Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.patchep!sys removal help please!


  • This topic is locked This topic is locked
13 replies to this topic

#1 apache1334

apache1334

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 03 August 2012 - 09:13 PM

Please help. Norton Antivirus has recommended a manual removal of the trojan.patchep!sys, which is located in C:\windows\system32\services.exe. I have Windows 7 64-bit.

BC AdBot (Login to Remove)

 


#2 apache1334

apache1334
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 03 August 2012 - 09:26 PM

Oops. Need to read instructions better.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Cody Zappen at 22:20:34 on 2012-08-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1912 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Glarysoft Toolbar\TbHelper2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\explorer.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uURLSearchHooks: H - No File
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {134DA043-566E-4572-82E6-8978D0ED03D8} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: TBSB05810 Class: {a7af277d-1466-4a7b-93af-b043984a5671} - C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: Glarysoft Toolbar: {32d47ea5-9473-4cad-805d-9999f15d5ae2} - C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-9BMG0.exe" /REG /REGSVRMODE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1DE00ECE-B0D7-4B0D-8EC7-15BA75E3D33C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1DE00ECE-B0D7-4B0D-8EC7-15BA75E3D33C}\3486163756E45647 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1DE00ECE-B0D7-4B0D-8EC7-15BA75E3D33C}\44F6E64743765647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1DE00ECE-B0D7-4B0D-8EC7-15BA75E3D33C}\D416E6E696E676 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: {134DA043-566E-4572-82E6-8978D0ED03D8} - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: TBSB05810 Class: {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll
BHO-X64: TBSB05810 - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: Glarysoft Toolbar: {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-9BMG0.exe" /REG /REGSVRMODE
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cody Zappen\AppData\Roaming\Mozilla\Firefox\Profiles\n15zgtsn.default\
FF - prefs.js: browser.search.selectedEngine - Glary Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.glarysoft.com/?src=ffhome
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cody Zappen\AppData\Roaming\Mozilla\Firefox\Profiles\n15zgtsn.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Cody Zappen\AppData\Roaming\Mozilla\Firefox\Profiles\n15zgtsn.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 56aab3cc000000000000ac81124bd835
FF - user.js: extensions.BabylonToolbar_i.hardId - 56aab3cc000000000000ac81124bd835
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15511
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:24:14
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-8-4 1160824]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120202.002\IDSviA64.sys [2012-8-4 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [?]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NAVx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\drivers\NAVx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-3 2413056]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-8-4 138232]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-4-24 109064]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-20 250056]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-19 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-05 01:52:17 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-05 01:39:55 -------- d-----w- C:\Program Files (x86)\Glarysoft Toolbar
2012-08-05 01:39:49 869376 ----a-w- C:\Windows\is-9BMG0.exe
2012-08-05 01:38:47 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-08-04 20:23:11 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-08-04 17:50:57 -------- d-----w- C:\Users\Cody Zappen\AppData\Local\SoftGrid Client
2012-08-04 17:50:56 -------- d-----w- C:\Users\Cody Zappen\AppData\Roaming\SoftGrid Client
2012-08-04 17:49:49 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-08-04 17:49:34 -------- d-----w- C:\Users\Cody Zappen\AppData\Roaming\TP
2012-08-04 16:40:21 -------- d-----w- C:\Users\Cody Zappen\AppData\Local\ElevatedDiagnostics
2012-08-04 16:37:07 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-04 16:06:09 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2012-08-04 16:06:09 226600 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-08-04 16:06:09 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll
2012-08-04 16:06:09 1451056 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-08-04 16:06:09 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-08-04 16:06:02 276264 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-08-04 16:06:02 222504 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-08-04 16:06:02 177448 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-08-04 16:02:52 528384 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2012-08-04 16:02:51 654336 ------w- C:\Windows\System32\stapi64.dll
2012-08-04 16:02:51 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2012-08-04 16:02:51 1965056 ----a-w- C:\Windows\System32\stapo64.dll
2012-08-04 16:02:22 -------- d-----w- C:\Program Files\IDT
2012-08-04 01:39:23 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2012-08-04 01:34:21 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-08-04 01:34:21 425064 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-07-31 21:49:06 9827016 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-25 03:56:17 -------- d-----w- C:\Users\Cody Zappen\AppData\Local\ThirdWire
2012-07-25 03:56:17 -------- d-----w- C:\ProgramData\ThirdWire
2012-07-25 00:04:32 -------- d-----w- C:\Program Files (x86)\ThirdWire
2012-07-21 02:06:04 -------- d-----w- C:\Users\Cody Zappen\AppData\Local\My Games
2012-07-21 02:05:18 -------- d-----w- C:\ProgramData\3DMGAME
2012-07-21 01:58:50 -------- d-----w- C:\Program Files (x86)\Sid Meier's Civilization V
2012-07-21 00:52:18 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2012-07-17 22:50:00 -------- d-----w- C:\Users\Cody Zappen\AppData\Local\{D4381859-E051-4758-BCE8-4FCFC00294F6}
2012-07-17 22:50:00 -------- d-----w- C:\Users\Cody Zappen\AppData\Local\{678EE22C-27CD-4CDD-B9D4-188A12B7F1DC}
2012-07-17 22:49:53 -------- d-----w- C:\Users\Cody Zappen\AppData\Roaming\Windows Live Writer
2012-07-17 22:49:53 -------- d-----w- C:\Users\Cody Zappen\AppData\Local\Windows Live Writer
2012-07-16 06:46:16 -------- d-----w- C:\Windows\SysWow64\Wat
2012-07-16 06:46:15 -------- d-----w- C:\Windows\System32\Wat
2012-07-16 02:16:20 -------- d-----w- C:\Users\Cody Zappen\AppData\Local\DCS
2012-07-15 22:47:34 -------- d-----w- C:\Windows\SysWow64\lib
2012-07-15 22:47:31 -------- d-----w- C:\Windows\ModMan
2012-07-15 22:47:31 -------- d-----w- C:\ModMan
2012-07-15 22:10:15 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-15 22:10:15 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-15 21:49:23 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-13 01:02:29 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-13 01:02:29 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-13 01:02:29 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-13 01:02:29 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-13 00:57:44 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-13 00:57:44 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-13 00:57:44 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-13 00:57:44 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-13 00:57:43 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-13 00:57:43 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-13 00:57:43 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-13 00:57:43 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-13 00:57:43 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-13 00:29:54 518416 ----a-r- C:\Windows\SysWow64\MSXML.DLL
2012-07-13 00:25:20 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-07-13 00:25:20 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-07-13 00:25:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-07-13 00:25:20 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-07-13 00:25:20 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-07-13 00:25:19 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-07-13 00:25:19 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-07-12 02:56:12 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-07-12 02:56:12 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-07-12 02:25:12 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-07-11 22:34:20 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-07-11 22:34:20 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-07-11 22:34:20 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-07-11 22:34:20 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-07-11 22:34:20 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-07-11 22:34:20 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-07-11 22:34:20 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-07-07 23:12:47 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-07-07 23:11:54 264192 ----a-w- C:\Windows\System32\upnp.dll
2012-07-07 23:10:44 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-07-07 23:09:59 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-07-07 23:08:58 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-07-07 22:54:29 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-07-07 22:54:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-07-07 22:54:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-07-07 22:50:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-07 22:49:59 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-07 22:49:45 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-07 22:49:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-08-05 01:50:50 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-04 16:05:27 411944 ----a-w- C:\Windows\System32\SynCOM.dll
2012-08-04 16:01:21 4780032 ----a-w- C:\Windows\System32\stlang64.dll
2012-08-04 16:01:21 224256 ----a-w- C:\Windows\System32\staco64.dll
2012-08-04 16:01:21 1128448 ----a-w- C:\Windows\sttray64.exe
2012-08-04 16:01:15 4933120 ----a-w- C:\Windows\System32\IDTNHP.dll
2012-08-04 16:01:15 212480 ----a-w- C:\Windows\System32\IDTNJ.exe
2012-08-04 16:01:15 1029120 ----a-w- C:\Windows\System32\IDTNX.dll
2012-08-04 16:01:14 6382080 ----a-w- C:\Windows\System32\IDTNGUI.exe
2012-08-04 16:01:14 1523712 ----a-w- C:\Windows\System32\IDTNC64.cpl
2012-08-04 16:01:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 16:01:13 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-08-04 16:01:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-04 01:39:04 338536 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2012-08-04 01:33:47 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-05-26 20:38:33 2829 ----a-w- C:\Windows\War3Unin.pif
2012-05-26 20:38:33 126976 ----a-w- C:\Windows\War3Unin.exe
2012-05-24 03:19:30 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-24 03:19:30 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-20 21:38:56 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-05-20 21:38:56 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-05-20 20:45:02 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-20 00:30:42 112000 ----a-w- C:\Windows\System32\consent.exe
2012-05-20 00:29:13 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-05-20 00:29:13 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2012-05-20 00:29:13 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2012-05-20 00:29:13 464384 ----a-w- C:\Windows\System32\taskeng.exe
2012-05-20 00:29:13 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2012-05-20 00:29:13 285696 ----a-w- C:\Windows\System32\schtasks.exe
2012-05-20 00:29:13 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2012-05-20 00:29:13 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2012-05-20 00:29:13 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2012-05-20 00:29:13 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2012-05-20 00:28:47 552960 ----a-w- C:\Windows\System32\msdri.dll
2012-05-19 23:42:33 0 ----a-w- C:\Windows\ativpsrm.bin
2012-05-19 23:40:46 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-05-19 23:40:46 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2012-05-19 23:40:46 3896832 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-05-19 23:40:46 3561472 ----a-w- C:\Windows\System32\bcmihvui64.dll
2012-05-19 23:40:46 3065408 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
.
============= FINISH: 22:21:38.30 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 AM

Posted 06 August 2012 - 03:05 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 apache1334

apache1334
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 06 August 2012 - 06:23 PM

Thank you so much Gringo!

Checkup.txt-
Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 32
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Norton AntiVirus Engine 19.7.1.5 ccSvcHst.exe
Norton AntiVirus Engine 19.7.1.5 WSCStub.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````


Combofix.txt-
ComboFix 12-08-05.02 - Cody Zappen 08/07/2012 18:58:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2168 [GMT -4:00]
Running from: c:\users\Cody Zappen\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{c2200727-c2ba-24d7-a7df-caf45cdd51c2}\@
c:\windows\Installer\{c2200727-c2ba-24d7-a7df-caf45cdd51c2}\L\00000004.@
c:\windows\Installer\{c2200727-c2ba-24d7-a7df-caf45cdd51c2}\L\201d3dde
c:\windows\Installer\{c2200727-c2ba-24d7-a7df-caf45cdd51c2}\U\00000004.@
c:\windows\Installer\{c2200727-c2ba-24d7-a7df-caf45cdd51c2}\U\00000008.@
c:\windows\Installer\{c2200727-c2ba-24d7-a7df-caf45cdd51c2}\U\000000cb.@
c:\windows\Installer\{c2200727-c2ba-24d7-a7df-caf45cdd51c2}\U\80000000.@
c:\windows\Installer\{c2200727-c2ba-24d7-a7df-caf45cdd51c2}\U\80000032.@
c:\windows\Installer\{c2200727-c2ba-24d7-a7df-caf45cdd51c2}\U\80000064.@
c:\windows\isRS-000.tmp
c:\windows\ST6UNST.000
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 23:05 . 2012-08-07 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 07:06 . 2012-08-06 07:06 -------- d-----w- C:\Ubisoft
2012-08-05 01:52 . 2012-08-05 01:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-05 01:50 . 2012-08-05 01:50 -------- d-----w- c:\program files\Symantec
2012-08-05 01:50 . 2012-08-05 01:50 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-05 01:50 . 2012-08-05 01:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-05 01:50 . 2012-08-05 01:50 -------- d-----w- c:\windows\system32\drivers\NAVx64
2012-08-05 01:50 . 2012-08-05 01:50 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2012-08-05 01:41 . 2012-08-05 01:41 -------- d-----w- c:\users\Cody Zappen\AppData\Roaming\HPAppData
2012-08-05 01:39 . 2012-08-05 01:39 -------- d-----w- c:\program files (x86)\Glarysoft Toolbar
2012-08-05 01:38 . 2012-08-05 01:38 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-08-04 20:23 . 2012-08-04 20:23 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-04 17:50 . 2012-08-04 17:50 -------- d-----w- c:\users\Cody Zappen\AppData\Local\SoftGrid Client
2012-08-04 17:50 . 2012-08-07 22:40 -------- d-----w- c:\users\Cody Zappen\AppData\Roaming\SoftGrid Client
2012-08-04 17:49 . 2012-08-04 17:49 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-08-04 17:49 . 2012-08-04 17:49 -------- d-----w- c:\program files\Microsoft Office
2012-08-04 17:49 . 2012-08-04 17:51 -------- d-----w- c:\users\Cody Zappen\AppData\Roaming\TP
2012-08-04 16:40 . 2012-08-04 16:40 -------- d-----w- c:\users\Cody Zappen\AppData\Local\ElevatedDiagnostics
2012-08-04 16:37 . 2012-08-04 16:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-04 16:06 . 2012-08-04 16:05 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-08-04 16:06 . 2012-08-04 16:05 226600 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-08-04 16:06 . 2012-08-04 16:05 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-08-04 16:06 . 2012-08-04 16:05 1451056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-08-04 16:06 . 2012-08-04 16:05 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-08-04 16:06 . 2012-08-04 16:05 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2012-08-04 16:06 . 2012-08-04 16:05 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-08-04 16:06 . 2012-08-04 16:05 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-08-04 16:02 . 2012-08-04 16:01 528384 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-08-04 16:02 . 2012-08-04 16:01 654336 ------w- c:\windows\system32\stapi64.dll
2012-08-04 16:02 . 2012-08-04 16:01 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-08-04 16:02 . 2012-08-04 16:01 1965056 ----a-w- c:\windows\system32\stapo64.dll
2012-08-04 16:02 . 2012-08-04 16:04 -------- d-----w- c:\program files\IDT
2012-08-04 01:39 . 2012-08-04 01:39 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-08-04 01:34 . 2012-08-04 01:33 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-08-04 01:34 . 2012-08-04 01:33 425064 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-07-31 21:49 . 2012-08-04 16:01 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-25 03:56 . 2012-07-25 03:56 -------- d-----w- c:\users\Cody Zappen\AppData\Local\ThirdWire
2012-07-25 03:56 . 2012-07-25 03:56 -------- d-----w- c:\programdata\ThirdWire
2012-07-25 00:04 . 2012-07-25 00:04 -------- d-----w- c:\program files (x86)\ThirdWire
2012-07-24 22:09 . 2012-07-24 22:09 -------- d-----w- c:\windows\Sun
2012-07-21 02:06 . 2012-07-21 02:06 -------- d-----w- c:\users\Cody Zappen\AppData\Local\My Games
2012-07-21 02:05 . 2012-07-21 02:05 -------- d-----w- c:\programdata\3DMGAME
2012-07-21 01:58 . 2012-07-21 02:05 -------- d-----w- c:\program files (x86)\Sid Meier's Civilization V
2012-07-21 00:52 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2012-07-17 22:49 . 2012-07-17 22:50 -------- d-----w- c:\users\Cody Zappen\AppData\Local\Windows Live Writer
2012-07-17 22:49 . 2012-07-17 22:49 -------- d-----w- c:\users\Cody Zappen\AppData\Roaming\Windows Live Writer
2012-07-16 06:46 . 2012-07-16 06:46 -------- d-----w- c:\windows\SysWow64\Wat
2012-07-16 06:46 . 2012-07-16 06:46 -------- d-----w- c:\windows\system32\Wat
2012-07-16 02:16 . 2012-07-16 02:16 -------- d-----w- c:\users\Cody Zappen\AppData\Local\DCS
2012-07-15 22:47 . 2012-07-15 22:47 -------- d-----w- c:\windows\SysWow64\lib
2012-07-15 22:47 . 2012-07-15 22:56 -------- d-----w- C:\ModMan
2012-07-15 22:47 . 2012-07-15 22:47 -------- d-----w- c:\windows\ModMan
2012-07-15 22:10 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-15 22:10 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-15 21:49 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 01:02 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-13 01:02 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-13 01:02 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-13 01:02 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-13 01:02 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-13 00:57 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-13 00:57 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-13 00:57 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-13 00:57 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-13 00:57 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-13 00:57 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-13 00:57 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-13 00:57 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-13 00:57 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-13 00:29 . 2003-11-14 20:12 518416 ----a-r- c:\windows\SysWow64\MSXML.DLL
2012-07-13 00:25 . 2003-02-27 20:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-07-13 00:25 . 2002-12-05 18:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-07-13 00:25 . 2002-12-02 19:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-07-13 00:25 . 2002-12-02 17:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-07-13 00:25 . 2002-12-02 17:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-07-13 00:25 . 2012-07-13 00:25 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-07-13 00:25 . 2012-07-13 00:25 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-07-12 02:56 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-07-12 02:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-07-12 02:25 . 2012-07-12 02:25 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-11 22:34 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-11 22:34 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-11 22:34 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-11 22:34 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-11 22:34 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-11 22:34 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-11 22:34 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 16:05 . 2010-12-17 02:26 411944 ----a-w- c:\windows\system32\SynCOM.dll
2012-08-04 16:01 . 2012-05-19 23:39 4780032 ----a-w- c:\windows\system32\stlang64.dll
2012-08-04 16:01 . 2012-05-19 23:39 1128448 ----a-w- c:\windows\sttray64.exe
2012-08-04 16:01 . 2012-05-19 23:39 224256 ----a-w- c:\windows\system32\staco64.dll
2012-08-04 16:01 . 2012-05-19 23:39 4933120 ----a-w- c:\windows\system32\IDTNHP.dll
2012-08-04 16:01 . 2012-05-19 23:39 212480 ----a-w- c:\windows\system32\IDTNJ.exe
2012-08-04 16:01 . 2012-05-19 23:39 1029120 ----a-w- c:\windows\system32\IDTNX.dll
2012-08-04 16:01 . 2012-05-19 23:39 6382080 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-08-04 16:01 . 2012-05-19 23:39 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-08-04 16:01 . 2012-05-20 04:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 16:01 . 2012-05-20 04:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 16:01 . 2012-05-19 23:39 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2012-08-04 01:39 . 2012-05-19 23:39 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-08-04 01:33 . 2012-05-19 23:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-06-02 22:19 . 2012-07-07 22:49 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-07 22:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-07-07 22:50 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-07 22:50 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-07 22:49 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-07-07 22:50 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-07-07 22:49 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-07-07 22:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-07-07 22:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-26 20:38 . 2012-05-26 20:38 2829 ----a-w- c:\windows\War3Unin.pif
2012-05-26 20:38 . 2012-05-26 20:38 126976 ----a-w- c:\windows\War3Unin.exe
2012-05-24 03:19 . 2012-05-24 03:19 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-24 03:19 . 2011-01-11 09:02 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-23 22:05 . 2010-06-24 19:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-20 21:38 . 2012-05-20 21:38 94208 ----a-w- c:\windows\DIIUnin.exe
2012-05-20 21:38 . 2012-05-20 21:38 2829 ----a-w- c:\windows\DIIUnin.pif
2012-05-20 20:45 . 2012-05-20 20:45 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-20 00:30 . 2012-05-20 00:30 112000 ----a-w- c:\windows\system32\consent.exe
2012-05-20 00:29 . 2012-05-20 00:29 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-05-20 00:29 . 2012-05-20 00:29 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2012-05-20 00:29 . 2012-05-20 00:29 473600 ----a-w- c:\windows\system32\taskcomp.dll
2012-05-20 00:29 . 2012-05-20 00:29 464384 ----a-w- c:\windows\system32\taskeng.exe
2012-05-20 00:29 . 2012-05-20 00:29 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2012-05-20 00:29 . 2012-05-20 00:29 285696 ----a-w- c:\windows\system32\schtasks.exe
2012-05-20 00:29 . 2012-05-20 00:29 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2012-05-20 00:29 . 2012-05-20 00:29 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2012-05-20 00:29 . 2012-05-20 00:29 1169408 ----a-w- c:\windows\system32\taskschd.dll
2012-05-20 00:29 . 2012-05-20 00:29 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2012-05-20 00:28 . 2012-05-20 00:28 552960 ----a-w- c:\windows\system32\msdri.dll
2012-05-19 23:40 . 2012-05-19 23:40 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-05-19 23:40 . 2012-05-19 23:40 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-05-19 23:40 . 2012-05-19 23:40 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-05-19 23:40 . 2012-05-19 23:40 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-05-19 23:40 . 2012-05-19 23:40 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-05-15 05:41 . 2012-05-19 21:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D403E74-2DBA-42AA-B172-23837189735B}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}]
2012-06-01 13:35 2669408 ------w- c:\program files (x86)\Glarysoft Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
"{32D47EA5-9473-4CAD-805D-9999F15D5AE2}"= "c:\program files (x86)\Glarysoft Toolbar\tbcore3.dll" [2012-06-01 2669408]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{32d47ea5-9473-4cad-805d-9999f15d5ae2}]
[HKEY_CLASSES_ROOT\TBSB05810.TBSB05810.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05810.TBSB05810]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-19 880496]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 2273792]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-05 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-11 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120805.001\IDSvia64.sys [2012-08-03 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAVx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-10 203776]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-08-04 2413056]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-04-24 109064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-10 8121344]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-10 291328]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-20 283200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-07 138912]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-08-04 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-08-04 425064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 16:01]
.
2012-08-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-05-23 02:16]
.
2012-08-05 c:\windows\Tasks\HPCeeScheduleForCody Zappen.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-07 c:\windows\Tasks\HPCeeScheduleForCODYZAPPEN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-04 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Cody Zappen\AppData\Roaming\Mozilla\Firefox\Profiles\n15zgtsn.default\
FF - prefs.js: browser.search.selectedEngine - Glary Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 56aab3cc000000000000ac81124bd835
FF - user.js: extensions.BabylonToolbar_i.hardId - 56aab3cc000000000000ac81124bd835
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15511
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{32D47EA5-9473-4CAD-805D-9999F15D5AE2} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\00\14\01#4?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-07 19:12:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 23:12
.
Pre-Run: 195,844,567,040 bytes free
Post-Run: 201,850,867,712 bytes free
.
- - End Of File - - 3C188A916D053302CD69D3CB6610F22A


Gringo-
I only had one issue, and that is that I have uninstalled and deleted AVG 2012, but both Combofix and Security check thought that it was on and running. It was a proper uninstall, and I deleted all AVG files afterward. I am currently using Norton, which was disabled. Other than that there were no issues.

The computer seems to be doing fine. Prior to this it was redirecting me to random(ish) websites and browsing the internet was just a general pain in the butt. But from the quick little surf around, I have had none of that. Prior, my antivirus was going haywire, but now it is not nearly as bad. Other than that, I have nothing new (or old) to report.

apache1334

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 AM

Posted 06 August 2012 - 09:02 PM

Greetings apache1334

I want to do some digging just in case so I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 apache1334

apache1334
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 07 August 2012 - 10:46 PM

Gringo-

TDDSKiller-

18:30:39.0191 2804 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:30:39.0472 2804 ============================================================
18:30:39.0472 2804 Current date / time: 2012/08/08 18:30:39.0472
18:30:39.0472 2804 SystemInfo:
18:30:39.0472 2804
18:30:39.0472 2804 OS Version: 6.1.7600 ServicePack: 0.0
18:30:39.0472 2804 Product type: Workstation
18:30:39.0488 2804 ComputerName: CODYZAPPEN-HP
18:30:39.0488 2804 UserName: Cody Zappen
18:30:39.0488 2804 Windows directory: C:\Windows
18:30:39.0488 2804 System windows directory: C:\Windows
18:30:39.0488 2804 Running under WOW64
18:30:39.0488 2804 Processor architecture: Intel x64
18:30:39.0488 2804 Number of processors: 2
18:30:39.0488 2804 Page size: 0x1000
18:30:39.0488 2804 Boot type: Normal boot
18:30:39.0488 2804 ============================================================
18:30:40.0658 2804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:40.0658 2804 ============================================================
18:30:40.0658 2804 \Device\Harddisk0\DR0:
18:30:40.0658 2804 MBR partitions:
18:30:40.0658 2804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:30:40.0658 2804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x384E3800
18:30:40.0658 2804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38547800, BlocksNum 0x1E0A800
18:30:40.0658 2804 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
18:30:40.0658 2804 ============================================================
18:30:40.0673 2804 C: <-> \Device\Harddisk0\DR0\Partition1
18:30:40.0736 2804 D: <-> \Device\Harddisk0\DR0\Partition2
18:30:40.0736 2804 ============================================================
18:30:40.0736 2804 Initialize success
18:30:40.0736 2804 ============================================================
18:30:42.0608 4720 ============================================================
18:30:42.0608 4720 Scan started
18:30:42.0608 4720 Mode: Manual;
18:30:42.0608 4720 ============================================================
18:30:43.0481 4720 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:30:43.0481 4720 1394ohci - ok
18:30:43.0528 4720 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:30:43.0528 4720 ACPI - ok
18:30:43.0544 4720 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:30:43.0544 4720 AcpiPmi - ok
18:30:43.0669 4720 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:30:43.0684 4720 AdobeFlashPlayerUpdateSvc - ok
18:30:43.0731 4720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:30:43.0731 4720 adp94xx - ok
18:30:43.0762 4720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:30:43.0762 4720 adpahci - ok
18:30:43.0778 4720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:30:43.0793 4720 adpu320 - ok
18:30:43.0809 4720 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:30:43.0825 4720 AeLookupSvc - ok
18:30:43.0903 4720 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:30:43.0903 4720 AFD - ok
18:30:43.0918 4720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:30:43.0918 4720 agp440 - ok
18:30:43.0934 4720 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:30:43.0934 4720 ALG - ok
18:30:43.0965 4720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:30:43.0965 4720 aliide - ok
18:30:44.0027 4720 AMD External Events Utility (c6eea8769226dacb1585fe23beb4af23) C:\Windows\system32\atiesrxx.exe
18:30:44.0027 4720 AMD External Events Utility - ok
18:30:44.0043 4720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:30:44.0043 4720 amdide - ok
18:30:44.0074 4720 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:30:44.0074 4720 amdiox64 - ok
18:30:44.0105 4720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:30:44.0105 4720 AmdK8 - ok
18:30:44.0651 4720 amdkmdag (98e20c5a39fea1920031d3850004b334) C:\Windows\system32\DRIVERS\atikmdag.sys
18:30:44.0683 4720 amdkmdag - ok
18:30:44.0807 4720 amdkmdap (8624dc7b8d22daf28f5438735095f6c4) C:\Windows\system32\DRIVERS\atikmpag.sys
18:30:44.0807 4720 amdkmdap - ok
18:30:44.0854 4720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:30:44.0854 4720 AmdPPM - ok
18:30:44.0901 4720 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:30:44.0901 4720 amdsata - ok
18:30:44.0932 4720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:30:44.0932 4720 amdsbs - ok
18:30:44.0948 4720 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:30:44.0948 4720 amdxata - ok
18:30:44.0979 4720 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
18:30:44.0979 4720 amd_sata - ok
18:30:45.0010 4720 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
18:30:45.0010 4720 amd_xata - ok
18:30:45.0057 4720 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:30:45.0057 4720 AppID - ok
18:30:45.0088 4720 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:30:45.0088 4720 AppIDSvc - ok
18:30:45.0104 4720 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:30:45.0104 4720 Appinfo - ok
18:30:45.0213 4720 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:30:45.0213 4720 Apple Mobile Device - ok
18:30:45.0260 4720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:30:45.0260 4720 arc - ok
18:30:45.0275 4720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:30:45.0275 4720 arcsas - ok
18:30:45.0385 4720 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:30:45.0385 4720 aspnet_state - ok
18:30:45.0400 4720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:30:45.0400 4720 AsyncMac - ok
18:30:45.0431 4720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:30:45.0431 4720 atapi - ok
18:30:45.0541 4720 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
18:30:45.0541 4720 athr - ok
18:30:45.0697 4720 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
18:30:45.0697 4720 AtiHDAudioService - ok
18:30:45.0728 4720 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
18:30:45.0728 4720 AtiHdmiService - ok
18:30:45.0743 4720 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
18:30:45.0759 4720 AtiPcie - ok
18:30:45.0821 4720 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:30:45.0821 4720 AudioEndpointBuilder - ok
18:30:45.0837 4720 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:30:45.0837 4720 AudioSrv - ok
18:30:45.0899 4720 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:30:45.0899 4720 AxInstSV - ok
18:30:45.0962 4720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:30:45.0962 4720 b06bdrv - ok
18:30:45.0993 4720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:30:45.0993 4720 b57nd60a - ok
18:30:46.0118 4720 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
18:30:46.0118 4720 BBSvc - ok
18:30:46.0165 4720 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
18:30:46.0165 4720 BBUpdate - ok
18:30:46.0383 4720 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:30:46.0399 4720 BCM43XX - ok
18:30:46.0508 4720 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:30:46.0508 4720 BDESVC - ok
18:30:46.0555 4720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:30:46.0555 4720 Beep - ok
18:30:46.0617 4720 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:30:46.0617 4720 BFE - ok
18:30:46.0929 4720 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
18:30:46.0945 4720 BHDrvx64 - ok
18:30:47.0085 4720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:30:47.0085 4720 blbdrive - ok
18:30:47.0194 4720 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:30:47.0194 4720 Bonjour Service - ok
18:30:47.0241 4720 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:30:47.0257 4720 bowser - ok
18:30:47.0272 4720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:30:47.0272 4720 BrFiltLo - ok
18:30:47.0288 4720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:30:47.0288 4720 BrFiltUp - ok
18:30:47.0319 4720 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:30:47.0319 4720 BridgeMP - ok
18:30:47.0350 4720 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:30:47.0350 4720 Browser - ok
18:30:47.0381 4720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:30:47.0381 4720 Brserid - ok
18:30:47.0381 4720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:30:47.0397 4720 BrSerWdm - ok
18:30:47.0413 4720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:30:47.0413 4720 BrUsbMdm - ok
18:30:47.0428 4720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:30:47.0428 4720 BrUsbSer - ok
18:30:47.0444 4720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:30:47.0444 4720 BTHMODEM - ok
18:30:47.0475 4720 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:30:47.0475 4720 bthserv - ok
18:30:47.0491 4720 catchme - ok
18:30:47.0600 4720 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys
18:30:47.0600 4720 ccSet_NAV - ok
18:30:47.0631 4720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:30:47.0631 4720 cdfs - ok
18:30:47.0678 4720 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:30:47.0678 4720 cdrom - ok
18:30:47.0709 4720 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:30:47.0709 4720 CertPropSvc - ok
18:30:47.0725 4720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:30:47.0725 4720 circlass - ok
18:30:47.0771 4720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:30:47.0771 4720 CLFS - ok
18:30:47.0834 4720 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:30:47.0834 4720 clr_optimization_v2.0.50727_32 - ok
18:30:47.0865 4720 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:30:47.0881 4720 clr_optimization_v2.0.50727_64 - ok
18:30:48.0021 4720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:30:48.0021 4720 clr_optimization_v4.0.30319_32 - ok
18:30:48.0161 4720 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:30:48.0161 4720 clr_optimization_v4.0.30319_64 - ok
18:30:48.0208 4720 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
18:30:48.0208 4720 clwvd - ok
18:30:48.0224 4720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:30:48.0224 4720 CmBatt - ok
18:30:48.0255 4720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:30:48.0255 4720 cmdide - ok
18:30:48.0317 4720 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
18:30:48.0317 4720 CNG - ok
18:30:48.0349 4720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:30:48.0349 4720 Compbatt - ok
18:30:48.0364 4720 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:30:48.0364 4720 CompositeBus - ok
18:30:48.0380 4720 COMSysApp - ok
18:30:48.0380 4720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:30:48.0380 4720 crcdisk - ok
18:30:48.0442 4720 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
18:30:48.0442 4720 CryptSvc - ok
18:30:48.0598 4720 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:30:48.0598 4720 cvhsvc - ok
18:30:48.0676 4720 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:30:48.0676 4720 DcomLaunch - ok
18:30:48.0707 4720 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:30:48.0723 4720 defragsvc - ok
18:30:48.0770 4720 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:30:48.0770 4720 DfsC - ok
18:30:48.0801 4720 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:30:48.0817 4720 Dhcp - ok
18:30:48.0832 4720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:30:48.0832 4720 discache - ok
18:30:48.0879 4720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:30:48.0879 4720 Disk - ok
18:30:48.0926 4720 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:30:48.0926 4720 Dnscache - ok
18:30:48.0957 4720 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:30:48.0957 4720 dot3svc - ok
18:30:48.0973 4720 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:30:48.0973 4720 DPS - ok
18:30:49.0004 4720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:30:49.0004 4720 drmkaud - ok
18:30:49.0082 4720 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:30:49.0082 4720 dtsoftbus01 - ok
18:30:49.0175 4720 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:30:49.0175 4720 DXGKrnl - ok
18:30:49.0207 4720 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:30:49.0207 4720 EapHost - ok
18:30:49.0425 4720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:30:49.0441 4720 ebdrv - ok
18:30:49.0550 4720 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:30:49.0550 4720 eeCtrl - ok
18:30:49.0659 4720 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:30:49.0659 4720 EFS - ok
18:30:49.0753 4720 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:30:49.0768 4720 ehRecvr - ok
18:30:49.0784 4720 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:30:49.0799 4720 ehSched - ok
18:30:49.0862 4720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:30:49.0862 4720 elxstor - ok
18:30:49.0955 4720 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:30:49.0955 4720 EraserUtilRebootDrv - ok
18:30:49.0971 4720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:30:49.0971 4720 ErrDev - ok
18:30:50.0033 4720 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:30:50.0033 4720 EventSystem - ok
18:30:50.0065 4720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:30:50.0065 4720 exfat - ok
18:30:50.0096 4720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:30:50.0096 4720 fastfat - ok
18:30:50.0158 4720 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:30:50.0158 4720 Fax - ok
18:30:50.0174 4720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:30:50.0174 4720 fdc - ok
18:30:50.0205 4720 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:30:50.0205 4720 fdPHost - ok
18:30:50.0205 4720 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:30:50.0205 4720 FDResPub - ok
18:30:50.0221 4720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:30:50.0221 4720 FileInfo - ok
18:30:50.0236 4720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:30:50.0236 4720 Filetrace - ok
18:30:50.0252 4720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:30:50.0252 4720 flpydisk - ok
18:30:50.0299 4720 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:30:50.0299 4720 FltMgr - ok
18:30:50.0408 4720 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:30:50.0408 4720 FontCache - ok
18:30:50.0486 4720 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:30:50.0486 4720 FontCache3.0.0.0 - ok
18:30:50.0501 4720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:30:50.0517 4720 FsDepends - ok
18:30:50.0548 4720 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:30:50.0548 4720 Fs_Rec - ok
18:30:50.0611 4720 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:30:50.0611 4720 fvevol - ok
18:30:50.0626 4720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:30:50.0626 4720 gagp30kx - ok
18:30:50.0735 4720 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
18:30:50.0735 4720 GameConsoleService - ok
18:30:50.0782 4720 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:30:50.0782 4720 GEARAspiWDM - ok
18:30:50.0860 4720 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:30:50.0860 4720 gpsvc - ok
18:30:50.0891 4720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:30:50.0891 4720 hcw85cir - ok
18:30:50.0938 4720 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:30:50.0938 4720 HdAudAddService - ok
18:30:50.0954 4720 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:30:50.0969 4720 HDAudBus - ok
18:30:50.0969 4720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:30:50.0969 4720 HidBatt - ok
18:30:51.0001 4720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:30:51.0001 4720 HidBth - ok
18:30:51.0016 4720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:30:51.0016 4720 HidIr - ok
18:30:51.0016 4720 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:30:51.0016 4720 hidserv - ok
18:30:51.0063 4720 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:30:51.0063 4720 HidUsb - ok
18:30:51.0079 4720 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:30:51.0079 4720 hkmsvc - ok
18:30:51.0094 4720 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:30:51.0110 4720 HomeGroupListener - ok
18:30:51.0141 4720 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:30:51.0141 4720 HomeGroupProvider - ok
18:30:51.0313 4720 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:30:51.0313 4720 HP Support Assistant Service - ok
18:30:51.0375 4720 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
18:30:51.0375 4720 HP Wireless Assistant Service - ok
18:30:51.0437 4720 HPAuto (da075126f867727810ee9b98b3041c4c) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
18:30:51.0437 4720 HPAuto - ok
18:30:51.0484 4720 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
18:30:51.0500 4720 HPClientSvc - ok
18:30:51.0625 4720 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:30:51.0625 4720 hpqcxs08 - ok
18:30:51.0781 4720 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:30:51.0781 4720 hpqddsvc - ok
18:30:51.0890 4720 hpqwmiex (e7c7829ba0395e48f8c8fe16b8832344) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:30:51.0905 4720 hpqwmiex - ok
18:30:52.0015 4720 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:30:52.0015 4720 HpSAMD - ok
18:30:52.0124 4720 HPSLPSVC (5ecec779312ad35b1b19951a4b53fac1) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:30:52.0139 4720 HPSLPSVC - ok
18:30:52.0186 4720 HPWMISVC (2bec76bdcd1bc080210325e7b5094834) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:30:52.0186 4720 HPWMISVC - ok
18:30:52.0264 4720 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:30:52.0280 4720 HTTP - ok
18:30:52.0295 4720 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:30:52.0295 4720 hwpolicy - ok
18:30:52.0327 4720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:30:52.0327 4720 i8042prt - ok
18:30:52.0405 4720 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:30:52.0405 4720 iaStorV - ok
18:30:52.0639 4720 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
18:30:52.0654 4720 IconMan_R - ok
18:30:52.0795 4720 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:30:52.0810 4720 idsvc - ok
18:30:52.0966 4720 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120805.001\IDSvia64.sys
18:30:52.0982 4720 IDSVia64 - ok
18:30:53.0559 4720 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:30:53.0590 4720 igfx - ok
18:30:53.0684 4720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:30:53.0684 4720 iirsp - ok
18:30:53.0762 4720 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:30:53.0777 4720 IKEEXT - ok
18:30:53.0793 4720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:30:53.0793 4720 intelide - ok
18:30:53.0824 4720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:30:53.0840 4720 intelppm - ok
18:30:53.0855 4720 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:30:53.0855 4720 IPBusEnum - ok
18:30:53.0871 4720 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:30:53.0871 4720 IpFilterDriver - ok
18:30:53.0918 4720 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:30:53.0918 4720 iphlpsvc - ok
18:30:53.0933 4720 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:30:53.0933 4720 IPMIDRV - ok
18:30:53.0965 4720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:30:53.0965 4720 IPNAT - ok
18:30:54.0089 4720 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:30:54.0089 4720 iPod Service - ok
18:30:54.0121 4720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:30:54.0121 4720 IRENUM - ok
18:30:54.0121 4720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:30:54.0121 4720 isapnp - ok
18:30:54.0152 4720 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:30:54.0152 4720 iScsiPrt - ok
18:30:54.0183 4720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:30:54.0183 4720 kbdclass - ok
18:30:54.0199 4720 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:30:54.0199 4720 kbdhid - ok
18:30:54.0245 4720 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:30:54.0245 4720 KeyIso - ok
18:30:54.0292 4720 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
18:30:54.0292 4720 KSecDD - ok
18:30:54.0308 4720 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
18:30:54.0308 4720 KSecPkg - ok
18:30:54.0323 4720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:30:54.0323 4720 ksthunk - ok
18:30:54.0386 4720 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:30:54.0386 4720 KtmRm - ok
18:30:54.0448 4720 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:30:54.0448 4720 LanmanServer - ok
18:30:54.0464 4720 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:30:54.0464 4720 LanmanWorkstation - ok
18:30:54.0495 4720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:30:54.0495 4720 lltdio - ok
18:30:54.0542 4720 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:30:54.0542 4720 lltdsvc - ok
18:30:54.0557 4720 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:30:54.0557 4720 lmhosts - ok
18:30:54.0604 4720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:30:54.0604 4720 LSI_FC - ok
18:30:54.0620 4720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:30:54.0620 4720 LSI_SAS - ok
18:30:54.0635 4720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:30:54.0635 4720 LSI_SAS2 - ok
18:30:54.0667 4720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:30:54.0667 4720 LSI_SCSI - ok
18:30:54.0698 4720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:30:54.0698 4720 luafv - ok
18:30:54.0745 4720 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:30:54.0745 4720 Mcx2Svc - ok
18:30:54.0760 4720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:30:54.0760 4720 megasas - ok
18:30:54.0791 4720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:30:54.0791 4720 MegaSR - ok
18:30:54.0807 4720 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:30:54.0807 4720 MMCSS - ok
18:30:54.0823 4720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:30:54.0823 4720 Modem - ok
18:30:54.0854 4720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:30:54.0854 4720 monitor - ok
18:30:54.0869 4720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:30:54.0869 4720 mouclass - ok
18:30:54.0885 4720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:30:54.0885 4720 mouhid - ok
18:30:54.0901 4720 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:30:54.0901 4720 mountmgr - ok
18:30:54.0979 4720 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:30:54.0979 4720 MozillaMaintenance - ok
18:30:54.0994 4720 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:30:54.0994 4720 mpio - ok
18:30:55.0025 4720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:30:55.0025 4720 mpsdrv - ok
18:30:55.0119 4720 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:30:55.0135 4720 MpsSvc - ok
18:30:55.0150 4720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:30:55.0150 4720 MRxDAV - ok
18:30:55.0197 4720 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:30:55.0197 4720 mrxsmb - ok
18:30:55.0228 4720 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:30:55.0228 4720 mrxsmb10 - ok
18:30:55.0259 4720 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:30:55.0259 4720 mrxsmb20 - ok
18:30:55.0275 4720 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
18:30:55.0275 4720 msahci - ok
18:30:55.0306 4720 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:30:55.0306 4720 msdsm - ok
18:30:55.0322 4720 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:30:55.0322 4720 MSDTC - ok
18:30:55.0353 4720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:30:55.0353 4720 Msfs - ok
18:30:55.0369 4720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:30:55.0369 4720 mshidkmdf - ok
18:30:55.0384 4720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:30:55.0384 4720 msisadrv - ok
18:30:55.0415 4720 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:30:55.0431 4720 MSiSCSI - ok
18:30:55.0431 4720 msiserver - ok
18:30:55.0447 4720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:30:55.0447 4720 MSKSSRV - ok
18:30:55.0478 4720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:30:55.0478 4720 MSPCLOCK - ok
18:30:55.0493 4720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:30:55.0493 4720 MSPQM - ok
18:30:55.0525 4720 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:30:55.0525 4720 MsRPC - ok
18:30:55.0556 4720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:30:55.0556 4720 mssmbios - ok
18:30:55.0571 4720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:30:55.0571 4720 MSTEE - ok
18:30:55.0587 4720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:30:55.0587 4720 MTConfig - ok
18:30:55.0618 4720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:30:55.0618 4720 Mup - ok
18:30:55.0665 4720 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:30:55.0665 4720 napagent - ok
18:30:55.0712 4720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:30:55.0727 4720 NativeWifiP - ok
18:30:55.0821 4720 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
18:30:55.0821 4720 NAV - ok
18:30:55.0977 4720 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120806.002\ENG64.SYS
18:30:55.0977 4720 NAVENG - ok
18:30:56.0133 4720 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\VirusDefs\20120806.002\EX64.SYS
18:30:56.0149 4720 NAVEX15 - ok
18:30:56.0336 4720 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:30:56.0336 4720 NDIS - ok
18:30:56.0367 4720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:30:56.0367 4720 NdisCap - ok
18:30:56.0383 4720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:56.0383 4720 NdisTapi - ok
18:30:56.0414 4720 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:56.0414 4720 Ndisuio - ok
18:30:56.0445 4720 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:56.0445 4720 NdisWan - ok
18:30:56.0461 4720 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:30:56.0461 4720 NDProxy - ok
18:30:56.0492 4720 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
18:30:56.0492 4720 Net Driver HPZ12 - ok
18:30:56.0523 4720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:30:56.0523 4720 NetBIOS - ok
18:30:56.0554 4720 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:30:56.0554 4720 NetBT - ok
18:30:56.0585 4720 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:30:56.0585 4720 Netlogon - ok
18:30:56.0648 4720 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:30:56.0648 4720 Netman - ok
18:30:56.0773 4720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:56.0773 4720 NetMsmqActivator - ok
18:30:56.0773 4720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:56.0773 4720 NetPipeActivator - ok
18:30:56.0835 4720 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:30:56.0835 4720 netprofm - ok
18:30:56.0835 4720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:56.0835 4720 NetTcpActivator - ok
18:30:56.0851 4720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:56.0851 4720 NetTcpPortSharing - ok
18:30:57.0225 4720 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:30:57.0256 4720 netw5v64 - ok
18:30:57.0350 4720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:30:57.0350 4720 nfrd960 - ok
18:30:57.0397 4720 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:30:57.0397 4720 NlaSvc - ok
18:30:57.0412 4720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:30:57.0412 4720 Npfs - ok
18:30:57.0428 4720 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:30:57.0428 4720 nsi - ok
18:30:57.0443 4720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:30:57.0443 4720 nsiproxy - ok
18:30:57.0568 4720 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:30:57.0584 4720 Ntfs - ok
18:30:57.0646 4720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:30:57.0646 4720 Null - ok
18:30:57.0709 4720 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:30:57.0709 4720 nvraid - ok
18:30:57.0755 4720 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:30:57.0755 4720 nvstor - ok
18:30:57.0787 4720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:30:57.0787 4720 nv_agp - ok
18:30:57.0802 4720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:30:57.0802 4720 ohci1394 - ok
18:30:57.0896 4720 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:30:57.0896 4720 ose - ok
18:30:58.0223 4720 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:30:58.0255 4720 osppsvc - ok
18:30:58.0379 4720 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:30:58.0395 4720 p2pimsvc - ok
18:30:58.0442 4720 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:30:58.0442 4720 p2psvc - ok
18:30:58.0504 4720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:30:58.0504 4720 Parport - ok
18:30:58.0535 4720 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
18:30:58.0535 4720 partmgr - ok
18:30:58.0567 4720 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:30:58.0567 4720 PcaSvc - ok
18:30:58.0582 4720 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:30:58.0582 4720 pci - ok
18:30:58.0598 4720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:30:58.0598 4720 pciide - ok
18:30:58.0629 4720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:30:58.0629 4720 pcmcia - ok
18:30:58.0660 4720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:30:58.0660 4720 pcw - ok
18:30:58.0707 4720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:30:58.0707 4720 PEAUTH - ok
18:30:58.0832 4720 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:30:58.0832 4720 PerfHost - ok
18:30:58.0925 4720 pgfilter (1ce34b97c2bfd7f4a6f38b7e5ab9416d) C:\Program Files\PeerGuardian2\pgfilter.sys
18:30:58.0925 4720 pgfilter - ok
18:30:59.0097 4720 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:30:59.0097 4720 pla - ok
18:30:59.0159 4720 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:30:59.0159 4720 PlugPlay - ok
18:30:59.0206 4720 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
18:30:59.0222 4720 Pml Driver HPZ12 - ok
18:30:59.0222 4720 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:30:59.0222 4720 PNRPAutoReg - ok
18:30:59.0269 4720 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:30:59.0269 4720 PNRPsvc - ok
18:30:59.0315 4720 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:30:59.0331 4720 PolicyAgent - ok
18:30:59.0362 4720 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:30:59.0362 4720 Power - ok
18:30:59.0425 4720 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:30:59.0425 4720 PptpMiniport - ok
18:30:59.0456 4720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:30:59.0456 4720 Processor - ok
18:30:59.0503 4720 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
18:30:59.0503 4720 ProfSvc - ok
18:30:59.0534 4720 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:30:59.0534 4720 ProtectedStorage - ok
18:30:59.0565 4720 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:30:59.0565 4720 Psched - ok
18:30:59.0690 4720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:30:59.0690 4720 ql2300 - ok
18:30:59.0783 4720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:30:59.0783 4720 ql40xx - ok
18:30:59.0830 4720 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:30:59.0830 4720 QWAVE - ok
18:30:59.0846 4720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:30:59.0846 4720 QWAVEdrv - ok
18:30:59.0861 4720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:30:59.0861 4720 RasAcd - ok
18:30:59.0893 4720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:30:59.0893 4720 RasAgileVpn - ok
18:30:59.0908 4720 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:30:59.0908 4720 RasAuto - ok
18:30:59.0924 4720 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:30:59.0924 4720 Rasl2tp - ok
18:30:59.0955 4720 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:30:59.0955 4720 RasMan - ok
18:30:59.0986 4720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:30:59.0986 4720 RasPppoe - ok
18:31:00.0017 4720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:31:00.0017 4720 RasSstp - ok
18:31:00.0064 4720 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:31:00.0064 4720 rdbss - ok
18:31:00.0080 4720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:31:00.0080 4720 rdpbus - ok
18:31:00.0095 4720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:31:00.0095 4720 RDPCDD - ok
18:31:00.0127 4720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:31:00.0127 4720 RDPENCDD - ok
18:31:00.0158 4720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:31:00.0158 4720 RDPREFMP - ok
18:31:00.0205 4720 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
18:31:00.0205 4720 RDPWD - ok
18:31:00.0236 4720 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
18:31:00.0236 4720 rdyboost - ok
18:31:00.0283 4720 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:31:00.0283 4720 RemoteAccess - ok
18:31:00.0314 4720 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:31:00.0314 4720 RemoteRegistry - ok
18:31:00.0407 4720 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
18:31:00.0407 4720 RoxioNow Service - ok
18:31:00.0439 4720 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:31:00.0439 4720 RpcEptMapper - ok
18:31:00.0454 4720 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:31:00.0454 4720 RpcLocator - ok
18:31:00.0501 4720 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:31:00.0501 4720 RpcSs - ok
18:31:00.0595 4720 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
18:31:00.0595 4720 RSPCIESTOR - ok
18:31:00.0610 4720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:31:00.0610 4720 rspndr - ok
18:31:00.0688 4720 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:31:00.0688 4720 RTL8167 - ok
18:31:00.0735 4720 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:31:00.0751 4720 SamSs - ok
18:31:00.0766 4720 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:31:00.0766 4720 sbp2port - ok
18:31:00.0797 4720 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:31:00.0813 4720 SCardSvr - ok
18:31:00.0813 4720 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:31:00.0829 4720 scfilter - ok
18:31:00.0922 4720 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:31:00.0922 4720 Schedule - ok
18:31:00.0953 4720 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:31:00.0953 4720 SCPolicySvc - ok
18:31:00.0985 4720 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
18:31:00.0985 4720 sdbus - ok
18:31:01.0016 4720 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:31:01.0016 4720 SDRSVC - ok
18:31:01.0047 4720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:31:01.0047 4720 secdrv - ok
18:31:01.0063 4720 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:31:01.0063 4720 seclogon - ok
18:31:01.0078 4720 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:31:01.0078 4720 SENS - ok
18:31:01.0109 4720 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:31:01.0109 4720 SensrSvc - ok
18:31:01.0125 4720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:31:01.0125 4720 Serenum - ok
18:31:01.0156 4720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:31:01.0156 4720 Serial - ok
18:31:01.0172 4720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:31:01.0172 4720 sermouse - ok
18:31:01.0203 4720 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:31:01.0203 4720 SessionEnv - ok
18:31:01.0219 4720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:31:01.0219 4720 sffdisk - ok
18:31:01.0234 4720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:31:01.0234 4720 sffp_mmc - ok
18:31:01.0234 4720 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:31:01.0234 4720 sffp_sd - ok
18:31:01.0250 4720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:31:01.0250 4720 sfloppy - ok
18:31:01.0343 4720 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:31:01.0343 4720 Sftfs - ok
18:31:01.0499 4720 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:31:01.0499 4720 sftlist - ok
18:31:01.0546 4720 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:31:01.0546 4720 Sftplay - ok
18:31:01.0593 4720 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:31:01.0593 4720 Sftredir - ok
18:31:01.0593 4720 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:31:01.0609 4720 Sftvol - ok
18:31:01.0640 4720 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:31:01.0640 4720 sftvsa - ok
18:31:01.0718 4720 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:31:01.0718 4720 SharedAccess - ok
18:31:01.0749 4720 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:31:01.0749 4720 ShellHWDetection - ok
18:31:01.0780 4720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:31:01.0780 4720 SiSRaid2 - ok
18:31:01.0811 4720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:31:01.0811 4720 SiSRaid4 - ok
18:31:01.0843 4720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:31:01.0843 4720 Smb - ok
18:31:01.0874 4720 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:31:01.0874 4720 SNMPTRAP - ok
18:31:01.0889 4720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:31:01.0889 4720 spldr - ok
18:31:01.0936 4720 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:31:01.0952 4720 Spooler - ok
18:31:02.0170 4720 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:31:02.0201 4720 sppsvc - ok
18:31:02.0311 4720 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:31:02.0311 4720 sppuinotify - ok
18:31:02.0498 4720 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSP64.SYS
18:31:02.0498 4720 SRTSP - ok
18:31:02.0529 4720 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS
18:31:02.0529 4720 SRTSPX - ok
18:31:02.0591 4720 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:31:02.0591 4720 srv - ok
18:31:02.0638 4720 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:31:02.0654 4720 srv2 - ok
18:31:02.0701 4720 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:31:02.0701 4720 SrvHsfHDA - ok
18:31:02.0810 4720 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:31:02.0810 4720 SrvHsfV92 - ok
18:31:02.0966 4720 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:31:02.0981 4720 SrvHsfWinac - ok
18:31:02.0997 4720 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:31:02.0997 4720 srvnet - ok
18:31:03.0059 4720 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:31:03.0059 4720 SSDPSRV - ok
18:31:03.0075 4720 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:31:03.0075 4720 SstpSvc - ok
18:31:03.0169 4720 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
18:31:03.0169 4720 STacSV - ok
18:31:03.0231 4720 Steam Client Service - ok
18:31:03.0262 4720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:31:03.0262 4720 stexstor - ok
18:31:03.0309 4720 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
18:31:03.0309 4720 STHDA - ok
18:31:03.0356 4720 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:31:03.0356 4720 StillCam - ok
18:31:03.0418 4720 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:31:03.0434 4720 stisvc - ok
18:31:03.0434 4720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:31:03.0434 4720 swenum - ok
18:31:03.0481 4720 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:31:03.0496 4720 swprv - ok
18:31:03.0637 4720 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS
18:31:03.0652 4720 SymDS - ok
18:31:03.0793 4720 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS
18:31:03.0808 4720 SymEFA - ok
18:31:03.0839 4720 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:31:03.0855 4720 SymEvent - ok
18:31:03.0917 4720 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS
18:31:03.0917 4720 SymIRON - ok
18:31:04.0198 4720 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMNETS.SYS
18:31:04.0198 4720 SymNetS - ok
18:31:04.0339 4720 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
18:31:04.0354 4720 SynTP - ok
18:31:04.0557 4720 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:31:04.0557 4720 SysMain - ok
18:31:04.0651 4720 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:31:04.0651 4720 TabletInputService - ok
18:31:04.0682 4720 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:31:04.0697 4720 TapiSrv - ok
18:31:04.0697 4720 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:31:04.0697 4720 TBS - ok
18:31:04.0869 4720 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
18:31:04.0885 4720 Tcpip - ok
18:31:05.0072 4720 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
18:31:05.0087 4720 TCPIP6 - ok
18:31:05.0165 4720 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:31:05.0165 4720 tcpipreg - ok
18:31:05.0197 4720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:31:05.0197 4720 TDPIPE - ok
18:31:05.0228 4720 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:31:05.0228 4720 TDTCP - ok
18:31:05.0243 4720 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:31:05.0243 4720 tdx - ok
18:31:05.0259 4720 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:31:05.0259 4720 TermDD - ok
18:31:05.0321 4720 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:31:05.0337 4720 TermService - ok
18:31:05.0337 4720 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:31:05.0337 4720 Themes - ok
18:31:05.0368 4720 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:31:05.0368 4720 THREADORDER - ok
18:31:05.0384 4720 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:31:05.0399 4720 TrkWks - ok
18:31:05.0431 4720 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:31:05.0431 4720 TrustedInstaller - ok
18:31:05.0446 4720 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:31:05.0446 4720 tssecsrv - ok
18:31:05.0477 4720 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:31:05.0477 4720 tunnel - ok
18:31:05.0509 4720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:31:05.0509 4720 uagp35 - ok
18:31:05.0540 4720 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
18:31:05.0540 4720 udfs - ok
18:31:05.0555 4720 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:31:05.0555 4720 UI0Detect - ok
18:31:05.0571 4720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:31:05.0571 4720 uliagpkx - ok
18:31:05.0602 4720 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:31:05.0602 4720 umbus - ok
18:31:05.0618 4720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:31:05.0618 4720 UmPass - ok
18:31:05.0649 4720 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:31:05.0649 4720 upnphost - ok
18:31:05.0696 4720 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:31:05.0696 4720 USBAAPL64 - ok
18:31:05.0743 4720 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
18:31:05.0743 4720 usbccgp - ok
18:31:05.0774 4720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:31:05.0774 4720 usbcir - ok
18:31:05.0789 4720 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
18:31:05.0789 4720 usbehci - ok
18:31:05.0836 4720 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
18:31:05.0836 4720 usbhub - ok
18:31:05.0836 4720 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
18:31:05.0852 4720 usbohci - ok
18:31:05.0852 4720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:31:05.0852 4720 usbprint - ok
18:31:05.0899 4720 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:31:05.0899 4720 USBSTOR - ok
18:31:05.0930 4720 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
18:31:05.0930 4720 usbuhci - ok
18:31:05.0977 4720 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
18:31:05.0977 4720 usbvideo - ok
18:31:05.0992 4720 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:31:05.0992 4720 UxSms - ok
18:31:06.0039 4720 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:31:06.0039 4720 VaultSvc - ok
18:31:06.0055 4720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:31:06.0055 4720 vdrvroot - ok
18:31:06.0101 4720 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:31:06.0101 4720 vds - ok
18:31:06.0133 4720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:31:06.0148 4720 vga - ok
18:31:06.0164 4720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:31:06.0164 4720 VgaSave - ok
18:31:06.0195 4720 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:31:06.0195 4720 vhdmp - ok
18:31:06.0211 4720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:31:06.0211 4720 viaide - ok
18:31:06.0226 4720 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:31:06.0226 4720 volmgr - ok
18:31:06.0257 4720 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:31:06.0257 4720 volmgrx - ok
18:31:06.0289 4720 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:31:06.0289 4720 volsnap - ok
18:31:06.0320 4720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:31:06.0320 4720 vsmraid - ok
18:31:06.0429 4720 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:31:06.0445 4720 VSS - ok
18:31:06.0554 4720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:31:06.0554 4720 vwifibus - ok
18:31:06.0585 4720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:31:06.0585 4720 vwififlt - ok
18:31:06.0632 4720 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:31:06.0632 4720 W32Time - ok
18:31:06.0647 4720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:31:06.0647 4720 WacomPen - ok
18:31:06.0741 4720 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
18:31:06.0741 4720 WajamUpdater - ok
18:31:06.0772 4720 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:31:06.0772 4720 WANARP - ok
18:31:06.0788 4720 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:31:06.0788 4720 Wanarpv6 - ok
18:31:06.0897 4720 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:31:06.0913 4720 WatAdminSvc - ok
18:31:07.0037 4720 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:31:07.0037 4720 wbengine - ok
18:31:07.0131 4720 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:31:07.0147 4720 WbioSrvc - ok
18:31:07.0193 4720 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:31:07.0209 4720 wcncsvc - ok
18:31:07.0225 4720 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:31:07.0225 4720 WcsPlugInService - ok
18:31:07.0240 4720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:31:07.0240 4720 Wd - ok
18:31:07.0303 4720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:31:07.0303 4720 Wdf01000 - ok
18:31:07.0318 4720 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:31:07.0318 4720 WdiServiceHost - ok
18:31:07.0318 4720 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:31:07.0318 4720 WdiSystemHost - ok
18:31:07.0365 4720 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:31:07.0381 4720 WebClient - ok
18:31:07.0396 4720 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:31:07.0396 4720 Wecsvc - ok
18:31:07.0427 4720 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:31:07.0427 4720 wercplsupport - ok
18:31:07.0459 4720 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:31:07.0459 4720 WerSvc - ok
18:31:07.0474 4720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:31:07.0474 4720 WfpLwf - ok
18:31:07.0490 4720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:31:07.0490 4720 WIMMount - ok
18:31:07.0537 4720 WinDefend - ok
18:31:07.0537 4720 WinHttpAutoProxySvc - ok
18:31:07.0599 4720 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:31:07.0615 4720 Winmgmt - ok
18:31:07.0755 4720 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:31:07.0771 4720 WinRM - ok
18:31:07.0911 4720 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
18:31:07.0911 4720 WinUsb - ok
18:31:07.0989 4720 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:31:07.0989 4720 Wlansvc - ok
18:31:08.0051 4720 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:31:08.0051 4720 wlcrasvc - ok
18:31:08.0239 4720 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:31:08.0239 4720 wlidsvc - ok
18:31:08.0363 4720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:31:08.0363 4720 WmiAcpi - ok
18:31:08.0426 4720 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:31:08.0426 4720 wmiApSrv - ok
18:31:08.0457 4720 WMPNetworkSvc - ok
18:31:08.0488 4720 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:31:08.0488 4720 WPCSvc - ok
18:31:08.0519 4720 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:31:08.0519 4720 WPDBusEnum - ok
18:31:08.0519 4720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:31:08.0519 4720 ws2ifsl - ok
18:31:08.0566 4720 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
18:31:08.0566 4720 wscsvc - ok
18:31:08.0566 4720 WSearch - ok
18:31:08.0753 4720 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:31:08.0769 4720 wuauserv - ok
18:31:08.0847 4720 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:31:08.0847 4720 WudfPf - ok
18:31:08.0878 4720 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:31:08.0878 4720 WUDFRd - ok
18:31:08.0909 4720 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:31:08.0909 4720 wudfsvc - ok
18:31:08.0925 4720 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:31:08.0925 4720 WwanSvc - ok
18:31:08.0987 4720 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:31:08.0987 4720 yukonw7 - ok
18:31:09.0003 4720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:31:09.0565 4720 \Device\Harddisk0\DR0 - ok
18:31:09.0580 4720 Boot (0x1200) (96637f782e5fe7d0152ba1a2b7f53ca8) \Device\Harddisk0\DR0\Partition0
18:31:09.0580 4720 \Device\Harddisk0\DR0\Partition0 - ok
18:31:09.0596 4720 Boot (0x1200) (84fc35341c8dc7f54d689fdcfd9611f6) \Device\Harddisk0\DR0\Partition1
18:31:09.0596 4720 \Device\Harddisk0\DR0\Partition1 - ok
18:31:09.0627 4720 Boot (0x1200) (beac3f557f193265fe67244bc1c17f5e) \Device\Harddisk0\DR0\Partition2
18:31:09.0627 4720 \Device\Harddisk0\DR0\Partition2 - ok
18:31:09.0643 4720 Boot (0x1200) (2567c0a4e56605147628167aa45c65d1) \Device\Harddisk0\DR0\Partition3
18:31:09.0643 4720 \Device\Harddisk0\DR0\Partition3 - ok
18:31:09.0643 4720 ============================================================
18:31:09.0643 4720 Scan finished
18:31:09.0643 4720 ============================================================
18:31:09.0658 5932 Detected object count: 0
18:31:09.0658 5932 Actual detected object count: 0

aswMBR-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 18:32:33
-----------------------------
18:32:33.075 OS Version: Windows x64 6.1.7600
18:32:33.075 Number of processors: 2 586 0x603
18:32:33.076 ComputerName: CODYZAPPEN-HP UserName: Cody Zappen
18:32:35.606 Initialize success
18:34:03.802 AVAST engine defs: 12080701
18:37:00.764 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
18:37:00.766 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 11
18:37:00.781 Disk 0 MBR read successfully
18:37:00.783 Disk 0 MBR scan
18:37:00.788 Disk 0 Windows 7 default MBR code
18:37:00.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:37:00.811 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461255 MB offset 409600
18:37:00.848 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15381 MB offset 945059840
18:37:00.865 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
18:37:00.903 Disk 0 scanning C:\Windows\system32\drivers
18:37:12.062 Service scanning
18:37:34.105 Modules scanning
18:37:34.111 Disk 0 trace - called modules:
18:37:34.128 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:37:34.132 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800430a060]
18:37:34.136 3 CLASSPNP.SYS[fffff88001ada43f] -> nt!IofCallDriver -> [0xfffffa8004296b80]
18:37:34.140 5 amd_xata.sys[fffff880011607a8] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa8004292690]
18:37:35.720 AVAST engine scan C:\Windows
18:37:39.194 AVAST engine scan C:\Windows\system32
18:41:37.110 AVAST engine scan C:\Windows\system32\drivers
18:42:03.334 AVAST engine scan C:\Users\Cody Zappen
18:55:55.115 AVAST engine scan C:\ProgramData
18:58:13.043 Scan finished successfully
23:45:25.326 Disk 0 MBR has been saved successfully to "C:\Users\Cody Zappen\Desktop\MBR.dat"
23:45:25.332 The log file has been saved successfully to "C:\Users\Cody Zappen\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 AM

Posted 08 August 2012 - 09:04 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\uTorrentControl2
c:\program files (x86)\Vuze_Remote

Firefox::
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 56aab3cc000000000000ac81124bd835
FF - user.js: extensions.BabylonToolbar_i.hardId - 56aab3cc000000000000ac81124bd835
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15511
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 apache1334

apache1334
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 08 August 2012 - 06:33 PM

Gringo-

CFScript-
ComboFix 12-08-08.01 - Cody Zappen 08/09/2012 18:43:37.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1889 [GMT -4:00]
Running from: c:\users\Cody Zappen\Desktop\ComboFix.exe
Command switches used :: c:\users\Cody Zappen\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\uTorrentControl2
c:\program files (x86)\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\ldrtbuTor.dll
c:\program files (x86)\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
c:\program files (x86)\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\tbuTor.dll
c:\program files (x86)\uTorrentControl2\toolbar.cfg
c:\program files (x86)\uTorrentControl2\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentControl2\uninstall.exe
c:\program files (x86)\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
c:\program files (x86)\Vuze_Remote
c:\program files (x86)\Vuze_Remote\GottenAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\ldrtbVuze.dll
c:\program files (x86)\Vuze_Remote\OtherAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
c:\program files (x86)\Vuze_Remote\SharedAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\tbVuze.dll
c:\program files (x86)\Vuze_Remote\toolbar.cfg
c:\program files (x86)\Vuze_Remote\ToolbarContextMenu.xml
c:\program files (x86)\Vuze_Remote\uninstall.exe
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 23:00 . 2012-08-09 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 07:06 . 2012-08-06 07:06 -------- d-----w- C:\Ubisoft
2012-08-05 01:52 . 2012-08-05 01:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-05 01:50 . 2012-08-05 01:50 -------- d-----w- c:\program files\Symantec
2012-08-05 01:50 . 2012-08-05 01:50 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-05 01:50 . 2012-08-05 01:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-05 01:50 . 2012-08-05 01:50 -------- d-----w- c:\windows\system32\drivers\NAVx64
2012-08-05 01:50 . 2012-08-05 01:50 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2012-08-05 01:41 . 2012-08-05 01:41 -------- d-----w- c:\users\Cody Zappen\AppData\Roaming\HPAppData
2012-08-05 01:39 . 2012-08-05 01:39 -------- d-----w- c:\program files (x86)\Glarysoft Toolbar
2012-08-05 01:38 . 2012-08-05 01:38 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-08-04 20:23 . 2012-08-04 20:23 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-04 17:50 . 2012-08-04 17:50 -------- d-----w- c:\users\Cody Zappen\AppData\Local\SoftGrid Client
2012-08-04 17:50 . 2012-08-07 22:40 -------- d-----w- c:\users\Cody Zappen\AppData\Roaming\SoftGrid Client
2012-08-04 17:49 . 2012-08-04 17:49 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-08-04 17:49 . 2012-08-04 17:49 -------- d-----w- c:\program files\Microsoft Office
2012-08-04 17:49 . 2012-08-04 17:51 -------- d-----w- c:\users\Cody Zappen\AppData\Roaming\TP
2012-08-04 16:40 . 2012-08-04 16:40 -------- d-----w- c:\users\Cody Zappen\AppData\Local\ElevatedDiagnostics
2012-08-04 16:37 . 2012-08-04 16:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-04 16:06 . 2012-08-04 16:05 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-08-04 16:06 . 2012-08-04 16:05 226600 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-08-04 16:06 . 2012-08-04 16:05 148264 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-08-04 16:06 . 2012-08-04 16:05 1451056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-08-04 16:06 . 2012-08-04 16:05 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-08-04 16:06 . 2012-08-04 16:05 276264 ----a-w- c:\windows\system32\SynCtrl.dll
2012-08-04 16:06 . 2012-08-04 16:05 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-08-04 16:06 . 2012-08-04 16:05 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-08-04 16:02 . 2012-08-04 16:01 528384 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-08-04 16:02 . 2012-08-04 16:01 654336 ------w- c:\windows\system32\stapi64.dll
2012-08-04 16:02 . 2012-08-04 16:01 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-08-04 16:02 . 2012-08-04 16:01 1965056 ----a-w- c:\windows\system32\stapo64.dll
2012-08-04 16:02 . 2012-08-04 16:04 -------- d-----w- c:\program files\IDT
2012-08-04 01:39 . 2012-08-04 01:39 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-08-04 01:34 . 2012-08-04 01:33 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-08-04 01:34 . 2012-08-04 01:33 425064 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-07-31 21:49 . 2012-08-04 16:01 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-25 03:56 . 2012-07-25 03:56 -------- d-----w- c:\users\Cody Zappen\AppData\Local\ThirdWire
2012-07-25 03:56 . 2012-07-25 03:56 -------- d-----w- c:\programdata\ThirdWire
2012-07-25 00:04 . 2012-07-25 00:04 -------- d-----w- c:\program files (x86)\ThirdWire
2012-07-24 22:09 . 2012-07-24 22:09 -------- d-----w- c:\windows\Sun
2012-07-21 02:06 . 2012-07-21 02:06 -------- d-----w- c:\users\Cody Zappen\AppData\Local\My Games
2012-07-21 02:05 . 2012-07-21 02:05 -------- d-----w- c:\programdata\3DMGAME
2012-07-21 01:58 . 2012-07-21 02:05 -------- d-----w- c:\program files (x86)\Sid Meier's Civilization V
2012-07-21 00:52 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2012-07-17 22:49 . 2012-07-17 22:50 -------- d-----w- c:\users\Cody Zappen\AppData\Local\Windows Live Writer
2012-07-17 22:49 . 2012-07-17 22:49 -------- d-----w- c:\users\Cody Zappen\AppData\Roaming\Windows Live Writer
2012-07-16 06:46 . 2012-07-16 06:46 -------- d-----w- c:\windows\SysWow64\Wat
2012-07-16 06:46 . 2012-07-16 06:46 -------- d-----w- c:\windows\system32\Wat
2012-07-16 02:16 . 2012-07-16 02:16 -------- d-----w- c:\users\Cody Zappen\AppData\Local\DCS
2012-07-15 22:47 . 2012-07-15 22:47 -------- d-----w- c:\windows\SysWow64\lib
2012-07-15 22:47 . 2012-07-15 22:56 -------- d-----w- C:\ModMan
2012-07-15 22:47 . 2012-07-15 22:47 -------- d-----w- c:\windows\ModMan
2012-07-15 22:10 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-15 22:10 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-15 21:49 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 01:02 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-13 01:02 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-13 01:02 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-13 01:02 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-13 01:02 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-13 00:57 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-13 00:57 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-13 00:57 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-13 00:57 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-13 00:57 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-13 00:57 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-13 00:57 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-13 00:57 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-13 00:57 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-13 00:29 . 2003-11-14 20:12 518416 ----a-r- c:\windows\SysWow64\MSXML.DLL
2012-07-13 00:25 . 2003-02-27 20:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-07-13 00:25 . 2002-12-05 18:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-07-13 00:25 . 2002-12-02 19:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-07-13 00:25 . 2002-12-02 17:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-07-13 00:25 . 2002-12-02 17:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-07-13 00:25 . 2012-07-13 00:25 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-07-13 00:25 . 2012-07-13 00:25 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-07-12 02:56 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-07-12 02:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-07-12 02:25 . 2012-07-12 02:25 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-11 22:34 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-11 22:34 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-11 22:34 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-11 22:34 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-11 22:34 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-11 22:34 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-11 22:34 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 16:05 . 2010-12-17 02:26 411944 ----a-w- c:\windows\system32\SynCOM.dll
2012-08-04 16:01 . 2012-05-19 23:39 4780032 ----a-w- c:\windows\system32\stlang64.dll
2012-08-04 16:01 . 2012-05-19 23:39 1128448 ----a-w- c:\windows\sttray64.exe
2012-08-04 16:01 . 2012-05-19 23:39 224256 ----a-w- c:\windows\system32\staco64.dll
2012-08-04 16:01 . 2012-05-19 23:39 4933120 ----a-w- c:\windows\system32\IDTNHP.dll
2012-08-04 16:01 . 2012-05-19 23:39 212480 ----a-w- c:\windows\system32\IDTNJ.exe
2012-08-04 16:01 . 2012-05-19 23:39 1029120 ----a-w- c:\windows\system32\IDTNX.dll
2012-08-04 16:01 . 2012-05-19 23:39 6382080 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-08-04 16:01 . 2012-05-19 23:39 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-08-04 16:01 . 2012-05-20 04:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 16:01 . 2012-05-20 04:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 16:01 . 2012-05-19 23:39 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2012-08-04 01:39 . 2012-05-19 23:39 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-08-04 01:33 . 2012-05-19 23:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-06-02 22:19 . 2012-07-07 22:49 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-07 22:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-07-07 22:50 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-07 22:50 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-07 22:49 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-07-07 22:50 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-07-07 22:49 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-07-07 22:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-07-07 22:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-26 20:38 . 2012-05-26 20:38 2829 ----a-w- c:\windows\War3Unin.pif
2012-05-26 20:38 . 2012-05-26 20:38 126976 ----a-w- c:\windows\War3Unin.exe
2012-05-24 03:19 . 2012-05-24 03:19 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-24 03:19 . 2011-01-11 09:02 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-23 22:05 . 2010-06-24 19:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-20 21:38 . 2012-05-20 21:38 94208 ----a-w- c:\windows\DIIUnin.exe
2012-05-20 21:38 . 2012-05-20 21:38 2829 ----a-w- c:\windows\DIIUnin.pif
2012-05-20 20:45 . 2012-05-20 20:45 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-20 00:30 . 2012-05-20 00:30 112000 ----a-w- c:\windows\system32\consent.exe
2012-05-20 00:29 . 2012-05-20 00:29 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-05-20 00:29 . 2012-05-20 00:29 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2012-05-20 00:29 . 2012-05-20 00:29 473600 ----a-w- c:\windows\system32\taskcomp.dll
2012-05-20 00:29 . 2012-05-20 00:29 464384 ----a-w- c:\windows\system32\taskeng.exe
2012-05-20 00:29 . 2012-05-20 00:29 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2012-05-20 00:29 . 2012-05-20 00:29 285696 ----a-w- c:\windows\system32\schtasks.exe
2012-05-20 00:29 . 2012-05-20 00:29 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2012-05-20 00:29 . 2012-05-20 00:29 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2012-05-20 00:29 . 2012-05-20 00:29 1169408 ----a-w- c:\windows\system32\taskschd.dll
2012-05-20 00:29 . 2012-05-20 00:29 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2012-05-20 00:28 . 2012-05-20 00:28 552960 ----a-w- c:\windows\system32\msdri.dll
2012-05-19 23:40 . 2012-05-19 23:40 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-05-19 23:40 . 2012-05-19 23:40 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-05-19 23:40 . 2012-05-19 23:40 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-05-19 23:40 . 2012-05-19 23:40 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-05-19 23:40 . 2012-05-19 23:40 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-05-15 05:41 . 2012-05-19 21:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D403E74-2DBA-42AA-B172-23837189735B}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-07_23.07.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-07 22:35 . 2012-08-07 22:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-07 22:35 . 2012-08-08 22:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-11 08:42 . 2012-08-07 23:08 43290 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-07 23:08 43728 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-08-07 23:15 78552 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-19 21:23 . 2012-08-07 23:08 8920 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1480102836-3186209094-3636385834-1001_UserData.bin
+ 2012-05-19 23:17 . 2012-08-09 22:38 298234 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:54 . 2012-08-07 22:42 2768896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 22:42 2768896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 22:42 6914048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 22:42 6914048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-08-07 22:56 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-09 20:02 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}]
2012-06-01 13:35 2669408 ------w- c:\program files (x86)\Glarysoft Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{32D47EA5-9473-4CAD-805D-9999F15D5AE2}"= "c:\program files (x86)\Glarysoft Toolbar\tbcore3.dll" [2012-06-01 2669408]
.
[HKEY_CLASSES_ROOT\clsid\{32d47ea5-9473-4cad-805d-9999f15d5ae2}]
[HKEY_CLASSES_ROOT\TBSB05810.TBSB05810.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05810.TBSB05810]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-19 880496]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 2273792]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-05 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-11 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-07-11 1161376]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.7.1.5\Definitions\IPSDefs\20120807.001\IDSvia64.sys [2012-08-03 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAVx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-10 203776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-08-04 2413056]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-04-24 109064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-10 8121344]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-10 291328]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-20 283200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-07 138912]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-08-04 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-08-04 425064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 11578280
*NewlyCreated* - 21534417
*NewlyCreated* - ASWMBR
*Deregistered* - 11578280
*Deregistered* - 21534417
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 16:01]
.
2012-08-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-05-23 02:16]
.
2012-08-05 c:\windows\Tasks\HPCeeScheduleForCody Zappen.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-07 c:\windows\Tasks\HPCeeScheduleForCODYZAPPEN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-04 1128448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Cody Zappen\AppData\Roaming\Mozilla\Firefox\Profiles\n15zgtsn.default\
FF - prefs.js: browser.search.selectedEngine - Glary Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 56aab3cc000000000000ac81124bd835
FF - user.js: extensions.BabylonToolbar_i.hardId - 56aab3cc000000000000ac81124bd835
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15511
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{32D47EA5-9473-4CAD-805D-9999F15D5AE2} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-uTorrentControl2 Toolbar - c:\program files (x86)\uTorrentControl2\uninstall.exe
AddRemove-Vuze_Remote Toolbar - c:\program files (x86)\Vuze_Remote\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\00\14\01#4?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-09 19:27:22
ComboFix-quarantined-files.txt 2012-08-09 23:27
ComboFix2.txt 2012-08-07 23:12
.
Pre-Run: 210,141,384,704 bytes free
Post-Run: 210,185,478,144 bytes free
.
- - End Of File - - AD078983C304B599507C57168DA8A886

I have had no new problems or issues. Computer is running brilliantly. No problems. Thank you very much.

-apache1334

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 AM

Posted 08 August 2012 - 07:07 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Adobe Reader 9.5.1 MUI
Babylon toolbar on IE
BabylonObjectInstaller
Bing Bar
Bing Rewards Client Installer
Java™ 6 Update 32
uTorrentControl2 Toolbar
Vuze
Vuze Remote Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 apache1334

apache1334
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 10 August 2012 - 04:11 PM

Gringo-
Sorry for the delay.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Cody Zappen :: CODYZAPPEN-HP [administrator]

8/11/2012 5:00:49 PM
mbam-log-2012-08-11 (17-00-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195235
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:06:24 PM, on 8/11/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Users\Cody Zappen\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (file missing)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: TBSB05810 - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (file missing)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)
O3 - Toolbar: Glarysoft Toolbar - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11556 bytes

I noticed that there were some mention of vuze and utorrent. I just wanted to let you know that I have indeed uninstalled and deleted all remaining files relating to these two problems. I do indeed believe that P2P was the cause of this. Other than needing to run Hijackthis as an administrator. Computer has had no problems since the original run of combofix. Everything is running great.

-apache1334

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 AM

Posted 10 August 2012 - 04:50 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 AM

Posted 14 August 2012 - 12:21 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 AM

Posted 17 August 2012 - 10:28 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:37 AM

Posted 20 August 2012 - 12:03 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users