Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe running on computer


  • This topic is locked This topic is locked
14 replies to this topic

#1 robc9525

robc9525

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 30 May 2014 - 11:59 AM

Need help with removal of malware.  Gateway computer running Vista 

Ran Malwarebytes and deleted items found.  

Ran Rougekiller and it hangs half way thru scan.

Ran Hijackthis and it could not create log, ran it in safe mode and was able to create log.

Ran DDS in safe mode, log is attached.

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 04 June 2014 - 12:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/536037 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 robc9525

robc9525
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 05 June 2014 - 01:32 AM

Here is the latest DDS log.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16545

Run by MarkMarcy at 12:04:17 on 2014-06-04

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3838.664 [GMT -7:00]

.

AV: Norton AntiVirus *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio64.exe

C:\Windows\System32\WUDFHost.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\RAVCpl64.exe

C:\Users\MarkMarcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\splwow64.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\syswow64\dllhost.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\System32\mobsync.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\syswow64\dllhost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0710&m=dx4720-03

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\ips\ipsbho.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coieplg.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Spotify Web Helper] "C:\Users\MarkMarcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

mRun: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [LedKey] CNYHKey.exe

mRun: [LchDrvKey] LchDrvKey.exe

mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 10.2.127.4

TCP: Interfaces\{12BE0712-C6AA-44AF-A918-B3D6A7BF2766} : DHCPNameServer = 10.2.127.4

TCP: Interfaces\{B1E7572D-2DB5-436A-987D-47D5CD2DE96A} : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0710&m=dx4720-03

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Run: [Skytel] Skytel.exe

x64-Run: [RtHDVCpl] RAVCpl64.exe

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-Explorer: NoDrives = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1503000.00C\symds64.sys [2014-5-20 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1503000.00C\symefa64.sys [2014-5-20 1148120]

R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [2014-5-9 1530160]

R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1503000.00C\ccsetx64.sys [2014-5-20 162392]

R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE07000.02F\ccsetx64.sys [2014-5-21 162392]

R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140603.001\IDSviA64.sys [2014-6-3 525016]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\System32\drivers\RtlProt.sys [2007-4-23 31016]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1503000.00C\ironx64.sys [2014-5-20 264280]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NAVx64\1503000.00C\symtdiv.sys [2014-5-20 510168]

R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-8-12 403968]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-1 25928]

S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-3-1 36680]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v3.sys [2010-7-26 342528]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2010-8-14 24064]

.

=============== File Associations ===============

.

FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M  ====================

.

2014-05-21 10:23:28     93223848    ----a-w-    C:\Windows\System32\mrt.exe

2014-05-14 15:08:04     70832 ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-05-14 15:08:04     692400      ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe

2014-05-06 00:46:10     17847808    ----a-w-    C:\Windows\System32\mshtml.dll

2014-05-06 00:21:53     96768 ----a-w-    C:\Windows\System32\mshtmled.dll

2014-05-06 00:21:48     2382848     ----a-w-    C:\Windows\System32\mshtml.tlb

2014-05-05 23:32:27     12347392    ----a-w-    C:\Windows\SysWow64\mshtml.dll

2014-05-05 23:14:19     73216 ----a-w-    C:\Windows\SysWow64\mshtmled.dll

2014-05-05 23:14:12     2382848     ----a-w-    C:\Windows\SysWow64\mshtml.tlb

2014-04-01 05:46:48     130712      ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL

2014-04-01 05:46:48     1070232     ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX

2014-03-31 16:35:08     270496      ------w-    C:\Windows\System32\MpSigStub.exe

2014-03-25 16:30:37     12900864    ----a-w-    C:\Windows\System32\shell32.dll

2014-03-25 13:26:04     11587584    ----a-w-    C:\Windows\SysWow64\shell32.dll

.

============= FINISH: 12:10:20.88 ===============

Attached Files



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 05 June 2014 - 02:12 PM

Hi there and sorry for the delay.

Please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#5 robc9525

robc9525
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 06 June 2014 - 11:40 AM

Sorry for the delay.

Here are the logs.

 

 
09:26:09.0341 0x35e4  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
09:26:17.0080 0x35e4  ============================================================
09:26:17.0080 0x35e4  Current date / time: 2014/06/06 09:26:17.0080
09:26:17.0080 0x35e4  SystemInfo:
09:26:17.0080 0x35e4  
09:26:17.0080 0x35e4  OS Version: 6.0.6002 ServicePack: 2.0
09:26:17.0080 0x35e4  Product type: Workstation
09:26:17.0081 0x35e4  ComputerName: MARKMARCY-PC
09:26:17.0081 0x35e4  UserName: MarkMarcy
09:26:17.0081 0x35e4  Windows directory: C:\Windows
09:26:17.0081 0x35e4  System windows directory: C:\Windows
09:26:17.0081 0x35e4  Running under WOW64
09:26:17.0081 0x35e4  Processor architecture: Intel x64
09:26:17.0081 0x35e4  Number of processors: 2
09:26:17.0081 0x35e4  Page size: 0x1000
09:26:17.0081 0x35e4  Boot type: Normal boot
09:26:17.0081 0x35e4  ============================================================
09:26:20.0589 0x35e4  KLMD registered as C:\Windows\system32\drivers\93986385.sys
09:26:22.0658 0x35e4  System UUID: {CDEFE205-F0A6-D47A-BC14-E8D904CBF404}
09:26:25.0649 0x35e4  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:26:25.0772 0x35e4  Drive \Device\Harddisk5\DR5 - Size: 0x77DDE0000 ( 29.97 Gb ), SectorSize: 0x200, Cylinders: 0xF47, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:26:25.0774 0x35e4  ============================================================
09:26:25.0774 0x35e4  \Device\Harddisk0\DR0:
09:26:25.0800 0x35e4  MBR partitions:
09:26:25.0801 0x35e4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x494CE800
09:26:25.0801 0x35e4  \Device\Harddisk5\DR5:
09:26:25.0801 0x35e4  MBR partitions:
09:26:25.0801 0x35e4  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x7740, BlocksNum 0x3BE77C0
09:26:25.0801 0x35e4  ============================================================
09:26:25.0919 0x35e4  C: <-> \Device\Harddisk0\DR0\Partition1
09:26:25.0919 0x35e4  ============================================================
09:26:25.0919 0x35e4  Initialize success
09:26:25.0920 0x35e4  ============================================================
09:26:38.0374 0x2d38  ============================================================
09:26:38.0375 0x2d38  Scan started
09:26:38.0375 0x2d38  Mode: Manual; SigCheck; TDLFS; 
09:26:38.0375 0x2d38  ============================================================
09:26:38.0375 0x2d38  KSN ping started
09:26:38.0949 0x2d38  KSN ping finished: true
09:26:57.0858 0x2d38  ================ Scan system memory ========================
09:26:57.0858 0x2d38  System memory - ok
09:26:57.0858 0x2d38  ================ Scan services =============================
09:26:58.0405 0x2d38  [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:26:58.0601 0x2d38  ACPI - ok
09:26:58.0745 0x2d38  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:26:58.0763 0x2d38  AdobeARMservice - ok
09:26:59.0133 0x2d38  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:26:59.0163 0x2d38  AdobeFlashPlayerUpdateSvc - ok
09:26:59.0250 0x2d38  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:26:59.0334 0x2d38  adp94xx - ok
09:26:59.0388 0x2d38  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:26:59.0446 0x2d38  adpahci - ok
09:26:59.0484 0x2d38  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:26:59.0502 0x2d38  adpu160m - ok
09:26:59.0574 0x2d38  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:26:59.0593 0x2d38  adpu320 - ok
09:26:59.0668 0x2d38  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:26:59.0843 0x2d38  AeLookupSvc - ok
09:27:00.0004 0x2d38  [ 2BA159E1F9FD75F6A496742B20F1D9CF, 50094F6E8415ACDBC0DA9C24EDAB3F9B192D2F0D6A820C18E8DBC6D72849D612 ] AFD             C:\Windows\system32\drivers\afd.sys
09:27:00.0119 0x2d38  AFD - ok
09:27:00.0162 0x2d38  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:27:00.0179 0x2d38  agp440 - ok
09:27:00.0223 0x2d38  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:27:00.0240 0x2d38  aic78xx - ok
09:27:00.0284 0x2d38  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
09:27:00.0493 0x2d38  ALG - ok
09:27:00.0555 0x2d38  [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:27:00.0568 0x2d38  aliide - ok
09:27:00.0587 0x2d38  [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:27:00.0602 0x2d38  amdide - ok
09:27:00.0673 0x2d38  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:27:00.0715 0x2d38  AmdK8 - ok
09:27:00.0761 0x2d38  [ 9C37B3FD5615477CB9A0CD116CF43F5C, BD3F85A29931072F2B0C7283761E224E4621FE0D9D34D6D668A4516B28388484 ] Appinfo         C:\Windows\System32\appinfo.dll
09:27:00.0850 0x2d38  Appinfo - ok
09:27:00.0990 0x2d38  [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:27:01.0003 0x2d38  Apple Mobile Device - ok
09:27:01.0074 0x2d38  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
09:27:01.0091 0x2d38  arc - ok
09:27:01.0133 0x2d38  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:27:01.0151 0x2d38  arcsas - ok
09:27:01.0366 0x2d38  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:27:01.0396 0x2d38  aspnet_state - ok
09:27:01.0423 0x2d38  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:27:01.0482 0x2d38  AsyncMac - ok
09:27:01.0558 0x2d38  [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi           C:\Windows\system32\drivers\atapi.sys
09:27:01.0575 0x2d38  atapi - ok
09:27:01.0627 0x2d38  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:27:01.0765 0x2d38  AudioEndpointBuilder - ok
09:27:01.0788 0x2d38  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:27:01.0829 0x2d38  AudioSrv - ok
09:27:01.0958 0x2d38  [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
09:27:01.0973 0x2d38  BcmSqlStartupSvc - ok
09:27:01.0997 0x2d38  Beep - ok
09:27:02.0046 0x2d38  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE             C:\Windows\System32\bfe.dll
09:27:02.0189 0x2d38  BFE - ok
09:27:02.0485 0x2d38  [ F10EFCE086C794F8A7C2C7A3EA52AC5F, 498C4A75DCC560CE1A6B7F671572A4CB2F4D5EA402E45399B7CF471CFBC48241 ] BHDrvx64        C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys
09:27:02.0603 0x2d38  BHDrvx64 - ok
09:27:02.0681 0x2d38  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS            C:\Windows\system32\qmgr.dll
09:27:02.0903 0x2d38  BITS - ok
09:27:02.0964 0x2d38  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:27:03.0021 0x2d38  blbdrive - ok
09:27:03.0264 0x2d38  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:27:03.0295 0x2d38  Bonjour Service - ok
09:27:03.0362 0x2d38  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:27:03.0443 0x2d38  bowser - ok
09:27:03.0585 0x2d38  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:27:03.0672 0x2d38  BrFiltLo - ok
09:27:03.0699 0x2d38  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:27:03.0757 0x2d38  BrFiltUp - ok
09:27:03.0791 0x2d38  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
09:27:03.0881 0x2d38  Browser - ok
09:27:04.0483 0x2d38  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\drivers\brserid.sys
09:27:04.0686 0x2d38  Brserid - ok
09:27:04.0740 0x2d38  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:27:04.0846 0x2d38  BrSerWdm - ok
09:27:04.0880 0x2d38  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:27:04.0974 0x2d38  BrUsbMdm - ok
09:27:05.0004 0x2d38  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:27:05.0090 0x2d38  BrUsbSer - ok
09:27:05.0180 0x2d38  [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:27:05.0300 0x2d38  BTHMODEM - ok
09:27:05.0347 0x2d38  catchme - ok
09:27:05.0499 0x2d38  [ 551BE1536B27DC056EA4D48275EFB089, 41A3397881375DDD7E7B51DC4D4536D4A27D6AA214EF95BD20EE6D693013D68F ] CAXHWBS2        C:\Windows\system32\DRIVERS\CAXHWBS2.sys
09:27:05.0584 0x2d38  CAXHWBS2 - ok
09:27:05.0805 0x2d38  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NAV       C:\Windows\system32\drivers\NAVx64\1503000.00C\ccSetx64.sys
09:27:05.0821 0x2d38  ccSet_NAV - ok
09:27:06.0049 0x2d38  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NST       C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys
09:27:06.0075 0x2d38  ccSet_NST - ok
09:27:06.0159 0x2d38  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:27:06.0222 0x2d38  cdfs - ok
09:27:06.0313 0x2d38  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:27:06.0359 0x2d38  cdrom - ok
09:27:06.0504 0x2d38  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:27:06.0557 0x2d38  CertPropSvc - ok
09:27:06.0578 0x2d38  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:27:06.0661 0x2d38  circlass - ok
09:27:06.0826 0x2d38  [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS            C:\Windows\system32\CLFS.sys
09:27:06.0857 0x2d38  CLFS - ok
09:27:06.0999 0x2d38  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:27:07.0020 0x2d38  clr_optimization_v2.0.50727_32 - ok
09:27:07.0157 0x2d38  [ CE07A466201096F021CD09D631B21540, 1A11DDAB7000569A89F3FA26BDEE4D527FA6D57D3F91CDABAA9C02CACDDE5F6D ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:27:07.0225 0x2d38  clr_optimization_v2.0.50727_64 - ok
09:27:07.0589 0x2d38  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:27:07.0655 0x2d38  clr_optimization_v4.0.30319_32 - ok
09:27:07.0690 0x2d38  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:27:07.0751 0x2d38  clr_optimization_v4.0.30319_64 - ok
09:27:07.0789 0x2d38  [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:27:07.0805 0x2d38  cmdide - ok
09:27:07.0864 0x2d38  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:27:07.0880 0x2d38  Compbatt - ok
09:27:07.0890 0x2d38  COMSysApp - ok
09:27:07.0933 0x2d38  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:27:07.0950 0x2d38  crcdisk - ok
09:27:08.0072 0x2d38  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:27:08.0150 0x2d38  CryptSvc - ok
09:27:08.0416 0x2d38  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:27:08.0525 0x2d38  DcomLaunch - ok
09:27:08.0579 0x2d38  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:27:08.0643 0x2d38  DfsC - ok
09:27:08.0959 0x2d38  [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR            C:\Windows\system32\DFSR.exe
09:27:09.0247 0x2d38  DFSR - ok
09:27:09.0479 0x2d38  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:27:09.0535 0x2d38  Dhcp - ok
09:27:09.0739 0x2d38  [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk            C:\Windows\system32\drivers\disk.sys
09:27:09.0755 0x2d38  disk - ok
09:27:09.0865 0x2d38  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:27:10.0039 0x2d38  Dnscache - ok
09:27:10.0120 0x2d38  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc         C:\Windows\System32\dot3svc.dll
09:27:10.0182 0x2d38  dot3svc - ok
09:27:10.0227 0x2d38  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
09:27:10.0316 0x2d38  DPS - ok
09:27:10.0488 0x2d38  [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:27:10.0535 0x2d38  drmkaud - ok
09:27:10.0909 0x2d38  [ 0A3C78677FF62E9E0AE7CC25C790A968, 6A2D81BC3715FD4960D2C853870C056C5BFE581B25C4592CBF65EAC044DFEAB3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:27:10.0958 0x2d38  DXGKrnl - ok
09:27:11.0026 0x2d38  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
09:27:11.0107 0x2d38  E1G60 - ok
09:27:11.0196 0x2d38  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
09:27:11.0248 0x2d38  EapHost - ok
09:27:11.0349 0x2d38  [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:27:11.0372 0x2d38  Ecache - ok
09:27:11.0624 0x2d38  [ 1B7AA375F711F66D5FF2B855F9EC987F, 151E3897A31F0E828D08EBBB9C10A60047B48534BB38349EF1C8D9245524CA58 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:27:11.0689 0x2d38  eeCtrl - ok
09:27:11.0779 0x2d38  [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:27:11.0884 0x2d38  ehRecvr - ok
09:27:11.0956 0x2d38  [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched         C:\Windows\ehome\ehsched.exe
09:27:12.0009 0x2d38  ehSched - ok
09:27:12.0092 0x2d38  [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart         C:\Windows\ehome\ehstart.dll
09:27:12.0162 0x2d38  ehstart - ok
09:27:12.0213 0x2d38  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:27:12.0250 0x2d38  elxstor - ok
09:27:12.0403 0x2d38  [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
09:27:12.0510 0x2d38  EMDMgmt - ok
09:27:12.0529 0x2d38  [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:27:12.0617 0x2d38  ErrDev - ok
09:27:12.0694 0x2d38  [ 4D06D9A26227AC485305133916888DF1, CBBCED63666DD5965A7F0B4577995FBD347B38F5391DC5429CAFC1CF3A4C2B1E ] ETService       C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
09:27:12.0730 0x2d38  ETService - detected UnsignedFile.Multi.Generic ( 1 )
09:27:12.0967 0x2d38  Detect skipped due to KSN trusted
09:27:12.0967 0x2d38  ETService - ok
09:27:13.0121 0x2d38  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem     C:\Windows\system32\es.dll
09:27:13.0179 0x2d38  EventSystem - ok
09:27:13.0306 0x2d38  [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat           C:\Windows\system32\drivers\exfat.sys
09:27:13.0378 0x2d38  exfat - ok
09:27:13.0477 0x2d38  [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:27:13.0569 0x2d38  fastfat - ok
09:27:13.0621 0x2d38  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:27:13.0667 0x2d38  fdc - ok
09:27:13.0746 0x2d38  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:27:13.0809 0x2d38  fdPHost - ok
09:27:13.0856 0x2d38  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:27:13.0938 0x2d38  FDResPub - ok
09:27:13.0979 0x2d38  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:27:13.0997 0x2d38  FileInfo - ok
09:27:14.0016 0x2d38  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:27:14.0065 0x2d38  Filetrace - ok
09:27:14.0092 0x2d38  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:27:14.0158 0x2d38  flpydisk - ok
09:27:14.0274 0x2d38  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:27:14.0381 0x2d38  FltMgr - ok
09:27:14.0724 0x2d38  [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache       C:\Windows\system32\FntCache.dll
09:27:14.0941 0x2d38  FontCache - ok
09:27:15.0089 0x2d38  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:27:15.0104 0x2d38  FontCache3.0.0.0 - ok
09:27:15.0142 0x2d38  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:27:15.0216 0x2d38  Fs_Rec - ok
09:27:15.0285 0x2d38  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:27:15.0301 0x2d38  gagp30kx - ok
09:27:15.0524 0x2d38  [ 617DC2877015270914CA3C03873560D5, A4A7673B2377C9EC1E6F98B73AE809E5E5F913732C1D4F0AD431122D16B5323F ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
09:27:15.0553 0x2d38  GameConsoleService - ok
09:27:15.0643 0x2d38  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:27:15.0707 0x2d38  GEARAspiWDM - ok
09:27:16.0014 0x2d38  [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:27:16.0111 0x2d38  gpsvc - ok
09:27:16.0169 0x2d38  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:27:16.0208 0x2d38  gupdate - ok
09:27:16.0284 0x2d38  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:27:16.0300 0x2d38  gupdatem - ok
09:27:16.0450 0x2d38  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:27:16.0475 0x2d38  gusvc - ok
09:27:16.0575 0x2d38  [ DF45F8142DC6DF9D18C39B3EFFBD0409, E0F04525530FF403C5A34B7E9A03CDE70B7BACE12E2E50103554E92AF374BD09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:27:16.0785 0x2d38  HdAudAddService - ok
09:27:16.0916 0x2d38  [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:27:17.0054 0x2d38  HDAudBus - ok
09:27:17.0094 0x2d38  [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:27:17.0251 0x2d38  HidBth - ok
09:27:17.0353 0x2d38  [ 5F47839455D01FF6403B008D481A6F5B, 0CC1E8EE4C3E46937DEA39EAC2498C1A89667D6828430162FDFAE845C37D7079 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:27:17.0455 0x2d38  HidIr - ok
09:27:17.0558 0x2d38  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv         C:\Windows\System32\hidserv.dll
09:27:17.0618 0x2d38  hidserv - ok
09:27:17.0662 0x2d38  [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:27:17.0698 0x2d38  HidUsb - ok
09:27:17.0759 0x2d38  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:27:17.0891 0x2d38  hkmsvc - ok
09:27:18.0086 0x2d38  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
09:27:18.0896 0x2d38  HpCISSs - ok
09:27:19.0454 0x2d38  [ 9C369CBC5F19DA9968223197B5205F68, 82BF49E0568316EA5AC577778ACE18CAE144B52383A00CF529962C156153B879 ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:27:20.0957 0x2d38  HSF_DPV - ok
09:27:21.0425 0x2d38  [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:27:21.0915 0x2d38  HTTP - ok
09:27:21.0950 0x2d38  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
09:27:21.0988 0x2d38  i2omp - ok
09:27:22.0138 0x2d38  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:27:22.0400 0x2d38  i8042prt - ok
09:27:22.0517 0x2d38  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
09:27:22.0747 0x2d38  iaStorV - ok
09:27:23.0062 0x2d38  [ 749F5F8CEDCA70F2A512945325FC489D, 443B4F779F27CD69C1F072823FCD9E5BA7590B6F48BE759DC6A1F898C467E58F ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:27:24.0584 0x2d38  idsvc - ok
09:27:24.0971 0x2d38  [ F6F8CDA3CC5207BFD0B319A26E33ACD3, 6630DEE80A85DA972D3734A5D67E274AEE7042A73AB45E19E15DC989AE88459E ] IDSVia64        C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140606.001\IDSvia64.sys
09:27:25.0556 0x2d38  IDSVia64 - ok
09:27:25.0599 0x2d38  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:27:25.0667 0x2d38  iirsp - ok
09:27:25.0762 0x2d38  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT          C:\Windows\System32\ikeext.dll
09:27:26.0256 0x2d38  IKEEXT - ok
09:27:28.0925 0x2d38  [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4, 04243A34AF13B89DABE4C4D24204438094AA36A83591092E1251AD67E623C10F ] int15           C:\Windows\SysWOW64\drivers\int15_64.sys
09:27:29.0170 0x2d38  int15 - ok
09:27:29.0952 0x2d38  [ B3FB479A7C0626499EB5989BC087CF8D, E8C5BEEC9CE95407CEC94A2E1B7591500C21C4C9036E4F319B95B8BD3E07BF91 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:27:35.0721 0x2d38  IntcAzAudAddService - ok
09:27:36.0155 0x2d38  [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide        C:\Windows\system32\drivers\intelide.sys
09:27:36.0170 0x2d38  intelide - ok
09:27:36.0316 0x2d38  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:27:36.0751 0x2d38  intelppm - ok
09:27:37.0209 0x2d38  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:27:37.0446 0x2d38  IPBusEnum - ok
09:27:37.0522 0x2d38  [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:27:37.0552 0x2d38  IpFilterDriver - ok
09:27:37.0688 0x2d38  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:27:37.0751 0x2d38  iphlpsvc - ok
09:27:37.0765 0x2d38  IpInIp - ok
09:27:37.0797 0x2d38  [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
09:27:37.0987 0x2d38  IPMIDRV - ok
09:27:38.0024 0x2d38  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
09:27:38.0129 0x2d38  IPNAT - ok
09:27:38.0894 0x2d38  [ F7ED08D4BC89D7AC6135C1556A89157F, 8F15F1E528F6513FCEF5D966880CBA8A2C7A4816393393F4B201CDD6227F36A3 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:27:38.0991 0x2d38  iPod Service - ok
09:27:39.0074 0x2d38  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:27:39.0137 0x2d38  IRENUM - ok
09:27:39.0214 0x2d38  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:27:39.0233 0x2d38  isapnp - ok
09:27:39.0325 0x2d38  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:27:39.0350 0x2d38  iScsiPrt - ok
09:27:39.0381 0x2d38  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:27:39.0412 0x2d38  iteatapi - ok
09:27:39.0470 0x2d38  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
09:27:39.0486 0x2d38  iteraid - ok
09:27:39.0520 0x2d38  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:27:39.0534 0x2d38  kbdclass - ok
09:27:39.0620 0x2d38  [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:27:39.0648 0x2d38  kbdhid - ok
09:27:39.0698 0x2d38  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso          C:\Windows\system32\lsass.exe
09:27:39.0779 0x2d38  KeyIso - ok
09:27:40.0050 0x2d38  [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:27:40.0083 0x2d38  KSecDD - ok
09:27:40.0196 0x2d38  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:27:40.0274 0x2d38  ksthunk - ok
09:27:40.0599 0x2d38  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:27:40.0745 0x2d38  KtmRm - ok
09:27:40.0871 0x2d38  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:27:40.0936 0x2d38  LanmanServer - ok
09:27:41.0007 0x2d38  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:27:41.0055 0x2d38  LanmanWorkstation - ok
09:27:41.0422 0x2d38  [ 9780D807FE1C36E76FB9A48D4E5277F8, 613D9029F63123C9D061ED8866E42400A7503C96C0EF03E99C1C9D8AD28CA537 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
09:27:42.0003 0x2d38  LeapFrog Connect Device Service - detected UnsignedFile.Multi.Generic ( 1 )
09:27:42.0304 0x2d38  Detect skipped due to KSN trusted
09:27:42.0305 0x2d38  LeapFrog Connect Device Service - ok
09:27:42.0382 0x2d38  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:27:42.0455 0x2d38  lltdio - ok
09:27:42.0824 0x2d38  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:27:42.0912 0x2d38  lltdsvc - ok
09:27:42.0969 0x2d38  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:27:43.0030 0x2d38  lmhosts - ok
09:27:43.0060 0x2d38  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:27:43.0081 0x2d38  LSI_FC - ok
09:27:43.0166 0x2d38  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:27:43.0185 0x2d38  LSI_SAS - ok
09:27:43.0216 0x2d38  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:27:43.0234 0x2d38  LSI_SCSI - ok
09:27:43.0266 0x2d38  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:27:43.0340 0x2d38  luafv - ok
09:27:43.0438 0x2d38  [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
09:27:43.0461 0x2d38  LVPr2M64 - ok
09:27:43.0524 0x2d38  [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2M64.sys
09:27:43.0536 0x2d38  LVPr2Mon - ok
09:27:43.0711 0x2d38  [ A35679E56E78091E1042A2D7ADBF2958, F2282B697DCDD5767F65D99FEA374D3757C6133D42BD5A9C582C217619213290 ] LVPrcS64        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
09:27:43.0729 0x2d38  LVPrcS64 - ok
09:27:43.0787 0x2d38  [ 8B03202C731A0B967927EB7E5B2E470C, 706A08264A8C715AD0231EEF5B05B7D9899E2C740B2890ED3329A79D265DE4D2 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
09:27:43.0806 0x2d38  mbamchameleon - ok
09:27:43.0846 0x2d38  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:27:43.0860 0x2d38  MBAMProtector - ok
09:27:43.0986 0x2d38  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:27:44.0026 0x2d38  MBAMScheduler - ok
09:27:44.0294 0x2d38  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:27:44.0334 0x2d38  MBAMService - ok
09:27:44.0390 0x2d38  [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:27:44.0409 0x2d38  Mcx2Svc - ok
09:27:44.0463 0x2d38  [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:27:44.0502 0x2d38  mdmxsdk - ok
09:27:44.0550 0x2d38  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:27:44.0569 0x2d38  megasas - ok
09:27:44.0756 0x2d38  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:27:44.0785 0x2d38  MegaSR - ok
09:27:44.0845 0x2d38  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
09:27:44.0902 0x2d38  MMCSS - ok
09:27:44.0925 0x2d38  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
09:27:45.0010 0x2d38  Modem - ok
09:27:45.0054 0x2d38  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:27:45.0095 0x2d38  monitor - ok
09:27:45.0134 0x2d38  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:27:45.0151 0x2d38  mouclass - ok
09:27:45.0189 0x2d38  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:27:45.0243 0x2d38  mouhid - ok
09:27:45.0289 0x2d38  [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:27:45.0313 0x2d38  MountMgr - ok
09:27:45.0356 0x2d38  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
09:27:45.0375 0x2d38  mpio - ok
09:27:45.0416 0x2d38  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:27:45.0481 0x2d38  mpsdrv - ok
09:27:45.0541 0x2d38  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:27:45.0674 0x2d38  MpsSvc - ok
09:27:45.0702 0x2d38  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:27:45.0719 0x2d38  Mraid35x - ok
09:27:45.0778 0x2d38  [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:27:45.0848 0x2d38  MRxDAV - ok
09:27:45.0905 0x2d38  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:27:46.0023 0x2d38  mrxsmb - ok
09:27:46.0102 0x2d38  [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:27:46.0145 0x2d38  mrxsmb10 - ok
09:27:46.0216 0x2d38  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:27:46.0298 0x2d38  mrxsmb20 - ok
09:27:46.0372 0x2d38  [ 1AC860612B85D8E85EE257D372E39F4D, 74682CCE44BCEE31BCA286D4F4E53B64CAAE244155F2B4C8FEB6AE7C391CA89D ] msahci          C:\Windows\system32\drivers\msahci.sys
09:27:46.0387 0x2d38  msahci - ok
09:27:46.0427 0x2d38  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:27:46.0446 0x2d38  msdsm - ok
09:27:46.0480 0x2d38  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
09:27:46.0600 0x2d38  MSDTC - ok
09:27:46.0641 0x2d38  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:27:46.0747 0x2d38  Msfs - ok
09:27:46.0823 0x2d38  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:27:46.0837 0x2d38  msisadrv - ok
09:27:46.0945 0x2d38  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:27:47.0014 0x2d38  MSiSCSI - ok
09:27:47.0023 0x2d38  msiserver - ok
09:27:47.0051 0x2d38  [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:27:47.0101 0x2d38  MSKSSRV - ok
09:27:47.0162 0x2d38  [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:27:47.0223 0x2d38  MSPCLOCK - ok
09:27:47.0253 0x2d38  [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:27:47.0313 0x2d38  MSPQM - ok
09:27:47.0361 0x2d38  [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:27:47.0398 0x2d38  MsRPC - ok
09:27:47.0442 0x2d38  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:27:47.0456 0x2d38  mssmbios - ok
09:27:47.0509 0x2d38  MSSQL$MSSMLBIZ - ok
09:27:47.0542 0x2d38  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:27:47.0571 0x2d38  MSSQLServerADHelper - ok
09:27:47.0618 0x2d38  [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:27:47.0680 0x2d38  MSTEE - ok
09:27:47.0793 0x2d38  [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:27:47.0812 0x2d38  Mup - ok
09:27:47.0869 0x2d38  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent        C:\Windows\system32\qagentRT.dll
09:27:47.0951 0x2d38  napagent - ok
09:27:48.0053 0x2d38  [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:27:48.0112 0x2d38  NativeWifiP - ok
09:27:48.0338 0x2d38  [ A896A6A60BA695CC6082233AFFDBE38F, 907841700F6EFC74A31B7F36A9D074A4043C44A17468CAAF85BBACBA6CC57485 ] NAV             C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe
09:27:48.0361 0x2d38  NAV - ok
09:27:48.0535 0x2d38  [ 702E07EC32F96ACDB873E9A5465D4401, 2C6B1C8BA0BF4791AEA064062DCA3678AE4443DF19DB37D6CB55BA6297D8A238 ] NAVENG          C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.032\ENG64.SYS
09:27:48.0553 0x2d38  NAVENG - ok
09:27:48.0821 0x2d38  [ 302EA314A1AF0D7CEF0A3D0195F79561, 046DBC2D9D028F2D2E8BAE745CA2ADEF42741689BFF743A13B81EA4228DDCDC6 ] NAVEX15         C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.032\EX64.SYS
09:27:49.0069 0x2d38  NAVEX15 - ok
09:27:49.0324 0x2d38  [ 03260B40AA59F5BDC1E0ABE315B652BA, 0A5D0E79A62A2259FA9558220D050C4BA69FBEE8400CEBCEED7A0D4959B0DFA1 ] NCO             C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe
09:27:49.0348 0x2d38  NCO - ok
09:27:49.0542 0x2d38  [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:27:49.0646 0x2d38  NDIS - ok
09:27:49.0733 0x2d38  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:27:49.0799 0x2d38  NdisTapi - ok
09:27:49.0843 0x2d38  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:27:49.0906 0x2d38  Ndisuio - ok
09:27:50.0176 0x2d38  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:27:50.0253 0x2d38  NdisWan - ok
09:27:50.0291 0x2d38  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:27:50.0346 0x2d38  NDProxy - ok
09:27:50.0376 0x2d38  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:27:50.0447 0x2d38  NetBIOS - ok
09:27:50.0498 0x2d38  [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
09:27:50.0555 0x2d38  netbt - ok
09:27:50.0598 0x2d38  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon        C:\Windows\system32\lsass.exe
09:27:50.0614 0x2d38  Netlogon - ok
09:27:50.0696 0x2d38  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
09:27:50.0780 0x2d38  Netman - ok
09:27:51.0265 0x2d38  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:27:51.0322 0x2d38  NetMsmqActivator - ok
09:27:51.0546 0x2d38  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:27:51.0574 0x2d38  NetPipeActivator - ok
09:27:51.0680 0x2d38  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
09:27:51.0760 0x2d38  netprofm - ok
09:27:51.0818 0x2d38  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:27:51.0842 0x2d38  NetTcpActivator - ok
09:27:51.0901 0x2d38  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:27:51.0922 0x2d38  NetTcpPortSharing - ok
09:27:51.0969 0x2d38  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:27:52.0035 0x2d38  nfrd960 - ok
09:27:52.0096 0x2d38  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:27:52.0161 0x2d38  NlaSvc - ok
09:27:52.0192 0x2d38  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:27:52.0242 0x2d38  Npfs - ok
09:27:52.0312 0x2d38  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
09:27:52.0386 0x2d38  nsi - ok
09:27:52.0469 0x2d38  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:27:52.0506 0x2d38  nsiproxy - ok
09:27:52.0640 0x2d38  [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:27:52.0818 0x2d38  Ntfs - ok
09:27:52.0852 0x2d38  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
09:27:52.0915 0x2d38  Null - ok
09:27:53.0030 0x2d38  [ 99ED33F7FE39026A477893D92AEA5EF0, 5AC62BC7198602339B5AE16D2148328E1391CC23F740676802306D34D96A3625 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
09:27:53.0234 0x2d38  NVENETFD - ok
09:27:53.0343 0x2d38  [ 87A7E98A682B0B20820BE781C7758B94, D3C574BCB5E20F1C5F71B9C620FE7B400D35DB7C9F223A7B26D7E1EEE6A46A2C ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
09:27:53.0358 0x2d38  NVHDA - ok
09:27:54.0440 0x2d38  [ 8E6247F418B4C8AE9EEB0B532CABCC21, 42AD2588CBC8C9478F289955AB1391C65788D0564CCA7E0F9A41B8498A8BA117 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:27:57.0908 0x2d38  nvlddmkm - ok
09:27:58.0027 0x2d38  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:27:58.0048 0x2d38  nvraid - ok
09:27:58.0083 0x2d38  [ A4B9AF8D1793F67CE894BF051342110F, CC8BED39599A236BE3910C8605D0DE4E2EA95FF0A0645C9066F9767CE0F4E72A ] nvrd64          C:\Windows\system32\drivers\nvrd64.sys
09:27:58.0102 0x2d38  nvrd64 - ok
09:27:58.0353 0x2d38  [ 99F119FA421774AE8595B7BED932E1A4, 2427558EA1F6FA0AF9EA6E86356CEC8AB41AC782F6AF0261948178287BBABCA0 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
09:27:58.0365 0x2d38  nvsmu - ok
09:27:58.0413 0x2d38  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:27:58.0428 0x2d38  nvstor - ok
09:27:58.0566 0x2d38  [ 7919EE9458B6D84517BC5A598D795931, 8107C703879229323A82913AF3B9E88A14669DA67ADAC22B2A71A1A4D20EBF20 ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
09:27:58.0580 0x2d38  nvstor64 - ok
09:27:59.0219 0x2d38  [ 41B97DCE2B2D113B831EB197F02A7398, 3168C646327E5C72741A326C12AD46A73234DA6A67DC21F66FF1D195A971FBFE ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:28:01.0967 0x2d38  nvsvc - ok
09:28:02.0919 0x2d38  [ 84E035225474E48CD3A6A3CE52332095, C90E1BC112EDED3035F2D440DDA6FC838D5D9B5F0D7CBE5E4672FEB1CC49F449 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:28:04.0476 0x2d38  nvUpdatusService - ok
09:28:04.0725 0x2d38  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:28:05.0538 0x2d38  nv_agp - ok
09:28:05.0544 0x2d38  NwlnkFlt - ok
09:28:05.0556 0x2d38  NwlnkFwd - ok
09:28:07.0214 0x2d38  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:28:08.0831 0x2d38  odserv - ok
09:28:09.0103 0x2d38  [ B5B1CE65AC15BBD11C0619E3EF7CFC28, E9AA27724A7576D1869FF861A498DB8AF79A7B297F10272F1D63E6CB88CD455B ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
09:28:09.0782 0x2d38  ohci1394 - ok
09:28:09.0947 0x2d38  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:28:10.0137 0x2d38  ose - ok
09:28:10.0740 0x2d38  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:28:12.0157 0x2d38  p2pimsvc - ok
09:28:12.0615 0x2d38  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:28:12.0672 0x2d38  p2psvc - ok
09:28:12.0919 0x2d38  [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport         C:\Windows\system32\drivers\parport.sys
09:28:14.0005 0x2d38  Parport - ok
09:28:14.0176 0x2d38  [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:28:14.0264 0x2d38  partmgr - ok
09:28:14.0381 0x2d38  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:28:14.0849 0x2d38  PcaSvc - ok
09:28:14.0943 0x2d38  [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci             C:\Windows\system32\drivers\pci.sys
09:28:16.0064 0x2d38  pci - ok
09:28:16.0196 0x2d38  [ 2657F6C0B78C36D95034BE109336E382, C85CFDA57A64B7CC1BB09225C2F81629CEF21C5F25735B098F214397D6DE0D2C ] pciide          C:\Windows\system32\drivers\pciide.sys
09:28:16.0525 0x2d38  pciide - ok
09:28:16.0681 0x2d38  [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:28:16.0825 0x2d38  pcmcia - ok
09:28:17.0299 0x2d38  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:28:18.0327 0x2d38  PEAUTH - ok
09:28:19.0406 0x2d38  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:28:19.0458 0x2d38  PerfHost - ok
09:28:20.0215 0x2d38  [ AE0B94363DA0F60D42B9D05B352F61ED, 284EA0123798BDBBAA93F912AD45B3D3F1F662FDDA5C73C0AC0D76AC2F9033C0 ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
09:28:20.0436 0x2d38  PID_PEPI - ok
09:28:20.0589 0x2d38  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
09:28:20.0829 0x2d38  pla - ok
09:28:20.0992 0x2d38  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:28:21.0075 0x2d38  PlugPlay - ok
09:28:21.0178 0x2d38  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
09:28:21.0235 0x2d38  PNRPAutoReg - ok
09:28:21.0424 0x2d38  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
09:28:21.0469 0x2d38  PNRPsvc - ok
09:28:21.0758 0x2d38  [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:28:21.0887 0x2d38  PolicyAgent - ok
09:28:22.0056 0x2d38  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:28:22.0131 0x2d38  PptpMiniport - ok
09:28:22.0190 0x2d38  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\drivers\processr.sys
09:28:22.0238 0x2d38  Processor - ok
09:28:22.0323 0x2d38  [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc         C:\Windows\system32\profsvc.dll
09:28:22.0582 0x2d38  ProfSvc - ok
09:28:22.0639 0x2d38  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:28:22.0658 0x2d38  ProtectedStorage - ok
09:28:22.0789 0x2d38  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:28:22.0826 0x2d38  PSched - ok
09:28:22.0927 0x2d38  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:28:23.0020 0x2d38  ql2300 - ok
09:28:23.0210 0x2d38  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:28:23.0226 0x2d38  ql40xx - ok
09:28:23.0339 0x2d38  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE           C:\Windows\system32\qwave.dll
09:28:23.0445 0x2d38  QWAVE - ok
09:28:23.0581 0x2d38  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:28:23.0638 0x2d38  QWAVEdrv - ok
09:28:23.0680 0x2d38  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:28:23.0763 0x2d38  RasAcd - ok
09:28:23.0862 0x2d38  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
09:28:23.0947 0x2d38  RasAuto - ok
09:28:24.0033 0x2d38  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:28:24.0063 0x2d38  Rasl2tp - ok
09:28:24.0163 0x2d38  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan          C:\Windows\System32\rasmans.dll
09:28:24.0205 0x2d38  RasMan - ok
09:28:24.0424 0x2d38  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:28:24.0525 0x2d38  RasPppoe - ok
09:28:24.0556 0x2d38  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:28:24.0578 0x2d38  RasSstp - ok
09:28:24.0679 0x2d38  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:28:24.0881 0x2d38  rdbss - ok
09:28:24.0948 0x2d38  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:28:24.0986 0x2d38  RDPCDD - ok
09:28:25.0050 0x2d38  [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
09:28:25.0146 0x2d38  rdpdr - ok
09:28:25.0175 0x2d38  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:28:25.0230 0x2d38  RDPENCDD - ok
09:28:25.0349 0x2d38  [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:28:25.0517 0x2d38  RDPWD - ok
09:28:25.0572 0x2d38  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:28:25.0643 0x2d38  RemoteAccess - ok
09:28:25.0743 0x2d38  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:28:25.0799 0x2d38  RemoteRegistry - ok
09:28:25.0840 0x2d38  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
09:28:25.0896 0x2d38  RpcLocator - ok
09:28:25.0953 0x2d38  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs           C:\Windows\system32\rpcss.dll
09:28:26.0008 0x2d38  RpcSs - ok
09:28:26.0078 0x2d38  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:28:26.0122 0x2d38  rspndr - ok
09:28:26.0220 0x2d38  [ C979AB0ECAE51A091770A54CF64D791B, 703A66BC9979A456924287831F9A6386DE9072440A3A7880D4D0A8FB8754A612 ] RTL8187B        C:\Windows\system32\DRIVERS\wg111v3.sys
09:28:26.0348 0x2d38  RTL8187B - ok
09:28:26.0438 0x2d38  [ D1664991A07ACF2703D4A4E5BE4B6C80, 129DF17426D8A7576C9E4EB1EA07698354D4EC35795DAA1629701EC5FF4D755C ] RtlProt         C:\Windows\system32\DRIVERS\rtlprot.sys
09:28:26.0452 0x2d38  RtlProt - ok
09:28:26.0715 0x2d38  [ B6B74A05F4DA0231D5D275568A104F89, 18145B313E50201F8023B9E34018F3BFEFCF082213747E53332A8AC94FD60FD0 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR64.SYS
09:28:26.0781 0x2d38  RTSTOR - ok
09:28:26.0821 0x2d38  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs           C:\Windows\system32\lsass.exe
09:28:26.0839 0x2d38  SamSs - ok
09:28:26.0885 0x2d38  [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:28:26.0902 0x2d38  sbp2port - ok
09:28:26.0968 0x2d38  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:28:27.0015 0x2d38  SCardSvr - ok
09:28:27.0122 0x2d38  [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule        C:\Windows\system32\schedsvc.dll
09:28:27.0251 0x2d38  Schedule - ok
09:28:27.0318 0x2d38  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:28:27.0347 0x2d38  SCPolicySvc - ok
09:28:27.0464 0x2d38  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:28:27.0537 0x2d38  SDRSVC - ok
09:28:27.0600 0x2d38  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:28:27.0803 0x2d38  secdrv - ok
09:28:27.0863 0x2d38  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon        C:\Windows\system32\seclogon.dll
09:28:27.0938 0x2d38  seclogon - ok
09:28:27.0967 0x2d38  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\system32\sens.dll
09:28:28.0065 0x2d38  SENS - ok
09:28:28.0154 0x2d38  [ 2449316316411D65BD2C761A6FFB2CE2, A428D3B4E113D3CB6DD87CC52CF71E179189A9A9E326B39FB50C7B3155A41A88 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:28:28.0220 0x2d38  Serenum - ok
09:28:28.0259 0x2d38  [ 4B438170BE2FC8E0BD35EE87A960F84F, A585E17607DCB3E79518BC9914C7030C39B30A1B5B5B32137DABA32FF7079858 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:28:28.0321 0x2d38  Serial - ok
09:28:28.0376 0x2d38  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:28:28.0412 0x2d38  sermouse - ok
09:28:28.0515 0x2d38  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
09:28:28.0613 0x2d38  SessionEnv - ok
09:28:28.0642 0x2d38  [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:28:28.0694 0x2d38  sffdisk - ok
09:28:28.0722 0x2d38  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:28:28.0860 0x2d38  sffp_mmc - ok
09:28:28.0875 0x2d38  [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:28:28.0936 0x2d38  sffp_sd - ok
09:28:28.0964 0x2d38  [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:28:29.0022 0x2d38  sfloppy - ok
09:28:29.0060 0x2d38  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:28:29.0190 0x2d38  SharedAccess - ok
09:28:29.0247 0x2d38  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:28:29.0351 0x2d38  ShellHWDetection - ok
09:28:29.0379 0x2d38  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:28:29.0396 0x2d38  SiSRaid2 - ok
09:28:29.0442 0x2d38  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:28:29.0461 0x2d38  SiSRaid4 - ok
09:28:29.0731 0x2d38  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:28:30.0550 0x2d38  Skype C2C Service - ok
09:28:30.0838 0x2d38  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:28:30.0888 0x2d38  SkypeUpdate - ok
09:28:31.0143 0x2d38  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc           C:\Windows\system32\SLsvc.exe
09:28:31.0344 0x2d38  slsvc - ok
09:28:31.0453 0x2d38  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:28:31.0545 0x2d38  SLUINotify - ok
09:28:31.0693 0x2d38  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:28:31.0816 0x2d38  Smb - ok
09:28:31.0912 0x2d38  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:28:31.0979 0x2d38  SNMPTRAP - ok
09:28:32.0048 0x2d38  [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:28:32.0066 0x2d38  spldr - ok
09:28:32.0241 0x2d38  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler         C:\Windows\System32\spoolsv.exe
09:28:32.0333 0x2d38  Spooler - ok
09:28:32.0497 0x2d38  [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:28:32.0520 0x2d38  SQLBrowser - ok
09:28:32.0888 0x2d38  [ 3C432A96363097870995E2A3C8B66ABD, AA0AE0935FC5317FE93D7D3C3B9A6B2E026915D07704AF3E36F14FEA8595F4A6 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:28:32.0905 0x2d38  SQLWriter - ok
09:28:33.0222 0x2d38  [ F718A57D946EAC76EFCB351D74E269F4, 473AE48BACEE64A9582814951B731BDDDEB48D2E9D407ACEAA3F0850B536DABA ] SRTSP           C:\Windows\System32\Drivers\NAVx64\1503000.00C\SRTSP64.SYS
09:28:33.0269 0x2d38  SRTSP - ok
09:28:33.0350 0x2d38  [ B18CE01B9C09C59422BA7C7064248B35, B355EE2FBB37C4B0EFFE4DC5E0788A26579266828E7988EDC497B0AE7375F8AB ] SRTSPX          C:\Windows\system32\drivers\NAVx64\1503000.00C\SRTSPX64.SYS
09:28:33.0363 0x2d38  SRTSPX - ok
09:28:33.0598 0x2d38  [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:28:33.0733 0x2d38  srv - ok
09:28:33.0918 0x2d38  [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:28:33.0998 0x2d38  srv2 - ok
09:28:34.0139 0x2d38  [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:28:34.0199 0x2d38  srvnet - ok
09:28:34.0269 0x2d38  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:28:34.0351 0x2d38  SSDPSRV - ok
09:28:34.0501 0x2d38  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:28:34.0582 0x2d38  SstpSvc - ok
09:28:34.0728 0x2d38  [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc          C:\Windows\System32\wiaservc.dll
09:28:34.0818 0x2d38  stisvc - ok
09:28:34.0915 0x2d38  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:28:34.0930 0x2d38  swenum - ok
09:28:35.0066 0x2d38  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv           C:\Windows\System32\swprv.dll
09:28:35.0157 0x2d38  swprv - ok
09:28:35.0241 0x2d38  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
09:28:35.0259 0x2d38  Symc8xx - ok
09:28:35.0494 0x2d38  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\Windows\system32\drivers\NAVx64\1503000.00C\SYMDS64.SYS
09:28:35.0542 0x2d38  SymDS - ok
09:28:35.0636 0x2d38  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\Windows\system32\drivers\NAVx64\1503000.00C\SYMEFA64.SYS
09:28:35.0750 0x2d38  SymEFA - ok
09:28:35.0796 0x2d38  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:28:35.0825 0x2d38  SymEvent - ok
09:28:35.0904 0x2d38  [ 48C2934683CBD06F662B088EEF49EF6A, 2212A3588C28F33EFCB1D34618B3054EBBAC6731D177A581D21D1F969FE040C0 ] SymIRON         C:\Windows\system32\drivers\NAVx64\1503000.00C\Ironx64.SYS
09:28:35.0932 0x2d38  SymIRON - ok
09:28:36.0313 0x2d38  [ 018D1F8343C301B4AF9DD042D2FFBCC8, 5DE8FADCBFA91B018DFA1E9B55CC84F70539791E1EDABB06301569EE92AFD970 ] SYMTDIv         C:\Windows\System32\Drivers\NAVx64\1503000.00C\SYMTDIV.SYS
09:28:36.0358 0x2d38  SYMTDIv - ok
09:28:36.0402 0x2d38  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:28:36.0420 0x2d38  Sym_hi - ok
09:28:36.0461 0x2d38  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:28:36.0475 0x2d38  Sym_u3 - ok
09:28:36.0613 0x2d38  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain         C:\Windows\system32\sysmain.dll
09:28:36.0701 0x2d38  SysMain - ok
09:28:36.0770 0x2d38  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
09:28:36.0823 0x2d38  TabletInputService - ok
09:28:36.0875 0x2d38  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:28:36.0953 0x2d38  TapiSrv - ok
09:28:37.0005 0x2d38  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
09:28:37.0073 0x2d38  TBS - ok
09:28:37.0542 0x2d38  [ EA8623BDD511A1ACD18DA4883860ADDE, A3BE60B3DBFF783111B1AD5D070F376ABFA94D61378D32EDA714E4E90043DE4D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:28:37.0651 0x2d38  Tcpip - ok
09:28:37.0711 0x2d38  [ EA8623BDD511A1ACD18DA4883860ADDE, A3BE60B3DBFF783111B1AD5D070F376ABFA94D61378D32EDA714E4E90043DE4D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:28:37.0798 0x2d38  Tcpip6 - ok
09:28:37.0841 0x2d38  [ 24D7686A4A0323FB987654BD228C1F39, 46F464BDA89944A4F1DFF61B80FE99819BD98BFF441BACCDDF0429EEB24C5E20 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:28:37.0895 0x2d38  tcpipreg - ok
09:28:37.0928 0x2d38  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:28:37.0980 0x2d38  TDPIPE - ok
09:28:38.0006 0x2d38  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:28:38.0078 0x2d38  TDTCP - ok
09:28:38.0178 0x2d38  [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:28:38.0234 0x2d38  tdx - ok
09:28:39.0732 0x2d38  [ 97F6FFB8A305A77D25C6C0E07B71D252, 97C5FC73A250FC2016E29148A6A37E54BD74AE983D99AAF4890C059719C93EC2 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
09:28:47.0519 0x2d38  TeamViewer9 - ok
09:28:47.0602 0x2d38  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:28:47.0698 0x2d38  TermDD - ok
09:28:48.0019 0x2d38  [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService     C:\Windows\System32\termsrv.dll
09:28:49.0621 0x2d38  TermService - ok
09:28:49.0750 0x2d38  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes          C:\Windows\system32\shsvcs.dll
09:28:50.0491 0x2d38  Themes - ok
09:28:50.0551 0x2d38  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
09:28:50.0800 0x2d38  THREADORDER - ok
09:28:50.0905 0x2d38  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
09:28:51.0913 0x2d38  TrkWks - ok
09:28:52.0037 0x2d38  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:28:52.0390 0x2d38  TrustedInstaller - ok
09:28:52.0474 0x2d38  [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:28:52.0793 0x2d38  tssecsrv - ok
09:28:52.0994 0x2d38  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
09:28:53.0239 0x2d38  tunmp - ok
09:28:53.0912 0x2d38  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:28:54.0118 0x2d38  tunnel - ok
09:28:54.0230 0x2d38  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:28:54.0352 0x2d38  uagp35 - ok
09:28:54.0515 0x2d38  [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:28:54.0581 0x2d38  udfs - ok
09:28:54.0665 0x2d38  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:28:54.0767 0x2d38  UI0Detect - ok
09:28:55.0002 0x2d38  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:28:55.0128 0x2d38  uliagpkx - ok
09:28:55.0348 0x2d38  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
09:28:55.0527 0x2d38  uliahci - ok
09:28:55.0648 0x2d38  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:28:55.0668 0x2d38  UlSata - ok
09:28:55.0741 0x2d38  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
09:28:55.0759 0x2d38  ulsata2 - ok
09:28:55.0798 0x2d38  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:28:55.0833 0x2d38  umbus - ok
09:28:56.0142 0x2d38  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
09:28:56.0354 0x2d38  upnphost - ok
09:28:56.0432 0x2d38  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
09:28:56.0745 0x2d38  USBAAPL64 - ok
09:28:56.0827 0x2d38  [ A565B509000BD3E42A9B93B9FFD40D3D, A22734F2DDAAD743D479D40EA91024F1A16A18D9D6C9FC4F90F3930AD040BFA3 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:28:57.0407 0x2d38  usbaudio - ok
09:28:57.0586 0x2d38  [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:28:57.0682 0x2d38  usbccgp - ok
09:28:57.0753 0x2d38  [ 8C39D53E1A343F4C47EE8F3C052126D8, E37A85DC8EF4C60C1480316A492B0D12F9D512D186F2D97338EBABCF50AED5D2 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
09:28:57.0929 0x2d38  usbcir - ok
09:28:58.0044 0x2d38  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:28:58.0099 0x2d38  usbehci - ok
09:28:58.0213 0x2d38  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:28:58.0523 0x2d38  usbhub - ok
09:28:58.0644 0x2d38  [ 396041C6EA61202991221AA6A3B16190, 42B2372CF3496F53710C1DEBE49E18B1DAD38F7474A72B0F744DD98EBD3E21E5 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:28:58.0660 0x2d38  usbohci - ok
09:28:58.0781 0x2d38  [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:28:58.0816 0x2d38  usbprint - ok
09:28:58.0962 0x2d38  [ C024814884CE9E6C2E6ED76A63AC3B9A, 39C9EB54998547B0B65EEE6391AA326B02C7CA52FAE9CEB98D538FEC8D9F1858 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:28:59.0309 0x2d38  usbscan - ok
09:28:59.0379 0x2d38  [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:28:59.0542 0x2d38  USBSTOR - ok
09:28:59.0601 0x2d38  [ B2872CBF9F47316ABD0E0C74A1ABA507, E9FB3EEA1D834A035675E22A3224E4E278C4D304F6511822D83250409D62BD3A ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:28:59.0627 0x2d38  usbuhci - ok
09:28:59.0697 0x2d38  [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms           C:\Windows\System32\uxsms.dll
09:28:59.0760 0x2d38  UxSms - ok
09:29:00.0073 0x2d38  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds             C:\Windows\System32\vds.exe
09:29:00.0323 0x2d38  vds - ok
09:29:00.0394 0x2d38  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:29:00.0480 0x2d38  vga - ok
09:29:00.0503 0x2d38  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:29:00.0558 0x2d38  VgaSave - ok
09:29:00.0708 0x2d38  [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide          C:\Windows\system32\drivers\viaide.sys
09:29:00.0727 0x2d38  viaide - ok
09:29:00.0835 0x2d38  [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:29:00.0992 0x2d38  volmgr - ok
09:29:01.0188 0x2d38  [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:29:01.0258 0x2d38  volmgrx - ok
09:29:01.0314 0x2d38  [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:29:01.0340 0x2d38  volsnap - ok
09:29:01.0389 0x2d38  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:29:01.0411 0x2d38  vsmraid - ok
09:29:02.0031 0x2d38  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS             C:\Windows\system32\vssvc.exe
09:29:02.0511 0x2d38  VSS - ok
09:29:02.0726 0x2d38  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time         C:\Windows\system32\w32time.dll
09:29:02.0916 0x2d38  W32Time - ok
09:29:02.0991 0x2d38  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:29:03.0073 0x2d38  WacomPen - ok
09:29:03.0238 0x2d38  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:29:03.0267 0x2d38  Wanarp - ok
09:29:03.0313 0x2d38  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:29:03.0344 0x2d38  Wanarpv6 - ok
09:29:03.0491 0x2d38  [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:29:03.0634 0x2d38  wcncsvc - ok
09:29:03.0748 0x2d38  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:29:04.0105 0x2d38  WcsPlugInService - ok
09:29:04.0139 0x2d38  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
09:29:04.0156 0x2d38  Wd - ok
09:29:04.0395 0x2d38  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:29:04.0606 0x2d38  Wdf01000 - ok
09:29:04.0711 0x2d38  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:29:04.0779 0x2d38  WdiServiceHost - ok
09:29:04.0820 0x2d38  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:29:04.0871 0x2d38  WdiSystemHost - ok
09:29:05.0022 0x2d38  [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient       C:\Windows\System32\webclnt.dll
09:29:05.0326 0x2d38  WebClient - ok
09:29:05.0390 0x2d38  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:29:05.0603 0x2d38  Wecsvc - ok
09:29:05.0699 0x2d38  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:29:05.0848 0x2d38  wercplsupport - ok
09:29:06.0049 0x2d38  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:29:06.0377 0x2d38  WerSvc - ok
09:29:06.0661 0x2d38  [ D36AF55C2C09B55AACF4A65C7FEA9C37, D5D8FC793EC52A441C9CDD64C68BE135CCF923BC604F663C88E7B28223FA208C ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:29:06.0926 0x2d38  winachsf - ok
09:29:06.0972 0x2d38  WinDefend - ok
09:29:06.0988 0x2d38  WinHttpAutoProxySvc - ok
09:29:07.0536 0x2d38  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:29:07.0877 0x2d38  Winmgmt - ok
09:29:08.0989 0x2d38  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM           C:\Windows\system32\WsmSvc.dll
09:29:09.0334 0x2d38  WinRM - ok
09:29:09.0611 0x2d38  [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:29:09.0805 0x2d38  Wlansvc - ok
09:29:09.0934 0x2d38  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:29:09.0966 0x2d38  WmiAcpi - ok
09:29:10.0178 0x2d38  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:29:10.0323 0x2d38  wmiApSrv - ok
09:29:10.0378 0x2d38  WMPNetworkSvc - ok
09:29:10.0478 0x2d38  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:29:10.0586 0x2d38  WPCSvc - ok
09:29:10.0654 0x2d38  [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:29:10.0751 0x2d38  WPDBusEnum - ok
09:29:11.0048 0x2d38  [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:29:11.0090 0x2d38  WpdUsb - ok
09:29:11.0900 0x2d38  [ A2BFEDF5D926CBED9C5F7BC46169A99C, 4F336C0D1DFBCDF9583F528331300FD377AE6565E0C70D58CD9E6ACE95B7273F ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:29:13.0256 0x2d38  WPFFontCache_v0400 - ok
09:29:13.0371 0x2d38  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:29:13.0417 0x2d38  ws2ifsl - ok
09:29:13.0506 0x2d38  [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc          C:\Windows\system32\wscsvc.dll
09:29:13.0528 0x2d38  wscsvc - ok
09:29:13.0612 0x2d38  [ DE5F5212AB34221DD1618B5FEFE8DB6C, D07CBEE66F7A42EBE68212A01BDCC32EDF1810841F1BD77AE7950B1AD6DAB5DB ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
09:29:13.0704 0x2d38  WSDPrintDevice - ok
09:29:13.0772 0x2d38  [ C48E6EF92BE6BFEF9EE2430C42EAF2BD, 1328651C41D0806CB5C7648D10719CF1856A5971B8D0A809AE3D603326B25F52 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
09:29:13.0805 0x2d38  WSDScan - ok
09:29:13.0815 0x2d38  WSearch - ok
09:29:15.0266 0x2d38  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:29:16.0314 0x2d38  wuauserv - ok
09:29:16.0594 0x2d38  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:29:16.0911 0x2d38  WudfPf - ok
09:29:17.0303 0x2d38  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:29:17.0644 0x2d38  WUDFRd - ok
09:29:17.0761 0x2d38  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:29:17.0799 0x2d38  wudfsvc - ok
09:29:17.0890 0x2d38  [ E288FA83C178A3458BAC1FA80B346C06, 72EA793EFECCC36930D04820FCFBB3064873FB7B65D010EA9B77FCD9ACFE8C12 ] XAudio          C:\Windows\system32\DRIVERS\xaudio64.sys
09:29:18.0155 0x2d38  XAudio - ok
09:29:18.0799 0x2d38  [ 510652A925B5D6C3892379D263A87F00, A4F5425349444463E7D55AA65B0ACDCACDBC6B2193CBC4F0CA73286857737B54 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio64.exe
09:29:18.0862 0x2d38  XAudioService - ok
09:29:18.0899 0x2d38  yyonnczi - ok
09:29:19.0137 0x2d38  ================ Scan global ===============================
09:29:19.0393 0x2d38  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
09:29:20.0129 0x2d38  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
09:29:21.0571 0x2d38  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
09:29:21.0926 0x2d38  [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe
09:29:23.0672 0x2d38  [ Global ] - ok
09:29:23.0672 0x2d38  ================ Scan MBR ==================================
09:29:23.0751 0x2d38  [ 84A240A13BF229AAD53C44EB16312D4B ] \Device\Harddisk0\DR0
09:29:36.0049 0x2d38  \Device\Harddisk0\DR0 - ok
09:29:36.0058 0x2d38  ================ Scan VBR ==================================
09:29:36.0111 0x2d38  [ 0D7F384EEB8CE45AA39C7931587A39F3 ] \Device\Harddisk0\DR0\Partition1
09:29:36.0304 0x2d38  \Device\Harddisk0\DR0\Partition1 - ok
09:29:36.0322 0x2d38  ================ Scan generic autorun ======================
09:29:37.0502 0x2d38  [ 8629773FE7379BB7095A61936CC6BD24, 819E5108B50614D83C34A0A91D30D4EEAE88E17F22D4D15FD469E53932DC1292 ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
09:29:41.0016 0x2d38  CanonMyPrinter - ok
09:29:41.0748 0x2d38  [ 81BEF03625416DF7F03A67842484C0B6, 474E630D2904D95CE349DD8C6088D8AAB3C18C61F340D841BBCE8F67242BA43C ] C:\Windows\Skytel.exe
09:29:45.0562 0x2d38  Skytel - ok
09:29:47.0723 0x2d38  [ D7E27622F761DC5101C73AE76D1EFDF3, 8CE74E09588587D448090357BCFC63CB40427CE1112AAAA46B5E4A925A382B8B ] C:\Windows\RAVCpl64.exe
09:30:09.0050 0x2d38  RtHDVCpl - ok
09:30:09.0573 0x2d38  [ CC4DF86239B7A65A1BF1DEE2888A1522, 374AAE7052C86121A1C3D331F7DC1694D7AF2A15EE1A6F1CA5F26C52675D644F ] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
09:30:10.0511 0x2d38  Trigger New Acer AlaunchX - detected UnsignedFile.Multi.Generic ( 1 )
09:30:10.0805 0x2d38  Detect skipped due to KSN trusted
09:30:10.0805 0x2d38  Trigger New Acer AlaunchX - ok
09:30:10.0869 0x2d38  [ CD28ADBDE9B910626C9D613E02C2972E, 37C3A9C2D03C11385A8829BE11F9F360066A2FB9976427E6E73A13FE2DDEC292 ] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
09:30:10.0939 0x2d38  Monitor - detected UnsignedFile.Multi.Generic ( 1 )
09:30:11.0188 0x2d38  Detect skipped due to KSN trusted
09:30:11.0188 0x2d38  Monitor - ok
09:30:11.0314 0x2d38  [ 085BE68B52CE5A5FA4621507AD518CF3, A1761157760F68FE00F34B0182D1D8629EFE7753F4582C6F5ECD422627A8489E ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
09:30:11.0334 0x2d38  iTunesHelper - ok
09:30:11.0978 0x2d38  [ 3B78ACCCAA5132638E7CF419F4A965C7, C91DD62901778FEB6BDBABD6F736D59FD85361AE53867AD232C90D22ECB7B49F ] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
09:30:12.0204 0x2d38  CanonSolutionMenuEx - ok
09:30:12.0853 0x2d38  [ EE1111977B9995D5E8CBB72C0591EA0E, E96503B78041412EEBE639FFCFBEF81EF900EA5AA4D8D8744CF5711007CEDF56 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:30:12.0977 0x2d38  APSDaemon - ok
09:30:13.0155 0x2d38  [ 3FBBF6092C4EF5F50302707063E853EF, 70BF8FCDE0A793A66ACB65FA8C2B8C5872C3167DA95D6232A2520628F3768913 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
09:30:13.0198 0x2d38  AppleSyncNotifier - ok
09:30:13.0951 0x2d38  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:30:14.0220 0x2d38  Adobe ARM - ok
09:30:14.0548 0x2d38  [ 6DCEB475404681A90BCE883BE900EE1F, 93DEFB364A3650EEC52D4646557E430CE4D8C6F8085F9723171F0D1F53A7B421 ] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
09:30:15.0571 0x2d38  Smart Copy - detected UnsignedFile.Multi.Generic ( 1 )
09:30:15.0806 0x2d38  Detect skipped due to KSN trusted
09:30:15.0806 0x2d38  Smart Copy - ok
09:30:16.0280 0x2d38  [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe
09:30:16.0658 0x2d38  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
09:30:16.0878 0x2d38  Detect skipped due to KSN trusted
09:30:16.0878 0x2d38  QuickTime Task - ok
09:30:18.0685 0x2d38  [ 2589FFE360BED8F824CBC6171CB5B874, 4C532EE4707F9B4314AF7FC88C86B48AFCDE03A2097919F9801BE47EB5CC61EB ] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
09:30:19.0028 0x2d38  LogitechQuickCamRibbon - ok
09:30:19.0043 0x2d38  LedKey - ok
09:30:19.0214 0x2d38  [ B94C288D7BC9760A01304880A7CE18EB, F58C78143CE48E953345A69002FAB8635563D01A22DB49C157EFAB4AF5798D87 ] C:\Windows\LchDrvKey.exe
09:30:19.0221 0x2d38  LchDrvKey - detected UnsignedFile.Multi.Generic ( 1 )
09:30:19.0458 0x2d38  Detect skipped due to KSN trusted
09:30:19.0458 0x2d38  LchDrvKey - ok
09:30:19.0514 0x2d38  [ BF520875AE1B2636F168B1DD6CBE563C, DD723862568A9C0291E4357EC8B1D33A56DAB640EB6A703A598993EA042661EA ] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
09:30:19.0532 0x2d38  New Acer AlaunchX - detected UnsignedFile.Multi.Generic ( 1 )
09:30:19.0759 0x2d38  Detect skipped due to KSN trusted
09:30:19.0759 0x2d38  New Acer AlaunchX - ok
09:30:21.0144 0x2d38  [ 55E4AFB9839805CC95600FDD0B0A93FF, 1C412534DFCD8F6B968AE58EA9534B1F4EFC06538E0FA0844940902C8D07A2C7 ] C:\Users\MarkMarcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
09:30:21.0196 0x2d38  Spotify Web Helper - ok
09:30:21.0268 0x2d38  Skype - ok
09:30:21.0416 0x2d38  [ 65437DAD4F238EA9549408A783002222, 756C846C2DD8209E9161C2DD701E46DF73E1C757F2B66CAE7A579ADF8EF7E000 ] C:\Windows\ehome\ehTray.exe
09:30:21.0471 0x2d38  ehTray.exe - ok
09:30:22.0079 0x2d38  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:30:22.0178 0x2d38  Sidebar - ok
09:30:22.0191 0x2d38  WindowsWelcomeCenter - ok
09:30:22.0196 0x2d38  WindowsWelcomeCenter - ok
09:30:22.0389 0x2d38  [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
09:30:22.0404 0x2d38  swg - ok
09:30:22.0406 0x2d38  WindowsWelcomeCenter - ok
09:30:22.0416 0x2d38  WindowsWelcomeCenter - ok
09:30:22.0431 0x2d38  [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
09:30:22.0550 0x2d38  swg - ok
09:30:22.0551 0x2d38  Waiting for KSN requests completion. In queue: 5
09:30:23.0898 0x2d38  AV detected via SS2: Norton AntiVirus, C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\WSCStub.exe ( 21.3.0.0 ), 0x50000 ( disabled : updated )
09:30:23.0908 0x2d38  Win FW state via NFP2: enabled
09:30:24.0149 0x2d38  ============================================================
09:30:24.0149 0x2d38  Scan finished
09:30:24.0149 0x2d38  ============================================================
09:30:24.0175 0x157c  Detected object count: 0
09:30:24.0175 0x157c  Actual detected object count: 0

 



#6 robc9525

robc9525
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 06 June 2014 - 11:42 AM

Here is the Farbar log

Keep getting post too long error when I try to put into one post

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by MarkMarcy (administrator) on MARKMARCY-PC on 06-06-2014 09:00:00
Running from C:\Users\MarkMarcy\Downloads
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Spotify Ltd) C:\Users\MarkMarcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Farbar) C:\Users\MarkMarcy\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [Trigger New Acer AlaunchX] => c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [8192 2008-07-16] (Acer Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-07-23] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Smart Copy] => C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe [53248 2008-05-21] (IOI)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [LedKey] => CNYHKey.exe
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\RunOnce: [New Acer AlaunchX] - c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)
HKU\S-1-5-21-351684649-980794266-900292422-1000\...\Run: [Spotify Web Helper] => C:\Users\MarkMarcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104280 2013-03-28] (Spotify Ltd)
HKU\S-1-5-21-351684649-980794266-900292422-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-351684649-980794266-900292422-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-351684649-980794266-900292422-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\MarkMarcy\AppData\Local\Temp\spbpcno\sbrahpx\wow.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-351684649-980794266-900292422-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0710&m=dx4720-03
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0710&m=dx4720-03
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.2.127.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-12-10]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (YouTube) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Skype Click to Call) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-05]
CHR Extension: (Google Wallet) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-07-27]
CHR Extension: (Gmail) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\Exts\Chrome.crx [2014-05-21]
 
==================== Services (Whitelisted) =================
 
R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe [262968 2014-05-10] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe [130104 2014-05-13] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140606.001\IDSvia64.sys [525016 2014-04-22] (Symantec Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2014-03-01] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.032\ENG64.SYS [126040 2014-04-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.032\EX64.SYS [2099288 2014-04-23] (Symantec Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 yyonnczi; \??\C:\Windows\system32\drivers\yyonnczi.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-06 09:00 - 2014-06-06 09:01 - 00022389 _____ () C:\Users\MarkMarcy\Downloads\FRST.txt
2014-06-06 08:58 - 2014-06-06 09:00 - 00000000 ____D () C:\FRST
2014-06-06 08:57 - 2014-06-06 08:57 - 02072576 _____ (Farbar) C:\Users\MarkMarcy\Downloads\FRST64 (1).exe
2014-06-06 08:48 - 2014-06-06 08:48 - 00000000 ____D () C:\Users\MarkMarcy\Downloads\tdsskiller
2014-06-06 08:46 - 2014-06-06 08:47 - 04161050 _____ () C:\Users\MarkMarcy\Downloads\tdsskiller.zip
2014-05-30 09:57 - 2014-05-30 11:22 - 00000000 ____D () C:\Users\MarkMarcy\Desktop\RK_Quarantine
2014-05-30 09:41 - 2014-05-30 09:41 - 02066944 _____ (Farbar) C:\Users\MarkMarcy\Downloads\FRST64.exe
2014-05-30 09:40 - 2014-05-30 09:40 - 00688992 ____R (Swearware) C:\Users\MarkMarcy\Downloads\dds.com
2014-05-30 09:16 - 2014-05-30 09:16 - 00205228 _____ () C:\Users\MarkMarcy\AppData\Local\census.cache
2014-05-30 09:16 - 2014-05-30 09:16 - 00164393 _____ () C:\Users\MarkMarcy\AppData\Local\ars.cache
2014-05-30 08:33 - 2012-06-05 00:37 - 00256904 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2014-05-30 08:32 - 2014-05-30 08:32 - 00000036 _____ () C:\Users\MarkMarcy\AppData\Local\housecall.guid.cache
2014-05-30 08:27 - 2014-05-30 08:27 - 02002944 _____ (Trend Micro Inc.) C:\Users\MarkMarcy\Downloads\HousecallLauncher.exe
2014-05-23 08:40 - 2014-05-30 09:27 - 00002567 _____ () C:\Users\MarkMarcy\Desktop\HiJackThis.lnk
2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-05-23 03:00 - 2014-05-05 17:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-23 03:00 - 2014-05-05 17:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-23 03:00 - 2014-05-05 17:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-23 03:00 - 2014-05-05 16:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-23 03:00 - 2014-05-05 16:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-23 03:00 - 2014-05-05 16:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-22 03:02 - 2014-05-22 03:02 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-22 03:02 - 2014-05-22 03:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-22 03:02 - 2014-05-22 03:02 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-22 03:02 - 2014-05-22 03:02 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-22 03:02 - 2014-05-22 03:02 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-22 03:02 - 2014-05-22 03:02 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-21 23:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-21 23:32 - 2014-05-21 23:32 - 01326389 _____ () C:\Users\MarkMarcy\Downloads\adwcleaner_3.210.exe
2014-05-20 10:12 - 2014-05-20 10:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-05-20 08:39 - 2014-03-25 09:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-20 08:39 - 2014-03-25 06:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 13:07 - 2014-06-05 11:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Ashley's iphone\AppData\Local\temp
2014-05-19 12:52 - 2014-05-19 12:52 - 00012847 _____ () C:\ComboFix.txt
2014-05-19 12:52 - 2014-05-19 12:52 - 00000000 ____D () C:\Users\marcy's iphone\AppData\Local\temp
2014-05-07 09:33 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-07 09:33 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-07 09:33 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-07 09:33 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-07 09:33 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-07 09:33 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-07 09:33 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-07 09:33 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-07 09:30 - 2014-05-19 13:14 - 00000000 ____D () C:\Qoobox
2014-05-07 09:28 - 2014-05-19 12:50 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 09:27 - 2014-05-14 08:30 - 05200050 ____R (Swearware) C:\Users\MarkMarcy\Downloads\ComboFix.exe
2014-05-07 09:26 - 2014-05-07 09:27 - 01402880 _____ () C:\Users\MarkMarcy\Downloads\HiJackThis.msi
 
==================== One Month Modified Files and Folders =======
 
2014-06-06 09:03 - 2010-07-26 17:17 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Local\Temp
2014-06-06 09:01 - 2014-06-06 09:00 - 00022389 _____ () C:\Users\MarkMarcy\Downloads\FRST.txt
2014-06-06 09:00 - 2014-06-06 08:58 - 00000000 ____D () C:\FRST
2014-06-06 08:57 - 2014-06-06 08:57 - 02072576 _____ (Farbar) C:\Users\MarkMarcy\Downloads\FRST64 (1).exe
2014-06-06 08:48 - 2014-06-06 08:48 - 00000000 ____D () C:\Users\MarkMarcy\Downloads\tdsskiller
2014-06-06 08:47 - 2014-06-06 08:46 - 04161050 _____ () C:\Users\MarkMarcy\Downloads\tdsskiller.zip
2014-06-06 08:02 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 08:02 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 03:01 - 2010-07-26 17:07 - 01645461 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 11:41 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-04 09:44 - 2012-09-03 18:47 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Roaming\Skype
2014-06-04 09:24 - 2006-11-02 05:46 - 00829354 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 09:18 - 2010-07-26 17:25 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-06-04 09:18 - 2008-01-20 20:26 - 00838434 _____ () C:\Windows\PFRO.log
2014-06-04 09:18 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 08:25 - 2014-01-26 14:06 - 00004043 _____ () C:\Windows\setupact.log
2014-05-30 11:22 - 2014-05-30 09:57 - 00000000 ____D () C:\Users\MarkMarcy\Desktop\RK_Quarantine
2014-05-30 09:41 - 2014-05-30 09:41 - 02066944 _____ (Farbar) C:\Users\MarkMarcy\Downloads\FRST64.exe
2014-05-30 09:41 - 2014-05-06 14:18 - 00000732 _____ () C:\Users\MarkMarcy\AppData\Local\d3d9caps64.dat
2014-05-30 09:40 - 2014-05-30 09:40 - 00688992 ____R (Swearware) C:\Users\MarkMarcy\Downloads\dds.com
2014-05-30 09:27 - 2014-05-23 08:40 - 00002567 _____ () C:\Users\MarkMarcy\Desktop\HiJackThis.lnk
2014-05-30 09:23 - 2006-11-02 08:42 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-30 09:16 - 2014-05-30 09:16 - 00205228 _____ () C:\Users\MarkMarcy\AppData\Local\census.cache
2014-05-30 09:16 - 2014-05-30 09:16 - 00164393 _____ () C:\Users\MarkMarcy\AppData\Local\ars.cache
2014-05-30 08:32 - 2014-05-30 08:32 - 00000036 _____ () C:\Users\MarkMarcy\AppData\Local\housecall.guid.cache
2014-05-30 08:27 - 2014-05-30 08:27 - 02002944 _____ (Trend Micro Inc.) C:\Users\MarkMarcy\Downloads\HousecallLauncher.exe
2014-05-30 08:05 - 2010-12-07 15:48 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Local\CrashDumps
2014-05-23 09:35 - 2012-09-03 18:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-23 09:35 - 2012-09-03 18:47 - 00000000 ____D () C:\ProgramData\Skype
2014-05-23 09:08 - 2014-03-12 16:46 - 00000000 ____D () C:\Windows\pss
2014-05-23 09:08 - 2006-11-02 06:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-05-23 02:24 - 2013-07-27 13:41 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-05-23 02:20 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\rescache
2014-05-23 01:59 - 2006-11-02 06:33 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-05-23 01:59 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-22 03:03 - 2011-05-13 23:16 - 00005660 _____ () C:\Windows\IE9_main.log
2014-05-22 03:03 - 2006-11-02 05:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat
2014-05-22 03:03 - 2006-11-02 05:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat
2014-05-22 03:03 - 2006-11-01 23:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-05-22 03:03 - 2006-11-01 23:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-05-22 03:02 - 2014-05-22 03:02 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-22 03:02 - 2014-05-22 03:02 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-22 03:02 - 2014-05-22 03:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-22 03:02 - 2014-05-22 03:02 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-22 03:02 - 2014-05-22 03:02 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-22 03:02 - 2014-05-22 03:02 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-22 03:02 - 2014-05-22 03:02 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-22 03:02 - 2014-05-22 03:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-22 00:14 - 2013-08-24 16:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-05-22 00:14 - 2013-07-27 07:44 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-05-22 00:10 - 2014-04-29 15:43 - 00000000 ____D () C:\AdwCleaner
2014-05-21 23:32 - 2014-05-21 23:32 - 01326389 _____ () C:\Users\MarkMarcy\Downloads\adwcleaner_3.210.exe
2014-05-21 03:33 - 2008-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-21 03:28 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-21 03:23 - 2006-11-02 05:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-20 13:27 - 2011-11-23 13:32 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-20 10:12 - 2014-05-20 10:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-05-20 10:03 - 2013-12-10 07:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-05-20 10:03 - 2013-07-27 07:43 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-20 10:03 - 2013-07-27 07:43 - 00002205 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
2014-05-20 10:03 - 2013-07-27 07:42 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-05-20 09:31 - 2006-11-02 06:33 - 00000000 ____D () C:\Program Files (x86)\Internet Explorer bak
2014-05-20 08:04 - 2013-09-19 19:40 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-19 13:14 - 2014-05-07 09:30 - 00000000 ____D () C:\Qoobox
2014-05-19 13:14 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Ashley's iphone\AppData\Local\temp
2014-05-19 12:52 - 2014-05-19 12:52 - 00012847 _____ () C:\ComboFix.txt
2014-05-19 12:52 - 2014-05-19 12:52 - 00000000 ____D () C:\Users\marcy's iphone\AppData\Local\temp
2014-05-19 12:50 - 2014-05-07 09:28 - 00000000 ____D () C:\Windows\erdnt
2014-05-19 12:47 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-16 06:19 - 2014-04-29 08:04 - 00001356 _____ () C:\Users\MarkMarcy\AppData\Local\d3d9caps.dat
2014-05-14 08:30 - 2014-05-07 09:27 - 05200050 ____R (Swearware) C:\Users\MarkMarcy\Downloads\ComboFix.exe
2014-05-14 08:08 - 2012-05-06 11:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 08:08 - 2011-11-23 13:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-07 09:27 - 2014-05-07 09:26 - 01402880 _____ () C:\Users\MarkMarcy\Downloads\HiJackThis.msi
 
Some content of TEMP:
====================
C:\Users\MarkMarcy\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-06-05 22:50
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by MarkMarcy at 2014-06-06 09:04:03
Running from C:\Users\MarkMarcy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton AntiVirus (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version:  - )
Canon MG6100 series User Registration (HKLM-x32\...\Canon MG6100 series User Registration) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.4316 - CyberLink Corp.)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.52 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
GearDrvs (x32 Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.1.5.17469 - LeapFrog)
LeapFrog Connect (x32 Version: 5.1.5.17469 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 5.1.5.17469 - LeapFrog) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvell® Wireless Card Software Package (HKLM\...\{090A4D4C-24B2-4248-BFF2-AC30D2E0676B}) (Version: 2.0.32.3 - Marvell)
Masque IGT Slots Wolf Run (HKLM-x32\...\{7C0BF6E9-7021-46E4-87B3-4C4587256A22}) (Version: 1.0.3 - Masque Publishing)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Money Shared Libraries (x32 Version: 16.0.0.705 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Accounting 2008 (HKLM-x32\...\Microsoft Office Accounting 2008) (Version: 3.0.8627.1 - Microsoft Corporation)
Microsoft Office Accounting 2008 (x32 Version: 3.0.8627.1 - Microsoft Corporation) Hidden
Microsoft Office Accounting 2008 Equifax Addin (HKLM-x32\...\{0C2AF762-0565-4C91-9F55-B8B53BB82A38}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 Fixed Asset Manager (HKLM-x32\...\{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 PayPal Addin (HKLM-x32\...\{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.3.0.12 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.47 - Symantec Corporation)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM-x32\...\{7095FD27-37F0-4750-9DE8-D37DC0043706}) (Version: Package:1.00.0008 Driver:6.1135.625.2008 - REALTEK Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{18136343-7CF9-494F-B41E-DC75C8271D58}) (Version: Package:2.00.0003 Driver:6.1053.116.2008 - REALTEK Semiconductor Corp.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart Copy 3.1.1.1 (HKLM-x32\...\Smart Copy) (Version: 3.1.1.1 - I/O Interconnect)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.8.8.450.gd9413516 - Spotify AB)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
 
==================== Restore Points  =========================
 
02-03-2014 04:54:21 Scheduled Checkpoint
02-03-2014 11:00:25 Windows Update
15-03-2014 10:00:41 Windows Update
23-04-2014 15:49:24 Windows Update
24-04-2014 10:00:34 Windows Update
02-05-2014 08:59:46 Scheduled Checkpoint
03-05-2014 10:00:36 Windows Update
06-05-2014 07:06:56 Removed Catalina Savings Printer.
06-05-2014 07:10:12 Removed Java™ 6 Update 5
06-05-2014 07:12:46 Removed Java™ 6 Update 29
21-05-2014 09:00:46 Windows Update
21-05-2014 10:01:29 Windows Update
22-05-2014 10:00:24 Windows Update
23-05-2014 10:00:12 Windows Update
23-05-2014 15:19:23 Installed HiJackThis
23-05-2014 15:38:00 Installed HiJackThis
30-05-2014 22:47:38 Windows Update
03-06-2014 08:41:12 Windows Update
06-06-2014 09:07:31 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0C5D9069-08D7-4AAF-97FA-7BE16F299BA7} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5A2304CA-DC61-450E-9DDB-C4405F16FA34} - \SUPERAntiSpyware Scheduled Task 25676ffe-39f3-43da-977a-08c3c3858ebc No Task File <==== ATTENTION
Task: {6561595E-141E-4428-B551-9DC673C3FEBE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {81A97438-639A-4AA0-BE02-EFF6AF624237} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9722C0BC-D562-4579-9DDB-469CF6EDE03D} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {98706D6A-17C4-4800-B31F-F5377BA283B4} - \SUPERAntiSpyware Scheduled Task 58fb6283-400e-43e9-bb3a-628fd458a917 No Task File <==== ATTENTION
Task: {A35EF26A-C9CF-49A8-9A7D-0305C4605452} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {AC80BAF9-DD96-4051-860E-33ACFDD13A13} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E4DB6E1B-06C7-4C74-B9D8-B206D5D361F9} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FC449CC2-1DF4-4515-BBD5-9550F9453A6D} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-26 17:25 - 2008-06-11 11:18 - 00024576 _____ () C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
2010-07-26 17:25 - 2010-07-26 17:25 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2010-07-26 17:25 - 2010-07-26 17:25 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2010-07-26 17:25 - 2010-07-26 17:25 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2010-07-26 17:25 - 2010-07-26 17:25 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2010-07-26 17:25 - 2010-07-26 17:25 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2010-07-26 17:25 - 2010-07-26 17:25 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2013-10-31 14:47 - 2013-10-31 14:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2008-06-13 15:26 - 2008-06-13 15:26 - 02498560 _____ () C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:F0A6D4E5
AlternateDataStreams: C:\ProgramData\TEMP:FAC5BCF5
AlternateDataStreams: C:\Users\MarkMarcy\Downloads\Fwd_ PGA info (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\MarkMarcy\Downloads\Fwd_ PGA info.eml:OECustomProperty
AlternateDataStreams: C:\Users\MarkMarcy\Downloads\Fwd_ T Times for Saturday 12_3.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/04/2014 09:19:26 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.
 
Error: (06/04/2014 09:19:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/30/2014 11:26:34 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.
 
Error: (05/30/2014 11:25:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/30/2014 09:39:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/30/2014 09:39:25 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (05/30/2014 09:34:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/30/2014 09:33:08 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (05/30/2014 09:26:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/30/2014 09:26:56 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
 
System errors:
=============
Error: (06/06/2014 03:22:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/06/2014 02:30:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.175.1478.0){FC81F35D-30CB-4419-B7DF-9A86AE1C737B}200
 
Error: (06/04/2014 09:21:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}
 
Error: (06/04/2014 09:20:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/04/2014 09:19:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (06/04/2014 09:19:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
 
Error: (06/04/2014 09:18:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:16:12 AM on 6/4/2014 was unexpected.
 
Error: (06/02/2014 01:10:09 AM) (Source: Schannel) (EventID: 4106) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (05/31/2014 06:00:33 PM) (Source: Schannel) (EventID: 4106) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
 
Error: (05/30/2014 04:06:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.175.864.0){4E8A5CE6-D092-4233-B8BF-7C657DF83BA5}200
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-06 09:01:33.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 09:01:32.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 09:01:31.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 09:01:31.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 09:01:14.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 09:01:13.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 09:01:06.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 09:01:05.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 09:01:04.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-06 09:01:03.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 87%
Total physical RAM: 3838.32 MB
Available physical RAM: 479.85 MB
Total Pagefile: 8143.26 MB
Available Pagefile: 2692.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 06 June 2014 - 01:06 PM

Ok, let's start to remove this piece of malware:


Step 1

Please download this attached Attached File  fixlist.txt   1.07KB   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#8 robc9525

robc9525
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 07 June 2014 - 02:07 AM

Thanks for your help, looks like the dllhost are not running anymore.  The fix did lockup FRST, had to kill it, but it did create the fixlog.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014

Ran by MarkMarcy at 2014-06-06 11:35:56 Run:1

Running from C:\Users\MarkMarcy\Downloads\FRST

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

HKU\S-1-5-21-351684649-980794266-900292422-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\MarkMarcy\AppData\Local\Temp\spbpcno\sbrahpx\wow.dll ATTENTION! ====> ZeroAccess?

SearchScopes: HKLM-x32 - {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=9Nxdm003YYus&ptnrS=9Nxdm003YYus&si=CJvyyoio47MCFcN_QgodWW0A4Q&ptb=69C71422-E10A-40D1-B4D4-AAEB429C5C88&ind=2012112214&n=77ee6556&psa=&st=sb&searchfor={searchTerms}

c:\Users\MarkMarcy\AppData\Local\Temp\spbpcno

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File

SearchScopes: HKCU - {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=9Nxdm003YYus&ptnrS=9Nxdm003YYus&si=CJvyyoio47MCFcN_QgodWW0A4Q&ptb=69C71422-E10A-40D1-B4D4-AAEB429C5C88&ind=2012112214&n=77ee6556&psa=&st=sb&searchfor={searchTerms}

Reboot:

*****************

 

[4248] C:\Windows\SysWOW64\dllhost.exe => Process closed successfully.

C:\Windows\SysWOW64\svchost.exe => No running process found

'HKU\S-1-5-21-351684649-980794266-900292422-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{35e9438f-19d4-4516-b2ac-59ba9241de4d}'=> Key not found.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014

Ran by MarkMarcy (administrator) on MARKMARCY-PC on 06-06-2014 23:55:42

Running from C:\Users\MarkMarcy\Downloads\FRST

Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Realtek Semiconductor) C:\Windows\RAVCpl64.exe

(Spotify Ltd) C:\Users\MarkMarcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)

HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-18] (Realtek Semiconductor Corp.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-18] (Realtek Semiconductor)

HKLM-x32\...\Run: [Trigger New Acer AlaunchX] => c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [8192 2008-07-16] (Acer Inc.)

HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-07-23] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)

HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Smart Copy] => C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe [53248 2008-05-21] (IOI)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()

HKLM-x32\...\Run: [LedKey] => CNYHKey.exe

HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()

HKLM-x32\...\RunOnce: [New Acer AlaunchX] - c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)

HKU\S-1-5-21-351684649-980794266-900292422-1000\...\Run: [Spotify Web Helper] => C:\Users\MarkMarcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104280 2013-03-28] (Spotify Ltd)

HKU\S-1-5-21-351684649-980794266-900292422-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-351684649-980794266-900292422-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-351684649-980794266-900292422-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk

ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0710&m=dx4720-03

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0710&m=dx4720-03

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

SearchScopes: HKCU - {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=9Nxdm003YYus&ptnrS=9Nxdm003YYus&si=CJvyyoio47MCFcN_QgodWW0A4Q&ptb=69C71422-E10A-40D1-B4D4-AAEB429C5C88&ind=2012112214&n=77ee6556&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS390US390

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 10.2.127.4

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\

FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-12-10]

 

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.google.com"

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]

CHR Extension: (YouTube) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]

CHR Extension: (Google Search) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]

CHR Extension: (Skype Click to Call) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-05]

CHR Extension: (Google Wallet) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-07-27]

CHR Extension: (Gmail) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\Exts\Chrome.crx [2014-05-21]

 

==================== Services (Whitelisted) =================

 

R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe [262968 2014-05-10] (Symantec Corporation)

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe [130104 2014-05-13] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)

S1 Beep; No ImagePath

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-23] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140606.002\IDSvia64.sys [525016 2014-04-22] (Symantec Corporation)

R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2014-03-01] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140606.018\ENG64.SYS [126040 2014-06-06] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140606.018\EX64.SYS [2099288 2014-06-06] (Symantec Corporation)

R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-14] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S1 yyonnczi; \??\C:\Windows\system32\drivers\yyonnczi.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-06 11:34 - 2014-06-06 23:55 - 00000000 ____D () C:\Users\MarkMarcy\Downloads\FRST

2014-06-06 09:04 - 2014-06-06 09:07 - 00035728 _____ () C:\Users\MarkMarcy\Downloads\Addition.txt

2014-06-06 09:00 - 2014-06-06 09:07 - 00056190 _____ () C:\Users\MarkMarcy\Downloads\FRST.txt

2014-06-06 08:58 - 2014-06-06 23:55 - 00000000 ____D () C:\FRST

2014-06-06 08:48 - 2014-06-06 08:48 - 00000000 ____D () C:\Users\MarkMarcy\Downloads\tdsskiller

2014-06-06 08:46 - 2014-06-06 08:47 - 04161050 _____ () C:\Users\MarkMarcy\Downloads\tdsskiller.zip

2014-05-30 09:41 - 2014-05-30 09:41 - 02066944 _____ (Farbar) C:\Users\MarkMarcy\Downloads\FRST64.exe

2014-05-30 09:40 - 2014-05-30 09:40 - 00688992 ____R (Swearware) C:\Users\MarkMarcy\Downloads\dds.com

2014-05-30 09:16 - 2014-05-30 09:16 - 00205228 _____ () C:\Users\MarkMarcy\AppData\Local\census.cache

2014-05-30 09:16 - 2014-05-30 09:16 - 00164393 _____ () C:\Users\MarkMarcy\AppData\Local\ars.cache

2014-05-30 08:33 - 2012-06-05 00:37 - 00256904 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys

2014-05-30 08:32 - 2014-05-30 08:32 - 00000036 _____ () C:\Users\MarkMarcy\AppData\Local\housecall.guid.cache

2014-05-30 08:27 - 2014-05-30 08:27 - 02002944 _____ (Trend Micro Inc.) C:\Users\MarkMarcy\Downloads\HousecallLauncher.exe

2014-05-23 08:40 - 2014-05-30 09:27 - 00002567 _____ () C:\Users\MarkMarcy\Desktop\HiJackThis.lnk

2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-05-23 03:00 - 2014-05-05 17:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-23 03:00 - 2014-05-05 17:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-23 03:00 - 2014-05-05 17:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-23 03:00 - 2014-05-05 16:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-23 03:00 - 2014-05-05 16:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-23 03:00 - 2014-05-05 16:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-05-22 03:02 - 2014-05-22 03:02 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-22 03:02 - 2014-05-22 03:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-22 03:02 - 2014-05-22 03:02 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-05-22 03:02 - 2014-05-22 03:02 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-05-22 03:02 - 2014-05-22 03:02 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-05-22 03:02 - 2014-05-22 03:02 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-05-21 23:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-05-21 23:32 - 2014-05-21 23:32 - 01326389 _____ () C:\Users\MarkMarcy\Downloads\adwcleaner_3.210.exe

2014-05-20 10:12 - 2014-05-20 10:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus

2014-05-20 08:39 - 2014-03-25 09:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-20 08:39 - 2014-03-25 06:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-19 13:07 - 2014-06-06 23:54 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Public\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Ashley's iphone\AppData\Local\temp

2014-05-19 12:52 - 2014-05-19 12:52 - 00012847 _____ () C:\ComboFix.txt

2014-05-19 12:52 - 2014-05-19 12:52 - 00000000 ____D () C:\Users\marcy's iphone\AppData\Local\temp

2014-05-07 09:33 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-05-07 09:33 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-05-07 09:33 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-05-07 09:33 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-05-07 09:33 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-05-07 09:33 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe

2014-05-07 09:33 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe

2014-05-07 09:33 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe

2014-05-07 09:30 - 2014-05-19 13:14 - 00000000 ____D () C:\Qoobox

2014-05-07 09:28 - 2014-05-19 12:50 - 00000000 ____D () C:\Windows\erdnt

2014-05-07 09:27 - 2014-05-14 08:30 - 05200050 ____R (Swearware) C:\Users\MarkMarcy\Downloads\ComboFix.exe

2014-05-07 09:26 - 2014-05-07 09:27 - 01402880 _____ () C:\Users\MarkMarcy\Downloads\HiJackThis.msi

 

==================== One Month Modified Files and Folders =======

 

2014-06-06 23:56 - 2010-07-26 17:17 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Local\Temp

2014-06-06 23:55 - 2014-06-06 11:34 - 00000000 ____D () C:\Users\MarkMarcy\Downloads\FRST

2014-06-06 23:55 - 2014-06-06 08:58 - 00000000 ____D () C:\FRST

2014-06-06 23:55 - 2012-09-03 18:47 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Roaming\Skype

2014-06-06 23:54 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp

2014-06-06 23:51 - 2010-07-26 17:25 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml

2014-06-06 23:51 - 2008-01-20 20:26 - 00838728 _____ () C:\Windows\PFRO.log

2014-06-06 23:51 - 2006-11-02 08:42 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-06-06 23:51 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-06 23:51 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-06 23:51 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-06 23:48 - 2010-07-26 17:07 - 01659650 _____ () C:\Windows\WindowsUpdate.log

2014-06-06 11:35 - 2006-11-02 05:46 - 00829354 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-06 09:07 - 2014-06-06 09:04 - 00035728 _____ () C:\Users\MarkMarcy\Downloads\Addition.txt

2014-06-06 09:07 - 2014-06-06 09:00 - 00056190 _____ () C:\Users\MarkMarcy\Downloads\FRST.txt

2014-06-06 08:48 - 2014-06-06 08:48 - 00000000 ____D () C:\Users\MarkMarcy\Downloads\tdsskiller

2014-06-06 08:47 - 2014-06-06 08:46 - 04161050 _____ () C:\Users\MarkMarcy\Downloads\tdsskiller.zip

2014-06-04 08:25 - 2014-01-26 14:06 - 00004043 _____ () C:\Windows\setupact.log

2014-05-30 09:41 - 2014-05-30 09:41 - 02066944 _____ (Farbar) C:\Users\MarkMarcy\Downloads\FRST64.exe

2014-05-30 09:41 - 2014-05-06 14:18 - 00000732 _____ () C:\Users\MarkMarcy\AppData\Local\d3d9caps64.dat

2014-05-30 09:40 - 2014-05-30 09:40 - 00688992 ____R (Swearware) C:\Users\MarkMarcy\Downloads\dds.com

2014-05-30 09:27 - 2014-05-23 08:40 - 00002567 _____ () C:\Users\MarkMarcy\Desktop\HiJackThis.lnk

2014-05-30 09:16 - 2014-05-30 09:16 - 00205228 _____ () C:\Users\MarkMarcy\AppData\Local\census.cache

2014-05-30 09:16 - 2014-05-30 09:16 - 00164393 _____ () C:\Users\MarkMarcy\AppData\Local\ars.cache

2014-05-30 08:32 - 2014-05-30 08:32 - 00000036 _____ () C:\Users\MarkMarcy\AppData\Local\housecall.guid.cache

2014-05-30 08:27 - 2014-05-30 08:27 - 02002944 _____ (Trend Micro Inc.) C:\Users\MarkMarcy\Downloads\HousecallLauncher.exe

2014-05-30 08:05 - 2010-12-07 15:48 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Local\CrashDumps

2014-05-23 09:35 - 2012-09-03 18:47 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-05-23 09:35 - 2012-09-03 18:47 - 00000000 ____D () C:\ProgramData\Skype

2014-05-23 09:08 - 2014-03-12 16:46 - 00000000 ____D () C:\Windows\pss

2014-05-23 09:08 - 2006-11-02 06:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-05-23 02:24 - 2013-07-27 13:41 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe

2014-05-23 02:20 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\rescache

2014-05-23 01:59 - 2006-11-02 06:33 - 00000000 ___RD () C:\Windows\Offline Web Pages

2014-05-23 01:59 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-05-22 03:03 - 2011-05-13 23:16 - 00005660 _____ () C:\Windows\IE9_main.log

2014-05-22 03:03 - 2006-11-02 05:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat

2014-05-22 03:03 - 2006-11-02 05:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat

2014-05-22 03:03 - 2006-11-01 23:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat

2014-05-22 03:03 - 2006-11-01 23:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat

2014-05-22 03:02 - 2014-05-22 03:02 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-05-22 03:02 - 2014-05-22 03:02 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-22 03:02 - 2014-05-22 03:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-22 03:02 - 2014-05-22 03:02 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-05-22 03:02 - 2014-05-22 03:02 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-05-22 03:02 - 2014-05-22 03:02 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-05-22 03:02 - 2014-05-22 03:02 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-05-22 00:14 - 2013-08-24 16:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe

2014-05-22 00:14 - 2013-07-27 07:44 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64

2014-05-22 00:10 - 2014-04-29 15:43 - 00000000 ____D () C:\AdwCleaner

2014-05-21 23:32 - 2014-05-21 23:32 - 01326389 _____ () C:\Users\MarkMarcy\Downloads\adwcleaner_3.210.exe

2014-05-21 03:33 - 2008-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-21 03:28 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-21 03:23 - 2006-11-02 05:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-05-20 13:27 - 2011-11-23 13:32 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-20 10:12 - 2014-05-20 10:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus

2014-05-20 10:03 - 2013-12-10 07:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus

2014-05-20 10:03 - 2013-07-27 07:43 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-05-20 10:03 - 2013-07-27 07:43 - 00002205 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk

2014-05-20 10:03 - 2013-07-27 07:42 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64

2014-05-20 09:31 - 2006-11-02 06:33 - 00000000 ____D () C:\Program Files (x86)\Internet Explorer bak

2014-05-20 08:04 - 2013-09-19 19:40 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-05-19 13:14 - 2014-05-07 09:30 - 00000000 ____D () C:\Qoobox

2014-05-19 13:14 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Public\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Ashley's iphone\AppData\Local\temp

2014-05-19 12:52 - 2014-05-19 12:52 - 00012847 _____ () C:\ComboFix.txt

2014-05-19 12:52 - 2014-05-19 12:52 - 00000000 ____D () C:\Users\marcy's iphone\AppData\Local\temp

2014-05-19 12:50 - 2014-05-07 09:28 - 00000000 ____D () C:\Windows\erdnt

2014-05-19 12:47 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini

2014-05-16 06:19 - 2014-04-29 08:04 - 00001356 _____ () C:\Users\MarkMarcy\AppData\Local\d3d9caps.dat

2014-05-14 08:30 - 2014-05-07 09:27 - 05200050 ____R (Swearware) C:\Users\MarkMarcy\Downloads\ComboFix.exe

2014-05-14 08:08 - 2012-05-06 11:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-14 08:08 - 2011-11-23 13:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-07 09:27 - 2014-05-07 09:26 - 01402880 _____ () C:\Users\MarkMarcy\Downloads\HiJackThis.msi

 

Some content of TEMP:

====================

C:\Users\MarkMarcy\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-06-07 00:01

 

==================== End Of Log ============================



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 07 June 2014 - 12:00 PM

Hi,

looks like the fix has done it's job.
Let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#10 robc9525

robc9525
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 07 June 2014 - 10:26 PM

89 infections found, please see log.

 

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=1ebd4c4c03759f47816e96975c8a38d0

# engine=18609

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-06-08 12:34:41

# local_time=2014-06-07 05:34:41 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode_1='Norton AntiVirus'

# compatibility_mode=3599 16777213 100 100 1475948 220255467 0 0

# compatibility_mode_1=''

# compatibility_mode=5892 16776574 100 100 0 238786387 0 0

# scanned=1592940

# found=89

# cleaned=0

# scan_time=26275

sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-351684649-980794266-900292422-1000\$RF8UD25.exe"

sh=253B10DB8C7407B987C719E4506DA93C8C1B7D27 ft=1 fh=3321bc9a8f20933e vn="a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\InstallerHelper.dll.vir"

sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmileBox_EN\ldrtbSmil.dll.vir"

sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmileBox_EN\prxtbSmil.dll.vir"

sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmileBox_EN\SmileBox_ENToolbarHelper.exe.vir"

sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmileBox_EN\tbSmil.dll.vir"

sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ashley's iphone\AppData\LocalLow\SmileBox_EN\ldrtbSmil.dll.vir"

sh=CCAAB1BBEDE73F8187653E6DB58E39280C519984 ft=1 fh=a88cb9783b3399c4 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ashley's iphone\AppData\LocalLow\SmileBox_EN\tbSmi1.dll.vir"

sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ashley's iphone\AppData\LocalLow\SmileBox_EN\tbSmil.dll.vir"

sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ashley's iphone\AppData\LocalLow\SmileBox_EN\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"

sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\LocalLow\SmileBox_EN\ldrtbSmil.dll.vir"

sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\LocalLow\SmileBox_EN\tbSmil.dll.vir"

sh=6270B1B9CDFC8C8155EAA6CA89F74BCCFF16E4A1 ft=1 fh=1f1ae8bf1242efa2 vn="Win32/Toolbar.Conduit.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\Conduit\CT3061355\SmileBox_ENAutoUpdateHelper.exe.vir"

sh=DA8C384EEFD7FE4FE271A611EF0443F980FB2C9E ft=1 fh=678d83e5795ef47a vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh\10.26.9.505_0\APISupport\APISupport.dll.vir"

sh=A984DB85C2A5132D994C64801282DDB5E487BA32 ft=1 fh=cb3e05eb79620296 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir"

sh=FFC8C0F5F61304C9FB8C8AE8F84363FD4B303ECC ft=1 fh=a070018d0efef5d2 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh\10.29.0.520_0\APISupport\APISupport.dll.vir"

sh=FADE4553CF63ABD446132E31C7F927AC9D191F5D ft=1 fh=cfebcaa46fcaed43 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh\10.29.0.520_0\nativeMessaging\TBMessagingHost.exe.vir"

sh=6324A1B6DDC60ED6DBF3FD7D5E0D8ED87A69D1DC ft=1 fh=94b7f1c67327f691 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\phfmiknmhngmmlcppkpmbnopohlnfpbh\10.29.0.520_0\plugins\ChromeApiPlugin.dll.vir"

sh=41F23E459EFF023AB1B26586463360E45528ABC7 ft=1 fh=5a93daf7e0cc20e5 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\NativeMessaging\CT3061355\1_0_0_10\TBMessagingHost.exe.vir"

sh=B0B26548D636CFADD954E4B3DFD30E8F2D61D487 ft=1 fh=5129ed505060d1fb vn="Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\NativeMessaging\CT3061355\1_0_0_4\TBMessagingHost.exe.vir"

sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\NativeMessaging\CT3061355\1_0_0_6\TBMessagingHost.exe.vir"

sh=47684BC9F96872C4134DD46689D013BD8E51A14A ft=1 fh=47ffb6bc73749a57 vn="Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\NativeMessaging\CT3061355\1_0_0_9\TBMessagingHost.exe.vir"

sh=FADE4553CF63ABD446132E31C7F927AC9D191F5D ft=1 fh=cfebcaa46fcaed43 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\Local\NativeMessaging\CT3061355\1_0_1_6\TBMessagingHost.exe.vir"

sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\LocalLow\SmileBox_EN\hk64tbSmi2.dll.vir"

sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\LocalLow\SmileBox_EN\hktbSmi2.dll.vir"

sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\LocalLow\SmileBox_EN\ldrtbSmi0.dll.vir"

sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\LocalLow\SmileBox_EN\ldrtbSmi2.dll.vir"

sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\LocalLow\SmileBox_EN\ldrtbSmil.dll.vir"

sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\LocalLow\SmileBox_EN\tbSmi0.dll.vir"

sh=BEF49F698BB05F075CAD2314D1E6707CF5582727 ft=1 fh=a14839057f424abd vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\LocalLow\SmileBox_EN\tbSmi1.dll.vir"

sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\LocalLow\SmileBox_EN\tbSmi2.dll.vir"

sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MarkMarcy\AppData\LocalLow\SmileBox_EN\tbSmil.dll.vir"

sh=3E694845DC53F08AC299CA23DA974C55F4B62E20 ft=0 fh=0000000000000000 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Ashley's iphone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M6QUJP3V\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi"

sh=92ADCAD1FD7D9FE41C54B83EB30077A7CCF0AB68 ft=0 fh=0000000000000000 vn="Win32/BHO.OEI trojan" ac=I fn="C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Default\aakanjlafapgegnoppnakbojggjafipj\background.html"

sh=67D443EB6C18BEDFECE311A44B6E985217C5234A ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Tracur.AD trojan" ac=I fn="C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Default\aakanjlafapgegnoppnakbojggjafipj\ContentScript.js"

sh=E55016DD8CE0A209727746A4935A67330403A0AA ft=1 fh=d531859197d102f8 vn="Win64/Wowlik.F trojan" ac=I fn="C:\Users\MarkMarcy\AppData\Local\Temp\spbpcno\sbrahpx\wow.dll"

sh=15B664F88DD2B00F25CF3460592D8CBB0EC8F639 ft=1 fh=a430f12ed03bd32c vn="a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application" ac=I fn="C:\Users\MarkMarcy\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\175A5E4F.exe"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[1]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[2]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[3]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[4]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[5]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[6]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[1]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[2]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[3]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[4]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[5]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[6]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[7]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[1]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[2]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[3]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[4]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[5]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[6]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[7]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[8]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[1]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[2]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[3]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[4]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[5]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[1]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[2]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[3]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[4]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[5]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\update[6]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[1]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[2]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[3]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[4]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[5]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[6]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\update[7]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[1]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[2]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[3]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[4]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[5]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[6]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[7]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\update[8]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[1]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[2]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[3]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[4]"

sh=227543CB4B29B52963E339A972DAF3FFEDD6F5C3 ft=1 fh=fff6da188ebe3b9c vn="a variant of Win32/Toolbar.Perion.A potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\update[5]"



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 08 June 2014 - 03:29 PM

This looks much worse than it actually is..
Last round:


Step 1

Please download this attached Attached File  fixlist.txt   215bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#12 robc9525

robc9525
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 08 June 2014 - 03:57 PM

Thanks again for all your help.

Here are the logs.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014

Ran by MarkMarcy at 2014-06-08 13:47:03 Run:2

Running from C:\Users\MarkMarcy\Downloads\FRST

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Users\MarkMarcy\AppData\LocalLow\CouponAlert_2pEI

C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Default\aakanjlafapgegnoppnakbojggjafipj

C:\Users\MarkMarcy\AppData\Local\Temp\spbpcno

Reboot:

*****************

 

C:\Users\MarkMarcy\AppData\LocalLow\CouponAlert_2pEI => Moved successfully.

C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Default\aakanjlafapgegnoppnakbojggjafipj => Moved successfully.

C:\Users\MarkMarcy\AppData\Local\Temp\spbpcno => Moved successfully.

 

 

The system needed a reboot.

 

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014

Ran by MarkMarcy (administrator) on MARKMARCY-PC on 08-06-2014 13:54:16

Running from C:\Users\MarkMarcy\Downloads\FRST

Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(Realtek Semiconductor) C:\Windows\RAVCpl64.exe

(Spotify Ltd) C:\Users\MarkMarcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)

HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-18] (Realtek Semiconductor Corp.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-18] (Realtek Semiconductor)

HKLM-x32\...\Run: [Trigger New Acer AlaunchX] => c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [8192 2008-07-16] (Acer Inc.)

HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-07-23] (LeapFrog Enterprises, Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)

HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Smart Copy] => C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe [53248 2008-05-21] (IOI)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()

HKLM-x32\...\Run: [LedKey] => CNYHKey.exe

HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()

HKLM-x32\...\RunOnce: [New Acer AlaunchX] - c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)

HKU\S-1-5-21-351684649-980794266-900292422-1000\...\Run: [Spotify Web Helper] => C:\Users\MarkMarcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104280 2013-03-28] (Spotify Ltd)

HKU\S-1-5-21-351684649-980794266-900292422-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-351684649-980794266-900292422-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-351684649-980794266-900292422-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk

ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0710&m=dx4720-03

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0710&m=dx4720-03

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

SearchScopes: HKCU - {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=9Nxdm003YYus&ptnrS=9Nxdm003YYus&si=CJvyyoio47MCFcN_QgodWW0A4Q&ptb=69C71422-E10A-40D1-B4D4-AAEB429C5C88&ind=2012112214&n=77ee6556&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS390US390

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 10.2.127.4

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\

FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-12-10]

 

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.google.com"

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]

CHR Extension: (YouTube) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]

CHR Extension: (Google Search) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]

CHR Extension: (Skype Click to Call) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-05]

CHR Extension: (Google Wallet) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]

CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-07-27]

CHR Extension: (Gmail) - C:\Users\MarkMarcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\Exts\Chrome.crx [2014-05-21]

 

==================== Services (Whitelisted) =================

 

R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] ()

R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe [262968 2014-05-10] (Symantec Corporation)

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe [130104 2014-05-13] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)

S1 Beep; No ImagePath

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-23] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140606.002\IDSvia64.sys [525016 2014-04-22] (Symantec Corporation)

R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140607.001\ENG64.SYS [126040 2014-06-06] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140607.001\EX64.SYS [2099288 2014-06-06] (Symantec Corporation)

R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-14] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)

R1 SYMTDIv; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S1 yyonnczi; \??\C:\Windows\system32\drivers\yyonnczi.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-07 10:11 - 2014-06-07 10:11 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-07 10:10 - 2014-06-07 10:10 - 02347384 _____ (ESET) C:\Users\MarkMarcy\Downloads\esetsmartinstaller_enu.exe

2014-06-07 01:51 - 2014-06-07 01:51 - 00000000 __SHD () C:\found.000

2014-06-06 11:34 - 2014-06-08 13:54 - 00000000 ____D () C:\Users\MarkMarcy\Downloads\FRST

2014-06-06 08:58 - 2014-06-08 13:54 - 00000000 ____D () C:\FRST

2014-05-30 09:16 - 2014-05-30 09:16 - 00205228 _____ () C:\Users\MarkMarcy\AppData\Local\census.cache

2014-05-30 09:16 - 2014-05-30 09:16 - 00164393 _____ () C:\Users\MarkMarcy\AppData\Local\ars.cache

2014-05-30 08:33 - 2012-06-05 00:37 - 00256904 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys

2014-05-30 08:32 - 2014-05-30 08:32 - 00000036 _____ () C:\Users\MarkMarcy\AppData\Local\housecall.guid.cache

2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-05-23 03:00 - 2014-05-05 17:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-23 03:00 - 2014-05-05 17:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-23 03:00 - 2014-05-05 17:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-23 03:00 - 2014-05-05 16:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-23 03:00 - 2014-05-05 16:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-23 03:00 - 2014-05-05 16:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-05-22 03:02 - 2014-05-22 03:02 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-22 03:02 - 2014-05-22 03:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-22 03:02 - 2014-05-22 03:02 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-05-22 03:02 - 2014-05-22 03:02 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-05-22 03:02 - 2014-05-22 03:02 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-05-22 03:02 - 2014-05-22 03:02 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-05-21 23:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-05-20 10:12 - 2014-05-20 10:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus

2014-05-20 08:39 - 2014-03-25 09:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-20 08:39 - 2014-03-25 06:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-19 13:07 - 2014-06-08 13:51 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Public\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Ashley's iphone\AppData\Local\temp

2014-05-19 12:52 - 2014-05-19 12:52 - 00012847 _____ () C:\ComboFix.txt

2014-05-19 12:52 - 2014-05-19 12:52 - 00000000 ____D () C:\Users\marcy's iphone\AppData\Local\temp

 

==================== One Month Modified Files and Folders =======

 

2014-06-08 13:54 - 2014-06-06 11:34 - 00000000 ____D () C:\Users\MarkMarcy\Downloads\FRST

2014-06-08 13:54 - 2014-06-06 08:58 - 00000000 ____D () C:\FRST

2014-06-08 13:54 - 2010-07-26 17:17 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Local\Temp

2014-06-08 13:53 - 2012-09-03 18:47 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Roaming\Skype

2014-06-08 13:51 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp

2014-06-08 13:49 - 2010-07-26 17:25 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml

2014-06-08 13:49 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-08 13:49 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-08 13:49 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-08 13:48 - 2008-01-20 20:26 - 00839312 _____ () C:\Windows\PFRO.log

2014-06-08 13:47 - 2010-07-26 17:07 - 01769475 _____ () C:\Windows\WindowsUpdate.log

2014-06-08 13:47 - 2006-11-02 08:42 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-06-07 10:11 - 2014-06-07 10:11 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-06-07 10:10 - 2014-06-07 10:10 - 02347384 _____ (ESET) C:\Users\MarkMarcy\Downloads\esetsmartinstaller_enu.exe

2014-06-07 01:51 - 2014-06-07 01:51 - 00000000 __SHD () C:\found.000

2014-06-06 11:35 - 2006-11-02 05:46 - 00829354 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-04 08:25 - 2014-01-26 14:06 - 00004043 _____ () C:\Windows\setupact.log

2014-05-30 09:41 - 2014-05-06 14:18 - 00000732 _____ () C:\Users\MarkMarcy\AppData\Local\d3d9caps64.dat

2014-05-30 09:16 - 2014-05-30 09:16 - 00205228 _____ () C:\Users\MarkMarcy\AppData\Local\census.cache

2014-05-30 09:16 - 2014-05-30 09:16 - 00164393 _____ () C:\Users\MarkMarcy\AppData\Local\ars.cache

2014-05-30 08:32 - 2014-05-30 08:32 - 00000036 _____ () C:\Users\MarkMarcy\AppData\Local\housecall.guid.cache

2014-05-30 08:05 - 2010-12-07 15:48 - 00000000 ____D () C:\Users\MarkMarcy\AppData\Local\CrashDumps

2014-05-23 09:35 - 2012-09-03 18:47 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-05-23 09:35 - 2012-09-03 18:47 - 00000000 ____D () C:\ProgramData\Skype

2014-05-23 09:08 - 2014-03-12 16:46 - 00000000 ____D () C:\Windows\pss

2014-05-23 09:08 - 2006-11-02 06:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-23 08:40 - 2014-05-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-05-23 02:24 - 2013-07-27 13:41 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe

2014-05-23 02:20 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\rescache

2014-05-23 01:59 - 2006-11-02 06:33 - 00000000 ___RD () C:\Windows\Offline Web Pages

2014-05-23 01:59 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-05-22 03:03 - 2011-05-13 23:16 - 00005660 _____ () C:\Windows\IE9_main.log

2014-05-22 03:03 - 2006-11-02 05:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat

2014-05-22 03:03 - 2006-11-02 05:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat

2014-05-22 03:03 - 2006-11-01 23:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat

2014-05-22 03:03 - 2006-11-01 23:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat

2014-05-22 03:02 - 2014-05-22 03:02 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-05-22 03:02 - 2014-05-22 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-05-22 03:02 - 2014-05-22 03:02 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-22 03:02 - 2014-05-22 03:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-22 03:02 - 2014-05-22 03:02 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-05-22 03:02 - 2014-05-22 03:02 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-05-22 03:02 - 2014-05-22 03:02 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-05-22 03:02 - 2014-05-22 03:02 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-05-22 03:02 - 2014-05-22 03:02 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-05-22 03:02 - 2014-05-22 03:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-05-22 00:14 - 2013-08-24 16:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe

2014-05-22 00:14 - 2013-07-27 07:44 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64

2014-05-22 00:10 - 2014-04-29 15:43 - 00000000 ____D () C:\AdwCleaner

2014-05-21 03:33 - 2008-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-21 03:28 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-21 03:23 - 2006-11-02 05:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-05-20 13:27 - 2011-11-23 13:32 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-20 10:12 - 2014-05-20 10:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus

2014-05-20 10:03 - 2013-12-10 07:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus

2014-05-20 10:03 - 2013-07-27 07:43 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-05-20 10:03 - 2013-07-27 07:43 - 00002205 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk

2014-05-20 10:03 - 2013-07-27 07:42 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64

2014-05-20 09:31 - 2006-11-02 06:33 - 00000000 ____D () C:\Program Files (x86)\Internet Explorer bak

2014-05-20 08:04 - 2013-09-19 19:40 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-05-19 13:14 - 2014-05-07 09:30 - 00000000 ____D () C:\Qoobox

2014-05-19 13:14 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Public\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp

2014-05-19 13:07 - 2014-05-19 13:07 - 00000000 ____D () C:\Users\Ashley's iphone\AppData\Local\temp

2014-05-19 12:52 - 2014-05-19 12:52 - 00012847 _____ () C:\ComboFix.txt

2014-05-19 12:52 - 2014-05-19 12:52 - 00000000 ____D () C:\Users\marcy's iphone\AppData\Local\temp

2014-05-19 12:50 - 2014-05-07 09:28 - 00000000 ____D () C:\Windows\erdnt

2014-05-19 12:47 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini

2014-05-16 06:19 - 2014-04-29 08:04 - 00001356 _____ () C:\Users\MarkMarcy\AppData\Local\d3d9caps.dat

2014-05-14 08:08 - 2012-05-06 11:11 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-14 08:08 - 2011-11-23 13:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

 

Some content of TEMP:

====================

C:\Users\MarkMarcy\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-06-08 03:49

 

 

==================== End Of Log ============================



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 10 June 2014 - 01:48 AM

Great!

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader X (10.1.10)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#14 robc9525

robc9525
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 10 June 2014 - 08:34 AM

Thanks for all your help, have a great day! :bounce:



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 11 June 2014 - 03:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users