View Full Version : Smitfraud-c.generic
Bastet0330
2013-03-06, 19:34
I guess it's nice to know I'm not the only one with this problem. Sorry to start the millionth thread on the issue.
I ran a bunch of removal tools before realizing what I had: Norton, Norton PowerErase, HiJackThis, and Spybot. I also tried a SystemRestore.
I ran ERUNT (though it seems to have bugs -- I get error messages for it when I log on to the computer), kept System Restore on, and made sure TeaTimer is off. Is there anything else I should do now? I'm clueless with non-standard computer programs, so just let me know what I should do.
Thanks so much!
10390
DDS Log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_29
Run by Mairead at 10:35:51 on 2013-03-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9028 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = 127.0.0.1:9421;<local>;*.local
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll
BHO: Window Shopper: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Mairead\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe
mRun: [NWEReboot] <no file>
StartupFolder: C:\Users\Mairead\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Mairead\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} -
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://cloud1.saba.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{07E40D75-09E1-4048-A511-1EC28E0A1A80} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{34FF8C98-5A70-4412-A211-62C33B12B49C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{434F6D26-4903-4A9A-B9A3-9D6D83DC70DE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5F94C27E-0803-4CEB-8DBD-8F5AA00DEE7B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6F9FF4D8-AE21-4007-984F-E4B7DB454F71} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D7CDF17A-C1C3-4DB9-B266-75D970B43DEA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D7CDF17A-C1C3-4DB9-B266-75D970B43DEA}\35C616070797D28416070797D264163656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D7CDF17A-C1C3-4DB9-B266-75D970B43DEA}\45967656275507075627365747D25374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D7CDF17A-C1C3-4DB9-B266-75D970B43DEA}\6457A7A797022457E6E6965637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D7CDF17A-C1C3-4DB9-B266-75D970B43DEA}\E4544574541425D2445716C62416E646D2E4 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic601.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-6 52856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604010.00E\symds64.sys [2013-2-5 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604010.00E\symefa64.sys [2013-2-5 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604010.00E\ccsetx64.sys [2013-2-5 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130305.001\IDSviA64.sys [2013-3-5 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604010.00E\ironx64.sys [2013-2-5 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604010.00E\symnets.sys [2013-2-5 405624]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-8-6 90112]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-7-17 319488]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe [2013-2-5 138272]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-22 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2011-3-4 278528]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2013-2-3 31968]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-13 138912]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2010-11-10 4865568]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-6 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-3-4 838136]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2011-3-4 25312]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2013-03-06 16:11:03 20480 ----a-w- C:\Windows\svchost.exe
2013-03-05 21:29:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-03-05 21:28:14 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0501000.01A
2013-03-05 21:28:14 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2013-03-05 21:28:12 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2013-03-05 21:02:04 -------- d-----w- C:\Users\Mairead\AppData\Local\NPE
2013-03-05 20:43:20 388096 ----a-r- C:\Users\Mairead\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-05 20:43:20 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-03-05 16:15:36 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{991C9588-039A-44CD-BD2A-39CD4A5903D5}\mpengine.dll
2013-03-05 03:35:52 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1994.tmp
2013-03-05 03:35:52 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1993.tmp
2013-03-04 13:22:32 -------- d-----w- C:\Users\Mairead\AppData\Local\{00AD2E08-E18E-445D-9A20-CAF9635E0349}
2013-02-15 22:31:23 186584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31:23 186584 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 07:35:32 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 07:35:32 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 07:33:59 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-02-12 21:48:39 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-12 21:48:37 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-12 21:48:37 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-12 21:48:24 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-12 21:48:21 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-12 21:48:19 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-12 21:48:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-12 21:48:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-12 21:48:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-12 21:48:18 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-12 21:48:16 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-12 21:48:16 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-06 08:27:15 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-02-06 08:27:15 271768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-02-06 08:27:15 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2013-02-06 08:27:15 17804184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-02-06 08:27:15 157712 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-02-06 03:42:33 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0604010.00E\symnets.sys
2013-02-06 03:42:33 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0604010.00E\symefa64.sys
2013-02-06 03:42:32 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0604010.00E\srtsp64.sys
2013-02-06 03:42:32 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0604010.00E\symds64.sys
2013-02-06 03:42:32 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0604010.00E\srtspx64.sys
2013-02-06 03:42:32 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0604010.00E\ironx64.sys
2013-02-06 03:42:32 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0604010.00E\ccsetx64.sys
2013-02-06 03:42:21 -------- d-----w- C:\Windows\System32\drivers\N360x64\0604010.00E
2013-02-06 02:07:20 -------- d-----w- C:\Users\Mairead\AppData\Local\{B28FE787-F735-4075-A225-081DAEE62F49}
2013-02-06 01:11:40 -------- d-sh--w- C:\ProgramData\DSS
2013-02-06 00:45:47 -------- d-----w- C:\Users\Mairead\AppData\Roaming\Lionhead Studios
2013-02-06 00:44:37 -------- d-----w- C:\Windows\SysWow64\xlive
2013-02-06 00:44:31 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-02-04 22:59:38 -------- d-----w- C:\Users\Mairead\AppData\Local\{F16082FE-7379-423E-BCF8-AD4BAB29C89C}
.
==================== Find3M ====================
.
2013-02-27 02:53:15 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 02:53:15 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
.
============= FINISH: 10:36:57.20 ===============
[B]ASW Log:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-06 10:48:13
-----------------------------
10:48:13.031 OS Version: Windows x64 6.1.7601 Service Pack 1
10:48:13.031 Number of processors: 4 586 0x1E05
10:48:13.031 ComputerName: COMPY UserName:
10:48:17.482 Initialize success
10:48:24.778 AVAST engine defs: 13030500
10:48:26.579 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:48:26.579 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3
10:48:26.579 Device \Driver\atapi -> MajorFunction fffffa800b2a35e8
10:48:26.579 Disk 0 MBR read successfully
10:48:26.589 Disk 0 MBR scan
10:48:26.589 Disk 0 Windows 7 default MBR code
10:48:26.589 Disk 0 MBR hidden
10:48:26.639 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:48:26.669 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
10:48:26.729 Disk 0 scanning C:\Windows\system32\drivers
10:48:37.992 Service scanning
10:49:10.762 Modules scanning
10:49:10.762 Disk 0 trace - called modules:
10:49:11.102 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800b2a35e8]<<
10:49:11.102 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800aef0060]
10:49:11.112 3 CLASSPNP.SYS[fffff88001a5e43f] -> nt!IofCallDriver -> [0xfffffa800ab23520]
10:49:11.122 5 ACPI.sys[fffff88000fa27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ab24060]
10:49:11.122 \Driver\atapi[0xfffffa8009d07cc0] -> IRP_MJ_CREATE -> 0xfffffa800b2a35e8
10:49:18.096 AVAST engine scan C:\Windows
10:49:20.657 AVAST engine scan C:\Windows\system32
10:52:25.844 AVAST engine scan C:\Windows\system32\drivers
10:52:46.082 AVAST engine scan C:\Users\Mairead
10:59:45.343 File: C:\Users\Mairead\AppData\Roaming\.minecraft\sp.DLL **INFECTED** Win32:Malware-gen
11:03:10.185 AVAST engine scan C:\ProgramData
11:05:34.378 File: C:\ProgramData\Microsoft\Windows\DRM\FFCF.tmp.dat **INFECTED** Win32:Alureon-AUQ [Trj]
11:07:19.226 Scan finished successfully
11:32:35.039 Disk 0 MBR has been saved successfully to "C:\Users\Mairead\Desktop\MBR.dat"
11:32:35.049 The log file has been saved successfully to "C:\Users\Mairead\Desktop\log.txt"
:welcome:
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Bastet0330
2013-03-10, 18:05
Thanks, Ken! Here's the log. However, as I ran the scan, ComboFix prompted me to download a new version. Every time I clicked on that option, my computer blue-screened, so I wound up running in "Reduced Functionality Mode". This is what I got, though.
Also, I will be out of town for a week. How can I prevent my thread from getting archived?
Thanks again! I really appreciate the help.
ComboFix 13-03-05.01 - Mairead 03/10/2013 10:44:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9820 [GMT -5:00]
Running from: c:\users\Mairead\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-10 to 2013-03-10 )))))))))))))))))))))))))))))))
.
.
2013-03-10 15:45 . 2013-03-10 15:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-10 15:45 . 2013-03-10 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-10 14:56 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEFE0ACD-F4CA-48AD-9E70-C3757CDF9DEF}\mpengine.dll
2013-03-05 21:28 . 2013-03-06 23:07 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2013-03-05 21:02 . 2013-03-05 21:02 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-03-05 21:02 . 2013-03-05 21:19 -------- d-----w- c:\users\Mairead\AppData\Local\NPE
2013-03-05 20:43 . 2013-03-05 20:43 388096 ----a-r- c:\users\Mairead\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-05 20:43 . 2013-03-05 20:43 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-05 16:47 . 2013-03-05 16:47 -------- d-----w- c:\program files (x86)\ERUNT
2013-03-05 03:35 . 2013-03-05 03:35 7680 ----a-w- c:\programdata\Microsoft\Windows\DRM\1994.tmp
2013-03-05 03:35 . 2013-03-05 03:35 7680 ----a-w- c:\programdata\Microsoft\Windows\DRM\1993.tmp
2013-02-26 17:11 . 2013-02-26 17:11 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-15 22:31 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 07:35 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 07:35 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 07:33 . 2013-01-09 01:53 763424 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-02-12 21:48 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-12 21:48 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-12 21:48 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-12 21:48 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-12 21:48 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-12 21:48 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-12 21:48 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-12 21:48 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-12 21:48 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-12 21:48 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-12 21:48 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-12 21:48 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 02:53 . 2012-04-07 17:16 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 02:53 . 2011-05-19 14:40 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 07:40 . 2010-09-09 16:16 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 07:28 . 2010-08-07 01:50 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-12 21:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-11 39408]
"Akamai NetSession Interface"="c:\users\Mairead\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"R577SO"="c:\program files (x86)\GIGABYTE\R577SO\R577SO.exe" [2010-04-08 192512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
.
c:\users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-3-4 3280896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 GPU-Z;GPU-Z;c:\users\Mairead\AppData\Local\Temp\GPU-Z.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 NPF;Netgroup Packet Filter;c:\windows\system32\DRIVERS\npf.sys [2009-10-20 47632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-07 52856]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2013-03-05 95392]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS [2012-01-17 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130308.001\IDSvia64.sys [2013-03-08 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [2012-01-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [2012-01-17 405624]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-11-04 278528]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-09 31968]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-14 138912]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f8a87d2-a23a-11df-9318-806e6f6e6963}]
\shell\AutoRun\command - D:\Launcher.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9a58ddc-b52e-11e0-a8dc-20cf3003accf}]
\shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 02:53]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 04:54]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 04:54]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000Core.job
- c:\users\Mairead\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 01:59]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000UA.job
- c:\users\Mairead\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 01:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: pandora.com\www
Trusted Zone: webex.com
Trusted Zone: webex.com\gse
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Wow6432Node-HKLM-Run-TaskTray - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-10 10:50:25
ComboFix-quarantined-files.txt 2013-03-10 15:50
.
Pre-Run: 125,914,238,976 bytes free
Post-Run: 126,082,510,848 bytes free
.
- - End Of File - - 142D0B2F6360EA78490FAF2639AC43E8
Hi,
This file is a virus
c:\windows\svchost.exe If the file was in the system32 folder than it would be ok, this is how the scum that write viruses try to fool the system.
Lets do this, run this program and we can go from there when you return, not to worry I will keep this thread open for you until you do.
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM-2.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Bastet0330
2013-03-11, 01:45
Thanks for the quick response! I ran the program, and here's the log.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.10.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mairead :: COMPY [administrator]
3/10/2013 6:40:09 PM
mbam-log-2013-03-10 (18-40-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238292
Time elapsed: 3 minute(s), 51 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3952 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Mairead\AppData\Roaming\.minecraft\sp.DLL (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
:bigthumb:
Lets look a bit deeper. Any browser redirects or unwanted pop up windows ? Run this program, I am looking over your Combofix log now
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Bastet0330
2013-03-11, 03:51
Here's the OTL:
OTL logfile created on: 3/10/2013 8:31:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mairead\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 8.93 Gb Available Physical Memory | 74.48% Memory free
23.98 Gb Paging File | 21.03 Gb Available in Paging File | 87.72% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 115.86 Gb Free Space | 49.77% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: COMPY | User Name: Mairead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mairead\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (SMR311) -- C:\Windows\SysNative\drivers\SMR311.SYS (Symantec Corporation)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20130310.007\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20130310.007\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20130308.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20130301.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (XFX_program) -- C:\Windows\SysWow64\drivers\XFX_program.sys (Sengital Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mairead\Desktop
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE B7 A0 1F D0 35 CB 01 [binary data]
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes,DefaultScope = {F3079613-14CE-4bac-AAC1-DC779C94F1DF}
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes\{CD2529CB-AADE-4129-953A-331E35A57AD0}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes\{F3079613-14CE-4bac-AAC1-DC779C94F1DF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic601.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2013/03/10 06:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2013/03/10 19:00:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
[2011/05/18 23:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/10/25 03:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\SeaMonkey\Profiles\06spn8ys.default\extensions
[2013/03/10 06:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/10 06:21:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/10 06:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/03/10 06:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/06 03:27:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/28 06:32:48 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2013/03/09 14:33:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/09 14:33:59 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/10 10:45:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe (GIGABYTE Technology Co.,Ltd.)
O4 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000..\Run: [Akamai NetSession Interface] C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..Trusted Domains: pandora.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..Trusted Domains: webex.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..Trusted Domains: webex.com ([gse] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://cloud1.saba.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07E40D75-09E1-4048-A511-1EC28E0A1A80}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34FF8C98-5A70-4412-A211-62C33B12B49C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{434F6D26-4903-4A9A-B9A3-9D6D83DC70DE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F94C27E-0803-4CEB-8DBD-8F5AA00DEE7B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F9FF4D8-AE21-4007-984F-E4B7DB454F71}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7CDF17A-C1C3-4DB9-B266-75D970B43DEA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/06 10:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0f8a87d2-a23a-11df-9318-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0f8a87d2-a23a-11df-9318-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launcher.exe
O33 - MountPoints2\{c9a58ddc-b52e-11e0-a8dc-20cf3003accf}\Shell - "" = AutoRun
O33 - MountPoints2\{c9a58ddc-b52e-11e0-a8dc-20cf3003accf}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/10 20:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 19:01:10 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/03/10 18:38:40 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Malwarebytes
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/10 18:38:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/10 18:37:38 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Mairead\Desktop\mbam-setup-1.70.0.1100.exe
[2013/03/10 18:36:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/10 10:50:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/10 10:40:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/10 10:40:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/10 10:40:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/10 10:36:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/05 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Mairead\Desktop\ESL
[2013/03/05 16:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2013/03/05 16:02:09 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\NPE
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/03/05 11:49:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/03/05 11:34:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/05 11:33:38 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/05 11:28:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/03/04 08:22:32 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\{00AD2E08-E18E-445D-9A20-CAF9635E0349}
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/13 02:34:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/13 02:34:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/13 02:34:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/13 02:34:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/13 02:34:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/13 02:34:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/13 02:33:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/13 02:33:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/13 02:33:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/13 02:33:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/13 02:33:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/13 02:33:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/13 02:33:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/13 02:33:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/13 02:33:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/12 16:48:39 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/12 16:48:37 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/12 16:48:37 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/12 16:48:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/12 16:48:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/12 16:48:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/12 16:48:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/12 16:48:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/12 16:48:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/12 16:48:16 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/10 20:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 20:28:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/10 20:10:48 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000UA.job
[2013/03/10 19:53:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/10 19:13:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/10 19:10:25 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/03/10 19:08:04 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 19:08:04 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 19:06:22 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/10 19:06:22 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/10 19:06:22 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 19:00:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/10 18:59:55 | 1066,704,894 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/10 18:38:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 18:37:41 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Mairead\Desktop\mbam-setup-1.70.0.1100.exe
[2013/03/10 10:45:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/10 10:31:57 | 612,892,047 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/05 16:02:09 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 15:43:20 | 000,002,985 | ---- | M] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:49:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:16 | 000,001,108 | ---- | M] () -- C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/03/05 11:47:14 | 000,000,928 | ---- | M] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | M] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/03/05 11:33:49 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/05 11:29:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/02/26 21:53:15 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/26 21:53:15 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/26 05:25:47 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000Core.job
[2013/02/22 14:06:50 | 000,350,019 | ---- | M] () -- C:\Users\Mairead\Desktop\Untitled.png
[2013/02/13 08:26:31 | 000,383,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/11 12:27:05 | 000,001,067 | ---- | M] () -- C:\Users\Mairead\Videos - Shortcut.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/10 18:38:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 10:40:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/10 10:40:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/10 10:40:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/10 10:40:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/10 10:40:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/05 15:43:20 | 000,002,985 | ---- | C] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:47:16 | 000,001,108 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/03/05 11:47:14 | 000,000,928 | ---- | C] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | C] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/02/22 14:06:11 | 000,350,019 | ---- | C] () -- C:\Users\Mairead\Desktop\Untitled.png
[2013/02/11 12:27:05 | 000,001,067 | ---- | C] () -- C:\Users\Mairead\Videos - Shortcut.lnk
[2012/07/22 19:43:36 | 000,000,091 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/12 15:28:34 | 000,007,606 | ---- | C] () -- C:\Users\Mairead\AppData\Local\Resmon.ResmonCfg
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/23 13:38:31 | 000,060,304 | ---- | C] () -- C:\Users\Mairead\g2mdlhlpx.exe
[2011/06/25 13:44:35 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2011/05/18 16:55:22 | 000,001,940 | ---- | C] () -- C:\Users\Mairead\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/22 00:19:17 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/22 00:19:17 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/03 15:05:42 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2011/02/03 02:48:15 | 000,149,504 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\SharedSettings.ccs
[2011/01/12 19:15:04 | 000,000,154 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\burnaware.ini
[2011/01/06 16:32:21 | 000,061,678 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JPR.{PB
[2011/01/06 16:32:21 | 000,012,358 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JCM.{PB
[2010/12/09 23:08:48 | 000,004,608 | ---- | C] () -- C:\Users\Mairead\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/25 00:20:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2012/07/22 18:51:12 | 000,002,048 | -HS- | M] () -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\@
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/10 18:44:12 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\.minecraft
[2012/09/30 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Ad-Aware Antivirus
[2010/08/11 16:09:53 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Barnes & Noble
[2011/08/25 03:26:37 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Blackboard
[2011/02/08 14:32:49 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\calibre
[2012/07/02 15:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Centra
[2011/02/03 03:49:26 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/03 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\CoffeeCup Software
[2011/08/25 03:20:36 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Collaborate
[2010/11/24 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2010/10/28 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Epson
[2010/11/27 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Foxit Software
[2010/08/10 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Leadertech
[2013/02/05 19:45:47 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Lionhead Studios
[2011/03/03 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\OverDrive
[2013/02/03 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Saba
[2010/09/16 17:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\SoftGrid Client
[2011/04/29 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Tific
[2010/09/15 17:04:57 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\TP
[2011/07/19 13:03:57 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\VIACK
[2011/03/01 15:23:08 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\WB Games
[2013/03/09 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\webex
[2011/12/02 19:29:54 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
Bastet0330
2013-03-11, 03:51
And here's the Extras file:
OTL Extras logfile created on: 3/10/2013 8:31:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mairead\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 8.93 Gb Available Physical Memory | 74.48% Memory free
23.98 Gb Paging File | 21.03 Gb Available in Paging File | 87.72% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 115.86 Gb Free Space | 49.77% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: COMPY | User Name: Mairead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048A4BBE-9658-40AF-88E8-ECAA1FBDA487}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{05096531-E853-40F7-98BE-CC8F481D0638}" = rport=10243 | protocol=6 | dir=out | app=system |
"{14BC8DD8-4C33-432D-96FE-D9E4B335C91C}" = lport=137 | protocol=17 | dir=in | app=system |
"{27383093-A91D-4003-B579-D6A058191D42}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D7BDC9B-CE99-40E8-963A-AC902D6C7731}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FC788C2-2346-4B4A-8595-3418ABEACE02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3608B11B-2614-4A8F-8078-8895D2CCBBB2}" = rport=137 | protocol=17 | dir=out | app=system |
"{385BD475-7B36-4300-87AC-E137FE697765}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4CBF0339-1893-46AA-99C8-FAFDC178D713}" = lport=445 | protocol=6 | dir=in | app=system |
"{6FE3217B-7937-454D-808A-3FC315B877B4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732BCC40-8A9A-4178-AF17-0958797CAEA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{76E6B17E-BC10-412F-8908-9F6C9C274507}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{87CCBFA6-B8E4-449C-BF89-94BF92731366}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B15FE56-A90C-44A2-B85E-1A2E5E54D2A4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9183CB5C-5832-4ACF-BFEA-3D5753A6B653}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DF379DF-304E-4F35-98AB-4294E28493FA}" = rport=139 | protocol=6 | dir=out | app=system |
"{9DFEB19E-C9D7-4B7A-8932-06EAF36823F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{AAE4C784-AE7A-4437-BE1C-38DC2272C0B0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B26F4CB1-0529-4A06-8197-9E299809E76E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5AA5150-C259-4A68-B2E5-D99FC27D4EF9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BDDC5819-9D8C-47B0-B125-4FD0A3231DE3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8212A33-F56F-43FE-9036-6292F2A5C87F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F801C67F-0931-4D2A-863B-6EE2287A9620}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAB5A3A8-0BFB-4B24-9D56-69F0A97548F4}" = rport=445 | protocol=6 | dir=out | app=system |
"{FEB4D33C-4307-421D-A904-45D1A1C3A81C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088AA9DF-C9F5-42E4-9186-CB289D4042C5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1E61EC23-3157-4CC9-B91E-A0C0F53DF72E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1F75C2DE-790F-4131-B524-69B6F9F73F81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{206BAB12-94B7-4A48-B3B6-ACC37CA1FB70}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{278087A2-7F23-4150-8501-03678C1DBA06}" = protocol=6 | dir=in | app=c:\users\mairead\appdata\local\akamai\netsession_win.exe |
"{296A3DA5-30A3-4EA0-9689-9BD7D2ACFF89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{29FDF430-D83E-4225-B6D7-C491E39B0A3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2AF07EC7-B2D7-4C9C-A195-D1EF1C5F9ED8}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{2C2319CD-65DB-4534-8E2B-B9C0FF07F26C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3828BE95-B1B1-4D82-9399-F1C6B8E1F235}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D4B55C5-FB13-40AA-9070-FE28F9E51D5A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{411EB8FC-1E60-4E8D-A4EC-512AF732F19E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{423E7F61-3D10-4CB9-ABF6-6EFBC8B28EA4}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{4279C8F2-C098-4626-A237-A7EC180E06C0}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{43748FDC-3060-4621-AF61-FBCF145B8CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{444226AA-A1D0-4F92-A75D-C690854E8F24}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{452B7C05-F369-4C78-9347-BDC18FF6D60D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45E73F7F-190E-4D46-8C3E-B42072B4578F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
"{4DFF0187-3B41-4566-AAB4-3EA5100E314B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{53D0CC5B-7830-44E4-8014-3AE53F16B215}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5658D12B-544B-4658-9717-2C24A24D8D87}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{58B7C5B2-5B22-4945-8600-FFC8200B59BF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{603CE274-AF89-440F-A8FB-3F9E4B951735}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{60D2AC85-0ABB-4D0D-B404-9DFF9C9A916D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{621FB816-7913-4BA8-932D-7F89815B13EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64C9195F-8999-4097-A36A-B559B921E4F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{65FD377F-47FC-4F70-B6C5-C90EA5146040}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{69DC51C0-8E21-492A-97EB-E51E322EB278}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6E13C911-330E-45B5-8A74-3CB54747E9B3}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{79B145BA-0AE7-4245-90AA-FD6A5FA95B1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A263C6A-1058-42AB-B570-1E354A7A5F5A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{7CC7FBD3-CC2C-4E26-A5C1-184291285A0F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{7DA56356-3169-4832-B0E4-E9FAE833FD97}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
"{7E96E369-1F15-4F5B-BF3C-B83823ED5440}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{862123D0-304D-4039-A611-90C26EB6CED8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{952D3FCC-59D8-4F5E-BD6B-5FEACCC5E679}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{9D823D4E-FBC5-4455-A847-BBC9E8159B9E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B963C718-02E2-40CD-ABE4-BCC7298B7E6B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BD41D09C-C7C3-4A1A-93F6-DBFC43BF08B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C152810D-2AA0-4FB6-8CDD-81301CA46F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C1B49399-4934-4934-8B3C-C05B67F85802}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C7FD5300-5519-4716-8B25-901D133EB3EF}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{C93EA110-E5F8-4B63-8EDD-3FBF05419B05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1ECFDE9-C1C0-49F8-998C-46241EEBBFB6}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{D3453111-D481-47F4-AD52-6D6661E34EE1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D3B05828-E8F5-4A6D-9B3B-743674327A95}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\ad-aware.exe |
"{DE1A4A4B-C339-4F04-8DB1-117CCE77D3A6}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{E1C081EA-EF3A-4D78-BBA8-9A1E03E0CE0F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1D55BB4-D95A-42C9-A28F-70B3EF30129F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E59CFB64-9BFF-4592-BA2B-BEFE5E723DDC}" = protocol=6 | dir=out | app=system |
"{E67C94C1-D6E3-408B-B0AC-42D47700E0CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E77A2FB1-58B7-44C0-AF5E-308C4BE7E573}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{EC65C8FC-08E4-4314-BABD-4F67F4EB0CB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ECC9EA1F-2BBE-4C01-A5ED-6186F893AE9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe |
"{F3025EC7-5AC0-460A-8624-98AC731C711D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3860013-7EEE-4500-A54B-8A84E8B0A09F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F42AEA9A-5F25-4D8B-92EE-B0CCC9DE8CA8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{FA328161-15D0-407C-A2F6-D86D7F509074}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\ad-aware.exe |
"{FA579941-E533-4368-8BB1-1B9254CFF70A}" = protocol=17 | dir=in | app=c:\users\mairead\appdata\local\akamai\netsession_win.exe |
"TCP Query User{60AD02B1-A461-4D34-8760-F75948DFB766}C:\users\mairead\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mairead\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8E4C6DFC-B036-44E6-A664-601B1278A2F2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{CE47D100-E1BA-4055-8D72-6412A6A4A951}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{03E23942-9344-4ECB-8AF9-314C4631BFB5}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{61489C1C-6955-4209-81A8-DA52165201B5}C:\users\mairead\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mairead\appdata\local\akamai\netsession_win.exe |
"UDP Query User{AE1692B2-BDFC-4251-ADEA-E5EB2BFAAEC7}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6D44B7E-1B1E-04A7-86E3-06AD74583FE9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B53190C-E53E-4736-9E13-395741415991}" = Network Recording Player
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{539F8ADD-4D98-47E1-9641-F243D4E0B928}" = calibre
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1570454-ED12-4050-A7AC-9282C7AFB23C}" = Window Shopper
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCF100B8-A2FB-41AE-BB9C-86EEF3699114}" = WordPerfect Family Pack 4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EAC98582-5ED4-3BCA-BCD5-9E1A328BD7BE}" = Google Talk Plugin
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Akamai" = Akamai NetSession Interface Service
"AudibleManager" = AudibleManager
"BN_DesktopReader" = NOOK for PC
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Driver Performer_is1" = Driver Performer
"eMusic Download Manager 6" = eMusic Download Manager 6
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Foxit Phantom" = Foxit Phantom
"Foxit Reader" = Foxit Reader
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Bamboo
"Steam App 105400" = Fable III
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WordPerfect Family Pack 4" = WordPerfect Family Pack 4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/8/2013 6:58:57 PM | Computer Name = Compy | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x10036d98 Faulting process id: 0xf34 Faulting application
start time: 0x01ce1c44666def08 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: c1b41ff3-8843-11e2-bc83-20cf3003accf
Error - 3/8/2013 8:11:16 PM | Computer Name = Compy | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Internet Explorer' could not be shut down.
Error - 3/8/2013 10:59:46 PM | Computer Name = Compy | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0015e8ce Faulting process id: 0xef8 Faulting application
start time: 0x01ce1c58e4dfe71c Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 658b980a-8865-11e2-aa8a-20cf3003accf
Error - 3/9/2013 4:22:27 PM | Computer Name = Compy | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x54c0596a Faulting process id: 0x10e4 Faulting application
start time: 0x01ce1cfbc47cbe04 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 0f038aca-88f7-11e2-9a82-20cf3003accf
Error - 3/9/2013 4:25:43 PM | Computer Name = Compy | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000326d1 Faulting process
id: 0x228 Faulting application start time: 0x01ce1d03db3a9eb7 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 83b6bd5a-88f7-11e2-9a82-20cf3003accf
Error - 3/9/2013 6:35:59 PM | Computer Name = Compy | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.
Error - 3/9/2013 6:36:53 PM | Computer Name = Compy | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 3/9/2013 7:26:30 PM | Computer Name = Compy | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16464, time
stamp: 0x50ec9c0f Exception code: 0xc0000005 Fault offset: 0x003648c4 Faulting process
id: 0x1f7c Faulting application start time: 0x01ce1d044c662133 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: c5421792-8910-11e2-9a82-20cf3003accf
Error - 3/10/2013 12:15:30 AM | Computer Name = Compy | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: jvm.dll, version: 20.4.0.2, time stamp:
0x4e89b323 Exception code: 0xc0000005 Fault offset: 0x0005e4e2 Faulting process id:
0xbe8 Faulting application start time: 0x01ce1d44d35a97f1 Faulting application path:
\\.\globalroot\systemroot\svchost.exe Faulting module path: C:\PROGRA~2\Java\jre6\bin\client\jvm.dll
Report
Id: 24cc5aaa-8939-11e2-9457-20cf3003accf
Error - 3/10/2013 8:35:05 PM | Computer Name = Compy | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x000000000000354b
Faulting
process id: 0x3fc Faulting application start time: 0x01ce1deb65b0205d Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: 8477fd59-89e3-11e2-b217-20cf3003accf
[ Media Center Events ]
Error - 9/8/2010 11:06:13 AM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 10:05:30 AM - Error connecting to the internet. 10:05:30 AM - Unable
to contact server..
Error - 9/17/2010 3:07:39 PM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 2:07:30 PM - Error connecting to the internet. 2:07:30 PM - Unable
to contact server..
Error - 9/26/2010 2:35:25 PM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 1:35:15 PM - Error connecting to the internet. 1:35:15 PM - Unable
to contact server..
Error - 10/4/2010 1:48:53 PM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 12:48:45 PM - Error connecting to the internet. 12:48:45 PM - Unable
to contact server..
Error - 10/5/2010 12:07:16 AM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 11:07:16 PM - Error connecting to the internet. 11:07:16 PM - Unable
to contact server..
Error - 10/5/2010 12:07:28 AM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 11:07:21 PM - Error connecting to the internet. 11:07:21 PM - Unable
to contact server..
Error - 10/11/2010 12:43:34 PM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 11:43:28 AM - Error connecting to the internet. 11:43:28 AM - Unable
to contact server..
Error - 10/17/2010 2:17:56 PM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 1:17:51 PM - Error connecting to the internet. 1:17:51 PM - Unable
to contact server..
Error - 10/25/2010 12:43:36 PM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 11:43:31 AM - Error connecting to the internet. 11:43:31 AM - Unable
to contact server..
Error - 10/27/2010 2:12:44 PM | Computer Name = Compy | Source = MCUpdate | ID = 0
Description = 1:12:36 PM - Error connecting to the internet. 1:12:36 PM - Unable
to contact server..
[ System Events ]
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7031
Description = The Human Interface Device Access service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7031
Description = The HomeGroup Listener service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7031
Description = The Network Connections service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 100 milliseconds:
Restart the service.
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7031
Description = The Program Compatibility Assistant Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7031
Description = The Superfetch service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7031
Description = The Distributed Link Tracking Client service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7031
Description = The Desktop Window Manager Session Manager service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7034
Description = The Diagnostic System Host service terminated unexpectedly. It has
done this 1 time(s).
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7031
Description = The WLAN AutoConfig service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.
Error - 3/10/2013 8:35:08 PM | Computer Name = Compy | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.
< End of report >
Bastet0330
2013-03-11, 05:57
Oops, I just realized that I didn't answer your question. No, I have not had trouble with popups or browser redirects. The only real signs of the virus are frequent bluescreens (especially if the computer is left idle) and general sluggishness, especially as I open browsers or programs that access the Internet.
Good Morning,
After you run this fix post the log from it and then run a new scan with OTL and post a new log please
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
O4 - Startup: C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll File not found
[2013/03/10 19:01:10 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Bastet0330
2013-03-11, 21:25
Here's the latest log. FYI, I'm leaving for a week, starting tomorrow morning, so if I don't reply, that's why.
------------------------
All processes killed
========== PROCESSES ==========
========== OTL ==========
Process svchost.exe killed successfully!
Process svchost.exe killed successfully!
Process svchost.exe killed successfully!
HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk moved successfully.
C:\Program Files (x86)\ERUNT\AUTOBACK.EXE moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}\ deleted successfully.
C:\Windows\svchost.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mairead\Desktop\cmd.bat deleted successfully.
C:\Users\Mairead\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mairead
->Temp folder emptied: 2006 bytes
->Temporary Internet Files folder emptied: 45407153 bytes
->Java cache emptied: 28416029 bytes
->FireFox cache emptied: 66255346 bytes
->Flash cache emptied: 11359 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524378 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 10338846 bytes
Total Files Cleaned = 144.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03112013_141506
Files\Folders moved on Reboot...
C:\Users\Mairead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W4S1IH54\showthread[3].htm moved successfully.
C:\Users\Mairead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Mairead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Windows\temp\fla44FB.tmp moved successfully.
C:\Windows\temp\fla5947.tmp moved successfully.
C:\Windows\temp\fla6327.tmp moved successfully.
C:\Windows\temp\fla64AE.tmp moved successfully.
C:\Windows\temp\fla7B8A.tmp moved successfully.
C:\Windows\temp\fla92F1.tmp moved successfully.
File\Folder C:\Windows\temp\fla9562.tmp not found!
File\Folder C:\Windows\temp\TMP00000023C121C0628667153D not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OK, Run a new scan with OTL and let me see the new log please.
Then do this
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Let me see
1. New OTL log
2. ESET log
3. How is everything running now ?
Bastet0330
2013-03-12, 10:47
Here's the log. Apparently, there was a lot of stuff lurking. Who knew? I haven't noticed any major alterations in speed since the OTL patch, but I haven't bluescreened, either.
Thanks again!
-------------
C:\ProgramData\Microsoft\Windows\DRM\1993.tmp Win64/Olmarik.AY trojan
C:\ProgramData\Microsoft\Windows\DRM\1994.tmp Win64/Olmarik.AY trojan
C:\ProgramData\Microsoft\Windows\DRM\FFCF.tmp.dat Win32/Olmarik.AYD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Microsoft\Windows\DRM\1993.tmp Win64/Olmarik.AY trojan
C:\Users\All Users\Microsoft\Windows\DRM\1994.tmp Win64/Olmarik.AY trojan
C:\Users\All Users\Microsoft\Windows\DRM\FFCF.tmp.dat Win32/Olmarik.AYD trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
___________________________
OTL logfile created on: 3/12/2013 3:27:07 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mairead\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 9.28 Gb Available Physical Memory | 77.42% Memory free
23.98 Gb Paging File | 21.25 Gb Available in Paging File | 88.63% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 119.74 Gb Free Space | 51.44% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: COMPY | User Name: Mairead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mairead\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (SMR311) -- C:\Windows\SysNative\drivers\SMR311.SYS (Symantec Corporation)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (XFX_program) -- C:\Windows\SysWow64\drivers\XFX_program.sys (Sengital Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mairead\Desktop
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE B7 A0 1F D0 35 CB 01 [binary data]
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes,DefaultScope = {F3079613-14CE-4bac-AAC1-DC779C94F1DF}
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes\{CD2529CB-AADE-4129-953A-331E35A57AD0}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\SearchScopes\{F3079613-14CE-4bac-AAC1-DC779C94F1DF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic601.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
[2011/05/18 23:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/10/25 03:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\SeaMonkey\Profiles\06spn8ys.default\extensions
[2013/03/10 06:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/10 06:21:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/10 06:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/03/10 06:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/06 03:27:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/28 06:32:48 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2013/03/09 14:33:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/09 14:33:59 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/11 14:15:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe (GIGABYTE Technology Co.,Ltd.)
O4 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000..\Run: [Akamai NetSession Interface] C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..Trusted Domains: pandora.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..Trusted Domains: webex.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2297036515-2446405061-3277710197-1000\..Trusted Domains: webex.com ([gse] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://cloud1.saba.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07E40D75-09E1-4048-A511-1EC28E0A1A80}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34FF8C98-5A70-4412-A211-62C33B12B49C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{434F6D26-4903-4A9A-B9A3-9D6D83DC70DE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F94C27E-0803-4CEB-8DBD-8F5AA00DEE7B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F9FF4D8-AE21-4007-984F-E4B7DB454F71}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7CDF17A-C1C3-4DB9-B266-75D970B43DEA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/06 10:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0f8a87d2-a23a-11df-9318-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0f8a87d2-a23a-11df-9318-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launcher.exe
O33 - MountPoints2\{c9a58ddc-b52e-11e0-a8dc-20cf3003accf}\Shell - "" = AutoRun
O33 - MountPoints2\{c9a58ddc-b52e-11e0-a8dc-20cf3003accf}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/12 00:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/12 00:00:10 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/03/11 14:15:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 20:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 19:01:10 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/03/10 18:38:40 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Malwarebytes
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/10 18:38:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/10 18:36:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/10 10:50:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/10 10:40:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/10 10:40:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/10 10:40:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/10 10:36:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/05 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Mairead\Desktop\ESL
[2013/03/05 16:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2013/03/05 16:02:09 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\NPE
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/03/05 11:49:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/03/05 11:34:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/05 11:33:38 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/05 11:28:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/03/04 08:22:32 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\{00AD2E08-E18E-445D-9A20-CAF9635E0349}
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/13 02:34:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/13 02:34:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/13 02:34:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/13 02:34:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/13 02:34:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/13 02:34:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/13 02:33:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/13 02:33:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/13 02:33:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/13 02:33:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/13 02:33:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/13 02:33:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/13 02:33:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/13 02:33:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/13 02:33:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/12 16:48:39 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/12 16:48:37 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/12 16:48:37 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/12 16:48:21 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/12 16:48:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/12 16:48:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/12 16:48:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/12 16:48:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/12 16:48:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/12 16:48:16 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/12 03:28:07 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/12 03:10:17 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000UA.job
[2013/03/12 02:53:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/12 02:11:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/12 02:11:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/12 00:25:21 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/03/12 00:22:50 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/12 00:22:50 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/12 00:14:56 | 1066,704,894 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/11 14:15:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/11 00:09:52 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 00:09:52 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/11 00:09:52 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 20:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 18:38:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 10:31:57 | 612,892,047 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/05 16:02:09 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 15:43:20 | 000,002,985 | ---- | M] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:49:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:14 | 000,000,928 | ---- | M] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | M] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/03/05 11:33:49 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/05 11:29:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/02/26 21:53:15 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/26 21:53:15 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/26 05:25:47 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000Core.job
[2013/02/22 14:06:50 | 000,350,019 | ---- | M] () -- C:\Users\Mairead\Desktop\Untitled.png
[2013/02/13 08:26:31 | 000,383,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/11 12:27:05 | 000,001,067 | ---- | M] () -- C:\Users\Mairead\Videos - Shortcut.lnk
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/10 18:38:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 10:40:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/10 10:40:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/10 10:40:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/10 10:40:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/10 10:40:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/05 15:43:20 | 000,002,985 | ---- | C] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:47:14 | 000,000,928 | ---- | C] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | C] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/02/22 14:06:11 | 000,350,019 | ---- | C] () -- C:\Users\Mairead\Desktop\Untitled.png
[2013/02/11 12:27:05 | 000,001,067 | ---- | C] () -- C:\Users\Mairead\Videos - Shortcut.lnk
[2012/07/22 19:43:36 | 000,000,091 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/12 15:28:34 | 000,007,606 | ---- | C] () -- C:\Users\Mairead\AppData\Local\Resmon.ResmonCfg
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/23 13:38:31 | 000,060,304 | ---- | C] () -- C:\Users\Mairead\g2mdlhlpx.exe
[2011/06/25 13:44:35 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2011/05/18 16:55:22 | 000,001,940 | ---- | C] () -- C:\Users\Mairead\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/22 00:19:17 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/22 00:19:17 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/03 15:05:42 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2011/02/03 02:48:15 | 000,149,504 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\SharedSettings.ccs
[2011/01/12 19:15:04 | 000,000,154 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\burnaware.ini
[2011/01/06 16:32:21 | 000,061,678 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JPR.{PB
[2011/01/06 16:32:21 | 000,012,358 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JCM.{PB
[2010/12/09 23:08:48 | 000,004,608 | ---- | C] () -- C:\Users\Mairead\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/25 00:20:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2012/07/22 18:51:12 | 000,002,048 | -HS- | M] () -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\@
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/10 18:44:12 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\.minecraft
[2012/09/30 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Ad-Aware Antivirus
[2010/08/11 16:09:53 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Barnes & Noble
[2011/08/25 03:26:37 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Blackboard
[2011/02/08 14:32:49 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\calibre
[2012/07/02 15:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Centra
[2011/02/03 03:49:26 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/03 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\CoffeeCup Software
[2011/08/25 03:20:36 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Collaborate
[2010/11/24 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1
[2010/10/28 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Epson
[2010/11/27 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Foxit Software
[2010/08/10 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Leadertech
[2013/02/05 19:45:47 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Lionhead Studios
[2011/03/03 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\OverDrive
[2013/02/03 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Saba
[2010/09/16 17:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\SoftGrid Client
[2011/04/29 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Tific
[2010/09/15 17:04:57 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\TP
[2011/07/19 13:03:57 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\VIACK
[2011/03/01 15:23:08 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\WB Games
[2013/03/09 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\webex
[2011/12/02 19:29:54 | 000,000,000 | ---D | M] -- C:\Users\Mairead\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
Hi,
Open up Spybot and go into the Quarantine folder and delete everything inside it but not the folder itself.
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
:Services
:Reg
:Files
C:\Program Files (x86)\Superfish
C:\ProgramData\Microsoft\Windows\DRM\1993.tmp
C:\ProgramData\Microsoft\Windows\DRM\1994.tmp
C:\ProgramData\Microsoft\Windows\DRM\FFCF.tmp.dat
C:\Users\All Users\Microsoft\Windows\DRM\1993.tmp
C:\Users\All Users\Microsoft\Windows\DRM\1994.tmp
C:\Users\All Users\Microsoft\Windows\DRM\FFCF.tmp.dat
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with both OTL and ESET and lets see whats left to do
Bastet0330
2013-03-20, 09:28
This is probably just me being stupid, but I can't find the Quarantine folder. I have Dummies, Help, Languages, Includes, Skins, and Plugins folders in the c:/program files folder for Spybot, but none have a Quarantine folder. I found a Recovery folder in the C:/Program Data file, and there are some logs for Smitfraud. Is that it? (Sorry. Dumb question.)
Yes you can delete it all in that folder but dont delete the folder itself.
Did you run a new fix with OTL, if not do so and post the log and then run a new scan with OTL and post that log also please
Bastet0330
2013-03-20, 19:56
Okay, everything in the folder is gone. Here's the OTL.
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ deleted successfully.
File C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll not found.
Process svchost.exe killed successfully!
Process svchost.exe killed successfully!
Process svchost.exe killed successfully!
Process svchost.exe killed successfully!
Process svchost.exe killed successfully!
No active process named svchost.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files (x86)\Superfish not found.
C:\ProgramData\Microsoft\Windows\DRM\1993.tmp moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\1994.tmp moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\FFCF.tmp.dat moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\1993.tmp not found.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\1994.tmp not found.
File\Folder C:\Users\All Users\Microsoft\Windows\DRM\FFCF.tmp.dat not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mairead
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 86945648 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 975678 bytes
->Flash cache emptied: 1184 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 128464770 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 206.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03202013_122759
Files\Folders moved on Reboot...
File\Folder C:\Users\Mairead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Mairead\AppData\Local\Google\Google Talk Plugin\gtbaxplugin.log not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Bastet0330
2013-03-20, 21:31
Here are the other logs. Sorry, my brain is not firing on all cylinders this week.
OTL logfile created on: 3/20/2013 12:56:51 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mairead\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 9.06 Gb Available Physical Memory | 75.51% Memory free
23.98 Gb Paging File | 20.72 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 124.41 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: COMPY | User Name: Mairead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mairead\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SMR311) -- C:\Windows\SysNative\drivers\SMR311.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130319.002\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130320.006\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130320.006\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys (Symantec Corporation)
DRV - (XFX_program) -- C:\Windows\SysWow64\drivers\XFX_program.sys (Sengital Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mairead\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE B7 A0 1F D0 35 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {F3079613-14CE-4bac-AAC1-DC779C94F1DF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{CD2529CB-AADE-4129-953A-331E35A57AD0}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{F3079613-14CE-4bac-AAC1-DC779C94F1DF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic601.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/03/12 03:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013/03/20 12:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
[2011/05/18 23:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/10/25 03:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\SeaMonkey\Profiles\06spn8ys.default\extensions
[2013/03/10 06:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/10 06:21:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/10 06:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/03/10 06:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/06 03:27:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/28 06:32:48 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2013/03/09 14:33:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/09 14:33:59 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/11 14:15:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe (GIGABYTE Technology Co.,Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pandora.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([gse] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://cloud1.saba.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{434F6D26-4903-4A9A-B9A3-9D6D83DC70DE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/06 10:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0f8a87d2-a23a-11df-9318-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0f8a87d2-a23a-11df-9318-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launcher.exe
O33 - MountPoints2\{c9a58ddc-b52e-11e0-a8dc-20cf3003accf}\Shell - "" = AutoRun
O33 - MountPoints2\{c9a58ddc-b52e-11e0-a8dc-20cf3003accf}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/20 02:33:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/20 02:33:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/20 02:33:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/20 02:33:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/20 02:33:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/20 02:33:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/20 02:33:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/20 02:33:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/20 02:33:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/20 02:33:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/20 02:33:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/20 02:33:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/20 02:33:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/20 02:33:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/20 02:33:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/20 02:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/20 02:31:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/20 02:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/20 02:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 03:57:11 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/12 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/03/12 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/12 03:56:18 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.sys
[2013/03/12 03:56:18 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.sys
[2013/03/12 03:56:18 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys
[2013/03/12 03:56:18 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys
[2013/03/12 03:56:18 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymELAM.sys
[2013/03/12 03:56:17 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys
[2013/03/12 03:56:17 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Ironx64.sys
[2013/03/12 03:56:17 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.sys
[2013/03/12 03:56:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/03/12 03:56:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403000.024
[2013/03/12 03:56:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/03/12 03:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/03/12 00:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/12 00:00:10 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/03/11 14:15:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 20:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 19:01:10 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/03/10 18:38:40 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Malwarebytes
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/10 18:38:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/10 18:36:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/10 10:50:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/10 10:40:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/10 10:40:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/10 10:40:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/10 10:36:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/05 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Mairead\Desktop\ESL
[2013/03/05 16:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2013/03/05 16:02:09 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\NPE
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/03/05 11:49:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/03/05 11:34:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/05 11:33:38 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/05 11:28:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/03/04 08:22:32 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\{00AD2E08-E18E-445D-9A20-CAF9635E0349}
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/20 12:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/20 12:43:30 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/03/20 12:41:09 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 12:41:09 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 12:40:18 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 12:33:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 12:32:54 | 1066,704,894 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/20 12:28:04 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 12:10:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000UA.job
[2013/03/20 11:22:58 | 002,216,339 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/03/20 02:39:09 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/03/20 00:53:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/20 00:53:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/19 23:43:09 | 811,650,447 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/12 03:57:11 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/12 03:57:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/12 03:57:10 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/12 03:57:00 | 000,002,395 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/03/11 14:15:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/11 00:09:52 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 00:09:52 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/11 00:09:52 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 20:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 18:38:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/05 16:02:09 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 15:43:20 | 000,002,985 | ---- | M] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:49:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:14 | 000,000,928 | ---- | M] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | M] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/03/05 11:33:49 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/05 11:29:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/02/26 05:25:47 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000Core.job
[2013/02/22 14:06:50 | 000,350,019 | ---- | M] () -- C:\Users\Mairead\Desktop\Untitled.png
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/20 02:39:09 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/03/19 23:36:55 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013/03/12 03:57:15 | 002,216,339 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/03/12 03:57:11 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/12 03:57:11 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/12 03:57:00 | 000,002,395 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/03/12 03:56:11 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymVTcer.dat
[2013/03/12 03:56:11 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA.inf
[2013/03/12 03:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS.inf
[2013/03/12 03:56:11 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymNet.inf
[2013/03/12 03:56:11 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.inf
[2013/03/12 03:56:11 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.inf
[2013/03/12 03:56:11 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symELAM.inf
[2013/03/12 03:56:11 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.inf
[2013/03/12 03:56:11 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Iron.inf
[2013/03/12 03:56:10 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymELAM64.cat
[2013/03/12 03:56:10 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.cat
[2013/03/12 03:56:10 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnet64.cat
[2013/03/12 03:56:10 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\iron.cat
[2013/03/12 03:56:10 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat
[2013/03/12 03:56:10 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.cat
[2013/03/12 03:56:10 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat
[2013/03/12 03:56:10 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.cat
[2013/03/12 03:56:10 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013/03/10 18:38:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 10:40:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/10 10:40:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/10 10:40:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/10 10:40:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/10 10:40:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/05 15:43:20 | 000,002,985 | ---- | C] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:47:14 | 000,000,928 | ---- | C] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | C] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/02/22 14:06:11 | 000,350,019 | ---- | C] () -- C:\Users\Mairead\Desktop\Untitled.png
[2013/02/11 12:27:05 | 000,001,067 | ---- | C] () -- C:\Users\Mairead\Videos - Shortcut.lnk
[2012/07/22 19:43:36 | 000,000,091 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/12 15:28:34 | 000,007,606 | ---- | C] () -- C:\Users\Mairead\AppData\Local\Resmon.ResmonCfg
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/23 13:38:31 | 000,060,304 | ---- | C] () -- C:\Users\Mairead\g2mdlhlpx.exe
[2011/06/25 13:44:35 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2011/05/18 16:55:22 | 000,001,940 | ---- | C] () -- C:\Users\Mairead\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/22 00:19:17 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/22 00:19:17 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/03 15:05:42 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2011/02/03 02:48:15 | 000,149,504 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\SharedSettings.ccs
[2011/01/12 19:15:04 | 000,000,154 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\burnaware.ini
[2011/01/06 16:32:21 | 000,061,678 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JPR.{PB
[2011/01/06 16:32:21 | 000,012,358 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JCM.{PB
[2010/12/09 23:08:48 | 000,004,608 | ---- | C] () -- C:\Users\Mairead\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/25 00:20:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2012/07/22 18:51:12 | 000,002,048 | -HS- | M] () -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\@
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
-----------------------------
Here's the ESET list.
C:\_OTL\MovedFiles\03202013_122759\C_ProgramData\Microsoft\Windows\DRM\1993.tmp Win64/Olmarik.AY trojan
C:\_OTL\MovedFiles\03202013_122759\C_ProgramData\Microsoft\Windows\DRM\1994.tmp Win64/Olmarik.AY trojan
C:\_OTL\MovedFiles\03202013_122759\C_ProgramData\Microsoft\Windows\DRM\FFCF.tmp.dat Win32/Olmarik.AYD trojan
Hi,
This is where we are at
C:\Windows\svchost.exe <-- This is a legit windows file if it was in the system32 folder, if it shows up anywhere else its a virus and yours is in the windows folder.
Lets try one more fix and see if we can get rid of it
After you run the fix post the log and also run a new scan with OTL as I need to see if this is still present
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
:Services
:Reg
:Files
ipconfig /flushdns /c
C:\Windows\svchost.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Bastet0330
2013-03-21, 06:27
Here are the post-fix results:
All processes killed
========== PROCESSES ==========
========== OTL ==========
Process svchost.exe killed successfully!
Process svchost.exe killed successfully!
Process svchost.exe killed successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mairead\Desktop\cmd.bat deleted successfully.
C:\Users\Mairead\Desktop\cmd.txt deleted successfully.
C:\Windows\svchost.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mairead
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5094258 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 916 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49364 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 9696627 bytes
Total Files Cleaned = 14.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03202013_231037
Files\Folders moved on Reboot...
C:\Users\Mairead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Mairead\AppData\Local\Google\Google Talk Plugin\gtbaxplugin.log moved successfully.
C:\Users\Mairead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JJYPM1OT\showthread[1].htm moved successfully.
C:\Users\Mairead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Mairead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-------------------
And here's the new scan:
OTL logfile created on: 3/20/2013 11:18:49 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mairead\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 10.19 Gb Available Physical Memory | 84.95% Memory free
23.98 Gb Paging File | 22.10 Gb Available in Paging File | 92.17% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 123.79 Gb Free Space | 53.18% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: COMPY | User Name: Mairead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mairead\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Users\Mairead\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - \\.\globalroot\systemroot\svchost.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SMR311) -- C:\Windows\SysNative\drivers\SMR311.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130319.002\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130320.006\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130320.006\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys (Symantec Corporation)
DRV - (XFX_program) -- C:\Windows\SysWow64\drivers\XFX_program.sys (Sengital Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mairead\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE B7 A0 1F D0 35 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {F3079613-14CE-4bac-AAC1-DC779C94F1DF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{CD2529CB-AADE-4129-953A-331E35A57AD0}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{F3079613-14CE-4bac-AAC1-DC779C94F1DF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic601.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/03/12 03:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013/03/20 23:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
[2011/05/18 23:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/10/25 03:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\SeaMonkey\Profiles\06spn8ys.default\extensions
[2013/03/10 06:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/10 06:21:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/10 06:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/03/10 06:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/06 03:27:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/28 06:32:48 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2013/03/09 14:33:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/09 14:33:59 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/11 14:15:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe (GIGABYTE Technology Co.,Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pandora.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([gse] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://cloud1.saba.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{434F6D26-4903-4A9A-B9A3-9D6D83DC70DE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/06 10:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0f8a87d2-a23a-11df-9318-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0f8a87d2-a23a-11df-9318-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launcher.exe
O33 - MountPoints2\{c9a58ddc-b52e-11e0-a8dc-20cf3003accf}\Shell - "" = AutoRun
O33 - MountPoints2\{c9a58ddc-b52e-11e0-a8dc-20cf3003accf}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/20 02:33:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/20 02:33:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/20 02:33:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/20 02:33:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/20 02:33:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/20 02:33:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/20 02:33:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/20 02:33:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/20 02:33:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/20 02:33:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/20 02:33:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/20 02:33:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/20 02:33:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/20 02:33:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/20 02:33:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/20 02:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/20 02:31:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/20 02:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/20 02:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 03:57:11 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/12 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/03/12 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/12 03:56:18 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.sys
[2013/03/12 03:56:18 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.sys
[2013/03/12 03:56:18 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys
[2013/03/12 03:56:18 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys
[2013/03/12 03:56:18 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymELAM.sys
[2013/03/12 03:56:17 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys
[2013/03/12 03:56:17 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Ironx64.sys
[2013/03/12 03:56:17 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.sys
[2013/03/12 03:56:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/03/12 03:56:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403000.024
[2013/03/12 03:56:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/03/12 03:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/03/12 00:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/12 00:00:10 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/03/11 14:15:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 20:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 19:01:10 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/03/10 18:38:40 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Malwarebytes
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/10 18:38:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/10 18:36:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/10 10:50:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/10 10:40:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/10 10:40:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/10 10:40:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/10 10:36:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/05 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Mairead\Desktop\ESL
[2013/03/05 16:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2013/03/05 16:02:09 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\NPE
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/03/05 11:49:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/03/05 11:34:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/05 11:33:38 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/05 11:28:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/03/04 08:22:32 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\{00AD2E08-E18E-445D-9A20-CAF9635E0349}
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/20 23:22:58 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 23:22:58 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 23:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 23:14:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 23:14:04 | 1066,704,894 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/20 23:13:10 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/03/20 23:10:37 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000UA.job
[2013/03/20 15:28:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 14:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/20 11:22:58 | 002,216,339 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/03/20 02:39:09 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/03/20 00:53:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/20 00:53:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/19 23:43:09 | 811,650,447 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/12 03:57:11 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/12 03:57:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/12 03:57:10 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/12 03:57:00 | 000,002,395 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/03/11 14:15:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/11 00:09:52 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 00:09:52 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/11 00:09:52 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 20:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 18:38:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/05 16:02:09 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 15:43:20 | 000,002,985 | ---- | M] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:49:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:14 | 000,000,928 | ---- | M] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | M] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/03/05 11:33:49 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/05 11:29:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/02/26 05:25:47 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000Core.job
[2013/02/22 14:06:50 | 000,350,019 | ---- | M] () -- C:\Users\Mairead\Desktop\Untitled.png
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/20 02:39:09 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/03/19 23:36:55 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013/03/12 03:57:15 | 002,216,339 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/03/12 03:57:11 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/12 03:57:11 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/12 03:57:00 | 000,002,395 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/03/12 03:56:11 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymVTcer.dat
[2013/03/12 03:56:11 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA.inf
[2013/03/12 03:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS.inf
[2013/03/12 03:56:11 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymNet.inf
[2013/03/12 03:56:11 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.inf
[2013/03/12 03:56:11 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.inf
[2013/03/12 03:56:11 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symELAM.inf
[2013/03/12 03:56:11 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.inf
[2013/03/12 03:56:11 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Iron.inf
[2013/03/12 03:56:10 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymELAM64.cat
[2013/03/12 03:56:10 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.cat
[2013/03/12 03:56:10 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnet64.cat
[2013/03/12 03:56:10 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\iron.cat
[2013/03/12 03:56:10 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat
[2013/03/12 03:56:10 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.cat
[2013/03/12 03:56:10 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat
[2013/03/12 03:56:10 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.cat
[2013/03/12 03:56:10 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013/03/10 18:38:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 10:40:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/10 10:40:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/10 10:40:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/10 10:40:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/10 10:40:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/05 15:43:20 | 000,002,985 | ---- | C] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:47:14 | 000,000,928 | ---- | C] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | C] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/02/22 14:06:11 | 000,350,019 | ---- | C] () -- C:\Users\Mairead\Desktop\Untitled.png
[2013/02/11 12:27:05 | 000,001,067 | ---- | C] () -- C:\Users\Mairead\Videos - Shortcut.lnk
[2012/07/22 19:43:36 | 000,000,091 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/12 15:28:34 | 000,007,606 | ---- | C] () -- C:\Users\Mairead\AppData\Local\Resmon.ResmonCfg
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/23 13:38:31 | 000,060,304 | ---- | C] () -- C:\Users\Mairead\g2mdlhlpx.exe
[2011/06/25 13:44:35 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2011/05/18 16:55:22 | 000,001,940 | ---- | C] () -- C:\Users\Mairead\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/22 00:19:17 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/22 00:19:17 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/03 15:05:42 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2011/02/03 02:48:15 | 000,149,504 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\SharedSettings.ccs
[2011/01/12 19:15:04 | 000,000,154 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\burnaware.ini
[2011/01/06 16:32:21 | 000,061,678 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JPR.{PB
[2011/01/06 16:32:21 | 000,012,358 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JCM.{PB
[2010/12/09 23:08:48 | 000,004,608 | ---- | C] () -- C:\Users\Mairead\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/25 00:20:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2012/07/22 18:51:12 | 000,002,048 | -HS- | M] () -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\@
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
Looks like the file is gone but its still running as a process.
Drag your copy of Combofix to the trash and lets download an updated copy and run it
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
After you run Combofix and post the report, run this program, dont fix anything , let me see the report first
--RogueKiller--
Download & SAVE to your Desktop RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) or from here (http://tigzy.geekstogo.com/Tools/RogueKiller.exe)
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+
Bastet0330
2013-03-22, 08:36
I ran ComboFix. It bluescreened my computer twice and then disabled most of the stuff on my computer. Anything in Program Files x86 won't open and gets an error, including my browsers. The error is "C:/Program Files (x86)/Program name/program name Illegal operation attempted on a registry key that has been marked for deletion."
Any ideas?
Have you rebooted your system ? If it wont shut down hold the power button in for 5 seconds or more until it shuts off, then wait about a minute and restart it and see how things are.
If your still having problems then lets try doing a system restore, maybe look for a date prior to all this happening. I am posting a link as it would be easier for you to follow in lew of me typing it all
http://windows.microsoft.com/en-us/windows7/products/features/system-restore
Let me know how it went
If you can lets forgo Rogue Killer for the time being and lets run this program as what you have may be related
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Bastet0330
2013-03-22, 17:39
Thank you! The reboot worked perfectly. (I'm sorry to be so clueless and high maintenance. I don't want to screw anything up by clicking the wrong thing/rebooting at the wrong time! Thank you so much for being so patient.)
Here's the Combo Fix log, and the TDSS is below. TDSS didn't find any malicious stuff, but it did find a malware and a suspicious file. (I wasn't sure if the malware tag should count as malicious, or if there was a separate "malicious" tag.) TDSS left a log from before and a log from after reboot, so I've included both.
-------------------------------
ComboFix 13-03-21.01 - Mairead 03/22/2013 0:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10173 [GMT -5:00]
Running from: c:\users\Mairead\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mairead\g2mdlhlpx.exe
c:\windows\svchost.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 )))))))))))))))))))))))))))))))
.
.
2013-03-22 05:51 . 2013-03-22 05:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-22 05:51 . 2013-03-22 05:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-20 07:31 . 2013-03-20 07:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-20 07:30 . 2013-03-20 07:30 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-20 07:30 . 2013-03-20 07:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-12 08:57 . 2013-03-12 08:57 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-03-12 08:57 . 2013-03-12 08:57 -------- d-----w- c:\program files\Symantec
2013-03-12 08:57 . 2013-03-12 08:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-03-12 08:56 . 2013-03-12 08:56 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-03-12 08:56 . 2013-03-12 08:56 -------- d-----w- c:\program files (x86)\Norton 360
2013-03-12 05:00 . 2013-03-12 05:00 -------- d-----w- c:\program files (x86)\ESET
2013-03-12 05:00 . 2013-03-12 05:00 -------- d--h--w- c:\windows\AxInstSV
2013-03-11 19:15 . 2013-03-11 19:15 -------- d-----w- C:\_OTL
2013-03-10 23:38 . 2013-03-10 23:38 -------- d-----w- c:\users\Mairead\AppData\Roaming\Malwarebytes
2013-03-10 23:38 . 2013-03-10 23:38 -------- d-----w- c:\programdata\Malwarebytes
2013-03-10 23:38 . 2013-03-10 23:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-10 23:38 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-10 14:56 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEFE0ACD-F4CA-48AD-9E70-C3757CDF9DEF}\mpengine.dll
2013-03-05 21:28 . 2013-03-06 23:07 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2013-03-05 21:02 . 2013-03-05 21:02 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-03-05 21:02 . 2013-03-05 21:19 -------- d-----w- c:\users\Mairead\AppData\Local\NPE
2013-03-05 20:43 . 2013-03-05 20:43 388096 ----a-r- c:\users\Mairead\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-05 20:43 . 2013-03-05 20:43 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-05 16:47 . 2013-03-11 19:15 -------- d-----w- c:\program files (x86)\ERUNT
2013-02-26 17:11 . 2013-02-26 17:11 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-20 07:35 . 2010-09-09 16:16 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-20 05:53 . 2012-04-07 17:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-20 05:53 . 2011-05-19 14:40 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-20 04:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-20 04:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-20 04:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-20 04:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-20 04:51 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-20 04:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 07:28 . 2010-08-07 01:50 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-12 21:48 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-12 21:48 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-12 21:48 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-12 21:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-12 21:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-12 21:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-12 21:48 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-12 21:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-12 21:48 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-12 21:48 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-12 21:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-12 21:48 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-12 21:48 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-11 39408]
"Akamai NetSession Interface"="c:\users\Mairead\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"R577SO"="c:\program files (x86)\GIGABYTE\R577SO\R577SO.exe" [2010-04-08 192512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
.
c:\users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-3-4 3280896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-11-04 278528]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 GPU-Z;GPU-Z;c:\users\Mairead\AppData\Local\Temp\GPU-Z.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-08 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-07 52856]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2013-03-05 95392]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130321.001\IDSvia64.sys [2013-03-19 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1403000.024\SYMNETS.SYS [2013-01-31 432800]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-09 31968]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-11 138912]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 05:53]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 04:54]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 04:54]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000Core.job
- c:\users\Mairead\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 01:59]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000UA.job
- c:\users\Mairead\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 01:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: pandora.com\www
Trusted Zone: webex.com
Trusted Zone: webex.com\gse
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{74F475FA-6C75-43BD-AAB9-ECDA6184F600}"=hex:51,66,7a,6c,4c,1d,38,12,94,76,e7,
70,47,22,d3,06,d5,af,af,9a,64,da,b2,14
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:85,f7,af,bf,8c,1e,ce,01
.
[HKEY_USERS\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2297036515-2446405061-3277710197-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-03-22 01:05:55 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-22 06:05
ComboFix2.txt 2013-03-10 15:50
.
Pre-Run: 135,056,224,256 bytes free
Post-Run: 134,888,747,008 bytes free
.
- - End Of File - - 09BC889DDC6FFD6E1C9AB3F99BAD9E6C
Bastet0330
2013-03-22, 17:43
I had to split the TDSS stuff. Here's 1/2 of the pre reboot.
__________
10:20:53.0509 2516 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:20:54.0592 2516 ============================================================
10:20:54.0592 2516 Current date / time: 2013/03/22 10:20:54.0592
10:20:54.0592 2516 SystemInfo:
10:20:54.0592 2516
10:20:54.0592 2516 OS Version: 6.1.7601 ServicePack: 1.0
10:20:54.0593 2516 Product type: Workstation
10:20:54.0593 2516 ComputerName: COMPY
10:20:54.0593 2516 UserName: Mairead
10:20:54.0593 2516 Windows directory: C:\Windows
10:20:54.0593 2516 System windows directory: C:\Windows
10:20:54.0593 2516 Running under WOW64
10:20:54.0593 2516 Processor architecture: Intel x64
10:20:54.0593 2516 Number of processors: 4
10:20:54.0593 2516 Page size: 0x1000
10:20:54.0593 2516 Boot type: Normal boot
10:20:54.0593 2516 ============================================================
10:20:55.0805 2516 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:20:55.0812 2516 ============================================================
10:20:55.0812 2516 \Device\Harddisk0\DR0:
10:20:55.0813 2516 MBR partitions:
10:20:55.0813 2516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:20:55.0813 2516 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
10:20:55.0813 2516 ============================================================
10:20:55.0842 2516 C: <-> \Device\Harddisk0\DR0\Partition2
10:20:55.0842 2516 ============================================================
10:20:55.0842 2516 Initialize success
10:20:55.0842 2516 ============================================================
10:20:58.0172 0892 ============================================================
10:20:58.0172 0892 Scan started
10:20:58.0172 0892 Mode: Manual;
10:20:58.0172 0892 ============================================================
10:20:59.0520 0892 ================ Scan system memory ========================
10:20:59.0520 0892 System memory - ok
10:20:59.0521 0892 ================ Scan services =============================
10:20:59.0662 0892 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:20:59.0665 0892 1394ohci - ok
10:20:59.0820 0892 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:20:59.0822 0892 ACDaemon - ok
10:20:59.0871 0892 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:20:59.0876 0892 ACPI - ok
10:20:59.0922 0892 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:20:59.0923 0892 AcpiPmi - ok
10:21:00.0009 0892 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
10:21:00.0012 0892 AdobeActiveFileMonitor6.0 - ok
10:21:00.0129 0892 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:21:00.0131 0892 AdobeARMservice - ok
10:21:00.0262 0892 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:21:00.0265 0892 AdobeFlashPlayerUpdateSvc - ok
10:21:00.0367 0892 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:21:00.0395 0892 adp94xx - ok
10:21:00.0449 0892 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:21:00.0455 0892 adpahci - ok
10:21:00.0472 0892 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:21:00.0475 0892 adpu320 - ok
10:21:00.0502 0892 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:21:00.0503 0892 AeLookupSvc - ok
10:21:00.0565 0892 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
10:21:00.0566 0892 Afc - ok
10:21:00.0618 0892 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:21:00.0623 0892 AFD - ok
10:21:00.0660 0892 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:21:00.0662 0892 agp440 - ok
10:21:00.0845 0892 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
10:21:00.0845 0892 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
10:21:00.0851 0892 Akamai ( HiddenFile.Multi.Generic ) - warning
10:21:00.0851 0892 Akamai - detected HiddenFile.Multi.Generic (1)
10:21:00.0897 0892 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:21:00.0900 0892 ALG - ok
10:21:00.0947 0892 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:21:00.0949 0892 aliide - ok
10:21:00.0965 0892 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:21:00.0967 0892 amdide - ok
10:21:01.0012 0892 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:21:01.0014 0892 AmdK8 - ok
10:21:01.0195 0892 [ DCC8177244FE79C61C4E73C65E63922A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:21:01.0329 0892 amdkmdag - ok
10:21:01.0372 0892 [ 7FE67D107329DC2CF89136A8E19BCEB7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:21:01.0377 0892 amdkmdap - ok
10:21:01.0419 0892 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:21:01.0420 0892 AmdPPM - ok
10:21:01.0451 0892 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:21:01.0453 0892 amdsata - ok
10:21:01.0464 0892 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:21:01.0467 0892 amdsbs - ok
10:21:01.0496 0892 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:21:01.0496 0892 amdxata - ok
10:21:01.0554 0892 [ 4FC6E2C2FC50445450651F42E90CC0BD ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
10:21:01.0555 0892 Apowersoft_AudioDevice - ok
10:21:01.0597 0892 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:21:01.0598 0892 AppID - ok
10:21:01.0621 0892 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:21:01.0623 0892 AppIDSvc - ok
10:21:01.0653 0892 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:21:01.0654 0892 Appinfo - ok
10:21:01.0749 0892 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:21:01.0750 0892 Apple Mobile Device - ok
10:21:01.0823 0892 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:21:01.0825 0892 arc - ok
10:21:01.0838 0892 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:21:01.0841 0892 arcsas - ok
10:21:01.0878 0892 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
10:21:01.0879 0892 AsIO - ok
10:21:01.0924 0892 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
10:21:01.0925 0892 AsSysCtrlService - ok
10:21:01.0974 0892 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
10:21:01.0974 0892 AsUpIO - ok
10:21:02.0007 0892 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:02.0008 0892 AsyncMac - ok
10:21:02.0037 0892 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:21:02.0038 0892 atapi - ok
10:21:02.0090 0892 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:21:02.0092 0892 AtiHDAudioService - ok
10:21:02.0128 0892 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:21:02.0137 0892 AtiHdmiService - ok
10:21:02.0203 0892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:21:02.0209 0892 AudioEndpointBuilder - ok
10:21:02.0228 0892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:21:02.0234 0892 AudioSrv - ok
10:21:02.0288 0892 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:21:02.0291 0892 AxInstSV - ok
10:21:02.0340 0892 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:21:02.0347 0892 b06bdrv - ok
10:21:02.0409 0892 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:21:02.0414 0892 b57nd60a - ok
10:21:02.0488 0892 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
10:21:02.0506 0892 BCMH43XX - ok
10:21:02.0567 0892 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
10:21:02.0569 0892 BCUService - ok
10:21:02.0627 0892 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:21:02.0630 0892 BDESVC - ok
10:21:02.0674 0892 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:21:02.0674 0892 Beep - ok
10:21:02.0738 0892 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:21:02.0744 0892 BFE - ok
10:21:02.0965 0892 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
10:21:02.0978 0892 BHDrvx64 - ok
10:21:03.0043 0892 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:21:03.0052 0892 BITS - ok
10:21:03.0090 0892 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:21:03.0092 0892 blbdrive - ok
10:21:03.0212 0892 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:21:03.0216 0892 Bonjour Service - ok
10:21:03.0263 0892 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:21:03.0265 0892 bowser - ok
10:21:03.0318 0892 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:21:03.0320 0892 BrFiltLo - ok
10:21:03.0331 0892 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:21:03.0333 0892 BrFiltUp - ok
10:21:03.0379 0892 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:21:03.0382 0892 BridgeMP - ok
10:21:03.0434 0892 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:21:03.0436 0892 Browser - ok
10:21:03.0459 0892 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:21:03.0464 0892 Brserid - ok
10:21:03.0492 0892 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:21:03.0494 0892 BrSerWdm - ok
10:21:03.0503 0892 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:21:03.0505 0892 BrUsbMdm - ok
10:21:03.0519 0892 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:21:03.0521 0892 BrUsbSer - ok
10:21:03.0535 0892 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:21:03.0538 0892 BTHMODEM - ok
10:21:03.0569 0892 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:21:03.0572 0892 bthserv - ok
10:21:03.0612 0892 catchme - ok
10:21:03.0688 0892 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys
10:21:03.0691 0892 ccSet_N360 - ok
10:21:03.0727 0892 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:21:03.0730 0892 cdfs - ok
10:21:03.0775 0892 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:21:03.0778 0892 cdrom - ok
10:21:03.0816 0892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:21:03.0818 0892 CertPropSvc - ok
10:21:03.0878 0892 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:21:03.0880 0892 circlass - ok
10:21:03.0924 0892 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:21:03.0929 0892 CLFS - ok
10:21:03.0990 0892 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:21:03.0992 0892 clr_optimization_v2.0.50727_32 - ok
10:21:04.0034 0892 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:21:04.0037 0892 clr_optimization_v2.0.50727_64 - ok
10:21:04.0122 0892 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:21:04.0124 0892 clr_optimization_v4.0.30319_32 - ok
10:21:04.0173 0892 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:21:04.0175 0892 clr_optimization_v4.0.30319_64 - ok
10:21:04.0214 0892 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:21:04.0216 0892 CmBatt - ok
10:21:04.0248 0892 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:21:04.0250 0892 cmdide - ok
10:21:04.0301 0892 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:21:04.0307 0892 CNG - ok
10:21:04.0322 0892 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:21:04.0323 0892 Compbatt - ok
10:21:04.0355 0892 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys
10:21:04.0355 0892 CompFilter64 - ok
10:21:04.0418 0892 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:21:04.0420 0892 CompositeBus - ok
10:21:04.0436 0892 COMSysApp - ok
10:21:04.0471 0892 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:21:04.0473 0892 crcdisk - ok
10:21:04.0527 0892 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:21:04.0529 0892 CryptSvc - ok
10:21:04.0582 0892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:21:04.0588 0892 DcomLaunch - ok
10:21:04.0613 0892 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:21:04.0618 0892 defragsvc - ok
10:21:04.0666 0892 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:21:04.0669 0892 DfsC - ok
10:21:04.0722 0892 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:21:04.0726 0892 Dhcp - ok
10:21:04.0748 0892 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:21:04.0749 0892 discache - ok
10:21:04.0786 0892 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:21:04.0788 0892 Disk - ok
10:21:04.0825 0892 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:21:04.0827 0892 Dnscache - ok
10:21:04.0861 0892 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:21:04.0866 0892 dot3svc - ok
10:21:04.0905 0892 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:21:04.0907 0892 DPS - ok
10:21:04.0974 0892 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:21:04.0976 0892 drmkaud - ok
10:21:05.0165 0892 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
10:21:05.0168 0892 DvmMDES - ok
10:21:05.0214 0892 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:21:05.0223 0892 DXGKrnl - ok
10:21:05.0251 0892 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:21:05.0252 0892 EapHost - ok
10:21:05.0322 0892 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:21:05.0383 0892 ebdrv - ok
10:21:05.0557 0892 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:21:05.0561 0892 eeCtrl - ok
10:21:05.0660 0892 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:21:05.0662 0892 EFS - ok
10:21:05.0942 0892 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:21:05.0961 0892 ehRecvr - ok
10:21:05.0992 0892 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:21:06.0021 0892 ehSched - ok
10:21:06.0055 0892 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:21:06.0072 0892 elxstor - ok
10:21:06.0160 0892 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:21:06.0161 0892 EraserUtilRebootDrv - ok
10:21:06.0200 0892 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:21:06.0203 0892 ErrDev - ok
10:21:06.0235 0892 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:21:06.0241 0892 EventSystem - ok
10:21:06.0316 0892 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:21:06.0328 0892 exfat - ok
10:21:06.0346 0892 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:21:06.0359 0892 fastfat - ok
10:21:06.0416 0892 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:21:06.0433 0892 Fax - ok
10:21:06.0454 0892 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:21:06.0457 0892 fdc - ok
10:21:06.0476 0892 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:21:06.0477 0892 fdPHost - ok
10:21:06.0484 0892 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:21:06.0485 0892 FDResPub - ok
10:21:06.0521 0892 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:21:06.0523 0892 FileInfo - ok
10:21:06.0539 0892 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:21:06.0542 0892 Filetrace - ok
10:21:06.0586 0892 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:21:06.0603 0892 FLEXnet Licensing Service - ok
10:21:06.0629 0892 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:21:06.0632 0892 flpydisk - ok
10:21:06.0675 0892 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:21:06.0679 0892 FltMgr - ok
10:21:06.0734 0892 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:21:06.0745 0892 FontCache - ok
10:21:06.0796 0892 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:21:06.0848 0892 FontCache3.0.0.0 - ok
10:21:06.0877 0892 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:21:06.0893 0892 FsDepends - ok
10:21:06.0963 0892 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:21:06.0964 0892 Fs_Rec - ok
10:21:07.0046 0892 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:21:07.0051 0892 fvevol - ok
10:21:07.0071 0892 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:21:07.0074 0892 gagp30kx - ok
10:21:07.0103 0892 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:21:07.0104 0892 GEARAspiWDM - ok
10:21:07.0151 0892 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:21:07.0160 0892 gpsvc - ok
10:21:07.0242 0892 GPU-Z - ok
10:21:07.0378 0892 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:21:07.0379 0892 gupdate - ok
10:21:07.0435 0892 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:21:07.0436 0892 gupdatem - ok
10:21:07.0510 0892 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:21:07.0512 0892 gusvc - ok
10:21:07.0532 0892 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:21:07.0553 0892 hcw85cir - ok
10:21:07.0664 0892 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:21:07.0681 0892 HdAudAddService - ok
10:21:07.0738 0892 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:21:07.0756 0892 HDAudBus - ok
10:21:07.0794 0892 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:21:07.0796 0892 HidBatt - ok
10:21:07.0816 0892 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:21:07.0818 0892 HidBth - ok
10:21:07.0856 0892 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:21:07.0864 0892 HidIr - ok
10:21:07.0882 0892 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:21:07.0883 0892 hidserv - ok
10:21:07.0932 0892 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:21:07.0934 0892 HidUsb - ok
10:21:07.0969 0892 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:21:07.0971 0892 hkmsvc - ok
10:21:08.0009 0892 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:21:08.0012 0892 HomeGroupListener - ok
10:21:08.0049 0892 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:21:08.0052 0892 HomeGroupProvider - ok
10:21:08.0088 0892 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:21:08.0090 0892 HpSAMD - ok
10:21:08.0149 0892 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:21:08.0167 0892 HTTP - ok
10:21:08.0196 0892 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:21:08.0197 0892 hwpolicy - ok
10:21:08.0251 0892 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:21:08.0253 0892 i8042prt - ok
10:21:08.0290 0892 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:21:08.0297 0892 iaStorV - ok
10:21:08.0385 0892 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:21:08.0388 0892 IDriverT - ok
10:21:08.0436 0892 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:21:08.0454 0892 idsvc - ok
10:21:08.0556 0892 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130321.001\IDSvia64.sys
10:21:08.0561 0892 IDSVia64 - ok
10:21:08.0596 0892 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:21:08.0599 0892 iirsp - ok
10:21:08.0650 0892 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:21:08.0658 0892 IKEEXT - ok
10:21:08.0737 0892 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:21:08.0753 0892 IntcAzAudAddService - ok
10:21:08.0792 0892 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:21:08.0794 0892 intelide - ok
10:21:08.0847 0892 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:21:08.0849 0892 intelppm - ok
10:21:08.0882 0892 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:21:08.0886 0892 IPBusEnum - ok
10:21:08.0912 0892 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:08.0915 0892 IpFilterDriver - ok
10:21:08.0975 0892 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:21:08.0981 0892 iphlpsvc - ok
10:21:09.0012 0892 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:21:09.0014 0892 IPMIDRV - ok
10:21:09.0039 0892 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:21:09.0042 0892 IPNAT - ok
10:21:09.0107 0892 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:21:09.0124 0892 iPod Service - ok
10:21:09.0174 0892 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:21:09.0175 0892 IRENUM - ok
10:21:09.0210 0892 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:21:09.0212 0892 isapnp - ok
10:21:09.0231 0892 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:21:09.0236 0892 iScsiPrt - ok
10:21:09.0268 0892 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:21:09.0269 0892 kbdclass - ok
10:21:09.0279 0892 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:21:09.0281 0892 kbdhid - ok
10:21:09.0315 0892 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:21:09.0316 0892 KeyIso - ok
10:21:09.0353 0892 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:21:09.0355 0892 KSecDD - ok
10:21:09.0394 0892 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:21:09.0396 0892 KSecPkg - ok
10:21:09.0424 0892 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:21:09.0426 0892 ksthunk - ok
10:21:09.0451 0892 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:21:09.0458 0892 KtmRm - ok
10:21:09.0505 0892 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:21:09.0509 0892 LanmanServer - ok
10:21:09.0545 0892 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:21:09.0548 0892 LanmanWorkstation - ok
10:21:09.0571 0892 Lbd - ok
10:21:09.0611 0892 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:21:09.0613 0892 lltdio - ok
10:21:09.0640 0892 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:21:09.0646 0892 lltdsvc - ok
10:21:09.0689 0892 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:21:09.0691 0892 lmhosts - ok
10:21:09.0730 0892 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:21:09.0733 0892 LSI_FC - ok
10:21:09.0758 0892 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:21:09.0761 0892 LSI_SAS - ok
10:21:09.0777 0892 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:21:09.0779 0892 LSI_SAS2 - ok
10:21:09.0800 0892 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:21:09.0803 0892 LSI_SCSI - ok
10:21:09.0835 0892 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:21:09.0838 0892 luafv - ok
10:21:09.0881 0892 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:21:09.0896 0892 LVPr2M64 - ok
10:21:09.0916 0892 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:21:09.0917 0892 LVPr2Mon - ok
10:21:09.0947 0892 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
10:21:09.0951 0892 LVRS64 - ok
10:21:10.0063 0892 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
10:21:10.0080 0892 LVUVC64 - ok
10:21:10.0128 0892 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:21:10.0132 0892 Mcx2Svc - ok
10:21:10.0155 0892 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:21:10.0157 0892 megasas - ok
10:21:10.0173 0892 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:21:10.0178 0892 MegaSR - ok
10:21:10.0203 0892 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:21:10.0205 0892 MMCSS - ok
10:21:10.0222 0892 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:21:10.0225 0892 Modem - ok
10:21:10.0238 0892 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:21:10.0239 0892 monitor - ok
10:21:10.0269 0892 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:21:10.0270 0892 mouclass - ok
10:21:10.0309 0892 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:21:10.0310 0892 mouhid - ok
10:21:10.0356 0892 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:21:10.0358 0892 mountmgr - ok
10:21:10.0446 0892 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:21:10.0447 0892 MozillaMaintenance - ok
10:21:10.0480 0892 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:21:10.0484 0892 mpio - ok
10:21:10.0513 0892 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:21:10.0516 0892 mpsdrv - ok
10:21:10.0563 0892 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:21:10.0571 0892 MpsSvc - ok
10:21:10.0613 0892 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:21:10.0616 0892 MRxDAV - ok
10:21:10.0651 0892 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:10.0654 0892 mrxsmb - ok
10:21:10.0690 0892 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:10.0695 0892 mrxsmb10 - ok
10:21:10.0707 0892 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:10.0710 0892 mrxsmb20 - ok
10:21:10.0747 0892 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:21:10.0749 0892 msahci - ok
10:21:10.0767 0892 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:21:10.0769 0892 msdsm - ok
10:21:10.0785 0892 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:21:10.0789 0892 MSDTC - ok
10:21:10.0845 0892 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:21:10.0845 0892 Msfs - ok
10:21:10.0886 0892 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:21:10.0888 0892 mshidkmdf - ok
10:21:10.0922 0892 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:21:10.0922 0892 msisadrv - ok
10:21:11.0070 0892 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:21:11.0084 0892 MSiSCSI - ok
10:21:11.0088 0892 msiserver - ok
10:21:11.0175 0892 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:21:11.0177 0892 MSKSSRV - ok
10:21:11.0187 0892 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:11.0188 0892 MSPCLOCK - ok
10:21:11.0199 0892 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:21:11.0200 0892 MSPQM - ok
10:21:11.0238 0892 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:21:11.0244 0892 MsRPC - ok
10:21:11.0281 0892 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:21:11.0282 0892 mssmbios - ok
10:21:11.0298 0892 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:21:11.0300 0892 MSTEE - ok
10:21:11.0312 0892 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:21:11.0314 0892 MTConfig - ok
10:21:11.0372 0892 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
10:21:11.0372 0892 MTsensor - ok
10:21:11.0416 0892 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:21:11.0417 0892 Mup - ok
10:21:11.0506 0892 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
10:21:11.0508 0892 N360 - ok
10:21:11.0543 0892 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:21:11.0548 0892 napagent - ok
10:21:11.0604 0892 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:21:11.0609 0892 NativeWifiP - ok
10:21:11.0717 0892 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130322.005\ENG64.SYS
10:21:11.0719 0892 NAVENG - ok
10:21:11.0776 0892 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130322.005\EX64.SYS
10:21:11.0795 0892 NAVEX15 - ok
10:21:11.0843 0892 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:21:11.0868 0892 NDIS - ok
10:21:11.0906 0892 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:21:11.0908 0892 NdisCap - ok
10:21:11.0917 0892 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:11.0918 0892 NdisTapi - ok
10:21:11.0956 0892 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:11.0958 0892 Ndisuio - ok
10:21:12.0000 0892 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:12.0003 0892 NdisWan - ok
10:21:12.0038 0892 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:21:12.0043 0892 NDProxy - ok
10:21:12.0088 0892 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:21:12.0089 0892 NetBIOS - ok
10:21:12.0126 0892 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:21:12.0129 0892 NetBT - ok
10:21:12.0162 0892 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:21:12.0163 0892 Netlogon - ok
10:21:12.0218 0892 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:21:12.0223 0892 Netman - ok
10:21:12.0239 0892 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:21:12.0245 0892 netprofm - ok
10:21:12.0266 0892 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:21:12.0269 0892 NetTcpPortSharing - ok
10:21:12.0292 0892 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:21:12.0294 0892 nfrd960 - ok
10:21:12.0347 0892 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:21:12.0351 0892 NlaSvc - ok
10:21:12.0362 0892 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:21:12.0363 0892 Npfs - ok
10:21:12.0386 0892 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:21:12.0388 0892 nsi - ok
10:21:12.0409 0892 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:21:12.0410 0892 nsiproxy - ok
10:21:12.0472 0892 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:21:12.0497 0892 Ntfs - ok
10:21:12.0511 0892 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:21:12.0511 0892 Null - ok
10:21:12.0572 0892 [ ED9380F201C8126425C09BED96DBE1E5 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:21:12.0574 0892 NVHDA - ok
10:21:12.0802 0892 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:21:12.0847 0892 nvlddmkm - ok
10:21:12.0895 0892 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:21:12.0898 0892 nvraid - ok
10:21:12.0912 0892 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:21:12.0916 0892 nvstor - ok
10:21:13.0013 0892 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
10:21:13.0039 0892 NVSvc - ok
10:21:13.0150 0892 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:21:13.0163 0892 nvUpdatusService - ok
10:21:13.0207 0892 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:21:13.0210 0892 nv_agp - ok
10:21:13.0291 0892 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:21:13.0298 0892 odserv - ok
10:21:13.0312 0892 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:21:13.0314 0892 ohci1394 - ok
10:21:13.0364 0892 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:21:13.0368 0892 ose - ok
10:21:13.0400 0892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:21:13.0405 0892 p2pimsvc - ok
10:21:13.0422 0892 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:21:13.0428 0892 p2psvc - ok
10:21:13.0457 0892 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:21:13.0460 0892 Parport - ok
10:21:13.0492 0892 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:21:13.0493 0892 partmgr - ok
10:21:13.0515 0892 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:21:13.0518 0892 PcaSvc - ok
10:21:13.0533 0892 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:21:13.0535 0892 pci - ok
10:21:13.0569 0892 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:21:13.0570 0892 pciide - ok
10:21:13.0599 0892 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:21:13.0603 0892 pcmcia - ok
10:21:13.0622 0892 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:21:13.0623 0892 pcw - ok
10:21:13.0643 0892 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:21:13.0661 0892 PEAUTH - ok
10:21:13.0737 0892 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:21:13.0740 0892 PerfHost - ok
10:21:13.0801 0892 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:21:13.0835 0892 pla - ok
10:21:13.0901 0892 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:21:13.0906 0892 PlugPlay - ok
10:21:13.0928 0892 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:21:13.0931 0892 PNRPAutoReg - ok
10:21:13.0950 0892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:21:13.0954 0892 PNRPsvc - ok
10:21:13.0994 0892 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:21:13.0999 0892 PolicyAgent - ok
10:21:14.0026 0892 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:21:14.0029 0892 Power - ok
10:21:14.0078 0892 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:21:14.0081 0892 PptpMiniport - ok
10:21:14.0102 0892 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:21:14.0104 0892 Processor - ok
10:21:14.0137 0892 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:21:14.0140 0892 ProfSvc - ok
10:21:14.0151 0892 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:21:14.0153 0892 ProtectedStorage - ok
10:21:14.0201 0892 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:21:14.0203 0892 Psched - ok
10:21:14.0233 0892 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:21:14.0234 0892 PxHlpa64 - ok
10:21:14.0292 0892 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
Bastet0330
2013-03-22, 17:44
Other half of pre-reboot and post reboot:
10:21:14.0326 0892 ql2300 - ok
10:21:14.0353 0892 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:21:14.0356 0892 ql40xx - ok
10:21:14.0379 0892 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:21:14.0384 0892 QWAVE - ok
10:21:14.0402 0892 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:21:14.0404 0892 QWAVEdrv - ok
10:21:14.0416 0892 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:21:14.0418 0892 RasAcd - ok
10:21:14.0436 0892 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:14.0439 0892 RasAgileVpn - ok
10:21:14.0454 0892 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:21:14.0458 0892 RasAuto - ok
10:21:14.0506 0892 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:14.0509 0892 Rasl2tp - ok
10:21:14.0550 0892 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:21:14.0553 0892 RasMan - ok
10:21:14.0575 0892 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:14.0577 0892 RasPppoe - ok
10:21:14.0589 0892 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:21:14.0591 0892 RasSstp - ok
10:21:14.0629 0892 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:21:14.0634 0892 rdbss - ok
10:21:14.0649 0892 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:21:14.0651 0892 rdpbus - ok
10:21:14.0689 0892 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:14.0690 0892 RDPCDD - ok
10:21:14.0702 0892 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:21:14.0702 0892 RDPENCDD - ok
10:21:14.0709 0892 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:21:14.0710 0892 RDPREFMP - ok
10:21:14.0749 0892 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:21:14.0753 0892 RDPWD - ok
10:21:14.0794 0892 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:21:14.0798 0892 rdyboost - ok
10:21:14.0827 0892 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:21:14.0831 0892 RemoteAccess - ok
10:21:14.0854 0892 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:21:14.0859 0892 RemoteRegistry - ok
10:21:14.0875 0892 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:21:14.0877 0892 RpcEptMapper - ok
10:21:14.0889 0892 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:21:14.0891 0892 RpcLocator - ok
10:21:14.0938 0892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
10:21:14.0944 0892 RpcSs - ok
10:21:14.0974 0892 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:21:14.0977 0892 rspndr - ok
10:21:15.0033 0892 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:21:15.0037 0892 RTL8167 - ok
10:21:15.0050 0892 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:21:15.0052 0892 SamSs - ok
10:21:15.0082 0892 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:21:15.0086 0892 sbp2port - ok
10:21:15.0111 0892 SBRE - ok
10:21:15.0189 0892 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:21:15.0200 0892 SBSDWSCService - ok
10:21:15.0230 0892 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:21:15.0235 0892 SCardSvr - ok
10:21:15.0266 0892 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:21:15.0268 0892 scfilter - ok
10:21:15.0321 0892 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:21:15.0333 0892 Schedule - ok
10:21:15.0389 0892 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
10:21:15.0391 0892 SCMNdisP - ok
10:21:15.0421 0892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:21:15.0422 0892 SCPolicySvc - ok
10:21:15.0452 0892 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:21:15.0457 0892 SDRSVC - ok
10:21:15.0502 0892 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:21:15.0504 0892 secdrv - ok
10:21:15.0516 0892 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:21:15.0518 0892 seclogon - ok
10:21:15.0564 0892 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:21:15.0566 0892 SENS - ok
10:21:15.0581 0892 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:21:15.0584 0892 SensrSvc - ok
10:21:15.0592 0892 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:21:15.0593 0892 Serenum - ok
10:21:15.0640 0892 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:21:15.0641 0892 Serial - ok
10:21:15.0693 0892 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:21:15.0695 0892 sermouse - ok
10:21:15.0742 0892 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:21:15.0744 0892 SessionEnv - ok
10:21:15.0758 0892 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:21:15.0761 0892 sffdisk - ok
10:21:15.0772 0892 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:21:15.0774 0892 sffp_mmc - ok
10:21:15.0786 0892 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:21:15.0788 0892 sffp_sd - ok
10:21:15.0807 0892 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:21:15.0808 0892 sfloppy - ok
10:21:15.0866 0892 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:21:15.0870 0892 SharedAccess - ok
10:21:15.0906 0892 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:21:15.0911 0892 ShellHWDetection - ok
10:21:15.0924 0892 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:21:15.0926 0892 SiSRaid2 - ok
10:21:15.0937 0892 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:21:15.0940 0892 SiSRaid4 - ok
10:21:16.0035 0892 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:21:16.0036 0892 SkypeUpdate - ok
10:21:16.0086 0892 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:21:16.0089 0892 Smb - ok
10:21:16.0155 0892 [ D48F87803F3965EE04D9BCB318791AAB ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
10:21:16.0157 0892 SMR311 - ok
10:21:16.0232 0892 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:21:16.0235 0892 SNMPTRAP - ok
10:21:16.0252 0892 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:21:16.0253 0892 spldr - ok
10:21:16.0295 0892 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:21:16.0302 0892 Spooler - ok
10:21:16.0384 0892 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:21:16.0417 0892 sppsvc - ok
10:21:16.0461 0892 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:21:16.0465 0892 sppuinotify - ok
10:21:16.0560 0892 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\system32\drivers\N360x64\1403000.024\SRTSP64.SYS
10:21:16.0567 0892 SRTSP - ok
10:21:16.0605 0892 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
10:21:16.0606 0892 SRTSPX - ok
10:21:16.0650 0892 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:21:16.0657 0892 srv - ok
10:21:16.0699 0892 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:21:16.0706 0892 srv2 - ok
10:21:16.0740 0892 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:21:16.0743 0892 srvnet - ok
10:21:16.0799 0892 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:21:16.0803 0892 SSDPSRV - ok
10:21:16.0813 0892 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:21:16.0816 0892 SstpSvc - ok
10:21:16.0861 0892 Steam Client Service - ok
10:21:16.0913 0892 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:21:16.0917 0892 Stereo Service - ok
10:21:16.0938 0892 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:21:16.0940 0892 stexstor - ok
10:21:16.0991 0892 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:21:16.0999 0892 stisvc - ok
10:21:17.0033 0892 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:21:17.0034 0892 swenum - ok
10:21:17.0071 0892 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:21:17.0081 0892 swprv - ok
10:21:17.0128 0892 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
10:21:17.0135 0892 SymDS - ok
10:21:17.0192 0892 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
10:21:17.0217 0892 SymEFA - ok
10:21:17.0255 0892 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:21:17.0257 0892 SymEvent - ok
10:21:17.0272 0892 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS
10:21:17.0274 0892 SymIRON - ok
10:21:17.0310 0892 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\N360x64\1403000.024\SYMNETS.SYS
10:21:17.0314 0892 SymNetS - ok
10:21:17.0425 0892 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:21:17.0450 0892 SysMain - ok
10:21:17.0480 0892 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:21:17.0483 0892 TabletInputService - ok
10:21:17.0497 0892 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:21:17.0500 0892 TapiSrv - ok
10:21:17.0517 0892 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:21:17.0519 0892 TBS - ok
10:21:17.0582 0892 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:21:17.0616 0892 Tcpip - ok
10:21:17.0679 0892 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:21:17.0690 0892 TCPIP6 - ok
10:21:17.0730 0892 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:21:17.0739 0892 tcpipreg - ok
10:21:17.0769 0892 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:21:17.0780 0892 TDPIPE - ok
10:21:17.0813 0892 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:21:17.0815 0892 TDTCP - ok
10:21:17.0850 0892 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:21:17.0851 0892 tdx - ok
10:21:17.0897 0892 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:21:17.0898 0892 TermDD - ok
10:21:17.0922 0892 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:21:17.0930 0892 TermService - ok
10:21:17.0945 0892 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:21:17.0947 0892 Themes - ok
10:21:17.0970 0892 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:21:17.0971 0892 THREADORDER - ok
10:21:17.0978 0892 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:21:17.0980 0892 TrkWks - ok
10:21:18.0036 0892 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:21:18.0039 0892 TrustedInstaller - ok
10:21:18.0070 0892 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:18.0072 0892 tssecsrv - ok
10:21:18.0109 0892 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:21:18.0111 0892 TsUsbFlt - ok
10:21:18.0146 0892 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:21:18.0149 0892 tunnel - ok
10:21:18.0174 0892 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:21:18.0177 0892 uagp35 - ok
10:21:18.0214 0892 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:21:18.0219 0892 udfs - ok
10:21:18.0249 0892 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:21:18.0252 0892 UI0Detect - ok
10:21:18.0293 0892 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:21:18.0296 0892 uliagpkx - ok
10:21:18.0331 0892 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:21:18.0333 0892 umbus - ok
10:21:18.0382 0892 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:21:18.0384 0892 UmPass - ok
10:21:18.0451 0892 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
10:21:18.0453 0892 UMVPFSrv - ok
10:21:18.0471 0892 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:21:18.0474 0892 upnphost - ok
10:21:18.0517 0892 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:21:18.0520 0892 USBAAPL64 - ok
10:21:18.0575 0892 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:21:18.0577 0892 usbaudio - ok
10:21:18.0616 0892 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:18.0619 0892 usbccgp - ok
10:21:18.0658 0892 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:21:18.0661 0892 usbcir - ok
10:21:18.0693 0892 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:21:18.0695 0892 usbehci - ok
10:21:18.0736 0892 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:21:18.0741 0892 usbhub - ok
10:21:18.0771 0892 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:21:18.0773 0892 usbohci - ok
10:21:18.0809 0892 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:21:18.0811 0892 usbprint - ok
10:21:18.0853 0892 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:21:18.0855 0892 usbscan - ok
10:21:18.0889 0892 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:18.0892 0892 USBSTOR - ok
10:21:18.0923 0892 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:21:18.0926 0892 usbuhci - ok
10:21:18.0970 0892 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:21:18.0974 0892 usbvideo - ok
10:21:18.0997 0892 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:21:18.0999 0892 UxSms - ok
10:21:19.0012 0892 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:21:19.0014 0892 VaultSvc - ok
10:21:19.0021 0892 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:21:19.0022 0892 vdrvroot - ok
10:21:19.0059 0892 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:21:19.0076 0892 vds - ok
10:21:19.0123 0892 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:19.0125 0892 vga - ok
10:21:19.0139 0892 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:21:19.0140 0892 VgaSave - ok
10:21:19.0178 0892 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:21:19.0181 0892 vhdmp - ok
10:21:19.0198 0892 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:21:19.0200 0892 viaide - ok
10:21:19.0214 0892 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:21:19.0216 0892 volmgr - ok
10:21:19.0260 0892 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:21:19.0266 0892 volmgrx - ok
10:21:19.0285 0892 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:21:19.0290 0892 volsnap - ok
10:21:19.0313 0892 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:21:19.0316 0892 vsmraid - ok
10:21:19.0370 0892 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:21:19.0404 0892 VSS - ok
10:21:19.0414 0892 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:21:19.0416 0892 vwifibus - ok
10:21:19.0428 0892 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:19.0429 0892 vwififlt - ok
10:21:19.0470 0892 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:19.0472 0892 vwifimp - ok
10:21:19.0524 0892 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:21:19.0530 0892 W32Time - ok
10:21:19.0558 0892 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:21:19.0560 0892 WacomPen - ok
10:21:19.0610 0892 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:21:19.0611 0892 WANARP - ok
10:21:19.0629 0892 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:21:19.0630 0892 Wanarpv6 - ok
10:21:19.0678 0892 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:21:19.0702 0892 WatAdminSvc - ok
10:21:19.0755 0892 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:21:19.0780 0892 wbengine - ok
10:21:19.0807 0892 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:21:19.0812 0892 WbioSrvc - ok
10:21:19.0854 0892 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:21:19.0862 0892 wcncsvc - ok
10:21:19.0879 0892 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:21:19.0883 0892 WcsPlugInService - ok
10:21:19.0905 0892 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:21:19.0907 0892 Wd - ok
10:21:19.0953 0892 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
10:21:19.0955 0892 WDC_SAM - ok
10:21:19.0997 0892 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:21:20.0014 0892 Wdf01000 - ok
10:21:20.0028 0892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:21:20.0031 0892 WdiServiceHost - ok
10:21:20.0036 0892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:21:20.0039 0892 WdiSystemHost - ok
10:21:20.0081 0892 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:21:20.0087 0892 WebClient - ok
10:21:20.0114 0892 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:21:20.0120 0892 Wecsvc - ok
10:21:20.0134 0892 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:21:20.0136 0892 wercplsupport - ok
10:21:20.0181 0892 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:21:20.0183 0892 WerSvc - ok
10:21:20.0205 0892 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:21:20.0206 0892 WfpLwf - ok
10:21:20.0217 0892 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:21:20.0219 0892 WIMMount - ok
10:21:20.0231 0892 WinDefend - ok
10:21:20.0237 0892 WinHttpAutoProxySvc - ok
10:21:20.0285 0892 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:21:20.0288 0892 Winmgmt - ok
10:21:20.0350 0892 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:21:20.0387 0892 WinRM - ok
10:21:20.0436 0892 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:21:20.0437 0892 WinUsb - ok
10:21:20.0473 0892 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:21:20.0483 0892 Wlansvc - ok
10:21:20.0603 0892 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:21:20.0632 0892 wlidsvc - ok
10:21:20.0664 0892 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:21:20.0665 0892 WmiAcpi - ok
10:21:20.0687 0892 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:21:20.0690 0892 wmiApSrv - ok
10:21:20.0730 0892 WMPNetworkSvc - ok
10:21:20.0751 0892 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:21:20.0755 0892 WPCSvc - ok
10:21:20.0790 0892 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:21:20.0794 0892 WPDBusEnum - ok
10:21:20.0819 0892 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:21:20.0820 0892 ws2ifsl - ok
10:21:20.0866 0892 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:21:20.0869 0892 wscsvc - ok
10:21:20.0873 0892 WSearch - ok
10:21:20.0954 0892 [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
10:21:20.0957 0892 WSWNDA3100 - ok
10:21:21.0027 0892 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:21:21.0062 0892 wuauserv - ok
10:21:21.0098 0892 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:21:21.0100 0892 WudfPf - ok
10:21:21.0150 0892 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:21.0154 0892 WUDFRd - ok
10:21:21.0193 0892 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:21:21.0197 0892 wudfsvc - ok
10:21:21.0225 0892 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:21:21.0267 0892 WwanSvc - ok
10:21:21.0286 0892 XFX_program - ok
10:21:21.0471 0892 ================ Scan global ===============================
10:21:21.0500 0892 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:21:21.0537 0892 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:21:21.0547 0892 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:21:21.0573 0892 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:21:21.0613 0892 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:21:21.0618 0892 [Global] - ok
10:21:21.0619 0892 ================ Scan MBR ==================================
10:21:21.0632 0892 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:21:21.0632 0892 Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:21:21.0681 0892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:21:21.0681 0892 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:21:21.0682 0892 ================ Scan VBR ==================================
10:21:21.0686 0892 [ 87BF135D9D331B7530B02D0A3AF811F6 ] \Device\Harddisk0\DR0\Partition1
10:21:21.0688 0892 \Device\Harddisk0\DR0\Partition1 - ok
10:21:21.0701 0892 [ BC4003B5F7E3FAF6D4386D6ED222428D ] \Device\Harddisk0\DR0\Partition2
10:21:21.0704 0892 \Device\Harddisk0\DR0\Partition2 - ok
10:21:21.0705 0892 ============================================================
10:21:21.0705 0892 Scan finished
10:21:21.0705 0892 ============================================================
10:21:21.0721 3580 Detected object count: 2
10:21:21.0721 3580 Actual detected object count: 2
10:21:56.0699 3580 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:21:56.0699 3580 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:21:57.0248 3580 \Device\Harddisk0\DR0\# - copied to quarantine
10:21:57.0250 3580 \Device\Harddisk0\DR0 - copied to quarantine
10:21:57.0304 3580 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:21:57.0308 3580 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:21:57.0328 3580 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:21:57.0339 3580 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:21:57.0342 3580 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:21:57.0344 3580 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:21:57.0347 3580 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:21:57.0350 3580 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:21:57.0355 3580 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:21:57.0357 3580 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:21:57.0360 3580 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:21:57.0362 3580 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:21:57.0397 3580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:21:57.0400 3580 \Device\Harddisk0\DR0 - ok
10:21:57.0407 3580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:22:04.0240 2184 Deinitialize success
---------------------------
10:32:06.0523 2904 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:32:07.0422 2904 ============================================================
10:32:07.0422 2904 Current date / time: 2013/03/22 10:32:07.0422
10:32:07.0422 2904 SystemInfo:
10:32:07.0422 2904
10:32:07.0422 2904 OS Version: 6.1.7601 ServicePack: 1.0
10:32:07.0422 2904 Product type: Workstation
10:32:07.0422 2904 ComputerName: COMPY
10:32:07.0422 2904 UserName: Mairead
10:32:07.0422 2904 Windows directory: C:\Windows
10:32:07.0422 2904 System windows directory: C:\Windows
10:32:07.0422 2904 Running under WOW64
10:32:07.0422 2904 Processor architecture: Intel x64
10:32:07.0422 2904 Number of processors: 4
10:32:07.0422 2904 Page size: 0x1000
10:32:07.0422 2904 Boot type: Normal boot
10:32:07.0422 2904 ============================================================
10:32:11.0428 2904 BG loaded
10:32:11.0818 2904 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:32:11.0834 2904 ============================================================
10:32:11.0834 2904 \Device\Harddisk0\DR0:
10:32:11.0834 2904 MBR partitions:
10:32:11.0834 2904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:32:11.0834 2904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
10:32:11.0834 2904 ============================================================
10:32:11.0865 2904 C: <-> \Device\Harddisk0\DR0\Partition2
10:32:11.0865 2904 ============================================================
10:32:11.0865 2904 Initialize success
10:32:11.0865 2904 ============================================================
10:32:21.0116 3016 Deinitialize success
Great,
It looks like one of the partitions of your hard drive was infected with a rootkit and TDSSKiller may have fixed it.
I should of posted this earlier, but these type of infections can steal passwords and account numbers, there is no way to tell what this pest has done, I strongly urge you to use a known clean computer and go into any bank sites you may use or sites that you may shop from using a credit card and change all your passwords. Use a strong password, it should contain a combination of letters and numbers and use 12 of them.
Lets see if this pest is gone, first rerun TDSSkiller and post the log
Then rerun aswMBR and post the new log
And finally go ahead and run a new scan with OTL and post that log as well
Bastet0330
2013-03-24, 10:09
Good call on the passwords -- I'll change those soon and I'll alert my credit card company, just in case.
Here's the OTL:
OTL logfile created on: 3/24/2013 2:50:12 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mairead\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 10.41 Gb Available Physical Memory | 86.80% Memory free
23.98 Gb Paging File | 21.51 Gb Available in Paging File | 89.68% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 125.84 Gb Free Space | 54.06% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: COMPY | User Name: Mairead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\Mairead\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Users\Mairead\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SMR311) -- C:\Windows\SysNative\drivers\SMR311.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130322.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130323.008\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130323.008\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys (Symantec Corporation)
DRV - (XFX_program) -- C:\Windows\SysWow64\drivers\XFX_program.sys (Sengital Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mairead\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE B7 A0 1F D0 35 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {F3079613-14CE-4bac-AAC1-DC779C94F1DF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{CD2529CB-AADE-4129-953A-331E35A57AD0}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{F3079613-14CE-4bac-AAC1-DC779C94F1DF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic601.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mairead\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mairead\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/03/12 03:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013/03/23 14:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/10 06:21:31 | 000,000,000 | ---D | M]
[2011/05/18 23:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012/10/25 03:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\Firefox\Profiles\xl1p8xf7.default\extensions
[2011/02/03 01:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mairead\AppData\Roaming\Mozilla\SeaMonkey\Profiles\06spn8ys.default\extensions
[2013/03/10 06:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/10 06:21:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/21 16:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/03/21 16:51:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/21 16:51:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/06 03:27:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/28 06:32:48 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2013/03/09 14:33:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/09 14:33:59 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/22 00:57:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [R577SO] C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe (GIGABYTE Technology Co.,Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pandora.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: webex.com ([gse] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://cloud1.saba.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (Reg Error: Key error.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{434F6D26-4903-4A9A-B9A3-9D6D83DC70DE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/06 10:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/24 02:03:46 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\77367830.sys
[2013/03/22 10:21:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/22 10:20:47 | 000,000,000 | ---D | C] -- C:\Users\Mairead\Desktop\tdsskiller
[2013/03/22 03:31:55 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/03/22 00:57:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/22 00:51:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/21 14:28:35 | 005,042,493 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/21 00:48:19 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\{4D797761-0F38-4079-8348-238EC3AA69FF}
[2013/03/20 02:33:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/20 02:33:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/20 02:33:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/20 02:33:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/20 02:33:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/20 02:33:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/20 02:33:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/20 02:33:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/20 02:33:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/20 02:33:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/20 02:33:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/20 02:33:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/20 02:33:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/20 02:33:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/20 02:33:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/20 02:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/20 02:31:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/20 02:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/20 02:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 03:57:11 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/12 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/03/12 03:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/12 03:56:18 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.sys
[2013/03/12 03:56:18 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.sys
[2013/03/12 03:56:18 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys
[2013/03/12 03:56:18 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys
[2013/03/12 03:56:18 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymELAM.sys
[2013/03/12 03:56:17 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys
[2013/03/12 03:56:17 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Ironx64.sys
[2013/03/12 03:56:17 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.sys
[2013/03/12 03:56:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/03/12 03:56:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403000.024
[2013/03/12 03:56:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/03/12 03:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/03/12 00:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/12 00:00:10 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/03/11 14:15:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/10 20:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 18:38:40 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Malwarebytes
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/10 18:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/10 18:38:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/10 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/10 10:40:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/10 10:40:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/10 10:40:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/10 10:36:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/05 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Mairead\Desktop\ESL
[2013/03/05 16:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2013/03/05 16:02:09 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 16:02:04 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\NPE
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/03/05 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/03/05 11:49:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/05 11:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/03/05 11:34:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/05 11:28:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/03/04 08:22:32 | 000,000,000 | ---D | C] -- C:\Users\Mairead\AppData\Local\{00AD2E08-E18E-445D-9A20-CAF9635E0349}
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/26 12:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/24 02:49:52 | 000,000,512 | ---- | M] () -- C:\Users\Mairead\Desktop\MBR.dat
[2013/03/24 02:48:50 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/24 02:48:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/24 02:10:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000UA.job
[2013/03/24 02:03:46 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\77367830.sys
[2013/03/24 02:03:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 23:07:43 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 14:47:52 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/03/23 14:45:13 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 14:45:13 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 14:37:39 | 1066,704,894 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/22 04:10:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2297036515-2446405061-3277710197-1000Core.job
[2013/03/22 00:57:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/21 14:45:52 | 752,827,791 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/21 14:28:51 | 005,042,493 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\ComboFix.exe
[2013/03/20 11:22:58 | 002,216,339 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/03/20 02:39:09 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/03/20 00:53:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/20 00:53:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/12 03:57:11 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/12 03:57:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/12 03:57:10 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/12 03:57:00 | 000,002,395 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/03/11 00:09:52 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 00:09:52 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/11 00:09:52 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/10 20:28:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mairead\Desktop\OTL.exe
[2013/03/10 18:38:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/05 16:02:09 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/03/05 15:43:20 | 000,002,985 | ---- | M] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:49:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mairead\Desktop\dds.scr
[2013/03/05 11:47:14 | 000,000,928 | ---- | M] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | M] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/03/05 11:29:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mairead\Desktop\aswMBR.exe
[2013/02/22 14:06:50 | 000,350,019 | ---- | M] () -- C:\Users\Mairead\Desktop\Untitled.png
[1 C:\Users\Mairead\*.tmp files -> C:\Users\Mairead\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/24 02:49:52 | 000,000,512 | ---- | C] () -- C:\Users\Mairead\Desktop\MBR.dat
[2013/03/20 02:39:09 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013/03/19 23:36:55 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013/03/12 03:57:15 | 002,216,339 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/03/12 03:57:11 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/12 03:57:11 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/12 03:57:00 | 000,002,395 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/03/12 03:56:11 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymVTcer.dat
[2013/03/12 03:56:11 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA.inf
[2013/03/12 03:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS.inf
[2013/03/12 03:56:11 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymNet.inf
[2013/03/12 03:56:11 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.inf
[2013/03/12 03:56:11 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.inf
[2013/03/12 03:56:11 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symELAM.inf
[2013/03/12 03:56:11 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccSetx64.inf
[2013/03/12 03:56:11 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Iron.inf
[2013/03/12 03:56:10 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymELAM64.cat
[2013/03/12 03:56:10 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.cat
[2013/03/12 03:56:10 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnet64.cat
[2013/03/12 03:56:10 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\iron.cat
[2013/03/12 03:56:10 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat
[2013/03/12 03:56:10 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymEFA64.cat
[2013/03/12 03:56:10 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat
[2013/03/12 03:56:10 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\SymDS64.cat
[2013/03/12 03:56:10 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013/03/10 18:38:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 10:40:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/10 10:40:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/10 10:40:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/10 10:40:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/10 10:40:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/05 15:43:20 | 000,002,985 | ---- | C] () -- C:\Users\Mairead\Desktop\HiJackThis.lnk
[2013/03/05 11:47:14 | 000,000,928 | ---- | C] () -- C:\Users\Mairead\Desktop\NTREGOPT.lnk
[2013/03/05 11:47:14 | 000,000,909 | ---- | C] () -- C:\Users\Mairead\Desktop\ERUNT.lnk
[2013/02/22 14:06:11 | 000,350,019 | ---- | C] () -- C:\Users\Mairead\Desktop\Untitled.png
[2013/02/11 12:27:05 | 000,001,067 | ---- | C] () -- C:\Users\Mairead\Videos - Shortcut.lnk
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/12 15:28:34 | 000,007,606 | ---- | C] () -- C:\Users\Mairead\AppData\Local\Resmon.ResmonCfg
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/25 13:44:35 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to MP4 Converter.INI
[2011/05/18 16:55:22 | 000,001,940 | ---- | C] () -- C:\Users\Mairead\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/22 00:19:17 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/22 00:19:17 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/13 21:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/03 15:05:42 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2011/02/03 02:48:15 | 000,149,504 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\SharedSettings.ccs
[2011/01/12 19:15:04 | 000,000,154 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\burnaware.ini
[2011/01/06 16:32:21 | 000,061,678 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JPR.{PB
[2011/01/06 16:32:21 | 000,012,358 | ---- | C] () -- C:\Users\Mairead\AppData\Roaming\PFP100JCM.{PB
[2010/12/09 23:08:48 | 000,004,608 | ---- | C] () -- C:\Users\Mairead\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/25 00:20:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2012/07/22 18:51:12 | 000,002,048 | -HS- | M] () -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\@
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mairead\AppData\Local\{b4ab6a56-69e8-3c91-d3ba-b67396b2d6c2}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
----------------
Here's the aswMBR:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-24 02:04:34
-----------------------------
02:04:34.370 OS Version: Windows x64 6.1.7601 Service Pack 1
02:04:34.370 Number of processors: 4 586 0x1E05
02:04:34.370 ComputerName: COMPY UserName:
02:04:36.855 Initialize success
02:05:16.849 AVAST engine defs: 13032302
02:05:25.315 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:05:25.320 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3
02:05:25.345 Disk 0 MBR read successfully
02:05:25.345 Disk 0 MBR scan
02:05:25.355 Disk 0 Windows 7 default MBR code
02:05:25.365 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:05:25.380 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
02:05:25.400 Disk 0 scanning C:\Windows\system32\drivers
02:05:40.377 Service scanning
02:06:10.967 Modules scanning
02:06:10.977 Disk 0 trace - called modules:
02:06:10.992 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
02:06:11.002 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800af58060]
02:06:11.012 3 CLASSPNP.SYS[fffff88001a7343f] -> nt!IofCallDriver -> [0xfffffa8009ce0e40]
02:06:11.017 5 ACPI.sys[fffff88000f9a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800ac16060]
02:06:14.243 AVAST engine scan C:\Windows
02:06:17.344 AVAST engine scan C:\Windows\system32
02:08:55.785 AVAST engine scan C:\Windows\system32\drivers
02:09:11.803 AVAST engine scan C:\Users\Mairead
02:14:40.724 AVAST engine scan C:\ProgramData
02:17:42.850 Scan finished successfully
02:49:52.298 Disk 0 MBR has been saved successfully to "C:\Users\Mairead\Desktop\MBR.dat"
02:49:52.298 The log file has been saved successfully to "C:\Users\Mairead\Desktop\aswMBRlog.txt"
Bastet0330
2013-03-24, 10:14
And here's the TDSS, split into 2 parts:
02:03:45.0446 5792 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:03:46.0051 5792 ============================================================
02:03:46.0051 5792 Current date / time: 2013/03/24 02:03:46.0051
02:03:46.0051 5792 SystemInfo:
02:03:46.0051 5792
02:03:46.0056 5792 OS Version: 6.1.7601 ServicePack: 1.0
02:03:46.0056 5792 Product type: Workstation
02:03:46.0056 5792 ComputerName: COMPY
02:03:46.0056 5792 UserName: Mairead
02:03:46.0056 5792 Windows directory: C:\Windows
02:03:46.0056 5792 System windows directory: C:\Windows
02:03:46.0056 5792 Running under WOW64
02:03:46.0056 5792 Processor architecture: Intel x64
02:03:46.0056 5792 Number of processors: 4
02:03:46.0056 5792 Page size: 0x1000
02:03:46.0056 5792 Boot type: Normal boot
02:03:46.0056 5792 ============================================================
02:03:47.0306 5792 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:03:47.0311 5792 ============================================================
02:03:47.0311 5792 \Device\Harddisk0\DR0:
02:03:47.0311 5792 MBR partitions:
02:03:47.0311 5792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:03:47.0311 5792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
02:03:47.0311 5792 ============================================================
02:03:47.0336 5792 C: <-> \Device\Harddisk0\DR0\Partition2
02:03:47.0336 5792 ============================================================
02:03:47.0336 5792 Initialize success
02:03:47.0336 5792 ============================================================
02:03:51.0916 5372 ============================================================
02:03:51.0916 5372 Scan started
02:03:51.0916 5372 Mode: Manual;
02:03:51.0916 5372 ============================================================
02:03:53.0047 5372 ================ Scan system memory ========================
02:03:53.0047 5372 System memory - ok
02:03:53.0047 5372 ================ Scan services =============================
02:03:53.0182 5372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:03:53.0182 5372 1394ohci - ok
02:03:53.0307 5372 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
02:03:53.0307 5372 ACDaemon - ok
02:03:53.0357 5372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:03:53.0357 5372 ACPI - ok
02:03:53.0392 5372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:03:53.0392 5372 AcpiPmi - ok
02:03:53.0477 5372 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
02:03:53.0477 5372 AdobeActiveFileMonitor6.0 - ok
02:03:53.0597 5372 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:03:53.0597 5372 AdobeARMservice - ok
02:03:53.0722 5372 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:03:53.0722 5372 AdobeFlashPlayerUpdateSvc - ok
02:03:53.0782 5372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:03:53.0787 5372 adp94xx - ok
02:03:53.0827 5372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:03:53.0827 5372 adpahci - ok
02:03:53.0842 5372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:03:53.0842 5372 adpu320 - ok
02:03:53.0872 5372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:03:53.0872 5372 AeLookupSvc - ok
02:03:53.0932 5372 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
02:03:53.0932 5372 Afc - ok
02:03:53.0987 5372 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:03:53.0987 5372 AFD - ok
02:03:54.0037 5372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:03:54.0037 5372 agp440 - ok
02:03:54.0192 5372 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
02:03:54.0192 5372 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
02:03:54.0197 5372 Akamai ( HiddenFile.Multi.Generic ) - warning
02:03:54.0197 5372 Akamai - detected HiddenFile.Multi.Generic (1)
02:03:54.0242 5372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:03:54.0242 5372 ALG - ok
02:03:54.0282 5372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:03:54.0282 5372 aliide - ok
02:03:54.0292 5372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:03:54.0292 5372 amdide - ok
02:03:54.0337 5372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:03:54.0337 5372 AmdK8 - ok
02:03:54.0502 5372 [ DCC8177244FE79C61C4E73C65E63922A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
02:03:54.0602 5372 amdkmdag - ok
02:03:54.0642 5372 [ 7FE67D107329DC2CF89136A8E19BCEB7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
02:03:54.0642 5372 amdkmdap - ok
02:03:54.0662 5372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:03:54.0662 5372 AmdPPM - ok
02:03:54.0712 5372 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:03:54.0712 5372 amdsata - ok
02:03:54.0727 5372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:03:54.0727 5372 amdsbs - ok
02:03:54.0757 5372 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:03:54.0757 5372 amdxata - ok
02:03:54.0817 5372 [ 4FC6E2C2FC50445450651F42E90CC0BD ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
02:03:54.0817 5372 Apowersoft_AudioDevice - ok
02:03:54.0857 5372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:03:54.0857 5372 AppID - ok
02:03:54.0872 5372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:03:54.0872 5372 AppIDSvc - ok
02:03:54.0932 5372 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
02:03:54.0932 5372 Appinfo - ok
02:03:55.0027 5372 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:03:55.0027 5372 Apple Mobile Device - ok
02:03:55.0092 5372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:03:55.0092 5372 arc - ok
02:03:55.0107 5372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:03:55.0107 5372 arcsas - ok
02:03:55.0147 5372 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
02:03:55.0147 5372 AsIO - ok
02:03:55.0182 5372 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
02:03:55.0187 5372 AsSysCtrlService - ok
02:03:55.0237 5372 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
02:03:55.0237 5372 AsUpIO - ok
02:03:55.0267 5372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:03:55.0267 5372 AsyncMac - ok
02:03:55.0307 5372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:03:55.0307 5372 atapi - ok
02:03:55.0357 5372 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
02:03:55.0357 5372 AtiHDAudioService - ok
02:03:55.0387 5372 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
02:03:55.0387 5372 AtiHdmiService - ok
02:03:55.0452 5372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:03:55.0457 5372 AudioEndpointBuilder - ok
02:03:55.0467 5372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:03:55.0472 5372 AudioSrv - ok
02:03:55.0517 5372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:03:55.0517 5372 AxInstSV - ok
02:03:55.0557 5372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:03:55.0557 5372 b06bdrv - ok
02:03:55.0592 5372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:03:55.0592 5372 b57nd60a - ok
02:03:55.0662 5372 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
02:03:55.0667 5372 BCMH43XX - ok
02:03:55.0717 5372 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
02:03:55.0722 5372 BCUService - ok
02:03:55.0777 5372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:03:55.0782 5372 BDESVC - ok
02:03:55.0827 5372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:03:55.0827 5372 Beep - ok
02:03:55.0887 5372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:03:55.0892 5372 BFE - ok
02:03:56.0137 5372 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
02:03:56.0142 5372 BHDrvx64 - ok
02:03:56.0177 5372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
02:03:56.0177 5372 BITS - ok
02:03:56.0192 5372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:03:56.0192 5372 blbdrive - ok
02:03:56.0302 5372 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:03:56.0307 5372 Bonjour Service - ok
02:03:56.0367 5372 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:03:56.0367 5372 bowser - ok
02:03:56.0412 5372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:03:56.0412 5372 BrFiltLo - ok
02:03:56.0427 5372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:03:56.0427 5372 BrFiltUp - ok
02:03:56.0472 5372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
02:03:56.0472 5372 BridgeMP - ok
02:03:56.0527 5372 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
02:03:56.0527 5372 Browser - ok
02:03:56.0542 5372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:03:56.0547 5372 Brserid - ok
02:03:56.0572 5372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:03:56.0572 5372 BrSerWdm - ok
02:03:56.0582 5372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:03:56.0582 5372 BrUsbMdm - ok
02:03:56.0587 5372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:03:56.0587 5372 BrUsbSer - ok
02:03:56.0602 5372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:03:56.0607 5372 BTHMODEM - ok
02:03:56.0657 5372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:03:56.0657 5372 bthserv - ok
02:03:56.0687 5372 catchme - ok
02:03:56.0867 5372 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys
02:03:56.0867 5372 ccSet_N360 - ok
02:03:56.0882 5372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:03:56.0882 5372 cdfs - ok
02:03:56.0927 5372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
02:03:56.0927 5372 cdrom - ok
02:03:56.0967 5372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:03:56.0967 5372 CertPropSvc - ok
02:03:57.0012 5372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:03:57.0012 5372 circlass - ok
02:03:57.0057 5372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:03:57.0062 5372 CLFS - ok
02:03:57.0117 5372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:03:57.0117 5372 clr_optimization_v2.0.50727_32 - ok
02:03:57.0152 5372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:03:57.0152 5372 clr_optimization_v2.0.50727_64 - ok
02:03:57.0232 5372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:03:57.0232 5372 clr_optimization_v4.0.30319_32 - ok
02:03:57.0277 5372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:03:57.0277 5372 clr_optimization_v4.0.30319_64 - ok
02:03:57.0292 5372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:03:57.0292 5372 CmBatt - ok
02:03:57.0317 5372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:03:57.0317 5372 cmdide - ok
02:03:57.0362 5372 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:03:57.0362 5372 CNG - ok
02:03:57.0372 5372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:03:57.0377 5372 Compbatt - ok
02:03:57.0417 5372 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys
02:03:57.0417 5372 CompFilter64 - ok
02:03:57.0472 5372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:03:57.0472 5372 CompositeBus - ok
02:03:57.0487 5372 COMSysApp - ok
02:03:57.0522 5372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:03:57.0522 5372 crcdisk - ok
02:03:57.0572 5372 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:03:57.0572 5372 CryptSvc - ok
02:03:57.0617 5372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:03:57.0617 5372 DcomLaunch - ok
02:03:57.0642 5372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:03:57.0642 5372 defragsvc - ok
02:03:57.0687 5372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:03:57.0687 5372 DfsC - ok
02:03:57.0732 5372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:03:57.0732 5372 Dhcp - ok
02:03:57.0777 5372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:03:57.0777 5372 discache - ok
02:03:57.0812 5372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:03:57.0812 5372 Disk - ok
02:03:57.0852 5372 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:03:57.0852 5372 Dnscache - ok
02:03:57.0882 5372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:03:57.0882 5372 dot3svc - ok
02:03:57.0917 5372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:03:57.0917 5372 DPS - ok
02:03:57.0967 5372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:03:57.0967 5372 drmkaud - ok
02:03:58.0042 5372 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
02:03:58.0042 5372 DvmMDES - ok
02:03:58.0077 5372 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:03:58.0082 5372 DXGKrnl - ok
02:03:58.0127 5372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:03:58.0127 5372 EapHost - ok
02:03:58.0187 5372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:03:58.0217 5372 ebdrv - ok
02:03:58.0322 5372 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
02:03:58.0327 5372 eeCtrl - ok
02:03:58.0362 5372 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:03:58.0362 5372 EFS - ok
02:03:58.0432 5372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:03:58.0432 5372 ehRecvr - ok
02:03:58.0452 5372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:03:58.0452 5372 ehSched - ok
02:03:58.0497 5372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:03:58.0502 5372 elxstor - ok
02:03:58.0562 5372 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:03:58.0562 5372 EraserUtilRebootDrv - ok
02:03:58.0597 5372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:03:58.0597 5372 ErrDev - ok
02:03:58.0642 5372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:03:58.0647 5372 EventSystem - ok
02:03:58.0692 5372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:03:58.0692 5372 exfat - ok
02:03:58.0707 5372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:03:58.0707 5372 fastfat - ok
02:03:58.0752 5372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:03:58.0752 5372 Fax - ok
02:03:58.0767 5372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:03:58.0767 5372 fdc - ok
02:03:58.0812 5372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:03:58.0812 5372 fdPHost - ok
02:03:58.0822 5372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:03:58.0822 5372 FDResPub - ok
02:03:58.0832 5372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:03:58.0832 5372 FileInfo - ok
02:03:58.0842 5372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:03:58.0842 5372 Filetrace - ok
02:03:58.0872 5372 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:03:58.0872 5372 FLEXnet Licensing Service - ok
02:03:58.0892 5372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:03:58.0892 5372 flpydisk - ok
02:03:58.0927 5372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:03:58.0927 5372 FltMgr - ok
02:03:58.0977 5372 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
02:03:58.0977 5372 FontCache - ok
02:03:59.0057 5372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:03:59.0057 5372 FontCache3.0.0.0 - ok
02:03:59.0087 5372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:03:59.0087 5372 FsDepends - ok
02:03:59.0132 5372 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:03:59.0132 5372 Fs_Rec - ok
02:03:59.0197 5372 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:03:59.0197 5372 fvevol - ok
02:03:59.0242 5372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:03:59.0242 5372 gagp30kx - ok
02:03:59.0282 5372 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:03:59.0282 5372 GEARAspiWDM - ok
02:03:59.0342 5372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:03:59.0342 5372 gpsvc - ok
02:03:59.0432 5372 GPU-Z - ok
02:03:59.0552 5372 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:03:59.0552 5372 gupdate - ok
02:03:59.0597 5372 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:03:59.0602 5372 gupdatem - ok
02:03:59.0647 5372 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:03:59.0647 5372 gusvc - ok
02:03:59.0667 5372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:03:59.0672 5372 hcw85cir - ok
02:03:59.0717 5372 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:03:59.0717 5372 HdAudAddService - ok
02:03:59.0757 5372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
02:03:59.0757 5372 HDAudBus - ok
02:03:59.0767 5372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:03:59.0767 5372 HidBatt - ok
02:03:59.0777 5372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:03:59.0777 5372 HidBth - ok
02:03:59.0792 5372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:03:59.0792 5372 HidIr - ok
02:03:59.0812 5372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
02:03:59.0812 5372 hidserv - ok
02:03:59.0872 5372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:03:59.0872 5372 HidUsb - ok
02:03:59.0922 5372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:03:59.0922 5372 hkmsvc - ok
02:03:59.0952 5372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:03:59.0957 5372 HomeGroupListener - ok
02:03:59.0992 5372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:03:59.0997 5372 HomeGroupProvider - ok
02:04:00.0027 5372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:04:00.0027 5372 HpSAMD - ok
02:04:00.0057 5372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:04:00.0062 5372 HTTP - ok
02:04:00.0107 5372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:04:00.0107 5372 hwpolicy - ok
02:04:00.0162 5372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
02:04:00.0162 5372 i8042prt - ok
02:04:00.0202 5372 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:04:00.0202 5372 iaStorV - ok
02:04:00.0287 5372 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
02:04:00.0292 5372 IDriverT - ok
02:04:00.0327 5372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:04:00.0332 5372 idsvc - ok
02:04:00.0432 5372 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130322.001\IDSvia64.sys
02:04:00.0437 5372 IDSVia64 - ok
02:04:00.0477 5372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:04:00.0477 5372 iirsp - ok
02:04:00.0517 5372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:04:00.0522 5372 IKEEXT - ok
02:04:00.0602 5372 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:04:00.0607 5372 IntcAzAudAddService - ok
02:04:00.0647 5372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:04:00.0647 5372 intelide - ok
02:04:00.0692 5372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:04:00.0692 5372 intelppm - ok
02:04:00.0747 5372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:04:00.0747 5372 IPBusEnum - ok
02:04:00.0772 5372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:04:00.0777 5372 IpFilterDriver - ok
02:04:00.0817 5372 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:04:00.0822 5372 iphlpsvc - ok
02:04:00.0847 5372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:04:00.0852 5372 IPMIDRV - ok
02:04:00.0867 5372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:04:00.0867 5372 IPNAT - ok
02:04:00.0922 5372 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:04:00.0927 5372 iPod Service - ok
02:04:00.0962 5372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:04:00.0962 5372 IRENUM - ok
02:04:00.0987 5372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:04:00.0992 5372 isapnp - ok
02:04:01.0007 5372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:04:01.0012 5372 iScsiPrt - ok
02:04:01.0047 5372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:04:01.0047 5372 kbdclass - ok
02:04:01.0082 5372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:04:01.0082 5372 kbdhid - ok
02:04:01.0117 5372 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:04:01.0117 5372 KeyIso - ok
02:04:01.0147 5372 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:04:01.0147 5372 KSecDD - ok
02:04:01.0182 5372 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:04:01.0182 5372 KSecPkg - ok
02:04:01.0227 5372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:04:01.0227 5372 ksthunk - ok
02:04:01.0252 5372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:04:01.0257 5372 KtmRm - ok
02:04:01.0302 5372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
02:04:01.0302 5372 LanmanServer - ok
02:04:01.0332 5372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:04:01.0332 5372 LanmanWorkstation - ok
02:04:01.0347 5372 Lbd - ok
02:04:01.0387 5372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:04:01.0392 5372 lltdio - ok
02:04:01.0407 5372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:04:01.0412 5372 lltdsvc - ok
02:04:01.0427 5372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:04:01.0427 5372 lmhosts - ok
02:04:01.0467 5372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:04:01.0467 5372 LSI_FC - ok
02:04:01.0497 5372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:04:01.0497 5372 LSI_SAS - ok
02:04:01.0507 5372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:04:01.0507 5372 LSI_SAS2 - ok
02:04:01.0527 5372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:04:01.0527 5372 LSI_SCSI - ok
02:04:01.0562 5372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:04:01.0562 5372 luafv - ok
02:04:01.0612 5372 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
02:04:01.0612 5372 LVPr2M64 - ok
02:04:01.0627 5372 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
02:04:01.0627 5372 LVPr2Mon - ok
02:04:01.0692 5372 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
02:04:01.0692 5372 LVRS64 - ok
02:04:01.0752 5372 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
02:04:01.0772 5372 LVUVC64 - ok
02:04:01.0822 5372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:04:01.0827 5372 Mcx2Svc - ok
02:04:01.0852 5372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:04:01.0852 5372 megasas - ok
02:04:01.0867 5372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:04:01.0867 5372 MegaSR - ok
02:04:01.0892 5372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:04:01.0892 5372 MMCSS - ok
02:04:01.0902 5372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:04:01.0902 5372 Modem - ok
02:04:01.0942 5372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:04:01.0942 5372 monitor - ok
02:04:01.0982 5372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:04:01.0982 5372 mouclass - ok
02:04:02.0022 5372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:04:02.0022 5372 mouhid - ok
02:04:02.0057 5372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:04:02.0062 5372 mountmgr - ok
02:04:02.0157 5372 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:04:02.0157 5372 MozillaMaintenance - ok
02:04:02.0192 5372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:04:02.0192 5372 mpio - ok
02:04:02.0217 5372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:04:02.0217 5372 mpsdrv - ok
02:04:02.0272 5372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:04:02.0272 5372 MpsSvc - ok
02:04:02.0307 5372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:04:02.0307 5372 MRxDAV - ok
02:04:02.0348 5372 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:04:02.0348 5372 mrxsmb - ok
02:04:02.0383 5372 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:04:02.0383 5372 mrxsmb10 - ok
02:04:02.0393 5372 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:04:02.0393 5372 mrxsmb20 - ok
02:04:02.0443 5372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:04:02.0443 5372 msahci - ok
02:04:02.0453 5372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:04:02.0453 5372 msdsm - ok
02:04:02.0473 5372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:04:02.0473 5372 MSDTC - ok
02:04:02.0513 5372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:04:02.0513 5372 Msfs - ok
02:04:02.0558 5372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:04:02.0558 5372 mshidkmdf - ok
02:04:02.0593 5372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:04:02.0593 5372 msisadrv - ok
02:04:02.0608 5372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:04:02.0613 5372 MSiSCSI - ok
02:04:02.0613 5372 msiserver - ok
02:04:02.0648 5372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:04:02.0648 5372 MSKSSRV - ok
02:04:02.0658 5372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:04:02.0658 5372 MSPCLOCK - ok
02:04:02.0668 5372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:04:02.0668 5372 MSPQM - ok
02:04:02.0698 5372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:04:02.0703 5372 MsRPC - ok
02:04:02.0733 5372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:04:02.0738 5372 mssmbios - ok
02:04:02.0778 5372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:04:02.0778 5372 MSTEE - ok
02:04:02.0793 5372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:04:02.0793 5372 MTConfig - ok
02:04:02.0833 5372 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
02:04:02.0833 5372 MTsensor - ok
02:04:02.0843 5372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:04:02.0843 5372 Mup - ok
02:04:02.0928 5372 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
02:04:02.0928 5372 N360 - ok
02:04:02.0963 5372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:04:02.0963 5372 napagent - ok
02:04:03.0018 5372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:04:03.0018 5372 NativeWifiP - ok
02:04:03.0123 5372 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130323.008\ENG64.SYS
02:04:03.0123 5372 NAVENG - ok
02:04:03.0183 5372 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130323.008\EX64.SYS
02:04:03.0188 5372 NAVEX15 - ok
02:04:03.0228 5372 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:04:03.0228 5372 NDIS - ok
02:04:03.0268 5372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:04:03.0268 5372 NdisCap - ok
02:04:03.0303 5372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:04:03.0303 5372 NdisTapi - ok
02:04:03.0353 5372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:04:03.0353 5372 Ndisuio - ok
Bastet0330
2013-03-24, 10:16
Apologies if this double posts. I'm having trouble posting. Here's TDSS part 1 of 2:
02:03:45.0446 5792 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:03:46.0051 5792 ============================================================
02:03:46.0051 5792 Current date / time: 2013/03/24 02:03:46.0051
02:03:46.0051 5792 SystemInfo:
02:03:46.0051 5792
02:03:46.0056 5792 OS Version: 6.1.7601 ServicePack: 1.0
02:03:46.0056 5792 Product type: Workstation
02:03:46.0056 5792 ComputerName: COMPY
02:03:46.0056 5792 UserName: Mairead
02:03:46.0056 5792 Windows directory: C:\Windows
02:03:46.0056 5792 System windows directory: C:\Windows
02:03:46.0056 5792 Running under WOW64
02:03:46.0056 5792 Processor architecture: Intel x64
02:03:46.0056 5792 Number of processors: 4
02:03:46.0056 5792 Page size: 0x1000
02:03:46.0056 5792 Boot type: Normal boot
02:03:46.0056 5792 ============================================================
02:03:47.0306 5792 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:03:47.0311 5792 ============================================================
02:03:47.0311 5792 \Device\Harddisk0\DR0:
02:03:47.0311 5792 MBR partitions:
02:03:47.0311 5792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:03:47.0311 5792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
02:03:47.0311 5792 ============================================================
02:03:47.0336 5792 C: <-> \Device\Harddisk0\DR0\Partition2
02:03:47.0336 5792 ============================================================
02:03:47.0336 5792 Initialize success
02:03:47.0336 5792 ============================================================
02:03:51.0916 5372 ============================================================
02:03:51.0916 5372 Scan started
02:03:51.0916 5372 Mode: Manual;
02:03:51.0916 5372 ============================================================
02:03:53.0047 5372 ================ Scan system memory ========================
02:03:53.0047 5372 System memory - ok
02:03:53.0047 5372 ================ Scan services =============================
02:03:53.0182 5372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:03:53.0182 5372 1394ohci - ok
02:03:53.0307 5372 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
02:03:53.0307 5372 ACDaemon - ok
02:03:53.0357 5372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:03:53.0357 5372 ACPI - ok
02:03:53.0392 5372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:03:53.0392 5372 AcpiPmi - ok
02:03:53.0477 5372 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
02:03:53.0477 5372 AdobeActiveFileMonitor6.0 - ok
02:03:53.0597 5372 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:03:53.0597 5372 AdobeARMservice - ok
02:03:53.0722 5372 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:03:53.0722 5372 AdobeFlashPlayerUpdateSvc - ok
02:03:53.0782 5372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:03:53.0787 5372 adp94xx - ok
02:03:53.0827 5372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:03:53.0827 5372 adpahci - ok
02:03:53.0842 5372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:03:53.0842 5372 adpu320 - ok
02:03:53.0872 5372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:03:53.0872 5372 AeLookupSvc - ok
02:03:53.0932 5372 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
02:03:53.0932 5372 Afc - ok
02:03:53.0987 5372 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:03:53.0987 5372 AFD - ok
02:03:54.0037 5372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:03:54.0037 5372 agp440 - ok
02:03:54.0192 5372 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
02:03:54.0192 5372 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
02:03:54.0197 5372 Akamai ( HiddenFile.Multi.Generic ) - warning
02:03:54.0197 5372 Akamai - detected HiddenFile.Multi.Generic (1)
02:03:54.0242 5372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:03:54.0242 5372 ALG - ok
02:03:54.0282 5372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:03:54.0282 5372 aliide - ok
02:03:54.0292 5372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:03:54.0292 5372 amdide - ok
02:03:54.0337 5372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:03:54.0337 5372 AmdK8 - ok
02:03:54.0502 5372 [ DCC8177244FE79C61C4E73C65E63922A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
02:03:54.0602 5372 amdkmdag - ok
02:03:54.0642 5372 [ 7FE67D107329DC2CF89136A8E19BCEB7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
02:03:54.0642 5372 amdkmdap - ok
02:03:54.0662 5372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:03:54.0662 5372 AmdPPM - ok
02:03:54.0712 5372 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:03:54.0712 5372 amdsata - ok
02:03:54.0727 5372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:03:54.0727 5372 amdsbs - ok
02:03:54.0757 5372 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:03:54.0757 5372 amdxata - ok
02:03:54.0817 5372 [ 4FC6E2C2FC50445450651F42E90CC0BD ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
02:03:54.0817 5372 Apowersoft_AudioDevice - ok
02:03:54.0857 5372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:03:54.0857 5372 AppID - ok
02:03:54.0872 5372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:03:54.0872 5372 AppIDSvc - ok
02:03:54.0932 5372 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
02:03:54.0932 5372 Appinfo - ok
02:03:55.0027 5372 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:03:55.0027 5372 Apple Mobile Device - ok
02:03:55.0092 5372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:03:55.0092 5372 arc - ok
02:03:55.0107 5372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:03:55.0107 5372 arcsas - ok
02:03:55.0147 5372 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
02:03:55.0147 5372 AsIO - ok
02:03:55.0182 5372 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
02:03:55.0187 5372 AsSysCtrlService - ok
02:03:55.0237 5372 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
02:03:55.0237 5372 AsUpIO - ok
02:03:55.0267 5372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:03:55.0267 5372 AsyncMac - ok
02:03:55.0307 5372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:03:55.0307 5372 atapi - ok
02:03:55.0357 5372 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
02:03:55.0357 5372 AtiHDAudioService - ok
02:03:55.0387 5372 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
02:03:55.0387 5372 AtiHdmiService - ok
02:03:55.0452 5372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:03:55.0457 5372 AudioEndpointBuilder - ok
02:03:55.0467 5372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:03:55.0472 5372 AudioSrv - ok
02:03:55.0517 5372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:03:55.0517 5372 AxInstSV - ok
02:03:55.0557 5372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:03:55.0557 5372 b06bdrv - ok
02:03:55.0592 5372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:03:55.0592 5372 b57nd60a - ok
02:03:55.0662 5372 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
02:03:55.0667 5372 BCMH43XX - ok
02:03:55.0717 5372 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
02:03:55.0722 5372 BCUService - ok
02:03:55.0777 5372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:03:55.0782 5372 BDESVC - ok
02:03:55.0827 5372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:03:55.0827 5372 Beep - ok
02:03:55.0887 5372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:03:55.0892 5372 BFE - ok
02:03:56.0137 5372 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
02:03:56.0142 5372 BHDrvx64 - ok
02:03:56.0177 5372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
02:03:56.0177 5372 BITS - ok
02:03:56.0192 5372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:03:56.0192 5372 blbdrive - ok
02:03:56.0302 5372 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:03:56.0307 5372 Bonjour Service - ok
02:03:56.0367 5372 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:03:56.0367 5372 bowser - ok
02:03:56.0412 5372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:03:56.0412 5372 BrFiltLo - ok
02:03:56.0427 5372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:03:56.0427 5372 BrFiltUp - ok
02:03:56.0472 5372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
02:03:56.0472 5372 BridgeMP - ok
02:03:56.0527 5372 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
02:03:56.0527 5372 Browser - ok
02:03:56.0542 5372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:03:56.0547 5372 Brserid - ok
02:03:56.0572 5372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:03:56.0572 5372 BrSerWdm - ok
02:03:56.0582 5372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:03:56.0582 5372 BrUsbMdm - ok
02:03:56.0587 5372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:03:56.0587 5372 BrUsbSer - ok
02:03:56.0602 5372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:03:56.0607 5372 BTHMODEM - ok
02:03:56.0657 5372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:03:56.0657 5372 bthserv - ok
02:03:56.0687 5372 catchme - ok
02:03:56.0867 5372 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys
02:03:56.0867 5372 ccSet_N360 - ok
02:03:56.0882 5372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:03:56.0882 5372 cdfs - ok
02:03:56.0927 5372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
02:03:56.0927 5372 cdrom - ok
02:03:56.0967 5372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:03:56.0967 5372 CertPropSvc - ok
02:03:57.0012 5372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:03:57.0012 5372 circlass - ok
02:03:57.0057 5372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:03:57.0062 5372 CLFS - ok
02:03:57.0117 5372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:03:57.0117 5372 clr_optimization_v2.0.50727_32 - ok
02:03:57.0152 5372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:03:57.0152 5372 clr_optimization_v2.0.50727_64 - ok
02:03:57.0232 5372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:03:57.0232 5372 clr_optimization_v4.0.30319_32 - ok
02:03:57.0277 5372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:03:57.0277 5372 clr_optimization_v4.0.30319_64 - ok
02:03:57.0292 5372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:03:57.0292 5372 CmBatt - ok
02:03:57.0317 5372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:03:57.0317 5372 cmdide - ok
02:03:57.0362 5372 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:03:57.0362 5372 CNG - ok
02:03:57.0372 5372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:03:57.0377 5372 Compbatt - ok
02:03:57.0417 5372 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys
02:03:57.0417 5372 CompFilter64 - ok
02:03:57.0472 5372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:03:57.0472 5372 CompositeBus - ok
02:03:57.0487 5372 COMSysApp - ok
02:03:57.0522 5372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:03:57.0522 5372 crcdisk - ok
02:03:57.0572 5372 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:03:57.0572 5372 CryptSvc - ok
02:03:57.0617 5372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:03:57.0617 5372 DcomLaunch - ok
02:03:57.0642 5372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:03:57.0642 5372 defragsvc - ok
02:03:57.0687 5372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:03:57.0687 5372 DfsC - ok
02:03:57.0732 5372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:03:57.0732 5372 Dhcp - ok
02:03:57.0777 5372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:03:57.0777 5372 discache - ok
02:03:57.0812 5372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:03:57.0812 5372 Disk - ok
02:03:57.0852 5372 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:03:57.0852 5372 Dnscache - ok
02:03:57.0882 5372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:03:57.0882 5372 dot3svc - ok
02:03:57.0917 5372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:03:57.0917 5372 DPS - ok
02:03:57.0967 5372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:03:57.0967 5372 drmkaud - ok
02:03:58.0042 5372 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
02:03:58.0042 5372 DvmMDES - ok
02:03:58.0077 5372 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:03:58.0082 5372 DXGKrnl - ok
02:03:58.0127 5372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:03:58.0127 5372 EapHost - ok
02:03:58.0187 5372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:03:58.0217 5372 ebdrv - ok
02:03:58.0322 5372 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
02:03:58.0327 5372 eeCtrl - ok
02:03:58.0362 5372 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:03:58.0362 5372 EFS - ok
02:03:58.0432 5372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:03:58.0432 5372 ehRecvr - ok
02:03:58.0452 5372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:03:58.0452 5372 ehSched - ok
02:03:58.0497 5372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:03:58.0502 5372 elxstor - ok
02:03:58.0562 5372 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:03:58.0562 5372 EraserUtilRebootDrv - ok
02:03:58.0597 5372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:03:58.0597 5372 ErrDev - ok
02:03:58.0642 5372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:03:58.0647 5372 EventSystem - ok
02:03:58.0692 5372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:03:58.0692 5372 exfat - ok
02:03:58.0707 5372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:03:58.0707 5372 fastfat - ok
02:03:58.0752 5372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:03:58.0752 5372 Fax - ok
02:03:58.0767 5372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:03:58.0767 5372 fdc - ok
02:03:58.0812 5372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:03:58.0812 5372 fdPHost - ok
02:03:58.0822 5372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:03:58.0822 5372 FDResPub - ok
02:03:58.0832 5372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:03:58.0832 5372 FileInfo - ok
02:03:58.0842 5372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:03:58.0842 5372 Filetrace - ok
02:03:58.0872 5372 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:03:58.0872 5372 FLEXnet Licensing Service - ok
02:03:58.0892 5372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:03:58.0892 5372 flpydisk - ok
02:03:58.0927 5372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:03:58.0927 5372 FltMgr - ok
02:03:58.0977 5372 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
02:03:58.0977 5372 FontCache - ok
02:03:59.0057 5372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:03:59.0057 5372 FontCache3.0.0.0 - ok
02:03:59.0087 5372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:03:59.0087 5372 FsDepends - ok
02:03:59.0132 5372 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:03:59.0132 5372 Fs_Rec - ok
02:03:59.0197 5372 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:03:59.0197 5372 fvevol - ok
02:03:59.0242 5372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:03:59.0242 5372 gagp30kx - ok
02:03:59.0282 5372 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:03:59.0282 5372 GEARAspiWDM - ok
02:03:59.0342 5372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:03:59.0342 5372 gpsvc - ok
02:03:59.0432 5372 GPU-Z - ok
02:03:59.0552 5372 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:03:59.0552 5372 gupdate - ok
02:03:59.0597 5372 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:03:59.0602 5372 gupdatem - ok
02:03:59.0647 5372 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:03:59.0647 5372 gusvc - ok
02:03:59.0667 5372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:03:59.0672 5372 hcw85cir - ok
02:03:59.0717 5372 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:03:59.0717 5372 HdAudAddService - ok
02:03:59.0757 5372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
02:03:59.0757 5372 HDAudBus - ok
02:03:59.0767 5372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:03:59.0767 5372 HidBatt - ok
02:03:59.0777 5372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:03:59.0777 5372 HidBth - ok
02:03:59.0792 5372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:03:59.0792 5372 HidIr - ok
02:03:59.0812 5372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
02:03:59.0812 5372 hidserv - ok
02:03:59.0872 5372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:03:59.0872 5372 HidUsb - ok
02:03:59.0922 5372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:03:59.0922 5372 hkmsvc - ok
02:03:59.0952 5372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:03:59.0957 5372 HomeGroupListener - ok
02:03:59.0992 5372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:03:59.0997 5372 HomeGroupProvider - ok
02:04:00.0027 5372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:04:00.0027 5372 HpSAMD - ok
02:04:00.0057 5372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:04:00.0062 5372 HTTP - ok
02:04:00.0107 5372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:04:00.0107 5372 hwpolicy - ok
02:04:00.0162 5372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
02:04:00.0162 5372 i8042prt - ok
02:04:00.0202 5372 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:04:00.0202 5372 iaStorV - ok
02:04:00.0287 5372 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
02:04:00.0292 5372 IDriverT - ok
02:04:00.0327 5372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:04:00.0332 5372 idsvc - ok
02:04:00.0432 5372 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130322.001\IDSvia64.sys
02:04:00.0437 5372 IDSVia64 - ok
02:04:00.0477 5372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:04:00.0477 5372 iirsp - ok
02:04:00.0517 5372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:04:00.0522 5372 IKEEXT - ok
02:04:00.0602 5372 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:04:00.0607 5372 IntcAzAudAddService - ok
02:04:00.0647 5372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:04:00.0647 5372 intelide - ok
02:04:00.0692 5372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:04:00.0692 5372 intelppm - ok
02:04:00.0747 5372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:04:00.0747 5372 IPBusEnum - ok
02:04:00.0772 5372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:04:00.0777 5372 IpFilterDriver - ok
02:04:00.0817 5372 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:04:00.0822 5372 iphlpsvc - ok
02:04:00.0847 5372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:04:00.0852 5372 IPMIDRV - ok
02:04:00.0867 5372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:04:00.0867 5372 IPNAT - ok
02:04:00.0922 5372 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:04:00.0927 5372 iPod Service - ok
02:04:00.0962 5372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:04:00.0962 5372 IRENUM - ok
02:04:00.0987 5372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:04:00.0992 5372 isapnp - ok
02:04:01.0007 5372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:04:01.0012 5372 iScsiPrt - ok
02:04:01.0047 5372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:04:01.0047 5372 kbdclass - ok
02:04:01.0082 5372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:04:01.0082 5372 kbdhid - ok
02:04:01.0117 5372 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:04:01.0117 5372 KeyIso - ok
02:04:01.0147 5372 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:04:01.0147 5372 KSecDD - ok
02:04:01.0182 5372 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:04:01.0182 5372 KSecPkg - ok
02:04:01.0227 5372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:04:01.0227 5372 ksthunk - ok
02:04:01.0252 5372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:04:01.0257 5372 KtmRm - ok
02:04:01.0302 5372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
02:04:01.0302 5372 LanmanServer - ok
02:04:01.0332 5372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:04:01.0332 5372 LanmanWorkstation - ok
02:04:01.0347 5372 Lbd - ok
02:04:01.0387 5372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:04:01.0392 5372 lltdio - ok
02:04:01.0407 5372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:04:01.0412 5372 lltdsvc - ok
02:04:01.0427 5372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:04:01.0427 5372 lmhosts - ok
02:04:01.0467 5372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:04:01.0467 5372 LSI_FC - ok
02:04:01.0497 5372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:04:01.0497 5372 LSI_SAS - ok
02:04:01.0507 5372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:04:01.0507 5372 LSI_SAS2 - ok
02:04:01.0527 5372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:04:01.0527 5372 LSI_SCSI - ok
02:04:01.0562 5372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:04:01.0562 5372 luafv - ok
02:04:01.0612 5372 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
02:04:01.0612 5372 LVPr2M64 - ok
02:04:01.0627 5372 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
02:04:01.0627 5372 LVPr2Mon - ok
02:04:01.0692 5372 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
02:04:01.0692 5372 LVRS64 - ok
02:04:01.0752 5372 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
02:04:01.0772 5372 LVUVC64 - ok
02:04:01.0822 5372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:04:01.0827 5372 Mcx2Svc - ok
02:04:01.0852 5372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:04:01.0852 5372 megasas - ok
02:04:01.0867 5372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:04:01.0867 5372 MegaSR - ok
02:04:01.0892 5372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:04:01.0892 5372 MMCSS - ok
02:04:01.0902 5372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:04:01.0902 5372 Modem - ok
02:04:01.0942 5372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:04:01.0942 5372 monitor - ok
02:04:01.0982 5372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:04:01.0982 5372 mouclass - ok
02:04:02.0022 5372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:04:02.0022 5372 mouhid - ok
02:04:02.0057 5372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:04:02.0062 5372 mountmgr - ok
02:04:02.0157 5372 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:04:02.0157 5372 MozillaMaintenance - ok
02:04:02.0192 5372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:04:02.0192 5372 mpio - ok
02:04:02.0217 5372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:04:02.0217 5372 mpsdrv - ok
02:04:02.0272 5372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:04:02.0272 5372 MpsSvc - ok
02:04:02.0307 5372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:04:02.0307 5372 MRxDAV - ok
02:04:02.0348 5372 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:04:02.0348 5372 mrxsmb - ok
02:04:02.0383 5372 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:04:02.0383 5372 mrxsmb10 - ok
02:04:02.0393 5372 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:04:02.0393 5372 mrxsmb20 - ok
02:04:02.0443 5372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:04:02.0443 5372 msahci - ok
02:04:02.0453 5372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:04:02.0453 5372 msdsm - ok
02:04:02.0473 5372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:04:02.0473 5372 MSDTC - ok
02:04:02.0513 5372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:04:02.0513 5372 Msfs - ok
02:04:02.0558 5372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:04:02.0558 5372 mshidkmdf - ok
02:04:02.0593 5372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:04:02.0593 5372 msisadrv - ok
02:04:02.0608 5372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:04:02.0613 5372 MSiSCSI - ok
02:04:02.0613 5372 msiserver - ok
02:04:02.0648 5372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:04:02.0648 5372 MSKSSRV - ok
02:04:02.0658 5372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:04:02.0658 5372 MSPCLOCK - ok
02:04:02.0668 5372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:04:02.0668 5372 MSPQM - ok
02:04:02.0698 5372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:04:02.0703 5372 MsRPC - ok
02:04:02.0733 5372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:04:02.0738 5372 mssmbios - ok
02:04:02.0778 5372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:04:02.0778 5372 MSTEE - ok
02:04:02.0793 5372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:04:02.0793 5372 MTConfig - ok
02:04:02.0833 5372 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
02:04:02.0833 5372 MTsensor - ok
02:04:02.0843 5372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:04:02.0843 5372 Mup - ok
02:04:02.0928 5372 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
02:04:02.0928 5372 N360 - ok
02:04:02.0963 5372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:04:02.0963 5372 napagent - ok
02:04:03.0018 5372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:04:03.0018 5372 NativeWifiP - ok
02:04:03.0123 5372 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130323.008\ENG64.SYS
02:04:03.0123 5372 NAVENG - ok
02:04:03.0183 5372 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130323.008\EX64.SYS
02:04:03.0188 5372 NAVEX15 - ok
02:04:03.0228 5372 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:04:03.0228 5372 NDIS - ok
02:04:03.0268 5372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:04:03.0268 5372 NdisCap - ok
02:04:03.0303 5372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:04:03.0303 5372 NdisTapi - ok
02:04:03.0353 5372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:04:03.0353 5372 Ndisuio - ok
02:04:03.0388 5372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:04:03.0388 5372 NdisWan - ok
02:04:03.0423 5372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:04:03.0428 5372 NDProxy - ok
02:04:03.0473 5372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:04:03.0473 5372 NetBIOS - ok
02:04:03.0513 5372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:04:03.0513 5372 NetBT - ok
02:04:03.0548 5372 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:04:03.0548 5372 Netlogon - ok
02:04:03.0603 5372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:04:03.0608 5372 Netman - ok
02:04:03.0618 5372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:04:03.0618 5372 netprofm - ok
02:04:03.0638 5372 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:04:03.0638 5372 NetTcpPortSharing - ok
02:04:03.0678 5372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:04:03.0678 5372 nfrd960 - ok
02:04:03.0723 5372 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:04:03.0728 5372 NlaSvc - ok
Bastet0330
2013-03-24, 10:18
Yeah, double post. Sorry. Here's part 2/2.
------------------
02:04:03.0733 5372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:04:03.0733 5372 Npfs - ok
02:04:03.0758 5372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:04:03.0758 5372 nsi - ok
02:04:03.0778 5372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:04:03.0778 5372 nsiproxy - ok
02:04:03.0833 5372 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:04:03.0848 5372 Ntfs - ok
02:04:03.0858 5372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:04:03.0858 5372 Null - ok
02:04:03.0918 5372 [ ED9380F201C8126425C09BED96DBE1E5 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
02:04:03.0918 5372 NVHDA - ok
02:04:04.0123 5372 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:04:04.0168 5372 nvlddmkm - ok
02:04:04.0213 5372 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:04:04.0218 5372 nvraid - ok
02:04:04.0258 5372 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:04:04.0258 5372 nvstor - ok
02:04:04.0328 5372 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
02:04:04.0333 5372 NVSvc - ok
02:04:04.0448 5372 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:04:03.0388 5372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:04:03.0388 5372 NdisWan - ok
02:04:03.0423 5372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:04:03.0428 5372 NDProxy - ok
02:04:03.0473 5372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:04:03.0473 5372 NetBIOS - ok
02:04:03.0513 5372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:04:03.0513 5372 NetBT - ok
02:04:03.0548 5372 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:04:03.0548 5372 Netlogon - ok
02:04:03.0603 5372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:04:03.0608 5372 Netman - ok
02:04:03.0618 5372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:04:03.0618 5372 netprofm - ok
02:04:03.0638 5372 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:04:03.0638 5372 NetTcpPortSharing - ok
02:04:03.0678 5372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:04:03.0678 5372 nfrd960 - ok
02:04:03.0723 5372 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:04:03.0728 5372 NlaSvc - ok
02:04:03.0733 5372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:04:03.0733 5372 Npfs - ok
02:04:03.0758 5372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:04:03.0758 5372 nsi - ok
02:04:03.0778 5372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:04:03.0778 5372 nsiproxy - ok
02:04:03.0833 5372 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:04:03.0848 5372 Ntfs - ok
02:04:03.0858 5372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:04:03.0858 5372 Null - ok
02:04:03.0918 5372 [ ED9380F201C8126425C09BED96DBE1E5 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
02:04:03.0918 5372 NVHDA - ok
02:04:04.0123 5372 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:04:04.0168 5372 nvlddmkm - ok
02:04:04.0213 5372 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:04:04.0218 5372 nvraid - ok
02:04:04.0258 5372 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:04:04.0258 5372 nvstor - ok
02:04:04.0328 5372 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
02:04:04.0333 5372 NVSvc - ok
02:04:04.0448 5372 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:04:04.0453 5372 nvUpdatusService - ok
02:04:04.0503 5372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:04:04.0503 5372 nv_agp - ok
02:04:04.0603 5372 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:04:04.0603 5372 odserv - ok
02:04:04.0618 5372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:04:04.0618 5372 ohci1394 - ok
02:04:04.0668 5372 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:04:04.0668 5372 ose - ok
02:04:04.0693 5372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:04:04.0698 5372 p2pimsvc - ok
02:04:04.0708 5372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:04:04.0708 5372 p2psvc - ok
02:04:04.0733 5372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:04:04.0738 5372 Parport - ok
02:04:04.0773 5372 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:04:04.0773 5372 partmgr - ok
02:04:04.0793 5372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:04:04.0798 5372 PcaSvc - ok
02:04:04.0803 5372 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:04:04.0803 5372 pci - ok
02:04:04.0838 5372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:04:04.0838 5372 pciide - ok
02:04:04.0868 5372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:04:04.0868 5372 pcmcia - ok
02:04:04.0883 5372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:04:04.0883 5372 pcw - ok
02:04:04.0903 5372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:04:04.0908 5372 PEAUTH - ok
02:04:04.0998 5372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:04:04.0998 5372 PerfHost - ok
02:04:05.0048 5372 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:04:05.0053 5372 pla - ok
02:04:05.0103 5372 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:04:05.0103 5372 PlugPlay - ok
02:04:05.0133 5372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:04:05.0133 5372 PNRPAutoReg - ok
02:04:05.0153 5372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:04:05.0153 5372 PNRPsvc - ok
02:04:05.0198 5372 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:04:05.0198 5372 PolicyAgent - ok
02:04:05.0223 5372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:04:05.0223 5372 Power - ok
02:04:05.0268 5372 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:04:05.0268 5372 PptpMiniport - ok
02:04:05.0288 5372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:04:05.0288 5372 Processor - ok
02:04:05.0323 5372 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
02:04:05.0323 5372 ProfSvc - ok
02:04:05.0338 5372 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:04:05.0338 5372 ProtectedStorage - ok
02:04:05.0388 5372 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:04:05.0388 5372 Psched - ok
02:04:05.0418 5372 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
02:04:05.0423 5372 PxHlpa64 - ok
02:04:05.0473 5372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:04:05.0483 5372 ql2300 - ok
02:04:05.0508 5372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:04:05.0508 5372 ql40xx - ok
02:04:05.0533 5372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:04:05.0533 5372 QWAVE - ok
02:04:05.0548 5372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:04:05.0548 5372 QWAVEdrv - ok
02:04:05.0563 5372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:04:05.0563 5372 RasAcd - ok
02:04:05.0608 5372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:04:05.0608 5372 RasAgileVpn - ok
02:04:05.0633 5372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:04:05.0633 5372 RasAuto - ok
02:04:05.0668 5372 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:04:05.0668 5372 Rasl2tp - ok
02:04:05.0713 5372 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:04:05.0713 5372 RasMan - ok
02:04:05.0753 5372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:04:05.0753 5372 RasPppoe - ok
02:04:05.0768 5372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:04:05.0768 5372 RasSstp - ok
02:04:05.0808 5372 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:04:05.0808 5372 rdbss - ok
02:04:05.0818 5372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:04:05.0818 5372 rdpbus - ok
02:04:05.0833 5372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:04:05.0838 5372 RDPCDD - ok
02:04:05.0873 5372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:04:05.0873 5372 RDPENCDD - ok
02:04:05.0878 5372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:04:05.0878 5372 RDPREFMP - ok
02:04:05.0913 5372 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:04:05.0913 5372 RDPWD - ok
02:04:05.0963 5372 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:04:05.0963 5372 rdyboost - ok
02:04:05.0988 5372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:04:05.0993 5372 RemoteAccess - ok
02:04:06.0043 5372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:04:06.0043 5372 RemoteRegistry - ok
02:04:06.0053 5372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:04:06.0053 5372 RpcEptMapper - ok
02:04:06.0078 5372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:04:06.0078 5372 RpcLocator - ok
02:04:06.0113 5372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
02:04:06.0118 5372 RpcSs - ok
02:04:06.0163 5372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:04:06.0163 5372 rspndr - ok
02:04:06.0213 5372 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
02:04:06.0213 5372 RTL8167 - ok
02:04:06.0223 5372 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:04:06.0223 5372 SamSs - ok
02:04:06.0253 5372 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:04:06.0253 5372 sbp2port - ok
02:04:06.0273 5372 SBRE - ok
02:04:06.0348 5372 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
02:04:06.0353 5372 SBSDWSCService - ok
02:04:06.0373 5372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:04:06.0378 5372 SCardSvr - ok
02:04:06.0403 5372 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:04:06.0403 5372 scfilter - ok
02:04:06.0448 5372 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:04:06.0453 5372 Schedule - ok
02:04:06.0503 5372 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
02:04:06.0503 5372 SCMNdisP - ok
02:04:06.0533 5372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:04:06.0533 5372 SCPolicySvc - ok
02:04:06.0563 5372 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:04:06.0568 5372 SDRSVC - ok
02:04:06.0613 5372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:04:06.0613 5372 secdrv - ok
02:04:06.0653 5372 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:04:06.0653 5372 seclogon - ok
02:04:06.0703 5372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
02:04:06.0703 5372 SENS - ok
02:04:06.0718 5372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:04:06.0718 5372 SensrSvc - ok
02:04:06.0728 5372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:04:06.0728 5372 Serenum - ok
02:04:06.0778 5372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:04:06.0778 5372 Serial - ok
02:04:06.0833 5372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:04:06.0833 5372 sermouse - ok
02:04:06.0873 5372 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:04:06.0873 5372 SessionEnv - ok
02:04:06.0888 5372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:04:06.0888 5372 sffdisk - ok
02:04:06.0903 5372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:04:06.0903 5372 sffp_mmc - ok
02:04:06.0908 5372 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:04:06.0908 5372 sffp_sd - ok
02:04:06.0928 5372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:04:06.0928 5372 sfloppy - ok
02:04:06.0988 5372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:04:06.0988 5372 SharedAccess - ok
02:04:07.0018 5372 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:04:07.0018 5372 ShellHWDetection - ok
02:04:07.0053 5372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:04:07.0053 5372 SiSRaid2 - ok
02:04:07.0068 5372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:04:07.0068 5372 SiSRaid4 - ok
02:04:07.0128 5372 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
02:04:07.0133 5372 SkypeUpdate - ok
02:04:07.0183 5372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:04:07.0183 5372 Smb - ok
02:04:07.0243 5372 [ D48F87803F3965EE04D9BCB318791AAB ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
02:04:07.0243 5372 SMR311 - ok
02:04:07.0293 5372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:04:07.0298 5372 SNMPTRAP - ok
02:04:07.0313 5372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:04:07.0318 5372 spldr - ok
02:04:07.0348 5372 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
02:04:07.0348 5372 Spooler - ok
02:04:07.0433 5372 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:04:07.0473 5372 sppsvc - ok
02:04:07.0498 5372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:04:07.0498 5372 sppuinotify - ok
02:04:07.0768 5372 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\system32\drivers\N360x64\1403000.024\SRTSP64.SYS
02:04:07.0773 5372 SRTSP - ok
02:04:07.0868 5372 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS
02:04:07.0868 5372 SRTSPX - ok
02:04:07.0928 5372 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:04:07.0933 5372 srv - ok
02:04:07.0968 5372 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:04:07.0968 5372 srv2 - ok
02:04:08.0003 5372 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:04:08.0003 5372 srvnet - ok
02:04:08.0053 5372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:04:08.0053 5372 SSDPSRV - ok
02:04:08.0068 5372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:04:08.0068 5372 SstpSvc - ok
02:04:08.0108 5372 Steam Client Service - ok
02:04:08.0158 5372 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:04:08.0158 5372 Stereo Service - ok
02:04:08.0178 5372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:04:08.0178 5372 stexstor - ok
02:04:08.0213 5372 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:04:08.0213 5372 stisvc - ok
02:04:08.0253 5372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
02:04:08.0253 5372 swenum - ok
02:04:08.0283 5372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:04:08.0283 5372 swprv - ok
02:04:08.0323 5372 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\N360x64\1403000.024\SYMDS64.SYS
02:04:08.0323 5372 SymDS - ok
02:04:08.0383 5372 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\N360x64\1403000.024\SYMEFA64.SYS
02:04:08.0388 5372 SymEFA - ok
02:04:08.0423 5372 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
02:04:08.0428 5372 SymEvent - ok
02:04:08.0443 5372 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS
02:04:08.0443 5372 SymIRON - ok
02:04:08.0478 5372 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\N360x64\1403000.024\SYMNETS.SYS
02:04:08.0483 5372 SymNetS - ok
02:04:08.0533 5372 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:04:08.0553 5372 SysMain - ok
02:04:08.0583 5372 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:04:08.0588 5372 TabletInputService - ok
02:04:08.0603 5372 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:04:08.0603 5372 TapiSrv - ok
02:04:08.0623 5372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:04:08.0623 5372 TBS - ok
02:04:08.0683 5372 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:04:08.0698 5372 Tcpip - ok
02:04:08.0758 5372 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:04:08.0763 5372 TCPIP6 - ok
02:04:08.0803 5372 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:04:08.0803 5372 tcpipreg - ok
02:04:08.0823 5372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:04:08.0823 5372 TDPIPE - ok
02:04:08.0858 5372 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:04:08.0858 5372 TDTCP - ok
02:04:08.0898 5372 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:04:08.0898 5372 tdx - ok
02:04:08.0928 5372 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:04:08.0928 5372 TermDD - ok
02:04:08.0943 5372 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:04:08.0943 5372 TermService - ok
02:04:08.0963 5372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:04:08.0963 5372 Themes - ok
02:04:08.0983 5372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:04:08.0983 5372 THREADORDER - ok
02:04:08.0993 5372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:04:08.0993 5372 TrkWks - ok
02:04:09.0048 5372 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:04:09.0048 5372 TrustedInstaller - ok
02:04:09.0083 5372 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:04:09.0083 5372 tssecsrv - ok
02:04:09.0128 5372 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:04:09.0133 5372 TsUsbFlt - ok
02:04:09.0178 5372 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:04:09.0178 5372 tunnel - ok
02:04:09.0193 5372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:04:09.0198 5372 uagp35 - ok
02:04:09.0233 5372 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:04:09.0233 5372 udfs - ok
02:04:09.0263 5372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:04:09.0263 5372 UI0Detect - ok
02:04:09.0298 5372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:04:09.0298 5372 uliagpkx - ok
02:04:09.0343 5372 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
02:04:09.0343 5372 umbus - ok
02:04:09.0398 5372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:04:09.0398 5372 UmPass - ok
02:04:09.0478 5372 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
02:04:09.0483 5372 UMVPFSrv - ok
02:04:09.0503 5372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:04:09.0503 5372 upnphost - ok
02:04:09.0548 5372 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
02:04:09.0548 5372 USBAAPL64 - ok
02:04:09.0598 5372 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
02:04:09.0598 5372 usbaudio - ok
02:04:09.0648 5372 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:04:09.0648 5372 usbccgp - ok
02:04:09.0688 5372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:04:09.0688 5372 usbcir - ok
02:04:09.0723 5372 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
02:04:09.0723 5372 usbehci - ok
02:04:09.0783 5372 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:04:09.0783 5372 usbhub - ok
02:04:09.0808 5372 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:04:09.0808 5372 usbohci - ok
02:04:09.0848 5372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:04:09.0848 5372 usbprint - ok
02:04:09.0893 5372 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:04:09.0893 5372 usbscan - ok
02:04:09.0918 5372 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:04:09.0918 5372 USBSTOR - ok
02:04:09.0953 5372 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
02:04:09.0953 5372 usbuhci - ok
02:04:09.0998 5372 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
02:04:09.0998 5372 usbvideo - ok
02:04:10.0018 5372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:04:10.0018 5372 UxSms - ok
02:04:10.0023 5372 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:04:10.0028 5372 VaultSvc - ok
02:04:10.0058 5372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:04:10.0058 5372 vdrvroot - ok
02:04:10.0093 5372 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
02:04:10.0098 5372 vds - ok
02:04:10.0118 5372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:04:10.0118 5372 vga - ok
02:04:10.0128 5372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:04:10.0128 5372 VgaSave - ok
02:04:10.0158 5372 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:04:10.0158 5372 vhdmp - ok
02:04:10.0193 5372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
02:04:10.0193 5372 viaide - ok
02:04:10.0208 5372 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:04:10.0213 5372 volmgr - ok
02:04:10.0248 5372 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:04:10.0248 5372 volmgrx - ok
02:04:10.0263 5372 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:04:10.0263 5372 volsnap - ok
02:04:10.0308 5372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:04:10.0308 5372 vsmraid - ok
02:04:10.0359 5372 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
02:04:10.0374 5372 VSS - ok
02:04:10.0384 5372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
02:04:10.0384 5372 vwifibus - ok
02:04:10.0394 5372 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
02:04:10.0394 5372 vwififlt - ok
02:04:10.0434 5372 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
02:04:10.0434 5372 vwifimp - ok
02:04:10.0479 5372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:04:10.0479 5372 W32Time - ok
02:04:10.0504 5372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:04:10.0504 5372 WacomPen - ok
02:04:10.0559 5372 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:04:10.0559 5372 WANARP - ok
02:04:10.0559 5372 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:04:10.0559 5372 Wanarpv6 - ok
02:04:10.0629 5372 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:04:10.0634 5372 WatAdminSvc - ok
02:04:10.0679 5372 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
02:04:10.0689 5372 wbengine - ok
02:04:10.0709 5372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:04:10.0714 5372 WbioSrvc - ok
02:04:10.0749 5372 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:04:10.0749 5372 wcncsvc - ok
02:04:10.0759 5372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:04:10.0759 5372 WcsPlugInService - ok
02:04:10.0784 5372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:04:10.0784 5372 Wd - ok
02:04:10.0834 5372 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
02:04:10.0834 5372 WDC_SAM - ok
02:04:10.0874 5372 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:04:10.0874 5372 Wdf01000 - ok
02:04:10.0884 5372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:04:10.0884 5372 WdiServiceHost - ok
02:04:10.0884 5372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:04:10.0889 5372 WdiSystemHost - ok
02:04:10.0924 5372 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
02:04:10.0929 5372 WebClient - ok
02:04:10.0954 5372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:04:10.0954 5372 Wecsvc - ok
02:04:10.0964 5372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:04:10.0964 5372 wercplsupport - ok
02:04:10.0994 5372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:04:10.0994 5372 WerSvc - ok
02:04:11.0044 5372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:04:11.0044 5372 WfpLwf - ok
02:04:11.0054 5372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:04:11.0054 5372 WIMMount - ok
02:04:11.0069 5372 WinDefend - ok
02:04:11.0074 5372 WinHttpAutoProxySvc - ok
02:04:11.0124 5372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:04:11.0124 5372 Winmgmt - ok
02:04:11.0174 5372 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
02:04:11.0189 5372 WinRM - ok
02:04:11.0239 5372 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
02:04:11.0239 5372 WinUsb - ok
02:04:11.0264 5372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:04:11.0269 5372 Wlansvc - ok
02:04:11.0389 5372 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:04:11.0414 5372 wlidsvc - ok
02:04:11.0454 5372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
02:04:11.0454 5372 WmiAcpi - ok
02:04:11.0474 5372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:04:11.0474 5372 wmiApSrv - ok
02:04:11.0519 5372 WMPNetworkSvc - ok
02:04:11.0539 5372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:04:11.0539 5372 WPCSvc - ok
02:04:11.0579 5372 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:04:11.0579 5372 WPDBusEnum - ok
02:04:11.0599 5372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:04:11.0599 5372 ws2ifsl - ok
02:04:11.0639 5372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
02:04:11.0639 5372 wscsvc - ok
02:04:11.0639 5372 WSearch - ok
02:04:11.0719 5372 [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
02:04:11.0719 5372 WSWNDA3100 - ok
02:04:11.0779 5372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
02:04:11.0789 5372 wuauserv - ok
02:04:11.0829 5372 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:04:11.0829 5372 WudfPf - ok
02:04:11.0864 5372 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:04:11.0864 5372 WUDFRd - ok
02:04:11.0899 5372 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:04:11.0899 5372 wudfsvc - ok
02:04:11.0919 5372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
02:04:11.0924 5372 WwanSvc - ok
02:04:11.0939 5372 XFX_program - ok
02:04:11.0999 5372 ================ Scan global ===============================
02:04:12.0024 5372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:04:12.0049 5372 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
02:04:12.0054 5372 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
02:04:12.0079 5372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:04:12.0119 5372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:04:12.0119 5372 [Global] - ok
02:04:12.0119 5372 ================ Scan MBR ==================================
02:04:12.0129 5372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:04:12.0264 5372 \Device\Harddisk0\DR0 - ok
02:04:12.0264 5372 ================ Scan VBR ==================================
02:04:12.0264 5372 [ 87BF135D9D331B7530B02D0A3AF811F6 ] \Device\Harddisk0\DR0\Partition1
02:04:12.0269 5372 \Device\Harddisk0\DR0\Partition1 - ok
02:04:12.0289 5372 [ BC4003B5F7E3FAF6D4386D6ED222428D ] \Device\Harddisk0\DR0\Partition2
02:04:12.0294 5372 \Device\Harddisk0\DR0\Partition2 - ok
02:04:12.0294 5372 ============================================================
02:04:12.0294 5372 Scan finished
02:04:12.0294 5372 ============================================================
02:04:12.0299 4748 Detected object count: 1
02:04:12.0299 4748 Actual detected object count: 1
02:04:20.0850 4748 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
02:04:20.0850 4748 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
02:04:31.0136 3056 Deinitialize success
:bigthumb:
Logs look fine. How is your system behaving now ?
Bastet0330
2013-03-24, 18:38
No bluescreens, but Spybot is still showing Smitfraud as an active threat. Any ideas?
Run Spybot and post the report that shows the entry for smitfraud
Bastet0330
2013-03-25, 00:51
Here it is.
-----------
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 6: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 7: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 8: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Bastet0330
2013-03-25, 00:53
Actually, is that what you want? That's what's filed under Tools > Reports, but I poked around and found another, longer log by right clicking on the listed infection.
Yes please, the one with the infection
Bastet0330
2013-03-25, 06:21
It's pretty long, so this will be in parts.
--- Search result list ---
Smitfraud-C.generic: [SBI $5926A588] Executable (File, nothing done)
C:\Windows\svchost.exe
Properties.size=20480
Properties.md5=2CEFF13ACE25A40BD8D97654944297CD
Properties.filedate=1247534086
Properties.filedatetext=2009-07-13 20:14:45
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-07-22 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-12-18 Includes\Adware.sbi (*)
2013-02-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-02-27 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-02-05 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-02-25 Includes\TrojansC-02.sbi (*)
2013-02-27 Includes\TrojansC-03.sbi (*)
2013-02-06 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2013-02-13 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 946352
MD5: 3CB07566302BCEEB898DE270A0BEC175
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59280
MD5: D2DAD71C96C113ED07F7BB79AD831C28
Located: HK_LM:Run, BCU
command: "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
file: C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
size: 375000
MD5: BEE1B9329506308987E9DBB38D7BD477
Located: HK_LM:Run, LWS
command: C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
file: C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
size: 205336
MD5: A2418D3C557C0A0C634DA713A8AC3789
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: 8DDA2B606279753601F9415DA503CA63
Located: HK_LM:Run, R577SO
command: C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe
file: C:\Program Files (x86)\GIGABYTE\R577SO\R577SO.exe
size: 192512
MD5: 106E858E70E7F3FC07575EAAC275B4D7
Located: HK_CU:Run, Akamai NetSession Interface
where: S-1-5-21-2297036515-2446405061-3277710197-1000...
command: "C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe"
file: C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe
size: 4480768
MD5: AAB979089E192ACC0FE1E3C018F8B591
Located: HK_CU:Run, swg
where: S-1-5-21-2297036515-2446405061-3277710197-1000...
command: "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
Located: Startup (common), NETGEAR WNDA3100v2 Smart Wizard.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
file: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
size: 3280896
MD5: A16CAE949BB12133E62ECC5782F5F983
Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: C:\Users\Mairead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
size: 97680
MD5: 32C26797AB646074A2BB562F9D10ADB5
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 12/18/2012 9:28:18 AM
Date (last access): 1/12/2013 4:41:42 PM
Date (last write): 12/18/2012 9:28:18 AM
Filesize: 66280
Attributes: archive
MD5: 40986A81053401E5379154818FA8733C
CRC32: 3BDD1A22
Version: 10.1.5.33
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (Norton Identity Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Norton Identity Protection
CLSID name: Norton Identity Protection
Path: C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\
Long name: CoIEPlg.dll
Short name:
Date (created): 3/12/2013 3:56:16 AM
Date (last access): 3/12/2013 3:56:16 AM
Date (last write): 2/13/2013 10:01:20 PM
Filesize: 509776
Attributes: readonly archive
MD5: B3B46369D72C5B4505F477ABB5EFC5B1
CRC32: A36BF47D
Version: 2013.3.0.26
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Norton Vulnerability Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Norton Vulnerability Protection
CLSID name: Norton Vulnerability Protection
Path: C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\
Long name: IPSBHO.dll
Short name:
Date (created): 3/12/2013 3:56:16 AM
Date (last access): 3/12/2013 3:56:16 AM
Date (last write): 11/15/2012 9:20:40 PM
Filesize: 387040
Attributes: readonly archive
MD5: A992F4190098B3D5F87F297C992DA6A9
CRC32: 381A7388
Version: 11.1.0.73
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 3/28/2011 9:35:06 PM
Date (last access): 11/10/2011 5:02:26 PM
Date (last write): 3/28/2011 9:35:06 PM
Filesize: 441216
Attributes: archive
MD5: CF39A105CD553EED31E2255AFF4C6742
CRC32: 3D1149C5
Version: 7.250.4232.0
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files (x86)\Google\Google Toolbar\
Long name: GoogleToolbar_32.dll
Short name: GOOGLE~1.DLL
Date (created): 8/10/2010 11:54:10 PM
Date (last access): 8/10/2010 11:54:10 PM
Date (last write): 1/11/2013 4:51:48 PM
Filesize: 192144
Attributes: archive
MD5: B9497C5ACAEA521663BFFBB321DD3AFA
CRC32: 4D49531B
Version: 7.4.3607.2246
Bastet0330
2013-03-25, 06:22
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (SkypeIEPluginBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SkypeIEPluginBHO
CLSID name: Skype Browser Helper
Path: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\
Long name: skypeieplugin.dll
Short name: SKYPEI~1.DLL
Date (created): 10/10/2011 11:09:16 AM
Date (last access): 10/31/2011 2:29:58 PM
Date (last write): 10/10/2011 11:09:16 AM
Filesize: 3834016
Attributes: archive
MD5: BAD6A333613786540454044D8CD94524
CRC32: B3E6F0D3
Version: 5.6.0.8442
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 10/18/2011 7:05:34 PM
Date (last access): 11/9/2011 12:58:20 AM
Date (last write): 10/18/2011 7:05:34 PM
Filesize: 42272
Attributes: archive
MD5: DC365B6E595683F67BC21A203432E336
CRC32: ADEC3F07
Version: 6.0.290.11
--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\Windows\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.microsoft.com/sites/production/ieawsdc32.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~2\MICROS~1\Office12\
Long name: IEAWSDC.DLL
Short name:
Date (created): 7/20/2010 5:04:42 PM
Date (last access): 7/20/2010 5:04:42 PM
Date (last write): 7/20/2010 5:04:42 PM
Filesize: 189952
Attributes: archive
MD5: C27136C396819E961147CC82E3588FFB
CRC32: 3C148808
Version: 14.0.5506.0
{036F8A56-0BC8-4607-8F98-D3231E6FF5ED} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\CentraUpdaterAx.inf
Codebase: http://cloud1.saba.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
{0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class)
DPF name:
CLSID name: asusTek_sysctrl Class
Installer: C:\Windows\Downloaded Program Files\asusTek_sys_ctrl.inf
Codebase: http://support.asus.com/select/asusTek_sys_ctrl3.cab
description:
classification: Legitimate
known filename: ASUSTE~1.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: asusTek_sys_ctrl.dll
Short name: ASUSTE~1.DLL
Date (created): 12/21/2009 4:41:42 PM
Date (last access): 12/21/2009 4:41:42 PM
Date (last write): 12/21/2009 4:41:42 PM
Filesize: 139776
Attributes: archive
MD5: 9149E19DB451DF6C7735942DC71451C8
CRC32: 64EAF46F
Version: 3.0.0.1
{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~2\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 3/12/2013 12:00:18 AM
Date (last access): 3/12/2013 12:00:18 AM
Date (last write): 2/7/2013 12:35:42 PM
Filesize: 3101344
Attributes: archive
MD5: 1C82BFA19154D658E62743B98216A3A6
CRC32: 388F1908
Version: 1.0.0.6920
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 2/1/2011 4:14:52 PM
Date (last access): 10/3/2011 7:11:30 AM
Date (last write): 10/3/2011 6:06:06 AM
Filesize: 108320
Attributes: archive
MD5: F4AE1B6811B4E7B3F9B5C7F0FE76BBFC
CRC32: 0F37B160
Version: 6.0.290.11
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 2/1/2011 4:14:52 PM
Date (last access): 10/3/2011 7:11:30 AM
Date (last write): 10/3/2011 6:06:06 AM
Filesize: 108320
Attributes: archive
MD5: F4AE1B6811B4E7B3F9B5C7F0FE76BBFC
CRC32: 0F37B160
Version: 6.0.290.11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_29.dll
Short name: NPJPI1~1.DLL
Date (created): 10/3/2011 3:37:54 AM
Date (last access): 10/3/2011 7:11:40 AM
Date (last write): 10/3/2011 6:06:12 AM
Filesize: 141088
Attributes: archive
MD5: A8F3D654E83D928FBBD4714D2D54AB39
CRC32: A1FB5317
Version: 6.0.290.11
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} ()
DPF name:
CLSID name:
Installer: C:\ProgramData\webex\ieatgpc.inf
Codebase:
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\ProgramData\webex\
Long name: ieatgpc.dll
Short name:
Date (created): 10/28/2011 6:32:44 AM
Date (last access): 12/9/2011 4:25:12 PM
Date (last write): 10/28/2011 6:32:44 AM
Filesize: 302904
Attributes: archive
MD5: C0CF56A4A837F43CF08ABA9985BE7AD4
CRC32: E8C35BF0
Version: 2.1.0.2
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 2080 (1344) C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe
size: 4480768
MD5: AAB979089E192ACC0FE1E3C018F8B591
PID: 3048 (1344) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
size: 97680
MD5: 32C26797AB646074A2BB562F9D10ADB5
PID: 2620 (2080) C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe
size: 4480768
MD5: AAB979089E192ACC0FE1E3C018F8B591
PID: 1368 (2284) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
size: 375000
MD5: BEE1B9329506308987E9DBB38D7BD477
PID: 892 (2284) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 946352
MD5: 3CB07566302BCEEB898DE270A0BEC175
PID: 2504 (2284) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
size: 205336
MD5: A2418D3C557C0A0C634DA713A8AC3789
PID: 4812 (2504) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
size: 265240
MD5: 550B8CB98A8FA1D7A1A7371055A38DDA
PID: 4848 ( 700) C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
size: 680984
MD5: 902054D6B4292329F9594FFF24EE02DB
PID: 3988 (1344) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 757296
MD5: DDE5A0DFAF7C6370FB36402D7A746ED3
PID: 4732 (3988) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 757296
MD5: DDE5A0DFAF7C6370FB36402D7A746ED3
PID: 1220 (3988) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
size: 308368
MD5: BAD663957F682F95B22C4E83AB49CB52
PID: 2956 ( 700) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
size: 706776
MD5: A854BC2D2AD9856F6B84C7870FF246D9
PID: 1120 (3988) C:\Users\Mairead\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
size: 79384
MD5: 09E411E1DC92D813F49DFEEB4039CBCA
PID: 2468 (3988) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 757296
MD5: DDE5A0DFAF7C6370FB36402D7A746ED3
PID: 4944 (1344) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 300 ( 4) smss.exe
PID: 448 ( 440) csrss.exe
PID: 520 ( 440) wininit.exe
size: 96256
Bastet0330
2013-03-25, 06:23
Part 2/3:
----------------------------
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (SkypeIEPluginBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SkypeIEPluginBHO
CLSID name: Skype Browser Helper
Path: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\
Long name: skypeieplugin.dll
Short name: SKYPEI~1.DLL
Date (created): 10/10/2011 11:09:16 AM
Date (last access): 10/31/2011 2:29:58 PM
Date (last write): 10/10/2011 11:09:16 AM
Filesize: 3834016
Attributes: archive
MD5: BAD6A333613786540454044D8CD94524
CRC32: B3E6F0D3
Version: 5.6.0.8442
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 10/18/2011 7:05:34 PM
Date (last access): 11/9/2011 12:58:20 AM
Date (last write): 10/18/2011 7:05:34 PM
Filesize: 42272
Attributes: archive
MD5: DC365B6E595683F67BC21A203432E336
CRC32: ADEC3F07
Version: 6.0.290.11
--- ActiveX list ---
{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\Windows\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.microsoft.com/sites/production/ieawsdc32.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~2\MICROS~1\Office12\
Long name: IEAWSDC.DLL
Short name:
Date (created): 7/20/2010 5:04:42 PM
Date (last access): 7/20/2010 5:04:42 PM
Date (last write): 7/20/2010 5:04:42 PM
Filesize: 189952
Attributes: archive
MD5: C27136C396819E961147CC82E3588FFB
CRC32: 3C148808
Version: 14.0.5506.0
{036F8A56-0BC8-4607-8F98-D3231E6FF5ED} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\CentraUpdaterAx.inf
Codebase: http://cloud1.saba.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
{0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class)
DPF name:
CLSID name: asusTek_sysctrl Class
Installer: C:\Windows\Downloaded Program Files\asusTek_sys_ctrl.inf
Codebase: http://support.asus.com/select/asusTek_sys_ctrl3.cab
description:
classification: Legitimate
known filename: ASUSTE~1.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: asusTek_sys_ctrl.dll
Short name: ASUSTE~1.DLL
Date (created): 12/21/2009 4:41:42 PM
Date (last access): 12/21/2009 4:41:42 PM
Date (last write): 12/21/2009 4:41:42 PM
Filesize: 139776
Attributes: archive
MD5: 9149E19DB451DF6C7735942DC71451C8
CRC32: 64EAF46F
Version: 3.0.0.1
{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~2\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 3/12/2013 12:00:18 AM
Date (last access): 3/12/2013 12:00:18 AM
Date (last write): 2/7/2013 12:35:42 PM
Filesize: 3101344
Attributes: archive
MD5: 1C82BFA19154D658E62743B98216A3A6
CRC32: 388F1908
Version: 1.0.0.6920
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 2/1/2011 4:14:52 PM
Date (last access): 10/3/2011 7:11:30 AM
Date (last write): 10/3/2011 6:06:06 AM
Filesize: 108320
Attributes: archive
MD5: F4AE1B6811B4E7B3F9B5C7F0FE76BBFC
CRC32: 0F37B160
Version: 6.0.290.11
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 2/1/2011 4:14:52 PM
Date (last access): 10/3/2011 7:11:30 AM
Date (last write): 10/3/2011 6:06:06 AM
Filesize: 108320
Attributes: archive
MD5: F4AE1B6811B4E7B3F9B5C7F0FE76BBFC
CRC32: 0F37B160
Version: 6.0.290.11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_29
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_29.dll
Short name: NPJPI1~1.DLL
Date (created): 10/3/2011 3:37:54 AM
Date (last access): 10/3/2011 7:11:40 AM
Date (last write): 10/3/2011 6:06:12 AM
Filesize: 141088
Attributes: archive
MD5: A8F3D654E83D928FBBD4714D2D54AB39
CRC32: A1FB5317
Version: 6.0.290.11
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} ()
DPF name:
CLSID name:
Installer: C:\ProgramData\webex\ieatgpc.inf
Codebase:
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\ProgramData\webex\
Long name: ieatgpc.dll
Short name:
Date (created): 10/28/2011 6:32:44 AM
Date (last access): 12/9/2011 4:25:12 PM
Date (last write): 10/28/2011 6:32:44 AM
Filesize: 302904
Attributes: archive
MD5: C0CF56A4A837F43CF08ABA9985BE7AD4
CRC32: E8C35BF0
Version: 2.1.0.2
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 2080 (1344) C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe
size: 4480768
MD5: AAB979089E192ACC0FE1E3C018F8B591
PID: 3048 (1344) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
size: 97680
MD5: 32C26797AB646074A2BB562F9D10ADB5
PID: 2620 (2080) C:\Users\Mairead\AppData\Local\Akamai\netsession_win.exe
size: 4480768
MD5: AAB979089E192ACC0FE1E3C018F8B591
PID: 1368 (2284) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
size: 375000
MD5: BEE1B9329506308987E9DBB38D7BD477
PID: 892 (2284) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 946352
MD5: 3CB07566302BCEEB898DE270A0BEC175
PID: 2504 (2284) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
size: 205336
MD5: A2418D3C557C0A0C634DA713A8AC3789
PID: 4812 (2504) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
size: 265240
MD5: 550B8CB98A8FA1D7A1A7371055A38DDA
PID: 4848 ( 700) C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
size: 680984
MD5: 902054D6B4292329F9594FFF24EE02DB
PID: 3988 (1344) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 757296
MD5: DDE5A0DFAF7C6370FB36402D7A746ED3
PID: 4732 (3988) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 757296
MD5: DDE5A0DFAF7C6370FB36402D7A746ED3
PID: 1220 (3988) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
size: 308368
MD5: BAD663957F682F95B22C4E83AB49CB52
PID: 2956 ( 700) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
size: 706776
MD5: A854BC2D2AD9856F6B84C7870FF246D9
PID: 1120 (3988) C:\Users\Mairead\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
size: 79384
MD5: 09E411E1DC92D813F49DFEEB4039CBCA
PID: 2468 (3988) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 757296
MD5: DDE5A0DFAF7C6370FB36402D7A746ED3
PID: 4944 (1344) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 300 ( 4) smss.exe
PID: 448 ( 440) csrss.exe
PID: 520 ( 440) wininit.exe
size: 96256
Bastet0330
2013-03-25, 06:23
And here's the last one.
-------------------
PID: 540 ( 528) csrss.exe
PID: 576 ( 520) services.exe
PID: 592 ( 520) lsass.exe
PID: 600 ( 520) lsm.exe
PID: 700 ( 576) svchost.exe
size: 20480
PID: 768 ( 576) nvvsvc.exe
PID: 796 ( 576) nvSCPAPISvr.exe
PID: 844 ( 576) svchost.exe
size: 20480
PID: 872 ( 528) winlogon.exe
PID: 960 ( 576) svchost.exe
size: 20480
PID: 1000 ( 576) svchost.exe
size: 20480
PID: 260 ( 576) svchost.exe
size: 20480
PID: 472 ( 576) UMVPFSrv.exe
PID: 1104 ( 576) svchost.exe
size: 20480
PID: 1192 ( 768) NvXDSync.exe
PID: 1204 ( 768) nvvsvc.exe
PID: 1248 ( 576) svchost.exe
size: 20480
PID: 1468 ( 576) spoolsv.exe
PID: 1504 ( 576) svchost.exe
size: 20480
PID: 1600 ( 576) ACService.exe
PID: 1644 ( 576) PhotoshopElementsFileAgent.exe
PID: 1728 ( 576) armsvc.exe
PID: 1788 ( 576) svchost.exe
size: 20480
PID: 1808 ( 576) AppleMobileDeviceService.exe
PID: 1844 ( 576) AsSysCtrlService.exe
PID: 1884 ( 576) BCUService.exe
PID: 1912 ( 576) mDNSResponder.exe
PID: 1944 ( 576) DVMExportService.exe
PID: 2008 ( 576) ccSvcHst.exe
PID: 1664 ( 576) svchost.exe
size: 20480
PID: 2180 ( 576) WLIDSVC.EXE
PID: 2268 ( 576) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2440 (2180) WLIDSVCM.EXE
PID: 2812 ( 576) SearchIndexer.exe
size: 427520
PID: 2256 ( 576) svchost.exe
size: 20480
PID: 3520 ( 576) svchost.exe
size: 20480
PID: 3736 ( 576) daemonu.exe
PID: 2872 ( 576) wmpnetwk.exe
PID: 1352 ( 576) C:\Windows\System32\taskhost.exe
PID: 2084 (1000) C:\Windows\System32\dwm.exe
PID: 1344 (1116) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 1744 (2008) ccSvcHst.exe
PID: 3388 (1344) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
size: 7833120
MD5: 981EDD3164829B256E71B5AC8CF12EC3
PID: 4164 (1192) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
size: 2448744
MD5: A77BA10A0D610BBB6101AEA1E633ABE1
PID: 5016 ( 576) svchost.exe
size: 20480
PID: 4396 ( 700) dllhost.exe
size: 7168
PID: 5796 (1344) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 917400
MD5: BF2F2717C13A4BD4FD73F2788534E86B
PID: 4108 (3988) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 757296
MD5: DDE5A0DFAF7C6370FB36402D7A746ED3
PID: 5976 ( 960) audiodg.exe
PID: 2848 (2812) C:\Windows\System32\SearchProtocolHost.exe
size: 164352
MD5: E1AC89F6C5252057E6062843E36A6701
PID: 4408 (2812) SearchFilterHost.exe
size: 86528
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/24/2013 5:49:25 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 6: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 7: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 8: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
That file date is from 2009, this may be a false positive as its not showing up on any other logs after it was removed.
See if you can see that file
Close all programs so that you are at your desktop.
Open the Control Panel switch to classic view, then click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.
Now look for and see if its present
C:\Windows\svchost.exe
C:\Windows\system32\svchost.exe <--This one is legit and your system wont run without it so make sure to leave this one be
Here is a little help
You need to run the 64bit version
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:file
C:\Windows\svchost.exe
:filefind
svchost.exe
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Bastet0330
2013-03-27, 18:35
I looked in C:/Windows, and there is a file by that name. It's labeled as from 7/13/2009, though.
Here's the log:
SystemLook 30.07.11 by jpshortstuff
Log created at 11:31 on 27/03/2013 by Mairead
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== file ==========
C:\Windows\svchost.exe - File found and opened.
MD5: 2CEFF13ACE25A40BD8D97654944297CD
Created at 08:31 on 22/03/2013
Modified at 01:14 on 14/07/2009
Size: 20480 bytes
Attributes: --a----
FileDescription: winrscmde
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
ProductVersion: 6.1.7600.16385
OriginalFilename: winrscmde.exe
InternalName: winrscmde.exe
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.
========== filefind ==========
Searching for "svchost.exe"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 216424 bytes [23:38 10/03/2013] [21:49 14/12/2012] 22101A85B3CA2FE2BE05FE9A61A7A83D
C:\Windows\svchost.exe --a---- 20480 bytes [08:31 22/03/2013] [01:14 14/07/2009] 2CEFF13ACE25A40BD8D97654944297CD
C:\Windows\erdnt\cache64\svchost.exe --a---- 27136 bytes [15:46 10/03/2013] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\erdnt\cache86\svchost.exe --a---- 20992 bytes [15:46 10/03/2013] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\System32\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\SysWOW64\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\_OTL\MovedFiles\03112013_141506\C_Windows\svchost.exe --a---- 20480 bytes [00:01 11/03/2013] [01:14 14/07/2009] 2CEFF13ACE25A40BD8D97654944297CD
C:\_OTL\MovedFiles\03202013_231037\C_Windows\svchost.exe --a---- 20480 bytes [00:01 11/03/2013] [01:14 14/07/2009] 2CEFF13ACE25A40BD8D97654944297CD
-= EOF =-
Hi,
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
ipconfig /flushdns /c
C:\Windows\svchost.exe
C:\Windows\erdnt\cache64\svchost.exe
C:\Windows\erdnt\cache86\svchost.exe
C:\_OTL\MovedFiles\03112013_141506\C_Windows\svchost.exe
C:\_OTL\MovedFiles\03202013_231037\C_Windows\svchost.exe
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then reboot your system and run this through System Look one more time and post the logs please
:file
C:\Windows\svchost.exe
:filefind
svchost.exe
Bastet0330
2013-03-27, 20:35
Here's the log. Should I go delete the old Spybot logs like you had me do last time?
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mairead\Desktop\cmd.bat deleted successfully.
C:\Users\Mairead\Desktop\cmd.txt deleted successfully.
C:\Windows\svchost.exe moved successfully.
C:\Windows\erdnt\cache64\svchost.exe moved successfully.
C:\Windows\erdnt\cache86\svchost.exe moved successfully.
C:\_OTL\MovedFiles\03112013_141506\C_Windows\svchost.exe moved successfully.
C:\_OTL\MovedFiles\03202013_231037\C_Windows\svchost.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mairead
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 142736431 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5157107 bytes
->Flash cache emptied: 1720 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1486 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 2870812 bytes
Total Files Cleaned = 144.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03272013_132904
Files\Folders moved on Reboot...
C:\Users\Mairead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Mairead\AppData\Local\Google\Google Talk Plugin\gtbaxplugin.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Yes you can, go ahead and plug those entries back into System Look after a you reboot your computer.
Not sure where this file is located, lets look for it to
:file
C:\Windows\svchost.exe
:filefind
svchost.exe
winrscmde.exe
Then run a new scan with Spybot and just post the info if it picks the bad file back up
Bastet0330
2013-03-28, 22:06
WOO! IT'S GONE! IT'S GONE! IT'S GONE! Spybot says I'm clear! Thank you so much! I apologize for the lengthy process.
I just threw a donation at Spybot, but is there anything I can do for you/the forums? It seems really unfair that I ate up 3 weeks of your life and you don't get anything out of it. At the very least, keep me in mind if you ever need a reference. I'm an English teacher, so I can write a great recommendation letter. :)
Here's the log, just in case I missed something.
SystemLook 30.07.11 by jpshortstuff
Log created at 14:49 on 28/03/2013 by Mairead
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== file ==========
C:\Windows\svchost.exe - Unable to find/read file.
========== filefind ==========
Searching for "svchost.exe"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 216424 bytes [23:38 10/03/2013] [21:49 14/12/2012] 22101A85B3CA2FE2BE05FE9A61A7A83D
C:\Windows\System32\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\SysWOW64\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\_OTL\MovedFiles\03272013_132904\C_Windows\svchost.exe --a---- 20480 bytes [08:31 22/03/2013] [01:14 14/07/2009] 2CEFF13ACE25A40BD8D97654944297CD
C:\_OTL\MovedFiles\03272013_132904\C_Windows\erdnt\cache64\svchost.exe --a---- 27136 bytes [15:46 10/03/2013] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\_OTL\MovedFiles\03272013_132904\C_Windows\erdnt\cache86\svchost.exe --a---- 20992 bytes [15:46 10/03/2013] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\_OTL\MovedFiles\03272013_132904\C__OTL\MovedFiles\03112013_141506\C_Windows\svchost.exe --a---- 20480 bytes [00:01 11/03/2013] [01:14 14/07/2009] 2CEFF13ACE25A40BD8D97654944297CD
C:\_OTL\MovedFiles\03272013_132904\C__OTL\MovedFiles\03202013_231037\C_Windows\svchost.exe --a---- 20480 bytes [00:01 11/03/2013] [01:14 14/07/2009] 2CEFF13ACE25A40BD8D97654944297CD
Searching for "winrscmde.exe"
No files found.
-= EOF =-
Hi,
Thats wonderful. You did not eat up 3 weeks of my time, helping nice people like yourself is what I do and getting you and your computer to a clean state is all the reward I need.
Lets not jump for joy just yet. Use your computer for a few days, I will keep this thread open for you, then run a new scan with Spybot and lets make sure its gone