-05-15 09:29:46 118080 ----a-w- C:\windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\windows\System32\nvcpl.dll
2012-05-07 19:49:27 70304 ---ha-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 19:49:27 419488 ---ha-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-19 03:56:30 94208 ---ha-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ---ha-w- C:\windows\SysWow64\QuickTime.qts
2012-04-04 22:56:40 24904 ---ha-w- C:\windows\System32\drivers\mbam.sys
2012-04-02 05:34:04 5504880 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\windows\System32\win32k.sys
2012-03-30 11:09:53 1895280 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-21 03:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
.
============= FINISH: 20:44:37.03 ===============


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
GMER LOG
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-16 22:31:55
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xDA 0xC8 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5C 0xDA 0xC8 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0x49 0x4E 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0xD8 0x87 0x6A ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Samuel\Desktop\AlienWare_Full_Pack\AlienWare_Full_Pack\ASD_AlienWare_Full_Pack_By_Genja\x2122\AlinWare_Full_Pack\AlienGUIse\AlienGUIse_Vista.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Samuel\Desktop\AlienWare_Full_Pack\AlienWare_Full_Pack\ASD_AlienWare_Full_Pack_By_Genja\x2122\AlinWare_Full_Pack\AlienHandSetup_ScreenSaver\AlienHandSetup.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Samuel\Desktop\AlienWare_Full_Pack\AlienWare_Full_Pack\ASD_AlienWare_Full_Pack_By_Genja\x2122\AlinWare_Full_Pack\CursorFX\Stardock CursorFX 2.0 Plus\CursorFX Plus!.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Samuel\Desktop\poop\Misc Item\AlienWare_Full_Pack\AlienWare_Full_Pack\ASD_AlienWare_Full_Pack_By_Genja\x2122\AlinWare_Full_Pack\AlienGUIse\AlienGUIse_Vista.exe 1

---- Files - GMER 1.0.15 ----

File C:\Program Files (x86)\Steam\poop\GMOD\no$3ds_-_nintendo_3ds_emulator\NO$3DS - No$GBA 2.6a REMAKE!\No$3DS BY TYRANITARTUBE.COM\SLOT\other other games\V-Rally - 97 Championship Edition (E) (v1.0) [SLES-00250]\V-Rally - 97 Championship Edition (E) (v1.0) (Track 01) [SLES-00250]\V-Rally - 97 Championship Edition (E) (v1.0) (Track 01) [SLES-00250].bin.ecm 117101043 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\composite.fsh 70113 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\composite.vsh 116 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\final.fsh 29589 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\final.vsh 116 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_basic.fsh 591 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_basic.vsh 135 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_hand.fsh 341 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_hand.vsh 253 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_terrain.fsh 1463 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_terrain.vsh 11014 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_textured.fsh 692 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_textured.vsh 213 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_textured_lit.fsh 1036 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_textured_lit.vsh 288 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_water.fsh 734 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_water.vsh 288 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_weather.fsh 328 bytes
File C:\Users\Samuel\Downloads\other games\others\nfs\ALL MINECRAFT\MINEMODS\MINECRAFT 1.2.5\SONICS SHADERS 1.2.5\Sonic Ethers Unbelievable Shaders v08 1.2.4 and 1.2.5 (Windows)\Sonic Ether's Unbelievable Shaders v08 (Windows)\mods\shaders\contents\files\shaders\gbuffers_weather.vsh 253 bytes

---- EOF - GMER 1.0.15 ----





I Hope For the best of luck,to you

Thanks in advance~

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 16 June 2012 - 11:31 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SamySam

SamySam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:11:00 AM

Posted 17 June 2012 - 02:36 AM

Okay! here is the ComboFix log! , Do you need the Security checker log?


ComboFix 12-06-16.02 - Samuel 17/06/2012 16:41:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.5939.3706 [GMT -7:00]
Running from: c:\users\Samuel\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Samuel\AppData\Roaming\chrtmp
c:\users\Samuel\AppData\Roaming\GoogleToolbar
c:\users\Samuel\AppData\Roaming\InstallDir
c:\users\Samuel\AppData\Roaming\Microsoft\Windows\ox#7cCp.cfg
c:\users\Samuel\AppData\Roaming\Microsoft\Windows\ox#7cCp.dat
c:\users\Samuel\AppData\Roaming\Microsoft\Windows\YiGkRM863.cfg
c:\users\Samuel\AppData\Roaming\Microsoft\Windows\YiGkRM863.dat
c:\users\Samuel\AppData\Roaming\Microsoft\Windows\YiGkRM863.xtr
c:\users\Samuel\AppData\Roaming\Samuel3SQLite3.dll
c:\users\Samuel\AppData\Roaming\Samuellog.dat
c:\users\Samuel\AppData\Roaming\winlog
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2073-10-27 17:55 . 2009-10-04 01:32 1118208 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\Strings.dll
2073-10-27 17:55 . 2009-10-04 01:32 1835008 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloceded.exe
2073-10-27 17:55 . 2009-10-04 01:31 2404352 ----a-w- c:\program files (x86)\Microsoft Games\Halo Custom Edition\haloce.exe
2012-06-17 23:56 . 2012-06-17 23:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-17 23:56 . 2012-06-17 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-17 21:35 . 2012-06-17 21:35 -------- d--h--w- c:\windows\AxInstSV
2012-06-17 02:14 . 2012-06-17 02:14 -------- d-----w- c:\programdata\Trend Micro
2012-06-17 02:03 . 2012-06-17 02:03 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-16 18:32 . 2012-06-16 18:32 -------- d-----w- c:\users\Samuel\AppData\Local\SniperV2
2012-06-16 18:31 . 2012-06-16 18:31 -------- d-----w- c:\users\Samuel\AppData\Local\SKIDROW
2012-06-16 18:20 . 2012-06-16 18:20 -------- d-----w- c:\program files (x86)\Rebellion
2012-06-13 01:36 . 2012-06-13 01:36 -------- d-----w- c:\users\Samuel\AppData\Roaming\Hardcore
2012-06-13 00:29 . 2012-06-14 14:22 788358 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-06-12 23:38 . 2012-06-12 23:38 -------- d-----w- c:\users\Samuel\AppData\Local\cef_data
2012-06-09 04:58 . 2012-06-09 04:58 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-06-09 04:57 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-06-09 04:57 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-06-09 04:57 . 2012-06-09 04:57 -------- d-----w- c:\program files (x86)\Vstplugins
2012-06-09 04:57 . 2012-06-09 04:57 -------- d-----w- c:\program files (x86)\Outsim
2012-06-09 04:55 . 2012-06-09 04:57 -------- d-----w- c:\program files (x86)\Image-Line
2012-06-09 04:34 . 2012-06-16 19:04 -------- d-----w- c:\users\Samuel\AppData\Roaming\uTorrent
2012-06-09 04:34 . 2012-06-09 04:34 -------- d-----w- c:\users\Samuel\AppData\Local\uTorrent
2012-06-06 01:54 . 2012-06-06 01:54 -------- d-----w- c:\program files (x86)\Drag Racer 3
2012-06-02 02:36 . 2012-06-02 02:36 -------- d-----w- c:\windows\Sun
2012-05-31 23:18 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10B1C242-6F4E-40CC-AF68-74C0058F5577}\mpengine.dll
2012-05-31 03:18 . 2012-05-31 03:18 -------- d-----w- c:\program files (x86)\'Full Speed' Internet Booster + Performance Tests
2012-05-31 03:18 . 2012-05-31 03:18 -------- d-----w- c:\windows\'Full Speed' Internet Booster + Performance Tests
2012-05-28 23:47 . 2012-05-28 23:47 788548 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
2012-05-28 23:47 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-05-24 23:43 . 2012-05-24 23:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-24 23:43 . 2012-05-24 23:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-24 23:43 . 2012-05-24 23:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-24 23:43 . 2012-05-24 23:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-24 23:43 . 2012-05-24 23:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-24 23:43 . 2012-05-24 23:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-24 23:43 . 2012-05-24 23:43 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-24 23:37 . 2012-05-24 23:43 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-24 23:25 . 2012-05-24 23:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-23 01:39 . 2012-05-23 01:39 -------- d-----w- c:\users\Samuel\AppData\Local\PackageAware
2012-05-21 07:38 . 2012-05-21 07:38 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-21 07:38 . 2012-05-21 07:38 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-21 05:21 . 2012-05-21 05:21 -------- d-----w- c:\program files\CCleaner
2012-05-21 05:09 . 2010-08-21 03:59 34152 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-21 05:09 . 2012-05-21 05:09 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-21 05:09 . 2012-05-21 05:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-05-21 00:36 . 2012-06-17 03:42 -------- d-----w- c:\users\Samuel\AppData\Local\NPE
2012-05-20 23:30 . 2012-05-20 23:30 -------- d-----w- c:\users\Samuel\AppData\Local\Symantec
2012-05-20 23:29 . 2012-05-21 05:09 -------- d-----w- c:\program files\Symantec
2012-05-20 23:29 . 2012-06-13 22:52 -------- d--h--w- c:\windows\system32\drivers\N360x64
2012-05-20 23:29 . 2012-05-21 05:09 -------- d-----w- c:\program files (x86)\Norton 360
2012-05-20 23:27 . 2012-05-20 23:27 -------- d-----w- c:\program files (x86)\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 02:34 . 2009-07-13 23:55 332288 ---ha-w- c:\windows\system32\uxtheme.dll
2012-06-17 02:34 . 2009-07-13 23:54 2851328 ---ha-w- c:\windows\system32\themeui.dll
2012-06-17 02:34 . 2009-07-13 23:54 44544 ---ha-w- c:\windows\system32\themeservice.dll
2012-06-04 01:09 . 2011-05-30 21:46 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-04 00:12 . 2011-05-30 21:46 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-27 20:42 . 2011-11-08 03:21 280856 ---ha-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-15 10:48 . 2012-05-10 03:44 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-10 03:44 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-10 03:44 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-02-12 23:47 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-02-12 23:47 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-12 23:47 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-07-12 12:40 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2010-07-12 12:40 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-07-12 12:40 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2010-07-12 12:40 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2010-07-12 12:40 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 09:29 . 2010-07-12 01:20 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-07-12 01:20 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2010-07-12 01:20 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-07-12 01:20 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2010-07-12 01:20 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-07-12 01:20 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-07-12 01:20 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-07-12 01:20 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-07-12 01:20 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-07 19:49 . 2012-05-07 19:49 419488 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-07 19:49 . 2011-06-05 22:13 70304 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 03:56 . 2012-04-19 03:56 94208 ---ha-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ---ha-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 22:56 . 2011-10-03 00:26 24904 ---ha-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 05:34 . 2012-05-11 02:50 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-11 02:50 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-11 02:50 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01 . 2012-05-11 02:50 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:09 . 2012-05-11 02:50 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[-] 2011-02-26 . 1FCA0685C362D0A7CCED0278A0A4240A . 2870272 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 00:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-13 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 136176]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-05-08 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120613.007\IDSvia64.sys [2012-06-14 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 19:49]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 18:28]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 18:28]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3966183553-1808329344-3472829953-1001Core.job
- c:\users\Samuel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 00:38]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3966183553-1808329344-3472829953-1001UA.job
- c:\users\Samuel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 00:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-23 500208]
"combofix"="c:\combofix\CF25358.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18}: NameServer = 208.67.222.222,208.67.220.220
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
FF - ProfilePath - c:\users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/413
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-GAMI (Gta-Action Mod-Installer) - c:\program files (x86)\GAMI\gami_uninstal.exe
AddRemove-Searchqu 413 MediaBar - c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3966183553-1808329344-3472829953-1001\Software\SecuROM\License information*]
"datasecu"=hex:ef,bd,61,d0,3d,c8,da,55,e0,dd,96,dc,37,03,da,9a,a8,1f,c4,4c,39,
df,ef,6a,40,50,a2,3a,bb,5e,01,0d,04,b7,73,26,55,be,b2,9a,df,c4,cf,65,e9,75,\
"rkeysecu"=hex:1b,9d,1b,00,e0,86,f1,07,71,1e,89,62,3f,61,fc,91
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2012-06-17 17:23:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 00:23
.
Pre-Run: 163,274,858,496 bytes free
Post-Run: 162,775,674,880 bytes free
.
- - End Of File - - 1BFC658DB29A60B0D58C4775FE11F7EE

#4 SamySam

SamySam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:11:00 AM

Posted 17 June 2012 - 04:59 AM

Oh F*ck ( Please excuse my language )

I Think ComboFix deleted some major components for my graphics card ( Nvidia GeForce 330M )

like Igfxps.exe i think it is

My laptop Can't play any games any more cause its running off the Intel® Hd Graphics

It Needs to run off My 330M Please help!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 17 June 2012 - 09:20 AM

Greetings

combofix did not remove Igfxps.exe.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 SamySam

SamySam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:11:00 AM

Posted 18 June 2012 - 05:03 AM

Hey Gringo,

I Used tddskiller ( LOG BELOW ) and it worked fine.

awsMBR on the other hand , I have a file located in Appdata/Temp/Ntwrk/RtLuad.exe ( Not sure if that's the exact folder ) But awsMBR Says RtLuad.exe
is infected, then it freezes and crashes.

I've seen Rtluad.exe pop up in Norton and malware bytes and they said they got rid of it and haven't found it since ( BackDoor.ngr and Backdoor.Hmc.POL )

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~Would you have any Idea why my Computer wont use my Nvidia 330M ?

And how to fix it, This is quite Urgent

Please help as this is a Gaming computer

I've seen a few Topics in which I'm experiencing the same thing, please do have a look

http://www.bleepingcomputer.com/forums/topic433150.html

http://forums.nvidia.com/index.php?showtopic=217616

http://www.vistax64.com/general-discussion/293540-graphics-issues-after-running-combofix.html

all my games are not recognizing my Nvidia Geforce 330m After running ComboFix Posted Image


TDSSkiller

16:29:48.0811 4156 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
16:29:50.0143 4156 ============================================================
16:29:50.0143 4156 Current date / time: 2012/06/18 16:29:50.0143
16:29:50.0143 4156 SystemInfo:
16:29:50.0143 4156
16:29:50.0143 4156 OS Version: 6.1.7600 ServicePack: 0.0
16:29:50.0143 4156 Product type: Workstation
16:29:50.0143 4156 ComputerName: SAMUEL-PC
16:29:50.0143 4156 UserName: Samuel
16:29:50.0143 4156 Windows directory: C:\windows
16:29:50.0143 4156 System windows directory: C:\windows
16:29:50.0143 4156 Running under WOW64
16:29:50.0143 4156 Processor architecture: Intel x64
16:29:50.0143 4156 Number of processors: 4
16:29:50.0143 4156 Page size: 0x1000
16:29:50.0143 4156 Boot type: Normal boot
16:29:50.0143 4156 ============================================================
16:29:50.0956 4156 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:29:50.0964 4156 ============================================================
16:29:50.0964 4156 \Device\Harddisk0\DR0:
16:29:50.0964 4156 MBR partitions:
16:29:50.0964 4156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48DB5800
16:29:50.0964 4156 ============================================================
16:29:51.0049 4156 C: <-> \Device\Harddisk0\DR0\Partition0
16:29:51.0049 4156 ============================================================
16:29:51.0049 4156 Initialize success
16:29:51.0049 4156 ============================================================
16:30:17.0320 3016 ============================================================
16:30:17.0320 3016 Scan started
16:30:17.0320 3016 Mode: Manual;
16:30:17.0320 3016 ============================================================
16:30:17.0970 3016 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
16:30:17.0973 3016 1394ohci - ok
16:30:18.0040 3016 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
16:30:18.0044 3016 ACPI - ok
16:30:18.0116 3016 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
16:30:18.0118 3016 acpials - ok
16:30:18.0166 3016 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
16:30:18.0168 3016 AcpiPmi - ok
16:30:18.0323 3016 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:30:18.0326 3016 Adobe LM Service - ok
16:30:18.0560 3016 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:30:18.0604 3016 AdobeFlashPlayerUpdateSvc - ok
16:30:18.0689 3016 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
16:30:18.0695 3016 adp94xx - ok
16:30:18.0834 3016 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
16:30:18.0839 3016 adpahci - ok
16:30:18.0919 3016 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
16:30:18.0946 3016 adpu320 - ok
16:30:18.0993 3016 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:30:18.0994 3016 AeLookupSvc - ok
16:30:19.0075 3016 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
16:30:19.0081 3016 AFD - ok
16:30:19.0146 3016 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
16:30:19.0148 3016 agp440 - ok
16:30:19.0670 3016 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
16:30:19.0670 3016 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
16:30:19.0674 3016 Akamai ( HiddenFile.Multi.Generic ) - warning
16:30:19.0674 3016 Akamai - detected HiddenFile.Multi.Generic (1)
16:30:19.0840 3016 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:30:19.0842 3016 ALG - ok
16:30:19.0914 3016 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
16:30:19.0916 3016 aliide - ok
16:30:19.0968 3016 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
16:30:19.0969 3016 amdide - ok
16:30:20.0021 3016 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
16:30:20.0023 3016 AmdK8 - ok
16:30:20.0028 3016 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:30:20.0030 3016 AmdPPM - ok
16:30:20.0086 3016 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
16:30:20.0104 3016 amdsata - ok
16:30:20.0157 3016 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
16:30:20.0160 3016 amdsbs - ok
16:30:20.0223 3016 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
16:30:20.0224 3016 amdxata - ok
16:30:20.0302 3016 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
16:30:20.0304 3016 AppID - ok
16:30:20.0328 3016 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:30:20.0330 3016 AppIDSvc - ok
16:30:20.0389 3016 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
16:30:20.0390 3016 Appinfo - ok
16:30:20.0562 3016 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:30:20.0564 3016 Apple Mobile Device - ok
16:30:20.0656 3016 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
16:30:20.0658 3016 arc - ok
16:30:20.0672 3016 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
16:30:20.0674 3016 arcsas - ok
16:30:20.0802 3016 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:30:20.0922 3016 aspnet_state - ok
16:30:20.0997 3016 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:30:20.0999 3016 AsyncMac - ok
16:30:21.0052 3016 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
16:30:21.0053 3016 atapi - ok
16:30:21.0142 3016 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
16:30:21.0148 3016 AudioEndpointBuilder - ok
16:30:21.0154 3016 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
16:30:21.0157 3016 AudioSrv - ok
16:30:21.0213 3016 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
16:30:21.0215 3016 AxInstSV - ok
16:30:21.0302 3016 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
16:30:21.0331 3016 b06bdrv - ok
16:30:21.0396 3016 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:30:21.0400 3016 b57nd60a - ok
16:30:21.0600 3016 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\windows\system32\DRIVERS\bcmwl664.sys
16:30:21.0613 3016 BCM43XX - ok
16:30:21.0744 3016 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:30:21.0746 3016 BDESVC - ok
16:30:21.0818 3016 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:30:21.0819 3016 Beep - ok
16:30:21.0912 3016 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
16:30:21.0919 3016 BFE - ok
16:30:22.0203 3016 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120531.001\BHDrvx64.sys
16:30:22.0208 3016 BHDrvx64 - ok
16:30:22.0336 3016 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
16:30:22.0346 3016 BITS - ok
16:30:22.0424 3016 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:30:22.0442 3016 blbdrive - ok
16:30:22.0632 3016 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:30:22.0636 3016 Bonjour Service - ok
16:30:22.0702 3016 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
16:30:22.0726 3016 bowser - ok
16:30:22.0765 3016 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:30:22.0767 3016 BrFiltLo - ok
16:30:22.0785 3016 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:30:22.0787 3016 BrFiltUp - ok
16:30:22.0838 3016 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
16:30:22.0840 3016 BridgeMP - ok
16:30:22.0867 3016 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
16:30:22.0868 3016 Browser - ok
16:30:22.0909 3016 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:30:22.0913 3016 Brserid - ok
16:30:22.0962 3016 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:30:22.0964 3016 BrSerWdm - ok
16:30:22.0987 3016 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:30:22.0989 3016 BrUsbMdm - ok
16:30:22.0997 3016 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:30:22.0998 3016 BrUsbSer - ok
16:30:23.0079 3016 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
16:30:23.0088 3016 BTHMODEM - ok
16:30:23.0177 3016 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:30:23.0180 3016 bthserv - ok
16:30:23.0212 3016 catchme - ok
16:30:23.0258 3016 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:30:23.0259 3016 cdfs - ok
16:30:23.0322 3016 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
16:30:23.0325 3016 cdrom - ok
16:30:23.0391 3016 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
16:30:23.0415 3016 CertPropSvc - ok
16:30:23.0581 3016 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
16:30:23.0583 3016 cfWiMAXService - ok
16:30:23.0660 3016 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
16:30:23.0662 3016 circlass - ok
16:30:23.0752 3016 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:30:23.0786 3016 CLFS - ok
16:30:23.0994 3016 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:30:24.0135 3016 clr_optimization_v2.0.50727_32 - ok
16:30:24.0254 3016 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:30:24.0407 3016 clr_optimization_v2.0.50727_64 - ok
16:30:24.0737 3016 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:30:25.0353 3016 clr_optimization_v4.0.30319_32 - ok
16:30:25.0442 3016 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:30:25.0925 3016 clr_optimization_v4.0.30319_64 - ok
16:30:26.0025 3016 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:30:26.0074 3016 CmBatt - ok
16:30:26.0186 3016 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
16:30:26.0235 3016 cmdide - ok
16:30:26.0435 3016 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
16:30:26.0491 3016 CNG - ok
16:30:26.0574 3016 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
16:30:26.0603 3016 Compbatt - ok
16:30:26.0755 3016 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
16:30:26.0772 3016 CompositeBus - ok
16:30:26.0803 3016 COMSysApp - ok
16:30:27.0034 3016 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
16:30:27.0035 3016 ConfigFree Service - ok
16:30:27.0096 3016 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
16:30:27.0151 3016 crcdisk - ok
16:30:27.0257 3016 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
16:30:27.0261 3016 CryptSvc - ok
16:30:27.0467 3016 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
16:30:27.0509 3016 DcomLaunch - ok
16:30:27.0607 3016 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:30:27.0617 3016 defragsvc - ok
16:30:27.0707 3016 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
16:30:27.0752 3016 DfsC - ok
16:30:27.0880 3016 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
16:30:27.0893 3016 Dhcp - ok
16:30:27.0929 3016 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:30:27.0951 3016 discache - ok
16:30:28.0047 3016 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
16:30:28.0056 3016 Disk - ok
16:30:28.0150 3016 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
16:30:28.0152 3016 Dnscache - ok
16:30:28.0248 3016 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
16:30:28.0259 3016 dot3svc - ok
16:30:28.0345 3016 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
16:30:28.0369 3016 DPS - ok
16:30:28.0437 3016 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:30:28.0458 3016 drmkaud - ok
16:30:28.0588 3016 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys
16:30:28.0593 3016 DXGKrnl - ok
16:30:28.0745 3016 EagleX64 - ok
16:30:28.0851 3016 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:30:28.0852 3016 EapHost - ok
16:30:29.0316 3016 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
16:30:29.0491 3016 ebdrv - ok
16:30:29.0729 3016 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:30:29.0732 3016 eeCtrl - ok
16:30:30.0082 3016 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
16:30:30.0092 3016 EFS - ok
16:30:30.0333 3016 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
16:30:30.0439 3016 ehRecvr - ok
16:30:30.0476 3016 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:30:30.0484 3016 ehSched - ok
16:30:30.0589 3016 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
16:30:30.0613 3016 elxstor - ok
16:30:30.0668 3016 enecir (524c79054636d2e5751169005006460b) C:\windows\system32\DRIVERS\enecir.sys
16:30:30.0676 3016 enecir - ok
16:30:30.0703 3016 enecirhid (e17eb95358f396e27d573a1b20f891f8) C:\windows\system32\DRIVERS\enecirhid.sys
16:30:30.0715 3016 enecirhid - ok
16:30:30.0755 3016 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\windows\system32\DRIVERS\enecirhidma.sys
16:30:30.0809 3016 enecirhidma - ok
16:30:31.0113 3016 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:30:31.0136 3016 EraserUtilRebootDrv - ok
16:30:31.0176 3016 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
16:30:31.0196 3016 ErrDev - ok
16:30:31.0255 3016 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:30:31.0265 3016 EventSystem - ok
16:30:31.0404 3016 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:30:31.0425 3016 exfat - ok
16:30:31.0479 3016 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:30:31.0521 3016 fastfat - ok
16:30:31.0692 3016 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
16:30:31.0711 3016 Fax - ok
16:30:31.0798 3016 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
16:30:31.0818 3016 fdc - ok
16:30:31.0858 3016 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:30:31.0859 3016 fdPHost - ok
16:30:31.0883 3016 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:30:31.0884 3016 FDResPub - ok
16:30:32.0052 3016 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:30:32.0062 3016 FileInfo - ok
16:30:32.0081 3016 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:30:32.0095 3016 Filetrace - ok
16:30:32.0157 3016 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
16:30:32.0182 3016 flpydisk - ok
16:30:32.0244 3016 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
16:30:32.0255 3016 FltMgr - ok
16:30:32.0493 3016 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\windows\system32\FntCache.dll
16:30:32.0530 3016 FontCache - ok
16:30:32.0639 3016 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:30:32.0736 3016 FontCache3.0.0.0 - ok
16:30:32.0825 3016 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:30:32.0843 3016 FsDepends - ok
16:30:32.0994 3016 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
16:30:33.0092 3016 fssfltr - ok
16:30:33.0547 3016 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:30:33.0656 3016 fsssvc - ok
16:30:33.0933 3016 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
16:30:34.0003 3016 Fs_Rec - ok
16:30:34.0137 3016 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
16:30:34.0167 3016 fvevol - ok
16:30:34.0237 3016 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
16:30:34.0272 3016 gagp30kx - ok
16:30:34.0563 3016 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
16:30:34.0633 3016 GameConsoleService - ok
16:30:34.0704 3016 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:30:34.0705 3016 GEARAspiWDM - ok
16:30:34.0834 3016 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
16:30:34.0878 3016 gpsvc - ok
16:30:35.0147 3016 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:30:35.0152 3016 gupdate - ok
16:30:35.0202 3016 Scan interrupted by user!
16:30:35.0202 3016 Scan interrupted by user!
16:30:35.0202 3016 Scan interrupted by user!
16:30:35.0202 3016 ============================================================
16:30:35.0202 3016 Scan finished
16:30:35.0202 3016 ============================================================
16:30:35.0211 5488 Detected object count: 1
16:30:35.0211 5488 Actual detected object count: 1
16:30:43.0120 5488 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:30:43.0120 5488 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:30:44.0567 5608 ============================================================
16:30:44.0567 5608 Scan started
16:30:44.0567 5608 Mode: Manual;
16:30:44.0567 5608 ============================================================
16:30:44.0714 5608 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
16:30:44.0715 5608 1394ohci - ok
16:30:44.0750 5608 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
16:30:44.0752 5608 ACPI - ok
16:30:44.0771 5608 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
16:30:44.0771 5608 acpials - ok
16:30:44.0799 5608 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
16:30:44.0799 5608 AcpiPmi - ok
16:30:44.0890 5608 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:30:44.0890 5608 Adobe LM Service - ok
16:30:45.0082 5608 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:30:45.0083 5608 AdobeFlashPlayerUpdateSvc - ok
16:30:45.0181 5608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
16:30:45.0184 5608 adp94xx - ok
16:30:45.0279 5608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
16:30:45.0280 5608 adpahci - ok
16:30:45.0330 5608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
16:30:45.0331 5608 adpu320 - ok
16:30:45.0370 5608 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:30:45.0371 5608 AeLookupSvc - ok
16:30:45.0440 5608 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
16:30:45.0443 5608 AFD - ok
16:30:45.0468 5608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
16:30:45.0469 5608 agp440 - ok
16:30:45.0801 5608 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
16:30:45.0801 5608 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
16:30:45.0805 5608 Akamai ( HiddenFile.Multi.Generic ) - warning
16:30:45.0805 5608 Akamai - detected HiddenFile.Multi.Generic (1)
16:30:45.0895 5608 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:30:45.0896 5608 ALG - ok
16:30:45.0925 5608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
16:30:45.0925 5608 aliide - ok
16:30:45.0945 5608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
16:30:45.0945 5608 amdide - ok
16:30:45.0950 5608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
16:30:45.0951 5608 AmdK8 - ok
16:30:45.0957 5608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:30:45.0958 5608 AmdPPM - ok
16:30:45.0996 5608 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
16:30:45.0997 5608 amdsata - ok
16:30:46.0032 5608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
16:30:46.0033 5608 amdsbs - ok
16:30:46.0066 5608 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
16:30:46.0067 5608 amdxata - ok
16:30:46.0101 5608 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
16:30:46.0102 5608 AppID - ok
16:30:46.0128 5608 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:30:46.0129 5608 AppIDSvc - ok
16:30:46.0146 5608 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
16:30:46.0147 5608 Appinfo - ok
16:30:46.0228 5608 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:30:46.0229 5608 Apple Mobile Device - ok
16:30:46.0255 5608 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
16:30:46.0256 5608 arc - ok
16:30:46.0271 5608 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
16:30:46.0272 5608 arcsas - ok
16:30:46.0346 5608 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:30:46.0347 5608 aspnet_state - ok
16:30:46.0375 5608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:30:46.0376 5608 AsyncMac - ok
16:30:46.0385 5608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
16:30:46.0385 5608 atapi - ok
16:30:46.0459 5608 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
16:30:46.0462 5608 AudioEndpointBuilder - ok
16:30:46.0467 5608 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
16:30:46.0471 5608 AudioSrv - ok
16:30:46.0490 5608 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
16:30:46.0491 5608 AxInstSV - ok
16:30:46.0536 5608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
16:30:46.0538 5608 b06bdrv - ok
16:30:46.0563 5608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:30:46.0565 5608 b57nd60a - ok
16:30:46.0735 5608 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\windows\system32\DRIVERS\bcmwl664.sys
16:30:46.0749 5608 BCM43XX - ok
16:30:46.0843 5608 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:30:46.0844 5608 BDESVC - ok
16:30:46.0873 5608 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:30:46.0874 5608 Beep - ok
16:30:46.0934 5608 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
16:30:46.0937 5608 BFE - ok
16:30:47.0193 5608 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120531.001\BHDrvx64.sys
16:30:47.0199 5608 BHDrvx64 - ok
16:30:47.0324 5608 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
16:30:47.0330 5608 BITS - ok
16:30:47.0379 5608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:30:47.0380 5608 blbdrive - ok
16:30:47.0467 5608 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:30:47.0469 5608 Bonjour Service - ok
16:30:47.0513 5608 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
16:30:47.0513 5608 bowser - ok
16:30:47.0532 5608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:30:47.0533 5608 BrFiltLo - ok
16:30:47.0552 5608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:30:47.0553 5608 BrFiltUp - ok
16:30:47.0570 5608 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
16:30:47.0571 5608 BridgeMP - ok
16:30:47.0600 5608 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
16:30:47.0601 5608 Browser - ok
16:30:47.0643 5608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:30:47.0645 5608 Brserid - ok
16:30:47.0662 5608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:30:47.0662 5608 BrSerWdm - ok
16:30:47.0675 5608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:30:47.0676 5608 BrUsbMdm - ok
16:30:47.0685 5608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:30:47.0686 5608 BrUsbSer - ok
16:30:47.0711 5608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
16:30:47.0711 5608 BTHMODEM - ok
16:30:47.0751 5608 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:30:47.0752 5608 bthserv - ok
16:30:47.0754 5608 catchme - ok
16:30:47.0778 5608 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:30:47.0778 5608 cdfs - ok
16:30:47.0795 5608 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
16:30:47.0796 5608 cdrom - ok
16:30:47.0822 5608 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
16:30:47.0823 5608 CertPropSvc - ok
16:30:47.0918 5608 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
16:30:47.0920 5608 cfWiMAXService - ok
16:30:47.0937 5608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
16:30:47.0938 5608 circlass - ok
16:30:47.0984 5608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:30:47.0986 5608 CLFS - ok
16:30:48.0049 5608 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:30:48.0050 5608 clr_optimization_v2.0.50727_32 - ok
16:30:48.0108 5608 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:30:48.0109 5608 clr_optimization_v2.0.50727_64 - ok
16:30:48.0192 5608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:30:48.0193 5608 clr_optimization_v4.0.30319_32 - ok
16:30:48.0241 5608 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:30:48.0242 5608 clr_optimization_v4.0.30319_64 - ok
16:30:48.0259 5608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:30:48.0259 5608 CmBatt - ok
16:30:48.0275 5608 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
16:30:48.0276 5608 cmdide - ok
16:30:48.0342 5608 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
16:30:48.0345 5608 CNG - ok
16:30:48.0363 5608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
16:30:48.0364 5608 Compbatt - ok
16:30:48.0377 5608 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
16:30:48.0378 5608 CompositeBus - ok
16:30:48.0381 5608 COMSysApp - ok
16:30:48.0479 5608 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
16:30:48.0480 5608 ConfigFree Service - ok
16:30:48.0507 5608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
16:30:48.0508 5608 crcdisk - ok
16:30:48.0544 5608 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
16:30:48.0545 5608 CryptSvc - ok
16:30:48.0591 5608 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
16:30:48.0594 5608 DcomLaunch - ok
16:30:48.0638 5608 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:30:48.0640 5608 defragsvc - ok
16:30:48.0673 5608 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
16:30:48.0674 5608 DfsC - ok
16:30:48.0720 5608 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
16:30:48.0722 5608 Dhcp - ok
16:30:48.0751 5608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:30:48.0752 5608 discache - ok
16:30:48.0768 5608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
16:30:48.0769 5608 Disk - ok
16:30:48.0804 5608 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
16:30:48.0806 5608 Dnscache - ok
16:30:48.0849 5608 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
16:30:48.0851 5608 dot3svc - ok
16:30:48.0866 5608 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
16:30:48.0868 5608 DPS - ok
16:30:48.0892 5608 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:30:48.0893 5608 drmkaud - ok
16:30:48.0976 5608 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys
16:30:48.0980 5608 DXGKrnl - ok
16:30:48.0983 5608 EagleX64 - ok
16:30:49.0018 5608 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:30:49.0019 5608 EapHost - ok
16:30:49.0180 5608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
16:30:49.0195 5608 ebdrv - ok
16:30:49.0272 5608 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:30:49.0275 5608 eeCtrl - ok
16:30:49.0381 5608 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
16:30:49.0382 5608 EFS - ok
16:30:49.0457 5608 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
16:30:49.0461 5608 ehRecvr - ok
16:30:49.0483 5608 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:30:49.0484 5608 ehSched - ok
16:30:49.0543 5608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
16:30:49.0546 5608 elxstor - ok
16:30:49.0577 5608 enecir (524c79054636d2e5751169005006460b) C:\windows\system32\DRIVERS\enecir.sys
16:30:49.0578 5608 enecir - ok
16:30:49.0591 5608 enecirhid (e17eb95358f396e27d573a1b20f891f8) C:\windows\system32\DRIVERS\enecirhid.sys
16:30:49.0592 5608 enecirhid - ok
16:30:49.0599 5608 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\windows\system32\DRIVERS\enecirhidma.sys
16:30:49.0600 5608 enecirhidma - ok
16:30:49.0686 5608 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:30:49.0687 5608 EraserUtilRebootDrv - ok
16:30:49.0698 5608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
16:30:49.0699 5608 ErrDev - ok
16:30:49.0744 5608 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:30:49.0747 5608 EventSystem - ok
16:30:49.0783 5608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:30:49.0784 5608 exfat - ok
16:30:49.0807 5608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:30:49.0809 5608 fastfat - ok
16:30:49.0867 5608 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
16:30:49.0871 5608 Fax - ok
16:30:49.0885 5608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
16:30:49.0886 5608 fdc - ok
16:30:49.0913 5608 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:30:49.0915 5608 fdPHost - ok
16:30:49.0926 5608 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:30:49.0927 5608 FDResPub - ok
16:30:49.0951 5608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:30:49.0952 5608 FileInfo - ok
16:30:49.0969 5608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:30:49.0970 5608 Filetrace - ok
16:30:49.0990 5608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
16:30:49.0991 5608 flpydisk - ok
16:30:50.0031 5608 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
16:30:50.0033 5608 FltMgr - ok
16:30:50.0145 5608 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\windows\system32\FntCache.dll
16:30:50.0150 5608 FontCache - ok
16:30:50.0205 5608 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:30:50.0206 5608 FontCache3.0.0.0 - ok
16:30:50.0259 5608 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:30:50.0259 5608 FsDepends - ok
16:30:50.0294 5608 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
16:30:50.0294 5608 fssfltr - ok
16:30:50.0483 5608 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:30:50.0489 5608 fsssvc - ok
16:30:50.0634 5608 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
16:30:50.0635 5608 Fs_Rec - ok
16:30:50.0674 5608 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
16:30:50.0675 5608 fvevol - ok
16:30:50.0702 5608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
16:30:50.0703 5608 gagp30kx - ok
16:30:50.0786 5608 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
16:30:50.0788 5608 GameConsoleService - ok
16:30:50.0827 5608 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:30:50.0827 5608 GEARAspiWDM - ok
16:30:50.0870 5608 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
16:30:50.0874 5608 gpsvc - ok
16:30:51.0020 5608 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:30:51.0021 5608 gupdate - ok
16:30:51.0025 5608 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:30:51.0026 5608 gupdatem - ok
16:30:51.0111 5608 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
16:30:51.0113 5608 hamachi - ok
16:30:51.0318 5608 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
16:30:51.0357 5608 Hamachi2Svc - ok
16:30:51.0559 5608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:30:51.0561 5608 hcw85cir - ok
16:30:51.0621 5608 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
16:30:51.0667 5608 HdAudAddService - ok
16:30:51.0728 5608 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
16:30:51.0729 5608 HDAudBus - ok
16:30:51.0788 5608 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
16:30:51.0814 5608 HECIx64 - ok
16:30:51.0839 5608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
16:30:51.0840 5608 HidBatt - ok
16:30:51.0870 5608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
16:30:51.0901 5608 HidBth - ok
16:30:51.0959 5608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
16:30:51.0961 5608 HidIr - ok
16:30:51.0985 5608 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
16:30:51.0986 5608 hidserv - ok
16:30:52.0039 5608 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
16:30:52.0055 5608 HidUsb - ok
16:30:52.0089 5608 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
16:30:52.0112 5608 hkmsvc - ok
16:30:52.0150 5608 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
16:30:52.0166 5608 HomeGroupListener - ok
16:30:52.0216 5608 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
16:30:52.0219 5608 HomeGroupProvider - ok
16:30:52.0248 5608 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
16:30:52.0250 5608 HpSAMD - ok
16:30:52.0333 5608 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
16:30:52.0369 5608 HTTP - ok
16:30:52.0419 5608 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
16:30:52.0420 5608 hwpolicy - ok
16:30:52.0473 5608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:30:52.0475 5608 i8042prt - ok
16:30:52.0577 5608 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
16:30:52.0580 5608 iaStor - ok
16:30:52.0650 5608 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
16:30:52.0655 5608 iaStorV - ok
16:30:52.0801 5608 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:30:52.0854 5608 IDriverT - ok
16:30:52.0976 5608 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:30:53.0228 5608 idsvc - ok
16:30:53.0699 5608 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120613.007\IDSvia64.sys
16:30:53.0702 5608 IDSVia64 - ok
16:30:55.0181 5608 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys
16:30:55.0431 5608 igfx - ok
16:30:55.0523 5608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
16:30:55.0525 5608 iirsp - ok
16:30:55.0584 5608 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
16:30:55.0593 5608 IKEEXT - ok
16:30:55.0669 5608 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
16:30:55.0688 5608 Impcd - ok
16:30:56.0018 5608 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
16:30:56.0029 5608 IntcAzAudAddService - ok
16:30:56.0285 5608 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
16:30:56.0305 5608 IntcDAud - ok
16:30:56.0381 5608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
16:30:56.0392 5608 intelide - ok
16:30:56.0422 5608 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:30:56.0422 5608 intelppm - ok
16:30:56.0496 5608 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:30:56.0498 5608 IPBusEnum - ok
16:30:56.0594 5608 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:30:56.0599 5608 IpFilterDriver - ok
16:30:56.0882 5608 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
16:30:56.0904 5608 iphlpsvc - ok
16:30:56.0941 5608 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
16:30:56.0960 5608 IPMIDRV - ok
16:30:56.0970 5608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:30:56.0972 5608 IPNAT - ok
16:30:57.0105 5608 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
16:30:57.0175 5608 iPod Service - ok
16:30:57.0227 5608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:30:57.0241 5608 IRENUM - ok
16:30:57.0286 5608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
16:30:57.0299 5608 isapnp - ok
16:30:57.0330 5608 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
16:30:57.0362 5608 iScsiPrt - ok
16:30:57.0429 5608 JMCR (25d602ae635a0443458fbed1a8b6e4e9) C:\windows\system32\DRIVERS\jmcr.sys
16:30:57.0456 5608 JMCR - ok
16:30:57.0487 5608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:30:57.0512 5608 kbdclass - ok
16:30:57.0570 5608 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
16:30:57.0572 5608 kbdhid - ok
16:30:57.0649 5608 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:30:57.0651 5608 KeyIso - ok
16:30:57.0668 5608 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
16:30:57.0707 5608 KSecDD - ok
16:30:57.0768 5608 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
16:30:57.0772 5608 KSecPkg - ok
16:30:57.0828 5608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:30:57.0829 5608 ksthunk - ok
16:30:57.0895 5608 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:30:58.0003 5608 KtmRm - ok
16:30:58.0101 5608 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
16:30:58.0104 5608 LanmanServer - ok
16:30:58.0198 5608 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
16:30:58.0202 5608 LanmanWorkstation - ok
16:30:58.0335 5608 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:30:58.0377 5608 lltdio - ok
16:30:58.0422 5608 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:30:58.0477 5608 lltdsvc - ok
16:30:58.0536 5608 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:30:58.0537 5608 lmhosts - ok
16:30:58.0841 5608 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:30:58.0854 5608 LMS - ok
16:30:58.0937 5608 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
16:30:59.0008 5608 LPCFilter - ok
16:30:59.0055 5608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
16:30:59.0074 5608 LSI_FC - ok
16:30:59.0118 5608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
16:30:59.0146 5608 LSI_SAS - ok
16:30:59.0192 5608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:30:59.0226 5608 LSI_SAS2 - ok
16:30:59.0269 5608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:30:59.0271 5608 LSI_SCSI - ok
16:30:59.0325 5608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:30:59.0327 5608 luafv - ok
16:30:59.0355 5608 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
16:30:59.0381 5608 Mcx2Svc - ok
16:30:59.0424 5608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
16:30:59.0426 5608 megasas - ok
16:30:59.0441 5608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
16:30:59.0445 5608 MegaSR - ok
16:30:59.0592 5608 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:30:59.0601 5608 Microsoft Office Groove Audit Service - ok
16:30:59.0657 5608 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:30:59.0658 5608 MMCSS - ok
16:30:59.0826 5608 mod7700 (551d2ab26007aaeaa246872501ac8c17) C:\windows\system32\Drivers\dvb7700all.sys
16:30:59.0830 5608 mod7700 - ok
16:30:59.0852 5608 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:30:59.0854 5608 Modem - ok
16:30:59.0903 5608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:30:59.0904 5608 monitor - ok
16:30:59.0970 5608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:30:59.0971 5608 mouclass - ok
16:31:00.0029 5608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:31:00.0030 5608 mouhid - ok
16:31:00.0093 5608 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
16:31:00.0095 5608 mountmgr - ok
16:31:00.0121 5608 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
16:31:00.0124 5608 mpio - ok
16:31:00.0180 5608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:31:00.0181 5608 mpsdrv - ok
16:31:00.0268 5608 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
16:31:00.0276 5608 MpsSvc - ok
16:31:00.0300 5608 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
16:31:00.0303 5608 MRxDAV - ok
16:31:00.0345 5608 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
16:31:00.0368 5608 mrxsmb - ok
16:31:00.0415 5608 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:31:00.0452 5608 mrxsmb10 - ok
16:31:00.0500 5608 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:31:00.0502 5608 mrxsmb20 - ok
16:31:00.0549 5608 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
16:31:00.0551 5608 msahci - ok
16:31:00.0568 5608 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
16:31:00.0571 5608 msdsm - ok
16:31:00.0620 5608 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:31:00.0623 5608 MSDTC - ok
16:31:00.0670 5608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:31:00.0671 5608 Msfs - ok
16:31:00.0708 5608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:31:00.0710 5608 mshidkmdf - ok
16:31:00.0725 5608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
16:31:00.0726 5608 msisadrv - ok
16:31:00.0755 5608 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:31:00.0773 5608 MSiSCSI - ok
16:31:00.0775 5608 msiserver - ok
16:31:00.0847 5608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:31:00.0849 5608 MSKSSRV - ok
16:31:00.0867 5608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:31:00.0868 5608 MSPCLOCK - ok
16:31:00.0872 5608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:31:00.0874 5608 MSPQM - ok
16:31:00.0906 5608 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
16:31:00.0911 5608 MsRPC - ok
16:31:00.0961 5608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
16:31:00.0962 5608 mssmbios - ok
16:31:01.0021 5608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:31:01.0022 5608 MSTEE - ok
16:31:01.0025 5608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
16:31:01.0027 5608 MTConfig - ok
16:31:01.0071 5608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:31:01.0072 5608 Mup - ok
16:31:01.0309 5608 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
16:31:01.0310 5608 N360 - ok
16:31:01.0400 5608 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
16:31:01.0427 5608 napagent - ok
16:31:01.0517 5608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:31:01.0521 5608 NativeWifiP - ok
16:31:01.0809 5608 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120616.009\ENG64.SYS
16:31:01.0810 5608 NAVENG - ok
16:31:01.0989 5608 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120616.009\EX64.SYS
16:31:02.0000 5608 NAVEX15 - ok
16:31:02.0239 5608 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
16:31:02.0276 5608 NDIS - ok
16:31:02.0338 5608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:31:02.0340 5608 NdisCap - ok
16:31:02.0386 5608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:31:02.0387 5608 NdisTapi - ok
16:31:02.0431 5608 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
16:31:02.0432 5608 Ndisuio - ok
16:31:02.0463 5608 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
16:31:02.0465 5608 NdisWan - ok
16:31:02.0479 5608 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
16:31:02.0497 5608 NDProxy - ok
16:31:02.0543 5608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:31:02.0545 5608 NetBIOS - ok
16:31:02.0570 5608 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
16:31:02.0574 5608 NetBT - ok
16:31:02.0649 5608 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:31:02.0651 5608 Netlogon - ok
16:31:02.0706 5608 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:31:02.0745 5608 Netman - ok
16:31:02.0919 5608 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:03.0014 5608 NetMsmqActivator - ok
16:31:03.0032 5608 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:03.0034 5608 NetPipeActivator - ok
16:31:03.0109 5608 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:31:03.0151 5608 netprofm - ok
16:31:03.0177 5608 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:03.0179 5608 NetTcpActivator - ok
16:31:03.0181 5608 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:31:03.0183 5608 NetTcpPortSharing - ok
16:31:03.0281 5608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
16:31:03.0306 5608 nfrd960 - ok
16:31:03.0475 5608 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
16:31:03.0493 5608 NlaSvc - ok
16:31:03.0548 5608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:31:03.0556 5608 Npfs - ok
16:31:03.0584 5608 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:31:03.0585 5608 nsi - ok
16:31:03.0604 5608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:31:03.0616 5608 nsiproxy - ok
16:31:03.0734 5608 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
16:31:03.0776 5608 Ntfs - ok
16:31:04.0027 5608 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:31:04.0033 5608 Null - ok
16:31:05.0695 5608 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\windows\system32\DRIVERS\nvlddmkm.sys
16:31:05.0757 5608 nvlddmkm - ok
16:31:05.0964 5608 nvpciflt (715d45ed30003fc70cfa0d9c6dd0b538) C:\windows\system32\DRIVERS\nvpciflt.sys
16:31:05.0985 5608 nvpciflt - ok
16:31:06.0053 5608 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
16:31:06.0077 5608 nvraid - ok
16:31:06.0137 5608 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
16:31:06.0163 5608 nvstor - ok
16:31:06.0325 5608 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\windows\system32\nvvsvc.exe
16:31:06.0330 5608 nvsvc - ok
16:31:06.0528 5608 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:31:06.0534 5608 nvUpdatusService - ok
16:31:06.0681 5608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
16:31:06.0687 5608 nv_agp - ok
16:31:06.0847 5608 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:31:06.0888 5608 odserv - ok
16:31:06.0941 5608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
16:31:06.0944 5608 ohci1394 - ok
16:31:07.0005 5608 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:31:07.0033 5608 ose - ok
16:31:07.0099 5608 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:31:07.0103 5608 p2pimsvc - ok
16:31:07.0135 5608 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:31:07.0140 5608 p2psvc - ok
16:31:07.0167 5608 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
16:31:07.0171 5608 Parport - ok
16:31:07.0216 5608 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
16:31:07.0219 5608 partmgr - ok
16:31:07.0258 5608 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:31:07.0262 5608 PcaSvc - ok
16:31:07.0292 5608 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
16:31:07.0295 5608 pci - ok
16:31:07.0338 5608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
16:31:07.0339 5608 pciide - ok
16:31:07.0362 5608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
16:31:07.0378 5608 pcmcia - ok
16:31:07.0390 5608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:31:07.0392 5608 pcw - ok
16:31:07.0427 5608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:31:07.0435 5608 PEAUTH - ok
16:31:07.0584 5608 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:31:07.0586 5608 PerfHost - ok
16:31:07.0669 5608 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
16:31:07.0670 5608 PGEffect - ok
16:31:07.0796 5608 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
16:31:07.0839 5608 pla - ok
16:31:07.0910 5608 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
16:31:07.0920 5608 PlugPlay - ok
16:31:07.0951 5608 PnkBstrA - ok
16:31:08.0014 5608 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:31:08.0016 5608 PNRPAutoReg - ok
16:31:08.0039 5608 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:31:08.0042 5608 PNRPsvc - ok
16:31:08.0105 5608 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
16:31:08.0112 5608 PolicyAgent - ok
16:31:08.0168 5608 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:31:08.0172 5608 Power - ok
16:31:08.0288 5608 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
16:31:08.0308 5608 PptpMiniport - ok
16:31:08.0335 5608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
16:31:08.0337 5608 Processor - ok
16:31:08.0372 5608 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
16:31:08.0376 5608 ProfSvc - ok
16:31:08.0427 5608 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:31:08.0436 5608 ProtectedStorage - ok
16:31:08.0519 5608 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
16:31:08.0523 5608 Psched - ok
16:31:08.0707 5608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
16:31:08.0805 5608 ql2300 - ok
16:31:09.0053 5608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
16:31:09.0074 5608 ql40xx - ok
16:31:09.0108 5608 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:31:09.0112 5608 QWAVE - ok
16:31:09.0131 5608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:31:09.0132 5608 QWAVEdrv - ok
16:31:09.0152 5608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:31:09.0154 5608 RasAcd - ok
16:31:09.0210 5608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:31:09.0216 5608 RasAgileVpn - ok
16:31:09.0238 5608 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:31:09.0241 5608 RasAuto - ok
16:31:09.0289 5608 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
16:31:09.0291 5608 Rasl2tp - ok
16:31:09.0315 5608 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
16:31:09.0319 5608 RasMan - ok
16:31:09.0342 5608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:31:09.0345 5608 RasPppoe - ok
16:31:09.0402 5608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:31:09.0404 5608 RasSstp - ok
16:31:09.0435 5608 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
16:31:09.0444 5608 rdbss - ok
16:31:09.0456 5608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
16:31:09.0457 5608 rdpbus - ok
16:31:09.0514 5608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:31:09.0520 5608 RDPCDD - ok
16:31:09.0532 5608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:31:09.0533 5608 RDPENCDD - ok
16:31:09.0547 5608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:31:09.0549 5608 RDPREFMP - ok
16:31:09.0615 5608 RDPWD (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
16:31:09.0702 5608 RDPWD - ok
16:31:09.0809 5608 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
16:31:09.0829 5608 rdyboost - ok
16:31:09.0864 5608 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:31:09.0866 5608 RemoteAccess - ok
16:31:09.0886 5608 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:31:09.0905 5608 RemoteRegistry - ok
16:31:09.0950 5608 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:31:09.0952 5608 RpcEptMapper - ok
16:31:09.0990 5608 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:31:10.0018 5608 RpcLocator - ok
16:31:10.0072 5608 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
16:31:10.0076 5608 RpcSs - ok
16:31:10.0140 5608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:31:10.0170 5608 rspndr - ok
16:31:10.0237 5608 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
16:31:10.0258 5608 RTL8167 - ok
16:31:10.0458 5608 RUBotSrv (a0eea6f631349d0e0b7a6caa7e099cb0) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
16:31:10.0511 5608 RUBotSrv - ok
16:31:10.0561 5608 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:31:10.0562 5608 SamSs - ok
16:31:10.0612 5608 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
16:31:10.0619 5608 sbp2port - ok
16:31:10.0645 5608 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:31:10.0677 5608 SCardSvr - ok
16:31:10.0702 5608 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
16:31:10.0703 5608 scfilter - ok
16:31:10.0855 5608 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
16:31:10.0895 5608 Schedule - ok
16:31:10.0923 5608 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
16:31:10.0924 5608 SCPolicySvc - ok
16:31:10.0985 5608 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
16:31:11.0003 5608 sdbus - ok
16:31:11.0048 5608 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
16:31:11.0069 5608 SDRSVC - ok
16:31:11.0125 5608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:31:11.0126 5608 secdrv - ok
16:31:11.0148 5608 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
16:31:11.0150 5608 seclogon - ok
16:31:11.0167 5608 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
16:31:11.0169 5608 SENS - ok
16:31:11.0199 5608 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:31:11.0217 5608 SensrSvc - ok
16:31:11.0267 5608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
16:31:11.0269 5608 Serenum - ok
16:31:11.0332 5608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
16:31:11.0334 5608 Serial - ok
16:31:11.0383 5608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
16:31:11.0384 5608 sermouse - ok
16:31:11.0420 5608 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
16:31:11.0423 5608 SessionEnv - ok
16:31:11.0441 5608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
16:31:11.0443 5608 sffdisk - ok
16:31:11.0446 5608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
16:31:11.0448 5608 sffp_mmc - ok
16:31:11.0470 5608 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
16:31:11.0471 5608 sffp_sd - ok
16:31:11.0520 5608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
16:31:11.0522 5608 sfloppy - ok
16:31:11.0609 5608 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
16:31:11.0622 5608 SharedAccess - ok
16:31:11.0667 5608 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
16:31:11.0678 5608 ShellHWDetection - ok
16:31:11.0700 5608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:31:11.0702 5608 SiSRaid2 - ok
16:31:11.0707 5608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
16:31:11.0709 5608 SiSRaid4 - ok
16:31:11.0733 5608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:31:11.0735 5608 Smb - ok
16:31:11.0769 5608 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
16:31:11.0776 5608 SNMPTRAP - ok
16:31:11.0949 5608 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\windows\syswow64\speedfan.sys
16:31:12.0012 5608 speedfan - ok
16:31:12.0037 5608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:31:12.0039 5608 spldr - ok
16:31:12.0114 5608 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
16:31:12.0143 5608 Spooler - ok
16:31:12.0571 5608 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
16:31:12.0640 5608 sppsvc - ok
16:31:12.0816 5608 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
16:31:12.0829 5608 sppuinotify - ok
16:31:13.0082 5608 sptd (a6cff1af7664627a296b6a0a96cf876e) C:\windows\System32\Drivers\sptd.sys
16:31:13.0083 5608 Suspicious file (NoAccess): C:\windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e
16:31:13.0083 5608 sptd ( LockedFile.Multi.Generic ) - warning
16:31:13.0083 5608 sptd - detected LockedFile.Multi.Generic (1)
16:31:13.0322 5608 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
16:31:13.0326 5608 SRTSP - ok
16:31:13.0380 5608 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
16:31:13.0381 5608 SRTSPX - ok
16:31:13.0487 5608 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
16:31:13.0529 5608 srv - ok
16:31:13.0559 5608 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
16:31:13.0565 5608 srv2 - ok
16:31:13.0628 5608 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
16:31:13.0652 5608 srvnet - ok
16:31:13.0708 5608 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
16:31:13.0711 5608 SSDPSRV - ok
16:31:13.0742 5608 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
16:31:13.0744 5608 SstpSvc - ok
16:31:13.0821 5608 Steam Client Service - ok
16:31:13.0857 5608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
16:31:13.0858 5608 stexstor - ok
16:31:13.0943 5608 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
16:31:13.0950 5608 stisvc - ok
16:31:13.0978 5608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
16:31:13.0979 5608 swenum - ok
16:31:14.0198 5608 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:31:14.0306 5608 SwitchBoard - ok
16:31:14.0379 5608 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
16:31:14.0386 5608 swprv - ok
16:31:14.0566 5608 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
16:31:14.0595 5608 SymDS - ok
16:31:14.0802 5608 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
16:31:14.0902 5608 SymEFA - ok
16:31:14.0979 5608 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
16:31:14.0981 5608 SymEvent - ok
16:31:15.0051 5608 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
16:31:15.0076 5608 SymIRON - ok
16:31:15.0149 5608 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
16:31:15.0152 5608 SymNetS - ok
16:31:15.0247 5608 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
16:31:15.0249 5608 SynTP - ok
16:31:15.0424 5608 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
16:31:15.0474 5608 SysMain - ok
16:31:15.0658 5608 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
16:31:15.0678 5608 TabletInputService - ok
16:31:15.0710 5608 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
16:31:15.0714 5608 TapiSrv - ok
16:31:15.0743 5608 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
16:31:15.0745 5608 TBS - ok
16:31:16.0024 5608 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
16:31:16.0101 5608 Tcpip - ok
16:31:16.0459 5608 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
16:31:16.0459 5608 TCPIP6 - ok
16:31:16.0693 5608 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
16:31:16.0709 5608 tcpipreg - ok
16:31:16.0787 5608 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:31:16.0803 5608 tdcmdpst - ok
16:31:16.0849 5608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:31:16.0881 5608 TDPIPE - ok
16:31:16.0927 5608 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
16:31:16.0959 5608 TDTCP - ok
16:31:17.0021 5608 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
16:31:17.0021 5608 tdx - ok
16:31:17.0068 5608 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
16:31:17.0068 5608 TermDD - ok
16:31:17.0130 5608 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
16:31:17.0130 5608 TermService - ok
16:31:17.0208 5608 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
16:31:17.0208 5608 Themes - ok
16:31:17.0302 5608 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
16:31:17.0317 5608 Thpdrv - ok
16:31:17.0380 5608 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
16:31:17.0411 5608 Thpevm - ok
16:31:17.0505 5608 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
16:31:17.0505 5608 Thpsrv - ok
16:31:17.0536 5608 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:31:17.0536 5608 THREADORDER - ok
16:31:17.0707 5608 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:31:17.0785 5608 TMachInfo - ok
16:31:17.0848 5608 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe
16:31:17.0848 5608 TODDSrv - ok
16:31:18.0019 5608 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:31:18.0035 5608 TosCoSrv - ok
16:31:18.0191 5608 TOSHIBA Bluetooth Service (895f6972480306cb2a2a246991e34c68) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:31:18.0238 5608 TOSHIBA Bluetooth Service - ok
16:31:18.0300 5608 TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:31:18.0300 5608 TOSHIBA eco Utility Service - ok
16:31:18.0347 5608 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:31:18.0363 5608 TOSHIBA HDD SSD Alert Service - ok
16:31:18.0581 5608 toshidpt (755e5ca34d6186fc0e1430cd47e6e97c) C:\windows\system32\drivers\Toshidpt.sys
16:31:18.0612 5608 toshidpt - ok
16:31:18.0675 5608 tosporte (8021f63311797085949fa387f7c83583) C:\windows\system32\DRIVERS\tosporte.sys
16:31:18.0675 5608 tosporte - ok
16:31:18.0721 5608 tosrfbd (1b09357180034639e62cf745e77ac66e) C:\windows\system32\DRIVERS\tosrfbd.sys
16:31:18.0737 5608 tosrfbd - ok
16:31:18.0768 5608 tosrfbnp (62512b5277d88600f8bd4b7aec43569d) C:\windows\system32\Drivers\tosrfbnp.sys
16:31:18.0768 5608 tosrfbnp - ok
16:31:18.0815 5608 Tosrfcom (c523a9186c39d65cc9adebb2e1b93ccd) C:\windows\system32\Drivers\tosrfcom.sys
16:31:18.0815 5608 Tosrfcom - ok
16:31:18.0893 5608 tosrfec (11699d47b3491d86249c168496d55c92) C:\windows\system32\DRIVERS\tosrfec.sys
16:31:18.0893 5608 tosrfec - ok
16:31:18.0987 5608 Tosrfhid (451b8c1815c6cc39650af916c2a382cd) C:\windows\system32\DRIVERS\Tosrfhid.sys
16:31:18.0987 5608 Tosrfhid - ok
16:31:19.0033 5608 tosrfnds (b6fdc3c76ffe9c5171eea9c37ea367c2) C:\windows\system32\DRIVERS\tosrfnds.sys
16:31:19.0111 5608 tosrfnds - ok
16:31:19.0158 5608 TosRfSnd (e1e045240c1184fa6628f3c7e7ff85d8) C:\windows\system32\drivers\tosrfsnd.sys
16:31:19.0189 5608 TosRfSnd - ok
16:31:19.0236 5608 Tosrfusb (de44a2a2459d0504f146e599f4bd2074) C:\windows\system32\DRIVERS\tosrfusb.sys
16:31:19.0236 5608 Tosrfusb - ok
16:31:19.0361 5608 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
16:31:19.0423 5608 tos_sps64 - ok
16:31:19.0611 5608 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:31:19.0657 5608 TPCHSrv - ok
16:31:19.0876 5608 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
16:31:19.0891 5608 TrkWks - ok
16:31:20.0047 5608 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
16:31:20.0047 5608 TrustedInstaller - ok
16:31:20.0094 5608 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
16:31:20.0094 5608 tssecsrv - ok
16:31:20.0141 5608 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
16:31:20.0141 5608 tunnel - ok
16:31:20.0203 5608 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:31:20.0235 5608 TVALZ - ok
16:31:20.0266 5608 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
16:31:20.0297 5608 TVALZFL - ok
16:31:20.0328 5608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
16:31:20.0359 5608 uagp35 - ok
16:31:20.0406 5608 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
16:31:20.0422 5608 udfs - ok
16:31:20.0437 5608 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
16:31:20.0469 5608 UI0Detect - ok
16:31:20.0531 5608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
16:31:20.0531 5608 uliagpkx - ok
16:31:20.0593 5608 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
16:31:20.0593 5608 umbus - ok
16:31:20.0609 5608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
16:31:20.0609 5608 UmPass - ok
16:31:21.0108 5608 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:31:21.0155 5608 UNS - ok
16:31:21.0358 5608 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
16:31:21.0420 5608 upnphost - ok
16:31:21.0529 5608 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
16:31:21.0576 5608 USBAAPL64 - ok
16:31:21.0607 5608 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
16:31:21.0639 5608 usbccgp - ok
16:31:21.0685 5608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
16:31:21.0732 5608 usbcir - ok
16:31:21.0763 5608 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
16:31:21.0763 5608 usbehci - ok
16:31:21.0795 5608 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
16:31:21.0795 5608 usbhub - ok
16:31:21.0826 5608 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
16:31:21.0841 5608 usbohci - ok
16:31:21.0857 5608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:31:21.0857 5608 usbprint - ok
16:31:21.0904 5608 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:31:21.0904 5608 USBSTOR - ok
16:31:21.0966 5608 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
16:31:21.0982 5608 usbuhci - ok
16:31:22.0060 5608 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
16:31:22.0075 5608 usbvideo - ok
16:31:22.0091 5608 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
16:31:22.0091 5608 UxSms - ok
16:31:22.0153 5608 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:31:22.0153 5608 VaultSvc - ok
16:31:22.0216 5608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
16:31:22.0216 5608 vdrvroot - ok
16:31:22.0294 5608 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
16:31:22.0325 5608 vds - ok
16:31:22.0372 5608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:31:22.0387 5608 vga - ok
16:31:22.0419 5608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:31:22.0419 5608 VgaSave - ok
16:31:22.0450 5608 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
16:31:22.0465 5608 vhdmp - ok
16:31:22.0512 5608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
16:31:22.0512 5608 viaide - ok
16:31:22.0543 5608 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
16:31:22.0543 5608 volmgr - ok
16:31:22.0590 5608 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
16:31:22.0590 5608 volmgrx - ok
16:31:22.0637 5608 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
16:31:22.0653 5608 volsnap - ok
16:31:22.0668 5608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
16:31:22.0699 5608 vsmraid - ok
16:31:22.0887 5608 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
16:31:22.0933 5608 VSS - ok
16:31:23.0136 5608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:31:23.0183 5608 vwifibus - ok
16:31:23.0199 5608 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:31:23.0199 5608 vwififlt - ok
16:31:23.0277 5608 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
16:31:23.0292 5608 W32Time - ok
16:31:23.0308 5608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
16:31:23.0308 5608 WacomPen - ok
16:31:23.0386 5608 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
16:31:23.0401 5608 WANARP - ok
16:31:23.0401 5608 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
16:31:23.0401 5608 Wanarpv6 - ok
16:31:23.0635 5608 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
16:31:23.0729 5608 WatAdminSvc - ok
16:31:23.0932 5608 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
16:31:23.0979 5608 wbengine - ok
16:31:24.0150 5608 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
16:31:24.0166 5608 WbioSrvc - ok
16:31:24.0213 5608 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
16:31:24.0244 5608 wcncsvc - ok
16:31:24.0291 5608 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
16:31:24.0306 5608 WcsPlugInService - ok
16:31:24.0369 5608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
16:31:24.0369 5608 Wd - ok
16:31:24.0415 5608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:31:24.0447 5608 Wdf01000 - ok
16:31:24.0478 5608 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:31:24.0478 5608 WdiServiceHost - ok
16:31:24.0478 5608 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:31:24.0478 5608 WdiSystemHost - ok
16:31:24.0571 5608 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
16:31:24.0618 5608 WebClient - ok
16:31:24.0665 5608 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
16:31:24.0696 5608 Wecsvc - ok
16:31:24.0743 5608 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
16:31:24.0743 5608 wercplsupport - ok
16:31:24.0821 5608 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
16:31:24.0837 5608 WerSvc - ok
16:31:24.0930 5608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:31:24.0961 5608 WfpLwf - ok
16:31:24.0977 5608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:31:24.0993 5608 WIMMount - ok
16:31:25.0039 5608 WinDefend - ok
16:31:25.0086 5608 WinHttpAutoProxySvc - ok
16:31:25.0164 5608 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
16:31:25.0180 5608 Winmgmt - ok
16:31:25.0398 5608 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
16:31:25.0461 5608 WinRM - ok
16:31:25.0663 5608 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
16:31:25.0679 5608 WinUsb - ok
16:31:25.0757 5608 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
16:31:25.0773 5608 Wlansvc - ok
16:31:25.0929 5608 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:31:25.0944 5608 wlcrasvc - ok
16:31:26.0272 5608 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:31:26.0350 5608 wlidsvc - ok
16:31:26.0615 5608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
16:31:26.0631 5608 WmiAcpi - ok
16:31:26.0693 5608 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
16:31:26.0724 5608 wmiApSrv - ok
16:31:26.0802 5608 WMPNetworkSvc - ok
16:31:26.0880 5608 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
16:31:26.0896 5608 WPCSvc - ok
16:31:26.0989 5608 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
16:31:26.0989 5608 WPDBusEnum - ok
16:31:27.0005 5608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:31:27.0005 5608 ws2ifsl - ok
16:31:27.0052 5608 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
16:31:27.0067 5608 wscsvc - ok
16:31:27.0114 5608 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
16:31:27.0114 5608 WSDPrintDevice - ok
16:31:27.0130 5608 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\windows\system32\DRIVERS\WSDScan.sys
16:31:27.0130 5608 WSDScan - ok
16:31:27.0130 5608 WSearch - ok
16:31:27.0333 5608 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
16:31:27.0411 5608 wuauserv - ok
16:31:27.0598 5608 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
16:31:27.0613 5608 WudfPf - ok
16:31:27.0629 5608 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
16:31:27.0645 5608 WUDFRd - ok
16:31:27.0676 5608 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
16:31:27.0676 5608 wudfsvc - ok
16:31:27.0707 5608 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
16:31:27.0738 5608 WwanSvc - ok
16:31:27.0801 5608 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
16:31:28.0144 5608 \Device\Harddisk0\DR0 - ok
16:31:28.0159 5608 Boot (0x1200) (c08d870c9e261cb15a6d6e6ade1b5d99) \Device\Harddisk0\DR0\Partition0
16:31:28.0159 5608 \Device\Harddisk0\DR0\Partition0 - ok
16:31:28.0159 5608 ============================================================
16:31:28.0159 5608 Scan finished
16:31:28.0159 5608 ============================================================
16:31:28.0175 3628 Detected object count: 2
16:31:28.0175 3628 Actual detected object count: 2
16:32:45.0061 3628 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:32:45.0061 3628 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:32:45.0061 3628 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:32:45.0061 3628 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 18 June 2012 - 06:33 AM

use system restore to before you had this problem



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 SamySam

SamySam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:11:00 AM

Posted 18 June 2012 - 04:33 PM

System Restore back to before The virus, or back to before I used combofix?

I would restore back to before I had the virus, but the problem is, I don't know when I had the virus.

I Used do Full and quick scans with Norton 360, but only a few days ago did I use Norton Power Eraser.

when I used Norton Power Eraser, This was the first time I had heard of the problem/Virus

And also did you see the other topics I Linked Above?

Edited by SamySam, 18 June 2012 - 04:36 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 18 June 2012 - 08:57 PM

Yes I did see - but I still do not see anything that was removed


I want you to do system restore to before the problem with the video card


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 SamySam

SamySam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:11:00 AM

Posted 19 June 2012 - 03:00 AM

Hey Gringo,

Restored successfully to before running combofix and games Recognize My Nvidia card
And run like what they did before I used combofix.

What could be our next step?

~SamySam

Edited by SamySam, 19 June 2012 - 03:01 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 19 June 2012 - 03:11 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 SamySam

SamySam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:11:00 AM

Posted 19 June 2012 - 03:28 AM

Norton isn't Liking this file, Some sort of False positive maybe?

Here is there OTL.txt



OTL logfile created on: 6/19/2012 6:17:00 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Samuel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.80 Gb Total Physical Memory | 3.65 Gb Available Physical Memory | 63.00% Memory free
11.60 Gb Paging File | 9.26 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.85 Gb Total Space | 154.43 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
Drive D: | 680.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SAMUEL-PC | User Name: Samuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Samuel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\Samuel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys (Symantec Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys (Symantec Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (toshidpt) -- C:\Windows\SysNative\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120618.017_2b7\ex64.sys (Symantec Corporation)
DRV - (EraserUtilDrv11210) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120618.017_2b7\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120613.007\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120531.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Samuel\Desktop
IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\..\SearchScopes,DefaultScope = {091D6BEE-5808-4755-AC5F-440190273099}
IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\..\SearchScopes\{091D6BEE-5808-4755-AC5F-440190273099}: "URL" = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=AU&ver=5
IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1005\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1005\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Searchqu Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/413"
FF - prefs.js..keyword.URL: "http://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Samuel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Samuel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Samuel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/10 21:17:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/05/21 00:46:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_9_4 [2012/06/19 16:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/24 16:43:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/21 16:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel\AppData\Roaming\Mozilla\Extensions
[2012/02/06 18:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions
[2011/12/31 13:25:37 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/02/06 18:34:35 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\toolbar@ask.com
[2011/12/31 13:25:32 | 000,002,520 | ---- | M] () -- C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\searchplugins\SearchResults.xml
[2012/05/21 16:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/31 13:19:22 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/12/31 13:19:23 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2012/05/21 00:46:01 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2011/11/04 23:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/25 11:03:48 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/11/04 20:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/31 13:25:32 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/04 20:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Samuel\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Samuel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: WOT = C:\Users\Samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: YouTube = C:\Users\Samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/28 16:43:33 | 000,001,339 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001..\Run: [Akamai NetSession Interface] C:\Users\Samuel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames.com/plugins/activex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18}: DhcpNameServer = 192.168.123.254 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{436238F1-2C86-4D76-81EE-5C3A8F771B18}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\19.0.1084.56\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001 Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001 Winlogon: Shell - (C:\Users\Samuel\AppData\Local\Temp\Netwrk\RtlUId.exe) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/02 17:23:35 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/10/22 22:40:56 | 000,000,107 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7afef113-5c53-11e0-abaa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7afef113-5c53-11e0-abaa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{f779926a-b552-11e0-8ece-1c7508899b5a}\Shell - "" = AutoRun
O33 - MountPoints2\{f779926a-b552-11e0-8ece-1c7508899b5a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 18:13:25 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Samuel\Desktop\OTL.exe
[2012/06/19 16:56:46 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{8464EA89-28EC-4D13-BF0F-C6FD19316DE9}
[2012/06/17 17:24:16 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/06/17 16:37:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/17 16:36:52 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/06/17 14:35:21 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[2012/06/17 08:00:41 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Desktop\Logs
[2012/06/16 20:56:58 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{18F0252E-31CC-478E-BDF3-D1170C690081}
[2012/06/16 19:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/06/16 19:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/16 17:50:41 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Desktop\Crysis2AdvancedGraphicsOptionsV1_8
[2012/06/16 12:06:17 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Documents\FLiNGTrainer
[2012/06/16 11:32:24 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\SniperV2
[2012/06/16 11:31:24 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\SKIDROW
[2012/06/16 11:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012/06/16 11:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rebellion
[2012/06/15 16:30:52 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{51B91564-90D3-4AE9-AD87-194538CF4480}
[2012/06/13 16:46:22 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{10E9207C-DD67-4FCD-90FE-7F5DEEC2FE26}
[2012/06/13 16:45:55 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{3D9663D0-004F-4103-9035-F3F914919CF8}
[2012/06/13 16:04:18 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{26E2ED13-AE20-450E-90E1-D7B258DAE392}
[2012/06/12 18:36:31 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\Hardcore
[2012/06/12 16:38:36 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\cef_data
[2012/06/11 21:30:58 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{B9389FFD-D383-45F2-B3CC-A5604785F335}
[2012/06/11 11:55:39 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{78714DC6-82DB-42F7-9808-9A9E79CF88EB}
[2012/06/08 21:58:30 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/06/08 21:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2012/06/08 21:57:33 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\windows\SysWow64\rewire.dll
[2012/06/08 21:57:31 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Documents\Image-Line
[2012/06/08 21:57:22 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\windows\SysWow64\vorbis.acm
[2012/06/08 21:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2012/06/08 21:57:12 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/06/08 21:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012/06/08 21:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012/06/08 21:34:53 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\uTorrent
[2012/06/08 21:34:53 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\uTorrent
[2012/06/07 19:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainer eXperience
[2012/06/07 16:52:15 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{55BAD532-1623-4607-A906-513E6C6B774A}
[2012/06/07 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{F3AD9449-2B9C-4B75-AA3E-D9A9FB8908EF}
[2012/06/07 15:55:07 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{E418DCBE-E71F-4102-8BFD-0A27FFFDD558}
[2012/06/06 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Desktop\Internet Explorer
[2012/06/06 17:52:08 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{B47420A6-76DA-48B6-B91D-E0F1B6607CF4}
[2012/06/05 18:54:43 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drag Racer 3
[2012/06/05 18:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drag Racer 3
[2012/06/05 18:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drag Racer 3
[2012/06/05 15:58:14 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{5FB3E9BB-7D83-42FC-BD0A-377A639E76A1}
[2012/06/05 15:58:00 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{EA5A85F9-F777-458C-ACC4-4F9D004C43A7}
[2012/06/03 11:02:00 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{FA4805F7-BED8-4CA2-958F-26154909D189}
[2012/06/02 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{CDF10DBB-D149-4B67-8956-9778B1B67D99}
[2012/06/02 17:50:32 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{AC265CE9-58B2-4B07-AB49-6D10E6C714A8}
[2012/06/01 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{62BFEECB-98FD-4340-83CA-862787E93561}
[2012/06/01 19:36:32 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/06/01 19:35:14 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2012/06/01 19:35:14 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvwgf2umx.dll
[2012/06/01 19:35:14 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvwgf2um.dll
[2012/06/01 19:35:14 | 000,028,992 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\drivers\nvpciflt.sys
[2012/06/01 19:35:13 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2012/06/01 19:35:13 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll
[2012/06/01 19:35:13 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2012/06/01 19:35:13 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2012/06/01 19:35:13 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvenc.dll
[2012/06/01 19:35:13 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2012/06/01 19:35:13 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2012/06/01 19:35:13 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvenc.dll
[2012/06/01 19:35:13 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdecodemft.dll
[2012/06/01 19:35:13 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvdecodemft.dll
[2012/06/01 19:35:10 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2012/06/01 19:35:10 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2012/05/31 16:14:06 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{A81670DA-361B-4842-95C2-2BFD78EF151C}
[2012/05/30 20:18:59 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\'Full Speed' Internet Booster + Performance Tests
[2012/05/30 20:18:56 | 000,000,000 | ---D | C] -- C:\windows\'Full Speed' Internet Booster + Performance Tests
[2012/05/30 20:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
[2012/05/30 15:57:54 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{A1F5BE35-B4F1-442B-A1E6-EDFE12FCE5DF}
[2012/05/29 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{07508B56-3F1A-400A-AB26-1ECAD20FD0BD}
[2012/05/29 16:51:33 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{E70C5F25-149B-4900-8055-657BBC5C23B7}
[2012/05/28 16:47:15 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/05/28 16:22:00 | 000,000,000 | ---D | C] -- C:\Users\Samuel\Desktop\ProcessExplorer
[2012/05/28 15:49:01 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{C7A24DAE-6862-4116-906A-99DBE132B977}
[2012/05/27 21:35:20 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{A3BF0F08-6A08-4718-85C1-2CE6EF65A45E}
[2012/05/27 21:16:20 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{5D2A7CAB-EFB4-40E4-B563-BB7FEFF3F1F0}
[2012/05/27 21:11:38 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Users\Samuel\Desktop\NPE.exe
[2012/05/27 20:44:59 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{DF30248F-6262-4F83-8AA3-0A10DAF26AEA}
[2012/05/26 19:56:05 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{D2617531-0328-4661-A4F0-63B34DA1A7A3}
[2012/05/26 19:55:11 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{48F06E8C-4764-4B18-862A-3BB7463D5D30}
[2012/05/25 07:16:15 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{C7F60234-7673-4F1D-B11A-9F8B511854BE}
[2012/05/24 16:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/24 16:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/24 16:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/05/24 16:08:59 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{8D46D55C-2A66-4A99-8226-735FA942C454}
[2012/05/22 18:39:01 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\PackageAware
[2012/05/22 10:23:52 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{2DA55E5C-48C2-45C3-8380-CAB125740C4E}
[2012/05/21 02:12:43 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{F4F27764-7344-416E-9DCB-1355E8B7FAE0}
[2012/05/21 02:08:09 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{1BDB5CE6-35EC-4AB4-B2CD-9C6E9E92E49B}
[2012/05/21 01:55:35 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{F94BF5FB-D012-4EA9-92D5-E6C49ECD19FC}
[2012/05/21 01:48:23 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{27F33549-B090-48FC-ABF9-19253091B3BE}
[2012/05/21 01:29:45 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{65D20205-4CF3-4BB1-9923-9472380AA192}
[2012/05/21 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{6857B969-AC4E-4D36-A8A4-AC92800B154F}
[2012/05/21 00:46:46 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{E288DCD8-E58A-4DEC-8E87-18FC453B9C35}
[2012/05/21 00:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/21 00:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/21 00:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/21 00:32:26 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{B3CE9D2D-619E-40DE-ADB8-7C3F788C225C}
[2012/05/21 00:14:13 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{41E8BF5E-33EE-4821-9F63-1CB8684BA983}
[2012/05/20 22:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/20 22:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/20 22:09:50 | 000,034,152 | -H-- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/05/20 22:09:49 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/05/20 22:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/05/20 22:02:22 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{A9715127-7812-4D9D-A6BD-3CBF42F57F1D}
[2012/05/20 22:02:00 | 000,000,000 | ---D | C] -- C:\Users\Samuel\AppData\Local\{26D7C8F3-74F1-4D68-9079-F1DD9942D3AD}
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/19 18:13:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Samuel\Desktop\OTL.exe
[2012/06/19 18:04:00 | 000,000,898 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/19 17:39:01 | 000,000,912 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3966183553-1808329344-3472829953-1001UA.job
[2012/06/19 17:02:31 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 17:02:31 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 17:00:00 | 000,000,334 | -H-- | M] () -- C:\windows\tasks\At1.job
[2012/06/19 16:53:09 | 000,000,894 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/19 16:50:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/19 16:49:58 | 375,394,303 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/16 19:15:23 | 000,925,039 | ---- | M] () -- C:\Users\Samuel\AppData\Local\census.cache
[2012/06/16 19:14:37 | 000,172,987 | ---- | M] () -- C:\Users\Samuel\AppData\Local\ars.cache
[2012/06/16 18:50:42 | 000,000,036 | ---- | M] () -- C:\Users\Samuel\AppData\Local\housecall.guid.cache
[2012/06/16 13:25:08 | 000,000,196 | ---- | M] () -- C:\Users\Samuel\Desktop\Crysis® 2.lnk
[2012/06/16 12:05:44 | 000,000,788 | ---- | M] () -- C:\Users\Samuel\Desktop\trainers - Shortcut.lnk
[2012/06/16 11:26:35 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012/06/15 20:50:31 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Users\Samuel\Desktop\NPE.exe
[2012/06/15 20:39:02 | 000,000,860 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3966183553-1808329344-3472829953-1001Core.job
[2012/06/14 21:59:41 | 000,019,442 | ---- | M] () -- C:\Users\Samuel\Documents\cc_20120614_215820.reg
[2012/06/14 21:49:43 | 000,000,878 | ---- | M] () -- C:\Users\Samuel\Desktop\MINECRAFT VERSIONS - Shortcut.lnk
[2012/06/14 19:48:53 | 000,000,842 | ---- | M] () -- C:\Users\Samuel\Desktop\Nvidia drivers - Shortcut.lnk
[2012/06/14 19:48:38 | 000,001,623 | ---- | M] () -- C:\Users\Samuel\Desktop\MUSIC - Shortcut.lnk
[2012/06/13 15:52:04 | 000,002,577 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/06/13 15:51:33 | 001,700,968 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0502020.003\Cat.DB
[2012/06/12 13:43:24 | 000,002,419 | ---- | M] () -- C:\Users\Samuel\Desktop\Google Chrome.lnk
[2012/06/12 12:48:35 | 000,002,800 | ---- | M] () -- C:\{B63D69E5-869F-4C8E-9DF3-351DD739642F}
[2012/06/11 21:29:29 | 000,000,748 | ---- | M] () -- C:\Users\Samuel\Desktop\poop - Shortcut.lnk
[2012/06/08 21:57:33 | 000,001,154 | ---- | M] () -- C:\Users\Samuel\Desktop\FL Studio 9.lnk
[2012/06/08 21:39:19 | 000,000,982 | ---- | M] () -- C:\Users\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/07 19:45:40 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0502020.003\isolate.ini
[2012/06/03 18:09:27 | 000,283,304 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/06/03 17:12:50 | 000,283,304 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2012/06/02 17:57:00 | 000,278,561 | ---- | M] () -- C:\Users\Samuel\Desktop\Minecraft.exe
[2012/06/02 15:50:52 | 000,001,686 | ---- | M] () -- C:\Users\Samuel\Desktop\100% idnight club 2.zip
[2012/06/01 20:15:24 | 000,000,221 | ---- | M] () -- C:\Users\Samuel\Desktop\Midnight Club II.url
[2012/06/01 05:00:21 | 000,003,000 | ---- | M] () -- C:\{53509F75-F5F8-4558-B5A4-63614174FB37}
[2012/05/28 19:49:57 | 000,027,522 | -HS- | M] () -- C:\Users\Samuel\Desktop\Folder.jpg
[2012/05/28 19:49:57 | 000,027,522 | -HS- | M] () -- C:\Users\Samuel\Desktop\AlbumArt_{DE7ED35E-6CF0-4061-AB9D-ADDD577052AF}_Large.jpg
[2012/05/28 19:49:57 | 000,007,042 | -HS- | M] () -- C:\Users\Samuel\Desktop\AlbumArtSmall.jpg
[2012/05/28 19:49:57 | 000,007,042 | -HS- | M] () -- C:\Users\Samuel\Desktop\AlbumArt_{DE7ED35E-6CF0-4061-AB9D-ADDD577052AF}_Small.jpg
[2012/05/28 16:47:57 | 000,002,144 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/05/27 20:29:50 | 000,002,840 | ---- | M] () -- C:\{FC64BD11-EC03-43E2-A1CC-B250A018C424}
[2012/05/27 13:42:46 | 000,280,856 | -H-- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2012/05/24 17:20:47 | 000,013,052 | -HS- | M] () -- C:\Users\Samuel\Desktop\AlbumArt_{BB8A1FE8-8C5B-4FBD-BDF0-235E74BEAB50}_Large.jpg
[2012/05/24 17:20:47 | 000,003,125 | -HS- | M] () -- C:\Users\Samuel\Desktop\AlbumArt_{BB8A1FE8-8C5B-4FBD-BDF0-235E74BEAB50}_Small.jpg
[2012/05/22 10:19:50 | 005,079,080 | -H-- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/22 01:38:32 | 000,002,544 | ---- | M] () -- C:\{D1CEC226-7D1D-43B9-A784-9AE7CC5EA1C9}
[2012/05/22 00:27:39 | 000,001,992 | ---- | M] () -- C:\{F3F9BD73-EC2E-4D9E-865D-C8332E9300AD}
[2012/05/21 17:08:00 | 000,003,040 | ---- | M] () -- C:\{61EED0A1-CCFD-4DA8-BCFB-BD645D7328DF}
[2012/05/21 11:20:55 | 000,002,808 | ---- | M] () -- C:\{156FDD4F-E287-4E05-ABF1-649234A5C200}
[2012/05/20 22:21:38 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/20 22:09:49 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/05/20 22:09:49 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/05/20 22:09:49 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/16 19:15:23 | 000,925,039 | ---- | C] () -- C:\Users\Samuel\AppData\Local\census.cache
[2012/06/16 19:14:37 | 000,172,987 | ---- | C] () -- C:\Users\Samuel\AppData\Local\ars.cache
[2012/06/16 18:50:42 | 000,000,036 | ---- | C] () -- C:\Users\Samuel\AppData\Local\housecall.guid.cache
[2012/06/16 13:25:08 | 000,000,196 | ---- | C] () -- C:\Users\Samuel\Desktop\Crysis® 2.lnk
[2012/06/16 12:05:44 | 000,000,788 | ---- | C] () -- C:\Users\Samuel\Desktop\trainers - Shortcut.lnk
[2012/06/16 11:26:35 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk
[2012/06/14 21:58:31 | 000,019,442 | ---- | C] () -- C:\Users\Samuel\Documents\cc_20120614_215820.reg
[2012/06/14 21:49:39 | 000,000,878 | ---- | C] () -- C:\Users\Samuel\Desktop\MINECRAFT VERSIONS - Shortcut.lnk
[2012/06/14 19:48:50 | 000,000,842 | ---- | C] () -- C:\Users\Samuel\Desktop\Nvidia drivers - Shortcut.lnk
[2012/06/14 19:48:08 | 000,001,623 | ---- | C] () -- C:\Users\Samuel\Desktop\MUSIC - Shortcut.lnk
[2012/06/13 15:52:04 | 000,002,577 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/06/12 12:48:30 | 000,002,800 | ---- | C] () -- C:\{B63D69E5-869F-4C8E-9DF3-351DD739642F}
[2012/06/11 21:29:27 | 000,000,748 | ---- | C] () -- C:\Users\Samuel\Desktop\poop - Shortcut.lnk
[2012/06/08 21:57:33 | 000,001,154 | ---- | C] () -- C:\Users\Samuel\Desktop\FL Studio 9.lnk
[2012/06/08 21:39:19 | 000,000,982 | ---- | C] () -- C:\Users\Samuel\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/02 17:56:57 | 000,278,561 | ---- | C] () -- C:\Users\Samuel\Desktop\Minecraft.exe
[2012/06/01 18:53:56 | 000,000,221 | ---- | C] () -- C:\Users\Samuel\Desktop\Midnight Club II.url
[2012/06/01 05:00:15 | 000,003,000 | ---- | C] () -- C:\{53509F75-F5F8-4558-B5A4-63614174FB37}
[2012/05/30 21:11:15 | 000,001,686 | ---- | C] () -- C:\Users\Samuel\Desktop\100% idnight club 2.zip
[2012/05/28 19:49:57 | 000,027,522 | -HS- | C] () -- C:\Users\Samuel\Desktop\AlbumArt_{DE7ED35E-6CF0-4061-AB9D-ADDD577052AF}_Large.jpg
[2012/05/28 19:49:57 | 000,007,042 | -HS- | C] () -- C:\Users\Samuel\Desktop\AlbumArt_{DE7ED35E-6CF0-4061-AB9D-ADDD577052AF}_Small.jpg
[2012/05/28 16:47:57 | 000,002,144 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/05/27 20:29:48 | 000,002,840 | ---- | C] () -- C:\{FC64BD11-EC03-43E2-A1CC-B250A018C424}
[2012/05/24 17:20:47 | 000,013,052 | -HS- | C] () -- C:\Users\Samuel\Desktop\AlbumArt_{BB8A1FE8-8C5B-4FBD-BDF0-235E74BEAB50}_Large.jpg
[2012/05/24 17:20:47 | 000,003,125 | -HS- | C] () -- C:\Users\Samuel\Desktop\AlbumArt_{BB8A1FE8-8C5B-4FBD-BDF0-235E74BEAB50}_Small.jpg
[2012/05/22 01:38:30 | 000,002,544 | ---- | C] () -- C:\{D1CEC226-7D1D-43B9-A784-9AE7CC5EA1C9}
[2012/05/22 00:27:37 | 000,001,992 | ---- | C] () -- C:\{F3F9BD73-EC2E-4D9E-865D-C8332E9300AD}
[2012/05/21 17:07:54 | 000,003,040 | ---- | C] () -- C:\{61EED0A1-CCFD-4DA8-BCFB-BD645D7328DF}
[2012/05/21 11:20:47 | 000,002,808 | ---- | C] () -- C:\{156FDD4F-E287-4E05-ABF1-649234A5C200}
[2012/05/20 22:21:37 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/20 22:09:49 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/05/20 22:09:49 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/02/11 16:53:48 | 002,580,552 | -H-- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2012/01/13 12:26:36 | 000,000,017 | ---- | C] () -- C:\Users\Samuel\AppData\Local\resmon.resmoncfg
[2012/01/07 23:06:29 | 000,101,072 | -H-- | C] () -- C:\windows\UTP.exe
[2011/09/28 17:44:14 | 000,179,271 | -H-- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/09/19 00:07:46 | 000,015,360 | -H-- | C] () -- C:\windows\SysWow64\bdmjpeg.dll
[2011/09/19 00:07:32 | 000,058,368 | -H-- | C] () -- C:\windows\SysWow64\bdmpegv.dll
[2011/07/06 09:30:34 | 000,000,415 | ---- | C] () -- C:\Users\Samuel\AppData\Roaming\Samuel3SQLite3.dll
[2011/06/18 14:35:28 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/30 14:46:11 | 000,283,304 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/05/30 14:46:09 | 000,076,888 | -H-- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/05/30 14:46:08 | 000,000,331 | -H-- | C] () -- C:\windows\game.ini
[2011/05/10 19:45:38 | 000,005,632 | ---- | C] () -- C:\Users\Samuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 17:07:51 | 000,765,178 | -H-- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/01 04:49:42 | 000,000,000 | -H-- | C] () -- C:\windows\NDSTray.INI

========== Files - Unicode (All) ==========
[2011/09/17 13:39:30 | 000,000,720 | ---- | M] ()(C:\Users\Samuel\AppData\Local\PMB Fik?s) -- C:\Users\Samuel\AppData\Local\PMB Fik聥s
[2011/09/17 13:39:18 | 000,000,720 | ---- | C] ()(C:\Users\Samuel\AppData\Local\PMB Fik?s) -- C:\Users\Samuel\AppData\Local\PMB Fik聥s

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 19 June 2012 - 01:18 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Samuel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\gcf - No CLSID value found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001 Winlogon: Shell - (C:\Users\Samuel\AppData\Local\Temp\Netwrk\RtlUId.exe) - File not found
    O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [C:\windows\system64] -> \systemroot\system32 -> Mount Point  
    PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    FF - prefs.js..browser.search.order.1: "Searchqu Web Search"
    FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/413"
    [2011/12/31 13:25:37 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/02/06 18:34:35 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\toolbar@ask.com
    [2011/12/31 13:25:32 | 000,002,520 | ---- | M] () -- C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\searchplugins\SearchResults.xml
    [2011/12/31 13:19:22 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    [2011/12/31 13:19:23 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
    [2011/12/25 11:03:48 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2011/12/31 13:25:32 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 adobe.activate.com
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O3 - HKU\S-1-5-21-3966183553-1808329344-3472829953-1001\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    :Files
    C:\windows\tasks\At*.job
    C:\Program Files (x86)\Windows Searchqu Toolbar
    C:\Program Files (x86)\Common Files\Spigot
    C:\Program Files (x86)\Ask.com
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 SamySam

SamySam
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:11:00 AM

Posted 19 June 2012 - 04:50 PM

I know its a bit late to tell you ( i Didn't notice becuase im so used to it )
If i had a custom start menu icon and icon for folders changed would this be the reason Norton power eraser is saying its bad
becuase it's different?

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3966183553-1808329344-3472829953-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gcf\ deleted successfully.
File Protocol\Handler\gcf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3966183553-1808329344-3472829953-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Samuel\AppData\Local\Temp\Netwrk\RtlUId.exe deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Mount Point C:\Windows\system64 removed successfully!
No active process named Program Files was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
Registry value HKEY_USERS\S-1-5-21-3966183553-1808329344-3472829953-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll moved successfully.
Prefs.js: "Searchqu Web Search" removed from browser.search.order.1
Prefs.js: "http://www.searchqu.com/413" removed from browser.startup.homepage
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Samuel\AppData\Roaming\Mozilla\Firefox\Profiles\4idrnib1.default\searchplugins\SearchResults.xml moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF\chrome\skin folder moved successfully.
C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.
C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF\chrome\locale folder moved successfully.
C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
127.0.0.1 activate.adobe.com removed from HOSTS file successfully
127.0.0.1 ereg.adobe.com removed from HOSTS file successfully
127.0.0.1 activate.wip3.adobe.com removed from HOSTS file successfully
127.0.0.1 wip3.adobe.com removed from HOSTS file successfully
127.0.0.1 3dns-3.adobe.com removed from HOSTS file successfully
127.0.0.1 3dns-2.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe-dns.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe-dns-2.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe-dns-3.adobe.com removed from HOSTS file successfully
127.0.0.1 activate-sea.adobe.com removed from HOSTS file successfully
127.0.0.1 wwis-dubc1-vip60.adobe.com removed from HOSTS file successfully
127.0.0.1 activate-sjc0.adobe.com removed from HOSTS file successfully
127.0.0.1 adobe.activate.com removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-3966183553-1808329344-3472829953-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
========== FILES ==========
C:\windows\tasks\At1.job moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\Spigot scheduled to be moved on reboot.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Samuel\Desktop\cmd.bat deleted successfully.
C:\Users\Samuel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Samuel
->Java cache emptied: 7149932 bytes

User: UpdatusUser

Total Java Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Samuel
->Flash cache emptied: 78064 bytes

User: UpdatusUser
->Flash cache emptied: 56475 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.49.0 log created on 06202012_073444

Files\Folders moved on Reboot...
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.

Registry entries deleted on Reboot...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 19 June 2012 - 06:21 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users