Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't remove Tidserv Activity 2

Started by GinaVA3 , Nov 06 2011 08:13 PM

Please log in to reply

#1
GinaVA3

Posted 06 November 2011 - 08:13 PM

New Member

Member
9 posts

Hi,

Looks like I'm infected with Tidserv, and I'm still getting Norton messages of "Threat requiring manual removal detected: System Infected: Tidserv Activity 2." I use Firefox on Windows 7. I've tried Norton, MalwareBytes (which found 3 files and removed them), and FixTDSS, but I'm still getting the messages, both on start-up and with Firefox use. Here's my OTL scan:

OTL logfile created on: 11/6/2011 9:06:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lincicum\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.26 Gb Available Physical Memory | 54.40% Memory free
12.00 Gb Paging File | 9.03 Gb Available in Paging File | 75.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.94 Gb Total Space | 209.52 Gb Free Space | 35.82% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.61 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: KAL-EL | User Name: Lincicum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/06 21:06:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lincicum\Downloads\OTL.exe
PRC - [2011/11/06 21:00:10 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Lincicum\Downloads\aswMBR.exe
PRC - [2011/11/05 09:09:26 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/09/30 08:36:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/31 08:43:16 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
PRC - [2011/08/06 19:28:44 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/05/26 13:14:52 | 000,477,080 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
PRC - [2011/05/23 11:52:14 | 006,013,440 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files (x86)\Verizon Games Player\GPlayer.exe
PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 04:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/07/01 09:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/04/03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/05 09:09:31 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/05 09:09:25 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/11/05 09:09:22 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/11/05 09:09:22 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/11/05 09:09:22 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/11/05 09:09:22 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/09/30 08:36:02 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 13:06:20 | 000,076,800 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko7.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/26 13:14:52 | 000,477,080 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/05 09:09:26 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/31 08:43:16 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe -- (NIS)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/01 09:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/04/07 18:21:30 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/06 20:34:37 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/11/06 12:19:46 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/08 18:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 21:22:10 | 000,729,720 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/02 21:22:10 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/07/28 22:20:02 | 001,084,536 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/07/25 21:18:39 | 000,401,016 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 21:15:52 | 000,189,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/28 09:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/17 00:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/11 12:03:58 | 000,047,680 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Capt9051.sys -- (SQTECH9051)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2011/11/05 01:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111105.009\ex64.sys -- (NAVEX15)
DRV - [2011/11/05 01:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/05 01:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/05 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111105.009\eng64.sys -- (NAVENG)
DRV - [2011/11/04 15:36:18 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111104.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/10/27 18:12:04 | 001,155,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111027.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/22 09:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Verizon Games Player\X5XSEx.sys -- (X5XSEx_Pr135)
DRV - [2009/08/19 14:47:48 | 000,051,744 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Verizon Games on Demand Player\X5XS64Ex.sys -- (X5XS64Ex)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:2.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2260173&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Verizon Games on Demand Player\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lincicum\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Lincicum\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lincicum\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/18 20:57:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/09/05 19:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/11/06 12:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2011/11/06 20:34:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 19:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 19:32:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Lincicum\AppData\Roaming\Move Networks [2010/04/29 00:00:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/18 20:57:05 | 000,000,000 | ---D | M]

[2010/08/25 20:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Extensions
[2010/08/25 20:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/26 23:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions
[2011/10/26 23:03:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/28 06:09:30 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/02/09 09:53:02 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/10/08 08:44:33 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/03/06 18:17:01 | 000,000,000 | ---D | M] ("Amazon Toolbar") -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\[email protected]
[2010/03/24 15:13:38 | 000,000,923 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\searchplugins\conduit.xml
[2011/11/06 16:54:37 | 000,002,470 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\searchplugins\safesearch.xml
[2011/11/06 13:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/15 18:33:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/22 11:02:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 15:44:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/17 07:34:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/18 22:05:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/13 15:55:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/06 13:18:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/05 19:36:49 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011/11/06 20:34:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN
[2011/11/06 12:35:37 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
() (No name found) -- C:\USERS\LINCICUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GKGFLY4O.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\LINCICUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GKGFLY4O.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\LINCICUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GKGFLY4O.DEFAULT\EXTENSIONS\[email protected]
[2011/09/30 08:36:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/05 19:36:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/05 19:36:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.204\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.204\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.204\gears.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Verizon Games on Demand Player\npExentCtl.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Lincicum\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lincicum\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Lincicum\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/06 18:44:18 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKCU..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Exetender_135] C:\Program Files (x86)\Verizon Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Lincicum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.c...cts/canvasx.cab (CanvasX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E975DAC-6FAD-4273-A1CA-5A6441B41B72}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/06 18:44:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5baf2d8e-b889-11e0-be31-e0cb4e9cacd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5baf2d8e-b889-11e0-be31-e0cb4e9cacd0}\Shell\AutoRun\command - "" = K:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/06 20:34:37 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2011/11/06 19:03:14 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Roaming\Malwarebytes
[2011/11/06 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/06 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/06 19:02:50 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/06 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/06 18:43:58 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/11/06 18:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/11/06 16:08:43 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Lincicum\Desktop\FixTDSS.exe
[2011/11/06 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/06 12:19:18 | 001,084,536 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymEFA64.sys
[2011/11/06 12:19:18 | 000,729,720 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtsp64.sys
[2011/11/06 12:19:18 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymDS64.sys
[2011/11/06 12:19:18 | 000,401,016 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\symnets.sys
[2011/11/06 12:19:18 | 000,189,560 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Ironx64.sys
[2011/11/06 12:19:18 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\ccSetx64.sys
[2011/11/06 12:19:18 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtspx64.sys
[2011/11/06 12:19:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1301010.003
[2011/11/06 12:15:53 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/11/06 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/11/06 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/11/06 12:14:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011/11/06 12:14:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/11/06 12:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011/11/06 12:11:04 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\Desktop\EBOOKS
[2011/11/06 11:34:15 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\NPE
[2011/11/06 11:16:33 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/06 10:57:33 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{36B632C9-57BD-4CD5-8188-DFC35319EA62}
[2011/11/06 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{1B4E7356-274F-44CB-88AB-2026CBFE8C8C}
[2011/11/05 12:08:36 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{3300AD85-AAF5-4742-A5A1-3B380918DE44}
[2011/11/05 12:08:13 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{20087CA0-0D69-4434-B570-2A404BCAEFD7}
[2011/11/04 23:10:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/04 22:33:55 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/11/02 20:53:10 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\SCE
[2011/11/02 20:52:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/10/29 09:37:29 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Roaming\mm
[2011/10/27 19:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 19:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/26 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{BE3ED77B-6590-4186-9EE8-B30FBC27D92C}
[2011/10/26 23:00:14 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{DD089AC7-00F6-4E79-B6A8-C3CD3D87893A}
[2011/10/16 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011/10/16 08:57:20 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\Documents\Orcs Must Die
[2011/10/13 20:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 20:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 20:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 20:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/13 04:56:37 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{B41DEEAE-2C90-4BA3-B22D-EC41218776AF}
[2011/10/13 04:56:24 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{FD421E68-C9DC-42D7-8A60-6C384B38D5F9}
[2011/10/08 08:00:08 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\LEGO Software
[2011/10/08 08:00:08 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\Documents\LEGO Creations
[2011/10/08 07:46:26 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\Chromium
[2011/10/08 07:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Software
[2011/10/08 07:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Software
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/06 20:43:42 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 20:43:42 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 20:40:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 20:35:18 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\drivers\SMR210.dat
[2011/11/06 20:34:37 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2011/11/06 20:33:21 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/06 20:33:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/06 20:33:02 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 19:30:37 | 000,124,720 | ---- | M] () -- C:\Users\Lincicum\Desktop\Malware results screenshot.PNG
[2011/11/06 19:03:02 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/06 18:44:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/06 18:44:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/06 14:47:35 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Lincicum\Desktop\FixTDSS.exe
[2011/11/06 12:52:39 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\VT20111023.024
[2011/11/06 12:29:38 | 000,001,286 | ---- | M] () -- C:\Users\Lincicum\Desktop\Norton Installation Files.lnk
[2011/11/06 12:22:55 | 000,002,494 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/11/06 12:21:32 | 001,897,761 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Cat.DB
[2011/11/06 12:19:46 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/11/06 12:19:46 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/11/06 12:19:46 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/11/06 11:42:58 | 000,783,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/06 11:42:58 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/06 11:42:58 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/05 15:58:16 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Lincicum.job
[2011/11/05 08:31:20 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLincicum.job
[2011/11/05 01:20:51 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/28 22:49:35 | 000,101,885 | ---- | M] () -- C:\Users\Lincicum\AppData\Local\tmpBUB.0
[2011/10/28 22:49:35 | 000,047,649 | ---- | M] () -- C:\Users\Lincicum\AppData\Local\tmpBUB.JPG
[2011/10/13 20:13:40 | 000,002,515 | ---- | M] () -- C:\Users\Lincicum\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/13 02:32:47 | 000,437,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 20:35:18 | 000,000,020 | ---- | C] () -- C:\Windows\SysNative\drivers\SMR210.dat
[2011/11/06 19:30:37 | 000,124,720 | ---- | C] () -- C:\Users\Lincicum\Desktop\Malware results screenshot.PNG
[2011/11/06 19:03:01 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/06 18:44:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/11/06 12:52:56 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\VT20111023.024
[2011/11/06 12:28:13 | 000,001,286 | ---- | C] () -- C:\Users\Lincicum\Desktop\Norton Installation Files.lnk
[2011/11/06 12:21:10 | 001,897,761 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Cat.DB
[2011/11/06 12:19:12 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymEFA.inf
[2011/11/06 12:19:12 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymDS.inf
[2011/11/06 12:19:12 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymNet.inf
[2011/11/06 12:19:12 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtsp64.inf
[2011/11/06 12:19:12 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtspx64.inf
[2011/11/06 12:19:12 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\ccSetx64.inf
[2011/11/06 12:19:12 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Iron.inf
[2011/11/06 12:19:11 | 000,002,801 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymVTcer.dat
[2011/11/06 12:19:10 | 000,007,510 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\ccSetx64.cat
[2011/11/06 12:19:10 | 000,007,504 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtspx64.cat
[2011/11/06 12:19:10 | 000,007,502 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymEFA64.cat
[2011/11/06 12:19:10 | 000,007,500 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtsp64.cat
[2011/11/06 12:19:10 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymDS64.cat
[2011/11/06 12:19:10 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\iron.cat
[2011/11/06 12:19:10 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\symnet64.cat
[2011/11/06 12:19:10 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\isolate.ini
[2011/11/06 12:15:53 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/11/06 12:15:53 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/11/06 12:15:40 | 000,002,494 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/11/02 20:52:41 | 000,002,516 | ---- | C] () -- C:\Users\Lincicum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2011/10/28 22:49:35 | 000,101,885 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpBUB.0
[2011/10/28 22:49:35 | 000,047,649 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpBUB.JPG
[2011/09/21 16:27:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\IYVU9_32.DLL
[2011/09/15 15:29:42 | 000,180,144 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(2).1
[2011/09/15 15:29:40 | 000,179,470 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(2).JPG
[2011/06/12 00:10:33 | 000,001,854 | ---- | C] () -- C:\Users\Lincicum\AppData\Roaming\GhostObjGAFix.xml
[2011/06/01 17:27:19 | 000,081,910 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpNATHAN TABLE.0
[2011/06/01 17:27:19 | 000,039,334 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpNATHAN TABLE.JPG
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/28 07:01:36 | 000,000,094 | ---- | C] () -- C:\Windows\DMI.INI.abak
[2011/03/28 06:57:20 | 000,000,094 | ---- | C] () -- C:\Windows\DMI.INI
[2011/02/27 17:09:19 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/22 20:27:04 | 000,035,500 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(5).1
[2011/02/22 20:27:03 | 000,075,212 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(5).0
[2011/02/22 20:27:03 | 000,035,276 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(5).JPG
[2011/02/20 22:44:35 | 000,037,470 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(4).1
[2011/02/20 22:44:33 | 000,081,988 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(4).0
[2011/02/20 22:44:33 | 000,037,114 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(4).JPG
[2011/02/12 09:46:54 | 000,033,807 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO.1
[2011/01/19 23:21:04 | 000,028,683 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(1).0
[2011/01/19 23:21:04 | 000,011,476 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(1).JPG
[2011/01/14 08:07:41 | 001,589,816 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp014.0
[2011/01/14 08:07:41 | 000,635,137 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp014.JPG
[2011/01/02 16:20:16 | 000,552,962 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(2).0
[2010/12/23 23:48:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/11/13 21:00:31 | 000,476,164 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp005 (6).0
[2010/11/13 21:00:31 | 000,398,724 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp005 (6).JPG
[2010/09/10 10:12:17 | 000,838,927 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpP9090113.JPG
[2010/09/10 10:12:16 | 001,617,055 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpP9090113.0
[2010/08/24 21:31:47 | 000,312,900 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0004.1
[2010/08/24 21:31:46 | 000,835,597 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0004.0
[2010/08/24 21:31:46 | 000,314,014 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0004.JPG
[2010/08/24 21:30:23 | 000,256,222 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0003.1
[2010/08/24 21:30:22 | 000,797,818 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0003.0
[2010/08/24 21:30:22 | 000,253,633 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0003.JPG
[2010/08/24 21:26:04 | 000,228,963 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0002.1
[2010/08/24 21:26:03 | 000,559,972 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0002.0
[2010/08/24 21:26:03 | 000,228,292 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0002.JPG
[2010/08/18 20:56:39 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/18 19:56:48 | 000,201,417 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/07/29 11:55:08 | 000,196,648 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/13 18:41:52 | 000,000,436 | ---- | C] () -- C:\Windows\HEGAMES.INI.abak
[2010/07/13 06:18:17 | 000,000,366 | ---- | C] () -- C:\Windows\HEGAMES.INI
[2010/06/23 15:07:29 | 000,082,432 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 12:38:20 | 000,591,226 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp001.0
[2010/06/15 12:38:20 | 000,516,007 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp001.JPG
[2010/05/31 19:37:06 | 000,476,164 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp005.0
[2010/05/31 19:37:06 | 000,398,724 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp005.JPG
[2010/05/25 05:46:19 | 000,470,070 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp043.JPG
[2010/05/13 16:37:13 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/05/13 16:20:06 | 000,000,455 | ---- | C] () -- C:\Windows\Disney.ini
[2010/05/11 11:36:16 | 000,996,659 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp024.0
[2010/05/11 11:36:16 | 000,872,808 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp024.JPG
[2010/04/30 16:13:12 | 000,928,296 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp011.0
[2010/04/30 16:13:12 | 000,814,423 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp011.JPG
[2010/04/22 07:52:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/18 16:42:19 | 000,000,524 | ---- | C] () -- C:\Users\Lincicum\AppData\Roaming\wklnhst.dat
[2010/04/17 20:47:36 | 000,000,067 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/03 02:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/04/18 16:09:16 | 000,000,000 | -HSD | M] -- C:\Users\Lincicum\AppData\Roaming\.#
[2010/09/17 17:01:21 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\.minecraft
[2010/05/15 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Amazon
[2010/11/20 08:38:53 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Atari
[2010/12/25 08:41:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Batman
[2010/09/06 18:39:50 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Brunhilda_oberon
[2010/04/19 20:04:30 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Caspedia
[2011/03/05 19:36:10 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Catalina Marketing Corp
[2010/04/19 09:59:24 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\E-centives
[2010/11/13 08:28:49 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\EleFun Games
[2010/06/19 14:23:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Facebook
[2010/12/25 13:30:06 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Flip Video
[2011/07/26 07:13:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\FrimaStudio
[2010/06/28 17:38:06 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Fugazo
[2010/04/18 05:54:30 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\funkitron
[2010/05/08 07:28:29 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Gamelab
[2010/04/27 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\GetRightToGo
[2010/09/12 06:26:47 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2011/03/30 14:06:03 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\gtk-2.0
[2010/05/23 12:10:57 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\IronCode
[2010/06/28 19:08:55 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Janes Realty2
[2011/01/24 06:35:02 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Juniper Networks
[2011/02/27 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Kalypso Media
[2010/08/08 10:42:29 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Ladia Group
[2010/07/19 09:01:34 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Ludia
[2011/10/16 09:16:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011/10/29 09:37:29 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\mm
[2010/12/24 11:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\MudTV
[2011/06/08 07:12:05 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\MyPublisher
[2010/06/28 19:28:17 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Nevosoft Games
[2011/06/08 05:37:40 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\OverDrive
[2010/04/17 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\PictureMover
[2010/09/12 06:19:03 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\PlayFirst
[2011/08/07 18:01:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Registry Mechanic
[2010/04/17 22:11:07 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\runic games
[2010/11/13 08:33:12 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Silverback Productions
[2010/04/22 18:26:52 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Template
[2010/05/22 06:29:19 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\The Creative Assembly
[2010/04/17 21:47:28 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Tific
[2010/05/17 17:11:11 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Titanium
[2010/08/25 20:05:47 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\TomTom
[2010/11/13 18:37:31 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Total Eclipse
[2011/11/03 22:34:19 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Tropico 3
[2010/05/04 22:08:49 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Ubisoft
[2010/12/21 19:45:51 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Unity
[2010/04/17 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\WildTangent
[2010/04/18 07:59:43 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\WinBatch
[2010/10/27 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Windows Live Writer
[2011/09/30 09:02:05 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/08/06 15:45:53 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Lincicum\Documents\SMS sketch.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

#2
Homburg

Posted 07 November 2011 - 04:59 AM

Trusted Helper

Malware Removal
665 posts

Hello GinaVA3 and welcome to GeeksToGo

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
Please do not try to fix anything without being asked
Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
I am currently reviewing your logs.

#3
GinaVA3

Posted 07 November 2011 - 09:58 AM

New Member

Topic Starter
Member
9 posts

Thanks, Homburg.

#4
Homburg

Posted 07 November 2011 - 02:40 PM

Trusted Helper

Malware Removal
665 posts

Hello,

Can you please do the following:

Step 1:

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. Instructions on disabling these type of programs can be found here
Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks.

Important:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 2:

Run OTL Posted Image

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
@Alternate Data Stream - 168 bytes -> C:\Users\Lincicum\Documents\SMS sketch.jpeg:3or4kl4x13tuuug3Byamue2s4b

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done and post the fix log
Open OTL again
Select All users

Copy and paste the following into Custom Scan/Fixes box

netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.*
winlogon.*
Userinit.*
svchost.*
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav

Click the Quick Scan button. Post the log it produces in your next reply.

Step 3:

If you already have a copy of aswMBR, please delete it and download the latest version,

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Please remember to post :
ComboFix.txt scan
The OTL fix log
New OTL QuickScan log
aswMBR scan log

Homburg

#5
GinaVA3

Posted 07 November 2011 - 04:23 PM

New Member

Topic Starter
Member
9 posts

ComboFix LOG:

ComboFix 11-11-07.03 - Lincicum 11/07/2011 16:22:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.2942 [GMT -5:00]
Running from: c:\users\Lincicum\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Lincicum\AppData\Roaming\.#
c:\users\Lincicum\AppData\Roaming\mm
c:\users\Lincicum\AppData\Roaming\mm\cache\.cache
c:\users\Lincicum\AppData\Roaming\mm\cache\ImageLoader\0D51E9900D2C17AA30F9D5B537BA8FCE
c:\users\Lincicum\AppData\Roaming\mm\cache\ImageLoader\3C537468670FEF5CDA2E97FDA3E15875
c:\users\Lincicum\AppData\Roaming\mm\cache\ImageLoader\C1009FF461966D93B5D64B7A012D6BB4
c:\users\Lincicum\AppData\Roaming\mm\cache\ImageLoader\F722CF962F4FCDC6D9D98B6BDE3E35D8
c:\users\Lincicum\g2mdlhlpx.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 21:33 . 2011-11-07 21:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-07 02:19 . 2011-11-07 02:19 -------- d-----w- C:\_OTL
2011-11-07 00:03 . 2011-11-07 00:03 -------- d-----w- c:\users\Lincicum\AppData\Roaming\Malwarebytes
2011-11-07 00:02 . 2011-11-07 00:02 -------- d-----w- c:\programdata\Malwarebytes
2011-11-07 00:02 . 2011-11-07 00:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-07 00:02 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 23:43 . 2011-11-07 00:50 -------- d-----w- C:\sh4ldr
2011-11-06 23:43 . 2011-11-06 23:43 -------- d-----w- c:\program files\Enigma Software Group
2011-11-06 18:19 . 2011-11-06 18:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-06 17:15 . 2011-11-06 17:19 -------- d-----w- c:\program files\Symantec
2011-11-06 17:15 . 2011-11-06 17:19 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-11-06 17:15 . 2011-11-06 17:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-06 17:14 . 2011-11-06 17:24 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-11-06 17:14 . 2011-11-06 17:14 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-11-06 16:34 . 2011-11-07 01:35 -------- d-----w- c:\users\Lincicum\AppData\Local\NPE
2011-11-05 17:35 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D2E088A-4DD3-4AE2-B3AA-527E3D157AB1}\mpengine.dll
2011-11-05 04:16 . 2011-11-05 04:16 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-11-05 04:16 . 2011-11-05 04:16 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2011-11-05 04:10 . 2011-11-05 04:10 -------- d-----w- c:\windows\Sun
2011-11-03 01:53 . 2011-11-03 01:53 -------- d-----w- c:\users\Lincicum\AppData\Local\SCE
2011-11-03 01:52 . 2011-11-03 01:52 -------- d-----w- c:\users\Public\Sony Online Entertainment
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-16 14:16 . 2011-10-16 14:16 -------- d-----w- c:\users\Lincicum\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
2011-10-14 01:07 . 2011-10-14 01:07 -------- d-----w- c:\program files\iPod
2011-10-14 01:07 . 2011-10-14 01:08 -------- d-----w- c:\program files\iTunes
2011-10-14 01:04 . 2011-10-14 01:04 -------- d-----w- c:\program files\Bonjour
2011-10-14 01:04 . 2011-10-14 01:04 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-13 00:19 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 00:18 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 00:18 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 00:18 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 00:18 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 00:18 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 00:18 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 00:18 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 00:18 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-05 14:09 . 2011-05-15 11:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 10:06 . 2010-05-22 16:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 14:01 . 2011-09-06 14:01 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-07 1242448]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"Exetender_135"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2011-05-23 6013440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender_135"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2011-05-23 6013440]
.
c:\users\Lincicum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HP SimpleSave Monitor.lnk - c:\users\Lincicum\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [2011-7-29 477080]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 SQTECH9051;DB VGA Cam;c:\windows\system32\Drivers\Capt9051.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-10-27 1155704]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111104.030\IDSvia64.sys [2011-11-04 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1301010.003\SYMNETS.SYS [x]
S2 BackupService;BackupService;c:\users\Lincicum\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 FreemakeUtilsService;Freemake Service;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2011-08-31 74240]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe [2011-08-10 138760]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 X5XS64Ex;X5XS64Ex;c:\program files (x86)\Verizon Games on Demand Player\X5XS64Ex.Sys [2009-08-19 51744]
S2 X5XSEx_Pr135;X5XSEx_Pr135;c:\program files (x86)\Verizon Games Player\X5XSEx.Sys [2010-11-22 55400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-05 136824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 18:18]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 18:18]
.
2011-11-05 c:\windows\Tasks\HPCeeScheduleForLincicum.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2011-11-05 c:\windows\Tasks\Norton Security Scan for Lincicum.job
- c:\progra~2\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-12 12:22]
.
2011-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"combofix"="c:\combofix\CF27076.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
FF - ProfilePath - c:\users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"=hex:51,66,7a,6c,4c,1d,38,12,b8,aa,cd,
8f,50,21,85,00,f1,ff,c9,c1,aa,53,6b,80
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0b,d4,19,a7,98,9b,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,84,d7,4f,93,b6,b8,4c,ac,c8,1e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,84,d7,4f,93,b6,b8,4c,ac,c8,1e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2011-11-07 17:08:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 22:08
.
Pre-Run: 237,679,714,304 bytes free
Post-Run: 236,940,210,176 bytes free
.
- - End Of File - - 186CA4AFA556057D52F4A95A43BD7C97

I'll do the OTL one next.

#6
GinaVA3

Posted 07 November 2011 - 04:46 PM

New Member

Topic Starter
Member
9 posts

Here's the OTL fix log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
ADS C:\Users\Lincicum\Documents\SMS sketch.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lincicum\Downloads\cmd.bat deleted successfully.
C:\Users\Lincicum\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lincicum
->Temp folder emptied: 258776 bytes
->Temporary Internet Files folder emptied: 67457 bytes
->Java cache emptied: 1191788 bytes
->FireFox cache emptied: 44365001 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 5869 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4461 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 44.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lincicum
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11072011_172200

Files\Folders moved on Reboot...
C:\Users\Lincicum\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Second OTL Log:

OTL logfile created on: 11/7/2011 5:31:18 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lincicum\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 66.94% Memory free
12.00 Gb Paging File | 10.05 Gb Available in Paging File | 83.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.94 Gb Total Space | 220.74 Gb Free Space | 37.74% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.61 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: KAL-EL | User Name: Lincicum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/06 21:06:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lincicum\Downloads\OTL.exe
PRC - [2011/11/05 09:09:26 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/09/30 08:36:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/31 08:43:16 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
PRC - [2011/08/06 19:28:44 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/05/26 13:14:52 | 000,477,080 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
PRC - [2011/05/23 11:52:14 | 006,013,440 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files (x86)\Verizon Games Player\GPlayer.exe
PRC - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 04:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/07/01 09:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/04/03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/07 11:59:56 | 000,076,800 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko7.dll
MOD - [2011/11/05 09:09:31 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/05 09:09:25 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/11/05 09:09:22 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/11/05 09:09:22 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/11/05 09:09:22 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/11/05 09:09:22 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/09/30 08:36:02 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/26 13:14:52 | 000,477,080 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/05 09:09:26 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/31 08:43:16 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe -- (NIS)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/01 09:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/04/07 18:21:30 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/03 15:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/06 12:19:46 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/08 18:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 21:22:10 | 000,729,720 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/02 21:22:10 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/07/28 22:20:02 | 001,084,536 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/07/25 21:18:39 | 000,401,016 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 21:15:52 | 000,189,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/28 09:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/17 00:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/11 12:03:58 | 000,047,680 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Capt9051.sys -- (SQTECH9051)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2011/11/07 12:40:43 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111107.003\ex64.sys -- (NAVEX15)
DRV - [2011/11/07 12:40:43 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111107.003\eng64.sys -- (NAVENG)
DRV - [2011/11/05 01:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/05 01:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/04 15:36:18 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111104.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/10/27 18:12:04 | 001,155,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111027.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/22 09:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Verizon Games Player\X5XSEx.sys -- (X5XSEx_Pr135)
DRV - [2009/08/19 14:47:48 | 000,051,744 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Verizon Games on Demand Player\X5XS64Ex.sys -- (X5XS64Ex)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:2.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2260173&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Verizon Games on Demand Player\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lincicum\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Lincicum\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lincicum\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/18 20:57:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/09/05 19:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/11/06 12:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2011/11/07 17:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 19:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 19:32:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Lincicum\AppData\Roaming\Move Networks [2010/04/29 00:00:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/18 20:57:05 | 000,000,000 | ---D | M]

[2010/08/25 20:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Extensions
[2010/08/25 20:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/07 16:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions
[2011/10/26 23:03:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/07 16:22:21 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/02/09 09:53:02 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/10/08 08:44:33 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/03/06 18:17:01 | 000,000,000 | ---D | M] ("Amazon Toolbar") -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\extensions\[email protected]
[2010/03/24 15:13:38 | 000,000,923 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\searchplugins\conduit.xml
[2011/11/06 16:54:37 | 000,002,470 | ---- | M] () -- C:\Users\Lincicum\AppData\Roaming\Mozilla\Firefox\Profiles\gkgfly4o.default\searchplugins\safesearch.xml
[2011/11/06 13:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/15 18:33:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/22 11:02:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 15:44:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/17 07:34:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/18 22:05:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/13 15:55:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/06 13:18:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/05 19:36:49 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011/11/07 17:24:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN
[2011/11/06 12:35:37 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
() (No name found) -- C:\USERS\LINCICUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GKGFLY4O.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\LINCICUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GKGFLY4O.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\LINCICUM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GKGFLY4O.DEFAULT\EXTENSIONS\[email protected]
[2011/09/30 08:36:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/05 19:36:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/05 19:36:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.204\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.204\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.204\gears.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Verizon Games on Demand Player\npExentCtl.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Lincicum\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lincicum\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Lincicum\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/07 17:03:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [Exetender_135] C:\Program Files (x86)\Verizon Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender_135] C:\Program Files (x86)\Verizon Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001..\Run: [Exetender_135] C:\Program Files (x86)\Verizon Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Lincicum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-681214900-1602092343-3754122490-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.c...cts/canvasx.cab (CanvasX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E975DAC-6FAD-4273-A1CA-5A6441B41B72}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/06 18:44:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 17:03:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/07 16:16:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/07 16:16:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/07 16:16:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/07 16:15:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/07 16:13:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/07 15:58:36 | 004,285,527 | R--- | C] (Swearware) -- C:\Users\Lincicum\Desktop\ComboFix.exe
[2011/11/07 06:16:44 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{84513F88-614E-4F9A-8C77-1968CD09E6A8}
[2011/11/07 06:16:25 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{0EAA574D-D013-402C-8F9E-52020116B9EA}
[2011/11/06 21:19:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/06 19:03:14 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Roaming\Malwarebytes
[2011/11/06 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/06 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/06 19:02:50 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/06 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/06 18:43:58 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/11/06 18:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/11/06 16:08:43 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Lincicum\Desktop\FixTDSS.exe
[2011/11/06 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/06 12:19:18 | 001,084,536 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymEFA64.sys
[2011/11/06 12:19:18 | 000,729,720 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtsp64.sys
[2011/11/06 12:19:18 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymDS64.sys
[2011/11/06 12:19:18 | 000,401,016 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\symnets.sys
[2011/11/06 12:19:18 | 000,189,560 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Ironx64.sys
[2011/11/06 12:19:18 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\ccSetx64.sys
[2011/11/06 12:19:18 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtspx64.sys
[2011/11/06 12:19:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1301010.003
[2011/11/06 12:15:53 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/11/06 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/11/06 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/11/06 12:14:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011/11/06 12:14:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/11/06 12:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011/11/06 12:11:04 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\Desktop\EBOOKS
[2011/11/06 11:34:15 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\NPE
[2011/11/06 11:16:33 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/11/06 10:57:33 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{36B632C9-57BD-4CD5-8188-DFC35319EA62}
[2011/11/06 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{1B4E7356-274F-44CB-88AB-2026CBFE8C8C}
[2011/11/05 12:08:36 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{3300AD85-AAF5-4742-A5A1-3B380918DE44}
[2011/11/05 12:08:13 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{20087CA0-0D69-4434-B570-2A404BCAEFD7}
[2011/11/04 23:10:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/03 17:17:36 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lincicum\Desktop\TDSSKiller.exe
[2011/11/02 20:53:10 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\SCE
[2011/11/02 20:52:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/10/27 19:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 19:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/26 23:00:26 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{BE3ED77B-6590-4186-9EE8-B30FBC27D92C}
[2011/10/26 23:00:14 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{DD089AC7-00F6-4E79-B6A8-C3CD3D87893A}
[2011/10/16 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011/10/16 08:57:20 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\Documents\Orcs Must Die
[2011/10/13 20:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 20:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 20:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 20:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/13 04:56:37 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{B41DEEAE-2C90-4BA3-B22D-EC41218776AF}
[2011/10/13 04:56:24 | 000,000,000 | ---D | C] -- C:\Users\Lincicum\AppData\Local\{FD421E68-C9DC-42D7-8A60-6C384B38D5F9}

========== Files - Modified Within 30 Days ==========

[2011/11/07 17:31:45 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 17:31:45 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 17:25:39 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/07 17:24:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 17:24:11 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 17:03:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/07 16:40:13 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 15:58:37 | 004,285,527 | R--- | M] (Swearware) -- C:\Users\Lincicum\Desktop\ComboFix.exe
[2011/11/06 21:33:19 | 000,000,512 | ---- | M] () -- C:\Users\Lincicum\Desktop\MBR.dat
[2011/11/06 21:29:58 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lincicum\Desktop\TDSSKiller.exe
[2011/11/06 19:30:37 | 000,124,720 | ---- | M] () -- C:\Users\Lincicum\Desktop\Malware results screenshot.PNG
[2011/11/06 19:03:02 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/06 18:44:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/06 14:47:35 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Lincicum\Desktop\FixTDSS.exe
[2011/11/06 12:52:39 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\VT20111023.024
[2011/11/06 12:29:38 | 000,001,286 | ---- | M] () -- C:\Users\Lincicum\Desktop\Norton Installation Files.lnk
[2011/11/06 12:22:55 | 000,002,494 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/11/06 12:21:32 | 001,897,761 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Cat.DB
[2011/11/06 12:19:46 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/11/06 12:19:46 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/11/06 12:19:46 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/11/06 11:42:58 | 000,783,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/06 11:42:58 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/06 11:42:58 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/05 15:58:16 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Lincicum.job
[2011/11/05 08:31:20 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLincicum.job
[2011/11/05 01:20:51 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/28 22:49:35 | 000,101,885 | ---- | M] () -- C:\Users\Lincicum\AppData\Local\tmpBUB.0
[2011/10/28 22:49:35 | 000,047,649 | ---- | M] () -- C:\Users\Lincicum\AppData\Local\tmpBUB.JPG
[2011/10/13 20:13:40 | 000,002,515 | ---- | M] () -- C:\Users\Lincicum\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/13 02:32:47 | 000,437,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/07 16:16:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/07 16:16:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/07 16:16:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/07 16:16:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/07 16:16:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/06 21:33:19 | 000,000,512 | ---- | C] () -- C:\Users\Lincicum\Desktop\MBR.dat
[2011/11/06 19:30:37 | 000,124,720 | ---- | C] () -- C:\Users\Lincicum\Desktop\Malware results screenshot.PNG
[2011/11/06 19:03:01 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/06 18:44:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/11/06 12:52:56 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\VT20111023.024
[2011/11/06 12:28:13 | 000,001,286 | ---- | C] () -- C:\Users\Lincicum\Desktop\Norton Installation Files.lnk
[2011/11/06 12:21:10 | 001,897,761 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Cat.DB
[2011/11/06 12:19:12 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymEFA.inf
[2011/11/06 12:19:12 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymDS.inf
[2011/11/06 12:19:12 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymNet.inf
[2011/11/06 12:19:12 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtsp64.inf
[2011/11/06 12:19:12 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtspx64.inf
[2011/11/06 12:19:12 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\ccSetx64.inf
[2011/11/06 12:19:12 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\Iron.inf
[2011/11/06 12:19:11 | 000,002,801 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymVTcer.dat
[2011/11/06 12:19:10 | 000,007,510 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\ccSetx64.cat
[2011/11/06 12:19:10 | 000,007,504 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtspx64.cat
[2011/11/06 12:19:10 | 000,007,502 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymEFA64.cat
[2011/11/06 12:19:10 | 000,007,500 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\srtsp64.cat
[2011/11/06 12:19:10 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\SymDS64.cat
[2011/11/06 12:19:10 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\iron.cat
[2011/11/06 12:19:10 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\symnet64.cat
[2011/11/06 12:19:10 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1301010.003\isolate.ini
[2011/11/06 12:15:53 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/11/06 12:15:53 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/11/06 12:15:40 | 000,002,494 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/11/02 20:52:41 | 000,002,516 | ---- | C] () -- C:\Users\Lincicum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2011/10/28 22:49:35 | 000,101,885 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpBUB.0
[2011/10/28 22:49:35 | 000,047,649 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpBUB.JPG
[2011/09/21 16:27:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\IYVU9_32.DLL
[2011/09/15 15:29:42 | 000,180,144 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(2).1
[2011/09/15 15:29:40 | 000,179,470 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(2).JPG
[2011/06/12 00:10:33 | 000,001,854 | ---- | C] () -- C:\Users\Lincicum\AppData\Roaming\GhostObjGAFix.xml
[2011/06/01 17:27:19 | 000,081,910 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpNATHAN TABLE.0
[2011/06/01 17:27:19 | 000,039,334 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpNATHAN TABLE.JPG
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/28 07:01:36 | 000,000,094 | ---- | C] () -- C:\Windows\DMI.INI.abak
[2011/03/28 06:57:20 | 000,000,094 | ---- | C] () -- C:\Windows\DMI.INI
[2011/02/27 17:09:19 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/22 20:27:04 | 000,035,500 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(5).1
[2011/02/22 20:27:03 | 000,075,212 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(5).0
[2011/02/22 20:27:03 | 000,035,276 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(5).JPG
[2011/02/20 22:44:35 | 000,037,470 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(4).1
[2011/02/20 22:44:33 | 000,081,988 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(4).0
[2011/02/20 22:44:33 | 000,037,114 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(4).JPG
[2011/02/12 09:46:54 | 000,033,807 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO.1
[2011/01/19 23:21:04 | 000,028,683 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(1).0
[2011/01/19 23:21:04 | 000,011,476 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(1).JPG
[2011/01/14 08:07:41 | 001,589,816 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp014.0
[2011/01/14 08:07:41 | 000,635,137 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp014.JPG
[2011/01/02 16:20:16 | 000,552,962 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpPHOTO(2).0
[2010/12/23 23:48:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/11/13 21:00:31 | 000,476,164 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp005 (6).0
[2010/11/13 21:00:31 | 000,398,724 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp005 (6).JPG
[2010/09/10 10:12:17 | 000,838,927 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpP9090113.JPG
[2010/09/10 10:12:16 | 001,617,055 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpP9090113.0
[2010/08/24 21:31:47 | 000,312,900 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0004.1
[2010/08/24 21:31:46 | 000,835,597 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0004.0
[2010/08/24 21:31:46 | 000,314,014 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0004.JPG
[2010/08/24 21:30:23 | 000,256,222 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0003.1
[2010/08/24 21:30:22 | 000,797,818 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0003.0
[2010/08/24 21:30:22 | 000,253,633 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0003.JPG
[2010/08/24 21:26:04 | 000,228,963 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0002.1
[2010/08/24 21:26:03 | 000,559,972 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0002.0
[2010/08/24 21:26:03 | 000,228,292 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmpSCAN0002.JPG
[2010/08/18 20:56:39 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/18 19:56:48 | 000,201,417 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/07/29 11:55:08 | 000,196,648 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/13 18:41:52 | 000,000,436 | ---- | C] () -- C:\Windows\HEGAMES.INI.abak
[2010/07/13 06:18:17 | 000,000,366 | ---- | C] () -- C:\Windows\HEGAMES.INI
[2010/06/23 15:07:29 | 000,082,432 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 12:38:20 | 000,591,226 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp001.0
[2010/06/15 12:38:20 | 000,516,007 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp001.JPG
[2010/05/31 19:37:06 | 000,476,164 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp005.0
[2010/05/31 19:37:06 | 000,398,724 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp005.JPG
[2010/05/25 05:46:19 | 000,470,070 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp043.JPG
[2010/05/13 16:37:13 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/05/13 16:20:06 | 000,000,455 | ---- | C] () -- C:\Windows\Disney.ini
[2010/05/11 11:36:16 | 000,996,659 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp024.0
[2010/05/11 11:36:16 | 000,872,808 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp024.JPG
[2010/04/30 16:13:12 | 000,928,296 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp011.0
[2010/04/30 16:13:12 | 000,814,423 | ---- | C] () -- C:\Users\Lincicum\AppData\Local\tmp011.JPG
[2010/04/22 07:52:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/18 16:42:19 | 000,000,524 | ---- | C] () -- C:\Users\Lincicum\AppData\Roaming\wklnhst.dat
[2010/04/17 20:47:36 | 000,000,067 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/03 02:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 02:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 02:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/09/17 17:01:21 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\.minecraft
[2010/05/15 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Amazon
[2010/11/20 08:38:53 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Atari
[2010/12/25 08:41:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Batman
[2010/09/06 18:39:50 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Brunhilda_oberon
[2010/04/19 20:04:30 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Caspedia
[2011/03/05 19:36:10 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Catalina Marketing Corp
[2010/04/19 09:59:24 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\E-centives
[2010/11/13 08:28:49 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\EleFun Games
[2010/06/19 14:23:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Facebook
[2010/12/25 13:30:06 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Flip Video
[2011/07/26 07:13:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\FrimaStudio
[2010/06/28 17:38:06 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Fugazo
[2010/04/18 05:54:30 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\funkitron
[2010/05/08 07:28:29 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Gamelab
[2010/04/27 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\GetRightToGo
[2010/09/12 06:26:47 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2011/03/30 14:06:03 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\gtk-2.0
[2010/05/23 12:10:57 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\IronCode
[2010/06/28 19:08:55 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Janes Realty2
[2011/01/24 06:35:02 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Juniper Networks
[2011/02/27 17:10:32 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Kalypso Media
[2010/08/08 10:42:29 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Ladia Group
[2010/07/19 09:01:34 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Ludia
[2011/10/16 09:16:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2010/12/24 11:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\MudTV
[2011/06/08 07:12:05 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\MyPublisher
[2010/06/28 19:28:17 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Nevosoft Games
[2011/06/08 05:37:40 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\OverDrive
[2010/04/17 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\PictureMover
[2010/09/12 06:19:03 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\PlayFirst
[2011/08/07 18:01:09 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Registry Mechanic
[2010/04/17 22:11:07 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\runic games
[2010/11/13 08:33:12 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Silverback Productions
[2010/04/22 18:26:52 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Template
[2010/05/22 06:29:19 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\The Creative Assembly
[2010/04/17 21:47:28 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Tific
[2010/05/17 17:11:11 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Titanium
[2010/08/25 20:05:47 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\TomTom
[2010/11/13 18:37:31 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Total Eclipse
[2011/11/03 22:34:19 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Tropico 3
[2010/05/04 22:08:49 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Ubisoft
[2010/12/21 19:45:51 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Unity
[2010/04/17 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\WildTangent
[2010/04/18 07:59:43 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\WinBatch
[2010/10/27 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Lincicum\AppData\Roaming\Windows Live Writer
[2011/09/30 09:02:05 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/08/06 15:45:53 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< MD5 for: EXPLORER.ADML >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.BLOCK.STYLE.JS >
[2011/10/09 21:27:42 | 000,003,338 | ---- | M] () MD5=45CE772D9AD359924AD1970BDD7DA2B1 -- C:\Program Files (x86)\Steam\steamapps\common\might and magic heroes vi demo\Data\html\dynapi\src\gui\explorer.block.style.js

< MD5 for: EXPLORER.EXE >
[2009/10/06 01:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 01:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 01:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 00:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2011/11/07 17:18:25 | 000,252,700 | ---- | M] () MD5=6A67381B516D1D7E18445137B943F8B6 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: EXPLORER.JS >
[2011/10/09 21:27:56 | 000,002,575 | ---- | M] () MD5=79C3DBCCBDF8B88B44F40F9A3C21922D -- C:\Program Files (x86)\Steam\steamapps\common\might and magic heroes vi demo\Data\html\dynapi\src\gui\explorer.js

< MD5 for: EXPLORER.STYLE.JS >
[2011/10/09 21:28:17 | 000,006,008 | ---- | M] () MD5=5EB3EDBE06C325F276DE5B182D4A65F0 -- C:\Program Files (x86)\Steam\steamapps\common\might and magic heroes vi demo\Data\html\dynapi\src\gui\explorer.style.js

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: SVCHOST.EXE.MUI >
[2009/07/13 21:26:44 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=712EBAA6DD6DBA7DDEE0A3D03C98E6D1 -- C:\Windows\SysNative\en-US\svchost.exe.mui
[2009/07/13 21:26:44 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=712EBAA6DD6DBA7DDEE0A3D03C98E6D1 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17\svchost.exe.mui
[2009/07/13 21:02:24 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\SysWOW64\en-US\svchost.exe.mui
[2009/07/13 21:02:24 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1\svchost.exe.mui

< MD5 for: SVCHOST.EXE-05F624AB.PF >
[2011/11/06 12:37:59 | 000,022,616 | ---- | M] () MD5=3A8C60E9A23C0FB7EECD6EDBD536760A -- C:\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf

< MD5 for: SVCHOST.EXE-594A37BD.PF >
[2011/11/07 16:19:07 | 000,025,592 | ---- | M] () MD5=7A8E2C5BE76F688E84E1388CE0918C41 -- C:\Windows\Prefetch\SVCHOST.EXE-594A37BD.pf

< MD5 for: SVCHOST.EXE-7CFEDEA3.PF >
[2011/11/07 17:22:25 | 000,020,018 | ---- | M] () MD5=260AFD4AF788AC33AEDBA90500B42E07 -- C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf

< MD5 for: SVCHOST.EXE-80F4A784.PF >
[2011/11/07 17:31:40 | 000,546,470 | ---- | M] () MD5=E12FBFE308F3816FC70F977876EAD305 -- C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf

< MD5 for: SVCHOST.EXE-DD9DE812.PF >
[2011/11/07 14:07:30 | 000,019,226 | ---- | M] () MD5=1691FC3DC2DF20CCBEC4E9B9A0AD6C27 -- C:\Windows\Prefetch\SVCHOST.EXE-DD9DE812.pf

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: USERINIT.EXE.MUI >
[2009/07/13 21:26:28 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\Windows\SysNative\en-US\userinit.exe.mui
[2009/07/13 21:26:28 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ebe597d2ec03996d\userinit.exe.mui
[2009/07/13 21:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
[2009/07/13 21:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8fc6fc4f33a62837\userinit.exe.mui

< MD5 for: USERINIT.EXE-2257A3E7.PF >
[2011/11/07 17:18:25 | 000,012,384 | ---- | M] () MD5=0D88D54671B8F75605B71A5CB5B43E01 -- C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf

< MD5 for: WINLOGON.ADML >
[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.EXE-B020DC41.PF >
[2011/11/06 10:56:31 | 000,035,440 | ---- | M] () MD5=75629D57F1E3E7962F57AF7318904992 -- C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf

< MD5 for: WINLOGON.MFL >
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 08:36:01 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 08:36:01 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 08:36:01 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/09/30 08:36:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 08:36:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 08:36:02 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/10/26 03:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/10/26 03:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/10/26 03:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/10/26 03:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/18 21:14:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/18 21:14:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/18 21:14:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/18 21:14:34 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/18 21:14:34 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< %SYSTEMDRIVE%\*.* >
[2011/11/06 18:44:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/07 17:08:03 | 000,025,141 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 09:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/05/11 12:13:55 | 000,000,625 | ---- | M] () -- C:\FINIS_IT.TXT
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/11/07 17:24:11 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 07:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 07:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 07:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 07:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 07:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 07:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 07:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 09:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 07:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 07:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/11/07 17:24:14 | 2146,623,487 | -HS- | M] () -- C:\pagefile.sys
[2011/11/06 21:32:10 | 000,080,006 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_06.11.2011_21.30.43_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-07 17:44:17
-----------------------------
17:44:17.170 OS Version: Windows x64 6.1.7601 Service Pack 1
17:44:17.170 Number of processors: 4 586 0x170A
17:44:17.171 ComputerName: KAL-EL UserName:
17:44:19.194 Initialize success
17:44:37.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:44:37.219 Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 3
17:44:37.238 Disk 0 MBR read successfully
17:44:37.241 Disk 0 MBR scan
17:44:37.243 Disk 0 unknown MBR code
17:44:37.245 Service scanning
17:44:38.475 Modules scanning
17:44:38.478 Disk 0 trace - called modules:
17:44:38.483 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
17:44:38.486 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006250060]
17:44:38.489 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8005c39920]
17:44:38.492 5 ACPI.sys[fffff88000f117a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005c8e060]
17:44:38.496 Scan finished successfully
17:45:25.763 Disk 0 MBR has been saved successfully to "C:\Users\Lincicum\Desktop\MBR.dat"
17:45:25.769 The log file has been saved successfully to "C:\Users\Lincicum\Desktop\aswMBR.txt"

Can I now restore the AntiVirus and AntiSpyware settings on my computer?

Thank you!

#7
Homburg

Posted 07 November 2011 - 06:12 PM

Trusted Helper

Malware Removal
665 posts

Yes you can now turn your AntiVirus and Firewall back on

Are you still getting the Tidserv Activity warnings?

#8
GinaVA3

Posted 07 November 2011 - 07:04 PM

New Member

Topic Starter
Member
9 posts

No--does that mean it's gone?

#9
Homburg

Posted 08 November 2011 - 01:39 PM

Trusted Helper

Malware Removal
665 posts

Hi,
The main infection has now gone but I'd just like another opinion on your MBR. I see that you have downloaded TDSSkiller, please delete the copy that you have and download a fresh copy and run it.

Step 1:

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

In you next reply please post:

TDSSkiller report.
MBRcheck report.

#10
GinaVA3

Posted 08 November 2011 - 03:56 PM

New Member

Topic Starter
Member
9 posts

The TDSSKiller didn't find anything, so I didn't see Cure or Reboot. Here's the report:

16:47:26.0938 6308 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
16:47:27.0539 6308 ============================================================
16:47:27.0540 6308 Current date / time: 2011/11/08 16:47:27.0539
16:47:27.0540 6308 SystemInfo:
16:47:27.0540 6308
16:47:27.0540 6308 OS Version: 6.1.7601 ServicePack: 1.0
16:47:27.0540 6308 Product type: Workstation
16:47:27.0540 6308 ComputerName: KAL-EL
16:47:27.0540 6308 UserName: Lincicum
16:47:27.0540 6308 Windows directory: C:\Windows
16:47:27.0540 6308 System windows directory: C:\Windows
16:47:27.0540 6308 Running under WOW64
16:47:27.0540 6308 Processor architecture: Intel x64
16:47:27.0540 6308 Number of processors: 4
16:47:27.0540 6308 Page size: 0x1000
16:47:27.0540 6308 Boot type: Normal boot
16:47:27.0540 6308 ============================================================
16:47:29.0351 6308 Initialize success
16:47:50.0205 6872 ============================================================
16:47:50.0205 6872 Scan started
16:47:50.0205 6872 Mode: Manual; SigCheck; TDLFS;
16:47:50.0205 6872 ============================================================
16:47:54.0032 6872 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:47:54.0414 6872 1394ohci - ok
16:47:54.0452 6872 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:47:54.0469 6872 ACPI - ok
16:47:54.0527 6872 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:47:54.0608 6872 AcpiPmi - ok
16:47:54.0651 6872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:47:54.0693 6872 adp94xx - ok
16:47:54.0707 6872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:47:54.0726 6872 adpahci - ok
16:47:54.0735 6872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:47:54.0750 6872 adpu320 - ok
16:47:54.0833 6872 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:47:54.0928 6872 AFD - ok
16:47:54.0948 6872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:47:54.0962 6872 agp440 - ok
16:47:54.0988 6872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:47:55.0013 6872 aliide - ok
16:47:55.0058 6872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:47:55.0076 6872 amdide - ok
16:47:55.0093 6872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:47:55.0197 6872 AmdK8 - ok
16:47:55.0217 6872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:47:55.0269 6872 AmdPPM - ok
16:47:55.0320 6872 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:47:55.0333 6872 amdsata - ok
16:47:55.0363 6872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:47:55.0387 6872 amdsbs - ok
16:47:55.0403 6872 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:47:55.0414 6872 amdxata - ok
16:47:55.0476 6872 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:47:55.0696 6872 AppID - ok
16:47:55.0758 6872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:47:55.0771 6872 arc - ok
16:47:55.0780 6872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:47:55.0793 6872 arcsas - ok
16:47:55.0841 6872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:56.0010 6872 AsyncMac - ok
16:47:56.0060 6872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:47:56.0071 6872 atapi - ok
16:47:56.0116 6872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:47:56.0301 6872 b06bdrv - ok
16:47:56.0336 6872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:47:56.0396 6872 b57nd60a - ok
16:47:56.0635 6872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:47:56.0726 6872 Beep - ok
16:47:57.0070 6872 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111027.001\BHDrvx64.sys
16:47:57.0243 6872 BHDrvx64 - ok
16:47:57.0309 6872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:47:57.0350 6872 blbdrive - ok
16:47:57.0462 6872 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:47:57.0540 6872 bowser - ok
16:47:57.0579 6872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:47:57.0668 6872 BrFiltLo - ok
16:47:57.0684 6872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:47:57.0723 6872 BrFiltUp - ok
16:47:57.0752 6872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:47:57.0827 6872 Brserid - ok
16:47:57.0880 6872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:47:57.0915 6872 BrSerWdm - ok
16:47:57.0949 6872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:47:57.0984 6872 BrUsbMdm - ok
16:47:58.0007 6872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:47:58.0037 6872 BrUsbSer - ok
16:47:58.0063 6872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:47:58.0102 6872 BTHMODEM - ok
16:47:58.0192 6872 catchme - ok
16:47:58.0634 6872 ccSet_NIS (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys
16:47:58.0663 6872 ccSet_NIS - ok
16:47:58.0908 6872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:47:58.0988 6872 cdfs - ok
16:47:59.0320 6872 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:47:59.0378 6872 cdrom - ok
16:47:59.0698 6872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:47:59.0752 6872 circlass - ok
16:47:59.0910 6872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:47:59.0935 6872 CLFS - ok
16:48:00.0031 6872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:48:00.0065 6872 CmBatt - ok
16:48:00.0125 6872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:48:00.0137 6872 cmdide - ok
16:48:00.0232 6872 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:48:00.0276 6872 CNG - ok
16:48:00.0290 6872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:48:00.0302 6872 Compbatt - ok
16:48:00.0427 6872 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:48:00.0481 6872 CompositeBus - ok
16:48:00.0505 6872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:48:00.0519 6872 crcdisk - ok
16:48:00.0597 6872 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:48:00.0672 6872 DfsC - ok
16:48:00.0697 6872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:48:00.0752 6872 discache - ok
16:48:00.0849 6872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:48:00.0863 6872 Disk - ok
16:48:00.0937 6872 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:48:00.0985 6872 Dot4 - ok
16:48:01.0070 6872 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:48:01.0100 6872 Dot4Print - ok
16:48:01.0122 6872 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:48:01.0167 6872 dot4usb - ok
16:48:01.0225 6872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:48:01.0271 6872 drmkaud - ok
16:48:01.0332 6872 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:48:01.0370 6872 DXGKrnl - ok
16:48:01.0447 6872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:48:01.0581 6872 ebdrv - ok
16:48:01.0698 6872 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:48:01.0726 6872 eeCtrl - ok
16:48:01.0816 6872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:48:01.0841 6872 elxstor - ok
16:48:01.0941 6872 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:48:01.0954 6872 EraserUtilRebootDrv - ok
16:48:01.0998 6872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:48:02.0046 6872 ErrDev - ok
16:48:02.0094 6872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:48:02.0178 6872 exfat - ok
16:48:02.0213 6872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:48:02.0276 6872 fastfat - ok
16:48:02.0310 6872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:48:02.0363 6872 fdc - ok
16:48:02.0399 6872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:48:02.0410 6872 FileInfo - ok
16:48:02.0424 6872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:48:02.0487 6872 Filetrace - ok
16:48:02.0550 6872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:48:02.0564 6872 flpydisk - ok
16:48:02.0661 6872 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:48:02.0679 6872 FltMgr - ok
16:48:02.0714 6872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:48:02.0729 6872 FsDepends - ok
16:48:02.0759 6872 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:48:02.0774 6872 Fs_Rec - ok
16:48:02.0839 6872 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:48:02.0856 6872 fvevol - ok
16:48:02.0890 6872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:48:02.0903 6872 gagp30kx - ok
16:48:02.0984 6872 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:48:03.0003 6872 GEARAspiWDM - ok
16:48:03.0054 6872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:48:03.0123 6872 hcw85cir - ok
16:48:03.0190 6872 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:48:03.0237 6872 HDAudBus - ok
16:48:03.0275 6872 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:48:03.0313 6872 HECIx64 - ok
16:48:03.0377 6872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:48:03.0432 6872 HidBatt - ok
16:48:03.0442 6872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:48:03.0484 6872 HidBth - ok
16:48:03.0532 6872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:48:03.0569 6872 HidIr - ok
16:48:03.0623 6872 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:48:03.0699 6872 HidUsb - ok
16:48:03.0789 6872 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:48:03.0802 6872 HpSAMD - ok
16:48:03.0914 6872 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:48:03.0991 6872 HTTP - ok
16:48:04.0043 6872 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:48:04.0055 6872 hwpolicy - ok
16:48:04.0089 6872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:48:04.0106 6872 i8042prt - ok
16:48:04.0130 6872 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:48:04.0151 6872 iaStorV - ok
16:48:04.0493 6872 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111104.030\IDSvia64.sys
16:48:04.0557 6872 IDSVia64 - ok
16:48:04.0623 6872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:48:04.0636 6872 iirsp - ok
16:48:04.0701 6872 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
16:48:04.0761 6872 IntcAzAudAddService - ok
16:48:04.0803 6872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:48:04.0818 6872 intelide - ok
16:48:04.0891 6872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:48:04.0925 6872 intelppm - ok
16:48:04.0990 6872 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:05.0045 6872 IpFilterDriver - ok
16:48:05.0088 6872 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:48:05.0184 6872 IPMIDRV - ok
16:48:05.0214 6872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:48:05.0251 6872 IPNAT - ok
16:48:05.0294 6872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:48:05.0380 6872 IRENUM - ok
16:48:05.0405 6872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:48:05.0417 6872 isapnp - ok
16:48:05.0469 6872 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:48:05.0498 6872 iScsiPrt - ok
16:48:05.0523 6872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:48:05.0535 6872 kbdclass - ok
16:48:05.0597 6872 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:48:05.0634 6872 kbdhid - ok
16:48:05.0667 6872 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:48:05.0680 6872 KSecDD - ok
16:48:05.0739 6872 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:48:05.0753 6872 KSecPkg - ok
16:48:05.0767 6872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:48:05.0819 6872 ksthunk - ok
16:48:05.0897 6872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:48:05.0950 6872 lltdio - ok
16:48:06.0006 6872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:48:06.0027 6872 LSI_FC - ok
16:48:06.0042 6872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:48:06.0055 6872 LSI_SAS - ok
16:48:06.0069 6872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:48:06.0081 6872 LSI_SAS2 - ok
16:48:06.0100 6872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:48:06.0113 6872 LSI_SCSI - ok
16:48:06.0132 6872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:48:06.0188 6872 luafv - ok
16:48:06.0229 6872 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
16:48:06.0242 6872 MBAMProtector - ok
16:48:06.0291 6872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:48:06.0304 6872 megasas - ok
16:48:06.0327 6872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:48:06.0346 6872 MegaSR - ok
16:48:06.0367 6872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:48:06.0425 6872 Modem - ok
16:48:06.0463 6872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:48:06.0497 6872 monitor - ok
16:48:06.0619 6872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:48:06.0642 6872 mouclass - ok
16:48:06.0732 6872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:48:06.0764 6872 mouhid - ok
16:48:06.0842 6872 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:48:06.0854 6872 mountmgr - ok
16:48:06.0911 6872 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:48:06.0925 6872 mpio - ok
16:48:06.0942 6872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:48:07.0005 6872 mpsdrv - ok
16:48:07.0046 6872 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:48:07.0139 6872 MRxDAV - ok
16:48:07.0185 6872 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:07.0252 6872 mrxsmb - ok
16:48:07.0316 6872 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:07.0361 6872 mrxsmb10 - ok
16:48:07.0386 6872 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:07.0400 6872 mrxsmb20 - ok
16:48:07.0462 6872 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:48:07.0499 6872 msahci - ok
16:48:07.0577 6872 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:48:07.0593 6872 msdsm - ok
16:48:07.0643 6872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:48:07.0680 6872 Msfs - ok
16:48:07.0697 6872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:48:07.0781 6872 mshidkmdf - ok
16:48:07.0795 6872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:48:07.0806 6872 msisadrv - ok
16:48:07.0875 6872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:48:07.0933 6872 MSKSSRV - ok
16:48:07.0956 6872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:08.0033 6872 MSPCLOCK - ok
16:48:08.0062 6872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:48:08.0126 6872 MSPQM - ok
16:48:08.0187 6872 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:48:08.0205 6872 MsRPC - ok
16:48:08.0219 6872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:48:08.0230 6872 mssmbios - ok
16:48:08.0249 6872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:48:08.0323 6872 MSTEE - ok
16:48:08.0330 6872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:48:08.0348 6872 MTConfig - ok
16:48:08.0379 6872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:48:08.0392 6872 Mup - ok
16:48:08.0423 6872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:48:08.0472 6872 NativeWifiP - ok
16:48:08.0698 6872 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111107.035\ENG64.SYS
16:48:08.0710 6872 NAVENG - ok
16:48:08.0815 6872 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111107.035\EX64.SYS
16:48:08.0887 6872 NAVEX15 - ok
16:48:09.0014 6872 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:48:09.0050 6872 NDIS - ok
16:48:09.0114 6872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:09.0184 6872 NdisCap - ok
16:48:09.0210 6872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:09.0272 6872 NdisTapi - ok
16:48:09.0315 6872 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:09.0376 6872 Ndisuio - ok
16:48:09.0428 6872 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:09.0482 6872 NdisWan - ok
16:48:09.0526 6872 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:48:09.0581 6872 NDProxy - ok
16:48:09.0617 6872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:48:09.0660 6872 NetBIOS - ok
16:48:09.0710 6872 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:48:09.0765 6872 NetBT - ok
16:48:09.0903 6872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:48:09.0917 6872 nfrd960 - ok
16:48:09.0981 6872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:48:10.0037 6872 Npfs - ok
16:48:10.0047 6872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:48:10.0102 6872 nsiproxy - ok
16:48:10.0200 6872 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:48:10.0250 6872 Ntfs - ok
16:48:10.0262 6872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:48:10.0333 6872 Null - ok
16:48:10.0378 6872 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
16:48:10.0391 6872 NVHDA - ok
16:48:10.0813 6872 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:48:11.0151 6872 nvlddmkm - ok
16:48:11.0223 6872 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:48:11.0237 6872 nvraid - ok
16:48:11.0249 6872 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:48:11.0263 6872 nvstor - ok
16:48:11.0289 6872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:48:11.0302 6872 nv_agp - ok
16:48:11.0367 6872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:48:11.0519 6872 ohci1394 - ok
16:48:11.0606 6872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:48:11.0621 6872 Parport - ok
16:48:11.0671 6872 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:48:11.0684 6872 partmgr - ok
16:48:11.0786 6872 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
16:48:11.0941 6872 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
16:48:12.0006 6872 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:48:12.0020 6872 pci - ok
16:48:12.0032 6872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:48:12.0044 6872 pciide - ok
16:48:12.0064 6872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:12.0079 6872 pcmcia - ok
16:48:12.0094 6872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:48:12.0105 6872 pcw - ok
16:48:12.0126 6872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:48:12.0200 6872 PEAUTH - ok
16:48:12.0315 6872 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:12.0370 6872 PptpMiniport - ok
16:48:12.0388 6872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:48:12.0420 6872 Processor - ok
16:48:12.0495 6872 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:48:12.0573 6872 Psched - ok
16:48:12.0932 6872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:48:13.0075 6872 ql2300 - ok
16:48:13.0127 6872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:48:13.0141 6872 ql40xx - ok
16:48:13.0180 6872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:48:13.0221 6872 QWAVEdrv - ok
16:48:13.0251 6872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:13.0305 6872 RasAcd - ok
16:48:13.0348 6872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:13.0545 6872 RasAgileVpn - ok
16:48:13.0613 6872 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:13.0682 6872 Rasl2tp - ok
16:48:13.0723 6872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:13.0773 6872 RasPppoe - ok
16:48:13.0811 6872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:13.0893 6872 RasSstp - ok
16:48:13.0958 6872 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:14.0015 6872 rdbss - ok
16:48:14.0061 6872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:48:14.0102 6872 rdpbus - ok
16:48:14.0125 6872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:14.0177 6872 RDPCDD - ok
16:48:14.0222 6872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:48:14.0277 6872 RDPENCDD - ok
16:48:14.0302 6872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:48:14.0338 6872 RDPREFMP - ok
16:48:14.0382 6872 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:48:14.0420 6872 RDPWD - ok
16:48:14.0481 6872 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:48:14.0496 6872 rdyboost - ok
16:48:14.0566 6872 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:48:14.0614 6872 RimUsb - ok
16:48:14.0643 6872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:14.0724 6872 rspndr - ok
16:48:14.0779 6872 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:48:14.0842 6872 RTL8167 - ok
16:48:14.0907 6872 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:48:14.0920 6872 sbp2port - ok
16:48:14.0966 6872 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:48:15.0025 6872 scfilter - ok
16:48:15.0055 6872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:48:15.0104 6872 secdrv - ok
16:48:15.0146 6872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:48:15.0176 6872 Serenum - ok
16:48:15.0212 6872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:48:15.0227 6872 Serial - ok
16:48:15.0246 6872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:48:15.0277 6872 sermouse - ok
16:48:15.0335 6872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:48:15.0381 6872 sffdisk - ok
16:48:15.0405 6872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:15.0439 6872 sffp_mmc - ok
16:48:15.0460 6872 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:48:15.0494 6872 sffp_sd - ok
16:48:15.0530 6872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:48:15.0584 6872 sfloppy - ok
16:48:15.0619 6872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:48:15.0632 6872 SiSRaid2 - ok
16:48:15.0646 6872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:48:15.0658 6872 SiSRaid4 - ok
16:48:15.0686 6872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:48:15.0722 6872 Smb - ok
16:48:15.0769 6872 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS
16:48:15.0780 6872 SMR210 - ok
16:48:15.0864 6872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:48:15.0877 6872 spldr - ok
16:48:15.0952 6872 SQTECH9051 (ccef01e9951affc777350cfb0649fe68) C:\Windows\system32\Drivers\Capt9051.sys
16:48:15.0970 6872 SQTECH9051 - ok
16:48:16.0102 6872 SRTSP (1321a6c3c92bbd3f3bbe1292cff8e91a) C:\Windows\System32\Drivers\NISx64\1301010.003\SRTSP64.SYS
16:48:16.0136 6872 SRTSP - ok
16:48:16.0147 6872 SRTSPX (bd129c22c3b8c2e584227269dfa77b09) C:\Windows\system32\drivers\NISx64\1301010.003\SRTSPX64.SYS
16:48:16.0158 6872 SRTSPX - ok
16:48:16.0203 6872 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:48:16.0290 6872 srv - ok
16:48:16.0314 6872 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:48:16.0358 6872 srv2 - ok
16:48:16.0383 6872 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:16.0406 6872 srvnet - ok
16:48:16.0462 6872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:48:16.0473 6872 stexstor - ok
16:48:16.0527 6872 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:48:16.0569 6872 StillCam - ok
16:48:16.0640 6872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:48:16.0653 6872 swenum - ok
16:48:16.0748 6872 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS
16:48:16.0778 6872 SymDS - ok
16:48:16.0874 6872 SymEFA (fe29b18bf86ffcd55d8733c9b01e5042) C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS
16:48:16.0920 6872 SymEFA - ok
16:48:16.0946 6872 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:48:16.0959 6872 SymEvent - ok
16:48:17.0008 6872 SymIRON (dd70da422460fded831d211df151d560) C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS
16:48:17.0032 6872 SymIRON - ok
16:48:17.0081 6872 SymNetS (bce4eb2eef05e388959b46fd21388c2d) C:\Windows\System32\Drivers\NISx64\1301010.003\SYMNETS.SYS
16:48:17.0109 6872 SymNetS - ok
16:48:17.0196 6872 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:48:17.0257 6872 Tcpip - ok
16:48:17.0307 6872 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:17.0343 6872 TCPIP6 - ok
16:48:17.0388 6872 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:48:17.0472 6872 tcpipreg - ok
16:48:17.0519 6872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:48:17.0572 6872 TDPIPE - ok
16:48:17.0598 6872 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:48:17.0651 6872 TDTCP - ok
16:48:17.0705 6872 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:48:17.0747 6872 tdx - ok
16:48:17.0805 6872 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:48:17.0824 6872 TermDD - ok
16:48:17.0959 6872 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:18.0015 6872 tssecsrv - ok
16:48:18.0083 6872 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:48:18.0125 6872 TsUsbFlt - ok
16:48:18.0183 6872 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:48:18.0295 6872 tunnel - ok
16:48:18.0327 6872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:48:18.0339 6872 uagp35 - ok
16:48:18.0405 6872 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:48:18.0460 6872 udfs - ok
16:48:18.0499 6872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:48:18.0511 6872 uliagpkx - ok
16:48:18.0567 6872 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:48:18.0604 6872 umbus - ok
16:48:18.0629 6872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:48:18.0662 6872 UmPass - ok
16:48:18.0721 6872 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:48:18.0783 6872 USBAAPL64 - ok
16:48:18.0868 6872 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:48:18.0915 6872 usbaudio - ok
16:48:18.0970 6872 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:19.0022 6872 usbccgp - ok
16:48:19.0082 6872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:48:19.0120 6872 usbcir - ok
16:48:19.0162 6872 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:48:19.0193 6872 usbehci - ok
16:48:19.0237 6872 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:48:19.0271 6872 usbhub - ok
16:48:19.0304 6872 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:48:19.0336 6872 usbohci - ok
16:48:19.0401 6872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:48:19.0428 6872 usbprint - ok
16:48:19.0495 6872 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:48:19.0532 6872 usbscan - ok
16:48:19.0580 6872 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:48:19.0658 6872 USBSTOR - ok
16:48:19.0751 6872 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:48:19.0784 6872 usbuhci - ok
16:48:19.0864 6872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:48:19.0877 6872 vdrvroot - ok
16:48:19.0893 6872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:19.0947 6872 vga - ok
16:48:19.0970 6872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:48:20.0034 6872 VgaSave - ok
16:48:20.0074 6872 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:48:20.0089 6872 vhdmp - ok
16:48:20.0111 6872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:48:20.0122 6872 viaide - ok
16:48:20.0138 6872 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:48:20.0150 6872 volmgr - ok
16:48:20.0218 6872 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:48:20.0239 6872 volmgrx - ok
16:48:20.0274 6872 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:48:20.0292 6872 volsnap - ok
16:48:20.0325 6872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:48:20.0342 6872 vsmraid - ok
16:48:20.0355 6872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:48:20.0392 6872 vwifibus - ok
16:48:20.0433 6872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:48:20.0467 6872 WacomPen - ok
16:48:20.0515 6872 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:20.0568 6872 WANARP - ok
16:48:20.0600 6872 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:20.0633 6872 Wanarpv6 - ok
16:48:20.0665 6872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:48:20.0689 6872 Wd - ok
16:48:20.0719 6872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:48:20.0751 6872 Wdf01000 - ok
16:48:20.0786 6872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:48:20.0822 6872 WfpLwf - ok
16:48:20.0878 6872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:48:20.0890 6872 WIMMount - ok
16:48:20.0974 6872 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:48:21.0037 6872 WinUsb - ok
16:48:21.0074 6872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:48:21.0105 6872 WmiAcpi - ok
16:48:21.0150 6872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:48:21.0185 6872 ws2ifsl - ok
16:48:21.0255 6872 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:48:21.0295 6872 WSDPrintDevice - ok
16:48:21.0333 6872 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:48:21.0368 6872 WudfPf - ok
16:48:21.0399 6872 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:21.0471 6872 WUDFRd - ok
16:48:21.0543 6872 X5XS64Ex (4b238d439f252fbd9cc4711a13563c62) C:\Program Files (x86)\Verizon Games on Demand Player\X5XS64Ex.Sys
16:48:21.0554 6872 X5XS64Ex - ok
16:48:21.0658 6872 X5XSEx_Pr135 (8c6413d62c891d8da084a31da53a09e6) C:\Program Files (x86)\Verizon Games Player\X5XSEx.Sys
16:48:21.0669 6872 X5XSEx_Pr135 - ok
16:48:21.0705 6872 MBR (0x1B8) (41454a8624156a8407dc2e1700009138) \Device\Harddisk0\DR0
16:48:21.0892 6872 \Device\Harddisk0\DR0 - ok
16:48:21.0896 6872 Boot (0x1200) (6a30efb8566fff6684e843f1abb4472f) \Device\Harddisk0\DR0\Partition0
16:48:21.0896 6872 \Device\Harddisk0\DR0\Partition0 - ok
16:48:21.0958 6872 Boot (0x1200) (d9b095ee7170ea8bf58dd348ed2c5017) \Device\Harddisk0\DR0\Partition1
16:48:21.0959 6872 \Device\Harddisk0\DR0\Partition1 - ok
16:48:21.0996 6872 Boot (0x1200) (a4852f832016e2fcd6b04d6a4ce34903) \Device\Harddisk0\DR0\Partition2
16:48:21.0997 6872 \Device\Harddisk0\DR0\Partition2 - ok
16:48:21.0997 6872 ============================================================
16:48:21.0997 6872 Scan finished
16:48:21.0997 6872 ============================================================
16:48:22.0011 4328 Detected object count: 0
16:48:22.0011 4328 Actual detected object count: 0
16:52:08.0505 5268 ============================================================
16:52:08.0505 5268 Scan started
16:52:08.0505 5268 Mode: Manual; SigCheck; TDLFS;
16:52:08.0505 5268 ============================================================
16:52:09.0023 5268 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:52:09.0052 5268 1394ohci - ok
16:52:09.0085 5268 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:52:09.0100 5268 ACPI - ok
16:52:09.0143 5268 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:52:09.0161 5268 AcpiPmi - ok
16:52:09.0200 5268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:52:09.0217 5268 adp94xx - ok
16:52:09.0227 5268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:52:09.0243 5268 adpahci - ok
16:52:09.0258 5268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:52:09.0271 5268 adpu320 - ok
16:52:09.0349 5268 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:52:09.0369 5268 AFD - ok
16:52:09.0388 5268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:52:09.0399 5268 agp440 - ok
16:52:09.0421 5268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:52:09.0431 5268 aliide - ok
16:52:09.0449 5268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:52:09.0460 5268 amdide - ok
16:52:09.0476 5268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:52:09.0489 5268 AmdK8 - ok
16:52:09.0508 5268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:52:09.0521 5268 AmdPPM - ok
16:52:09.0544 5268 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:52:09.0556 5268 amdsata - ok
16:52:09.0579 5268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:52:09.0591 5268 amdsbs - ok
16:52:09.0610 5268 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:52:09.0621 5268 amdxata - ok
16:52:09.0667 5268 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:52:09.0705 5268 AppID - ok
16:52:09.0723 5268 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:52:09.0738 5268 arc - ok
16:52:09.0746 5268 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:52:09.0759 5268 arcsas - ok
16:52:09.0790 5268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:52:09.0823 5268 AsyncMac - ok
16:52:09.0842 5268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:52:09.0853 5268 atapi - ok
16:52:09.0882 5268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:52:09.0899 5268 b06bdrv - ok
16:52:09.0919 5268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:52:09.0933 5268 b57nd60a - ok
16:52:09.0959 5268 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:52:09.0992 5268 Beep - ok
16:52:10.0235 5268 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111027.001\BHDrvx64.sys
16:52:10.0262 5268 BHDrvx64 - ok
16:52:10.0275 5268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:52:10.0288 5268 blbdrive - ok
16:52:10.0353 5268 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:52:10.0368 5268 bowser - ok
16:52:10.0387 5268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:52:10.0405 5268 BrFiltLo - ok
16:52:10.0425 5268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:52:10.0443 5268 BrFiltUp - ok
16:52:10.0468 5268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:52:10.0487 5268 Brserid - ok
16:52:10.0504 5268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:52:10.0520 5268 BrSerWdm - ok
16:52:10.0540 5268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:52:10.0555 5268 BrUsbMdm - ok
16:52:10.0564 5268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:52:10.0578 5268 BrUsbSer - ok
16:52:10.0596 5268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:52:10.0612 5268 BTHMODEM - ok
16:52:10.0626 5268 catchme - ok
16:52:10.0725 5268 ccSet_NIS (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys
16:52:10.0737 5268 ccSet_NIS - ok
16:52:10.0749 5268 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:52:10.0786 5268 cdfs - ok
16:52:10.0836 5268 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:52:10.0852 5268 cdrom - ok
16:52:10.0873 5268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:52:10.0891 5268 circlass - ok
16:52:10.0929 5268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:52:10.0948 5268 CLFS - ok
16:52:10.0972 5268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:52:10.0986 5268 CmBatt - ok
16:52:10.0999 5268 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:52:11.0010 5268 cmdide - ok
16:52:11.0074 5268 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:52:11.0097 5268 CNG - ok
16:52:11.0114 5268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:52:11.0124 5268 Compbatt - ok
16:52:11.0167 5268 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:52:11.0182 5268 CompositeBus - ok
16:52:11.0193 5268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:52:11.0204 5268 crcdisk - ok
16:52:11.0271 5268 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:52:11.0308 5268 DfsC - ok
16:52:11.0321 5268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:52:11.0354 5268 discache - ok
16:52:11.0365 5268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:52:11.0376 5268 Disk - ok
16:52:11.0426 5268 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:52:11.0445 5268 Dot4 - ok
16:52:11.0510 5268 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:52:11.0528 5268 Dot4Print - ok
16:52:11.0537 5268 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:52:11.0553 5268 dot4usb - ok
16:52:11.0582 5268 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:52:11.0597 5268 drmkaud - ok
16:52:11.0673 5268 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:52:11.0700 5268 DXGKrnl - ok
16:52:11.0779 5268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:52:11.0826 5268 ebdrv - ok
16:52:11.0930 5268 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:52:11.0946 5268 eeCtrl - ok
16:52:11.0983 5268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:52:12.0000 5268 elxstor - ok
16:52:12.0057 5268 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:52:12.0066 5268 EraserUtilRebootDrv - ok
16:52:12.0113 5268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:52:12.0128 5268 ErrDev - ok
16:52:12.0159 5268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:52:12.0194 5268 exfat - ok
16:52:12.0210 5268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:52:12.0245 5268 fastfat - ok
16:52:12.0267 5268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:52:12.0280 5268 fdc - ok
16:52:12.0306 5268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:52:12.0318 5268 FileInfo - ok
16:52:12.0331 5268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:52:12.0363 5268 Filetrace - ok
16:52:12.0381 5268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:52:12.0394 5268 flpydisk - ok
16:52:12.0452 5268 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:52:12.0468 5268 FltMgr - ok
16:52:12.0487 5268 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:52:12.0500 5268 FsDepends - ok
16:52:12.0516 5268 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:52:12.0526 5268 Fs_Rec - ok
16:52:12.0580 5268 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:52:12.0597 5268 fvevol - ok
16:52:12.0614 5268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:52:12.0628 5268 gagp30kx - ok
16:52:12.0674 5268 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:52:12.0683 5268 GEARAspiWDM - ok
16:52:12.0711 5268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:52:12.0726 5268 hcw85cir - ok
16:52:12.0789 5268 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:52:12.0808 5268 HDAudBus - ok
16:52:12.0840 5268 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:52:12.0851 5268 HECIx64 - ok
16:52:12.0867 5268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:52:12.0883 5268 HidBatt - ok
16:52:12.0891 5268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:52:12.0910 5268 HidBth - ok
16:52:12.0931 5268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:52:12.0946 5268 HidIr - ok
16:52:12.0963 5268 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:52:12.0976 5268 HidUsb - ok
16:52:13.0021 5268 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:52:13.0032 5268 HpSAMD - ok
16:52:13.0087 5268 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:52:13.0126 5268 HTTP - ok
16:52:13.0183 5268 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:52:13.0196 5268 hwpolicy - ok
16:52:13.0213 5268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:52:13.0229 5268 i8042prt - ok
16:52:13.0253 5268 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:52:13.0272 5268 iaStorV - ok
16:52:13.0527 5268 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111104.030\IDSvia64.sys
16:52:13.0543 5268 IDSVia64 - ok
16:52:13.0563 5268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:52:13.0574 5268 iirsp - ok
16:52:13.0633 5268 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
16:52:13.0666 5268 IntcAzAudAddService - ok
16:52:13.0710 5268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:52:13.0722 5268 intelide - ok
16:52:13.0739 5268 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:52:13.0756 5268 intelppm - ok
16:52:13.0813 5268 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:52:13.0852 5268 IpFilterDriver - ok
16:52:13.0870 5268 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:52:13.0884 5268 IPMIDRV - ok
16:52:13.0905 5268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:52:13.0938 5268 IPNAT - ok
16:52:13.0959 5268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:52:13.0976 5268 IRENUM - ok
16:52:14.0004 5268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:52:14.0015 5268 isapnp - ok
16:52:14.0043 5268 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:52:14.0056 5268 iScsiPrt - ok
16:52:14.0080 5268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:52:14.0092 5268 kbdclass - ok
16:52:14.0146 5268 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:52:14.0159 5268 kbdhid - ok
16:52:14.0174 5268 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:52:14.0187 5268 KSecDD - ok
16:52:14.0238 5268 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:52:14.0252 5268 KSecPkg - ok
16:52:14.0274 5268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:52:14.0312 5268 ksthunk - ok
16:52:14.0371 5268 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:52:14.0411 5268 lltdio - ok
16:52:14.0438 5268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:52:14.0450 5268 LSI_FC - ok
16:52:14.0466 5268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:52:14.0477 5268 LSI_SAS - ok
16:52:14.0492 5268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:52:14.0503 5268 LSI_SAS2 - ok
16:52:14.0524 5268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:52:14.0536 5268 LSI_SCSI - ok
16:52:14.0556 5268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:52:14.0591 5268 luafv - ok
16:52:14.0636 5268 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
16:52:14.0649 5268 MBAMProtector - ok
16:52:14.0673 5268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:52:14.0686 5268 megasas - ok
16:52:14.0701 5268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:52:14.0717 5268 MegaSR - ok
16:52:14.0741 5268 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:52:14.0775 5268 Modem - ok
16:52:14.0795 5268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:52:14.0811 5268 monitor - ok
16:52:14.0826 5268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:52:14.0837 5268 mouclass - ok
16:52:14.0848 5268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:52:14.0861 5268 mouhid - ok
16:52:14.0916 5268 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:52:14.0930 5268 mountmgr - ok
16:52:14.0976 5268 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:52:14.0991 5268 mpio - ok
16:52:15.0008 5268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:52:15.0049 5268 mpsdrv - ok
16:52:15.0103 5268 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:52:15.0125 5268 MRxDAV - ok
16:52:15.0167 5268 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:52:15.0181 5268 mrxsmb - ok
16:52:15.0239 5268 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:52:15.0257 5268 mrxsmb10 - ok
16:52:15.0276 5268 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:52:15.0289 5268 mrxsmb20 - ok
16:52:15.0336 5268 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:52:15.0347 5268 msahci - ok
16:52:15.0367 5268 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:52:15.0379 5268 msdsm - ok
16:52:15.0417 5268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:52:15.0450 5268 Msfs - ok
16:52:15.0463 5268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:52:15.0496 5268 mshidkmdf - ok
16:52:15.0510 5268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:52:15.0522 5268 msisadrv - ok
16:52:15.0549 5268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:52:15.0581 5268 MSKSSRV - ok
16:52:15.0588 5268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:52:15.0622 5268 MSPCLOCK - ok
16:52:15.0636 5268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:52:15.0668 5268 MSPQM - ok
16:52:15.0727 5268 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:52:15.0745 5268 MsRPC - ok
16:52:15.0768 5268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:52:15.0781 5268 mssmbios - ok
16:52:15.0798 5268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:52:15.0836 5268 MSTEE - ok
16:52:15.0843 5268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:52:15.0857 5268 MTConfig - ok
16:52:15.0878 5268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:52:15.0888 5268 Mup - ok
16:52:15.0913 5268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:52:15.0933 5268 NativeWifiP - ok
16:52:16.0155 5268 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111107.035\ENG64.SYS
16:52:16.0165 5268 NAVENG - ok
16:52:16.0221 5268 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111107.035\EX64.SYS
16:52:16.0260 5268 NAVEX15 - ok
16:52:16.0321 5268 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:52:16.0347 5268 NDIS - ok
16:52:16.0363 5268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:52:16.0396 5268 NdisCap - ok
16:52:16.0417 5268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:52:16.0450 5268 NdisTapi - ok
16:52:16.0506 5268 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:52:16.0545 5268 Ndisuio - ok
16:52:16.0602 5268 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:52:16.0641 5268 NdisWan - ok
16:52:16.0691 5268 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:52:16.0729 5268 NDProxy - ok
16:52:16.0749 5268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:52:16.0783 5268 NetBIOS - ok
16:52:16.0834 5268 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:52:16.0874 5268 NetBT - ok
16:52:16.0910 5268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:52:16.0921 5268 nfrd960 - ok
16:52:16.0946 5268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:52:16.0979 5268 Npfs - ok
16:52:16.0989 5268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:52:17.0023 5268 nsiproxy - ok
16:52:17.0099 5268 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:52:17.0134 5268 Ntfs - ok
16:52:17.0144 5268 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:52:17.0177 5268 Null - ok
16:52:17.0202 5268 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
16:52:17.0212 5268 NVHDA - ok
16:52:17.0445 5268 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:52:17.0633 5268 nvlddmkm - ok
16:52:17.0697 5268 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:52:17.0712 5268 nvraid - ok
16:52:17.0723 5268 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:52:17.0735 5268 nvstor - ok
16:52:17.0762 5268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:52:17.0774 5268 nv_agp - ok
16:52:17.0824 5268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:52:17.0837 5268 ohci1394 - ok
16:52:17.0871 5268 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:52:17.0885 5268 Parport - ok
16:52:17.0895 5268 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:52:17.0907 5268 partmgr - ok
16:52:17.0985 5268 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
16:52:17.0998 5268 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
16:52:18.0022 5268 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:52:18.0036 5268 pci - ok
16:52:18.0048 5268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:52:18.0059 5268 pciide - ok
16:52:18.0079 5268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:52:18.0092 5268 pcmcia - ok
16:52:18.0110 5268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:52:18.0121 5268 pcw - ok
16:52:18.0142 5268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:52:18.0180 5268 PEAUTH - ok
16:52:18.0256 5268 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:52:18.0289 5268 PptpMiniport - ok
16:52:18.0304 5268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:52:18.0317 5268 Processor - ok
16:52:18.0369 5268 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:52:18.0401 5268 Psched - ok
16:52:18.0438 5268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:52:18.0469 5268 ql2300 - ok
16:52:18.0484 5268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:52:18.0496 5268 ql40xx - ok
16:52:18.0512 5268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:52:18.0530 5268 QWAVEdrv - ok
16:52:18.0551 5268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:52:18.0584 5268 RasAcd - ok
16:52:18.0605 5268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:52:18.0638 5268 RasAgileVpn - ok
16:52:18.0695 5268 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:52:18.0734 5268 Rasl2tp - ok
16:52:18.0755 5268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:52:18.0790 5268 RasPppoe - ok
16:52:18.0801 5268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:52:18.0835 5268 RasSstp - ok
16:52:18.0882 5268 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:52:18.0916 5268 rdbss - ok
16:52:18.0927 5268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:52:18.0943 5268 rdpbus - ok
16:52:18.0958 5268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:52:18.0991 5268 RDPCDD - ok
16:52:19.0004 5268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:52:19.0038 5268 RDPENCDD - ok
16:52:19.0051 5268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:52:19.0084 5268 RDPREFMP - ok
16:52:19.0148 5268 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:52:19.0188 5268 RDPWD - ok
16:52:19.0247 5268 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:52:19.0262 5268 rdyboost - ok
16:52:19.0323 5268 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:52:19.0337 5268 RimUsb - ok
16:52:19.0359 5268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:52:19.0395 5268 rspndr - ok
16:52:19.0428 5268 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:52:19.0442 5268 RTL8167 - ok
16:52:19.0498 5268 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:52:19.0512 5268 sbp2port - ok
16:52:19.0557 5268 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:52:19.0592 5268 scfilter - ok
16:52:19.0612 5268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:52:19.0646 5268 secdrv - ok
16:52:19.0670 5268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:52:19.0683 5268 Serenum - ok
16:52:19.0694 5268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:52:19.0708 5268 Serial - ok
16:52:19.0728 5268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:52:19.0741 5268 sermouse - ok
16:52:19.0792 5268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:52:19.0810 5268 sffdisk - ok
16:52:19.0829 5268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:52:19.0844 5268 sffp_mmc - ok
16:52:19.0859 5268 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:52:19.0875 5268 sffp_sd - ok
16:52:19.0896 5268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:52:19.0909 5268 sfloppy - ok
16:52:19.0926 5268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:52:19.0937 5268 SiSRaid2 - ok
16:52:19.0953 5268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:52:19.0965 5268 SiSRaid4 - ok
16:52:19.0986 5268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:52:20.0020 5268 Smb - ok
16:52:20.0059 5268 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS
16:52:20.0070 5268 SMR210 - ok
16:52:20.0089 5268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:52:20.0102 5268 spldr - ok
16:52:20.0167 5268 SQTECH9051 (ccef01e9951affc777350cfb0649fe68) C:\Windows\system32\Drivers\Capt9051.sys
16:52:20.0176 5268 SQTECH9051 - ok
16:52:20.0277 5268 SRTSP (1321a6c3c92bbd3f3bbe1292cff8e91a) C:\Windows\System32\Drivers\NISx64\1301010.003\SRTSP64.SYS
16:52:20.0297 5268 SRTSP - ok
16:52:20.0313 5268 SRTSPX (bd129c22c3b8c2e584227269dfa77b09) C:\Windows\system32\drivers\NISx64\1301010.003\SRTSPX64.SYS
16:52:20.0322 5268 SRTSPX - ok
16:52:20.0369 5268 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:52:20.0388 5268 srv - ok
16:52:20.0413 5268 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:52:20.0429 5268 srv2 - ok
16:52:20.0449 5268 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:52:20.0462 5268 srvnet - ok
16:52:20.0486 5268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:52:20.0497 5268 stexstor - ok
16:52:20.0551 5268 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:52:20.0566 5268 StillCam - ok
16:52:20.0614 5268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:52:20.0627 5268 swenum - ok
16:52:20.0656 5268 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS
16:52:20.0671 5268 SymDS - ok
16:52:20.0697 5268 SymEFA (fe29b18bf86ffcd55d8733c9b01e5042) C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS
16:52:20.0719 5268 SymEFA - ok
16:52:20.0737 5268 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:52:20.0748 5268 SymEvent - ok
16:52:20.0790 5268 SymIRON (dd70da422460fded831d211df151d560) C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS
16:52:20.0801 5268 SymIRON - ok
16:52:20.0822 5268 SymNetS (bce4eb2eef05e388959b46fd21388c2d) C:\Windows\System32\Drivers\NISx64\1301010.003\SYMNETS.SYS
16:52:20.0835 5268 SymNetS - ok
16:52:20.0919 5268 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:52:20.0961 5268 Tcpip - ok
16:52:21.0003 5268 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:52:21.0040 5268 TCPIP6 - ok
16:52:21.0087 5268 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:52:21.0125 5268 tcpipreg - ok
16:52:21.0143 5268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:52:21.0180 5268 TDPIPE - ok
16:52:21.0198 5268 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:52:21.0231 5268 TDTCP - ok
16:52:21.0288 5268 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:52:21.0325 5268 tdx - ok
16:52:21.0336 5268 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:52:21.0347 5268 TermDD - ok
16:52:21.0407 5268 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:52:21.0445 5268 tssecsrv - ok
16:52:21.0490 5268 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:52:21.0502 5268 TsUsbFlt - ok
16:52:21.0548 5268 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:52:21.0580 5268 tunnel - ok
16:52:21.0591 5268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:52:21.0603 5268 uagp35 - ok
16:52:21.0661 5268 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:52:21.0703 5268 udfs - ok
16:52:21.0730 5268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:52:21.0745 5268 uliagpkx - ok
16:52:21.0790 5268 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:52:21.0806 5268 umbus - ok
16:52:21.0819 5268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:52:21.0833 5268 UmPass - ok
16:52:21.0860 5268 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:52:21.0873 5268 USBAAPL64 - ok
16:52:21.0916 5268 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:52:21.0935 5268 usbaudio - ok
16:52:21.0985 5268 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:52:22.0001 5268 usbccgp - ok
16:52:22.0055 5268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:52:22.0073 5268 usbcir - ok
16:52:22.0118 5268 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:52:22.0134 5268 usbehci - ok
16:52:22.0152 5268 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:52:22.0168 5268 usbhub - ok
16:52:22.0218 5268 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:52:22.0231 5268 usbohci - ok
16:52:22.0250 5268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:52:22.0265 5268 usbprint - ok
16:52:22.0326 5268 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:52:22.0345 5268 usbscan - ok
16:52:22.0362 5268 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:22.0377 5268 USBSTOR - ok
16:52:22.0432 5268 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:52:22.0447 5268 usbuhci - ok
16:52:22.0463 5268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:52:22.0473 5268 vdrvroot - ok
16:52:22.0491 5268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:22.0507 5268 vga - ok
16:52:22.0518 5268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:52:22.0553 5268 VgaSave - ok
16:52:22.0574 5268 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:52:22.0587 5268 vhdmp - ok
16:52:22.0610 5268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:52:22.0622 5268 viaide - ok
16:52:22.0638 5268 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:52:22.0649 5268 volmgr - ok
16:52:22.0712 5268 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:52:22.0730 5268 volmgrx - ok
16:52:22.0749 5268 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:52:22.0763 5268 volsnap - ok
16:52:22.0782 5268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:52:22.0795 5268 vsmraid - ok
16:52:22.0813 5268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:52:22.0828 5268 vwifibus - ok
16:52:22.0849 5268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:52:22.0863 5268 WacomPen - ok
16:52:22.0881 5268 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:22.0913 5268 WANARP - ok
16:52:22.0917 5268 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:22.0950 5268 Wanarpv6 - ok
16:52:22.0972 5268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:52:22.0983 5268 Wd - ok
16:52:23.0001 5268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:52:23.0022 5268 Wdf01000 - ok
16:52:23.0052 5268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:52:23.0086 5268 WfpLwf - ok
16:52:23.0102 5268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:52:23.0114 5268 WIMMount - ok
16:52:23.0207 5268 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:52:23.0225 5268 WinUsb - ok
16:52:23.0331 5268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:52:23.0347 5268 WmiAcpi - ok
16:52:23.0383 5268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:52:23.0416 5268 ws2ifsl - ok
16:52:23.0471 5268 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:52:23.0489 5268 WSDPrintDevice - ok
16:52:23.0541 5268 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:52:23.0578 5268 WudfPf - ok
16:52:23.0599 5268 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:23.0632 5268 WUDFRd - ok
16:52:23.0675 5268 X5XS64Ex (4b238d439f252fbd9cc4711a13563c62) C:\Program Files (x86)\Verizon Games on Demand Player\X5XS64Ex.Sys
16:52:23.0685 5268 X5XS64Ex - ok
16:52:23.0757 5268 X5XSEx_Pr135 (8c6413d62c891d8da084a31da53a09e6) C:\Program Files (x86)\Verizon Games Player\X5XSEx.Sys
16:52:23.0769 5268 X5XSEx_Pr135 - ok
16:52:23.0788 5268 MBR (0x1B8) (41454a8624156a8407dc2e1700009138) \Device\Harddisk0\DR0
16:52:23.0966 5268 \Device\Harddisk0\DR0 - ok
16:52:23.0969 5268 Boot (0x1200) (6a30efb8566fff6684e843f1abb4472f) \Device\Harddisk0\DR0\Partition0
16:52:23.0970 5268 \Device\Harddisk0\DR0\Partition0 - ok
16:52:24.0003 5268 Boot (0x1200) (d9b095ee7170ea8bf58dd348ed2c5017) \Device\Harddisk0\DR0\Partition1
16:52:24.0004 5268 \Device\Harddisk0\DR0\Partition1 - ok
16:52:24.0037 5268 Boot (0x1200) (a4852f832016e2fcd6b04d6a4ce34903) \Device\Harddisk0\DR0\Partition2
16:52:24.0038 5268 \Device\Harddisk0\DR0\Partition2 - ok
16:52:24.0038 5268 ============================================================
16:52:24.0038 5268 Scan finished
16:52:24.0038 5268 ============================================================
16:52:24.0047 4520 Detected object count: 0
16:52:24.0047 4520 Actual detected object count: 0
16:52:26.0273 4772 Deinitialize success

MBRcheck report:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: BN457AV-ABA HPE-110t
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 201):
0x02E18000 \SystemRoot\system32\ntoskrnl.exe
0x03401000 \SystemRoot\system32\hal.dll
0x00BCF000 \SystemRoot\system32\kdcom.dll
0x00C0A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C59000 \SystemRoot\system32\PSHED.dll
0x00C6D000 \SystemRoot\system32\CLFS.SYS
0x00CCB000 \SystemRoot\system32\CI.dll
0x00E53000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F06000 \SystemRoot\system32\drivers\ACPI.sys
0x00F5D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F66000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F70000 \SystemRoot\system32\drivers\pci.sys
0x00FA3000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FB0000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC5000 \SystemRoot\system32\drivers\volmgr.sys
0x00D8B000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FDA000 \SystemRoot\system32\drivers\intelide.sys
0x00FE2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E1A000 \SystemRoot\system32\drivers\pciide.sys
0x00E21000 \SystemRoot\system32\drivers\atapi.sys
0x01026000 \SystemRoot\system32\drivers\ataport.SYS
0x01050000 \SystemRoot\system32\drivers\amdxata.sys
0x0105B000 \SystemRoot\system32\drivers\fltmgr.sys
0x010A7000 \SystemRoot\system32\drivers\NISx64\1301010.003\SYMDS64.SYS
0x01118000 \SystemRoot\system32\drivers\fileinfo.sys
0x012D9000 \SystemRoot\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS
0x01437000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01200000 \SystemRoot\System32\Drivers\msrpc.sys
0x015DA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0125E000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01620000 \SystemRoot\system32\drivers\ndis.sys
0x01713000 \SystemRoot\system32\drivers\NETIO.SYS
0x01773000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018B0000 \SystemRoot\System32\drivers\tcpip.sys
0x01AB4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AFE000 \SystemRoot\system32\drivers\volsnap.sys
0x01B4A000 \SystemRoot\System32\Drivers\spldr.sys
0x01B52000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B8C000 \SystemRoot\System32\Drivers\mup.sys
0x01B9E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BA7000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BE1000 \SystemRoot\system32\DRIVERS\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01866000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0179E000 \SystemRoot\system32\drivers\NISx64\1301010.003\ccSetx64.sys
0x017CC000 \SystemRoot\system32\drivers\NISx64\1301010.003\Ironx64.SYS
0x01890000 \SystemRoot\System32\Drivers\Null.SYS
0x01899000 \SystemRoot\System32\Drivers\Beep.SYS
0x018A0000 \SystemRoot\System32\drivers\vga.sys
0x0112C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01600000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01610000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0141B000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01424000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013E7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01151000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01173000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E56000 \SystemRoot\system32\drivers\afd.sys
0x02EDF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F24000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F2D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F53000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F62000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F7D000 \SystemRoot\system32\drivers\termdd.sys
0x02F91000 \SystemRoot\System32\Drivers\NISx64\1301010.003\SYMNETS.SYS
0x02E00000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x02E37000 \SystemRoot\system32\drivers\NISx64\1301010.003\SRTSPX64.SYS
0x01180000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x011D1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x015F5000 \SystemRoot\system32\drivers\mssmbios.sys
0x044E8000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111104.030\IDSvia64.sys
0x04565000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04400000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04426000 \SystemRoot\System32\drivers\discache.sys
0x04435000 \SystemRoot\System32\Drivers\dfsc.sys
0x04453000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040B1000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111027.001\BHDrvx64.sys
0x041D0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04000000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F224000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FF4E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04A62000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B56000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04B9C000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04BC0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04BCD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0FF50000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04BDE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04BEB000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0FF8F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0FFA5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A56000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0FFC9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0F200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04016000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04037000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04051000 \SystemRoot\system32\drivers\kbdclass.sys
0x04060000 \SystemRoot\system32\drivers\mouclass.sys
0x04BFB000 \SystemRoot\system32\drivers\swenum.sys
0x04464000 \SystemRoot\system32\drivers\ks.sys
0x0406F000 \SystemRoot\system32\drivers\umbus.sys
0x04C03000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04C5D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04C72000 \SystemRoot\system32\drivers\nvhda64v.sys
0x04C8B000 \SystemRoot\system32\drivers\portcls.sys
0x04CC8000 \SystemRoot\system32\drivers\drmk.sys
0x04CEA000 \SystemRoot\system32\drivers\ksthunk.sys
0x05E08000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05FF0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04CF0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04CFC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04D05000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04D18000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05FFE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04D35000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x04D46000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x04D52000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x04D62000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x04D8A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04DA5000 \SystemRoot\system32\drivers\Dot4Prt.sys
0x04DAF000 \SystemRoot\system32\drivers\hidusb.sys
0x04DBD000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x04DD6000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x04DDF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04DEC000 \SystemRoot\system32\drivers\kbdhid.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x04081000 \SystemRoot\System32\drivers\Dxapi.sys
0x0408D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00570000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x00920000 \SystemRoot\System32\ATMFD.DLL
0x044A7000 \SystemRoot\system32\drivers\luafv.sys
0x045DE000 \SystemRoot\system32\drivers\WudfPf.sys
0x0409B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x044CA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03C69000 \SystemRoot\system32\drivers\HTTP.sys
0x03D32000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03D50000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03D68000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03D95000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x064C9000 \SystemRoot\system32\drivers\peauth.sys
0x0656F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0657A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x065AB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x065BD000 \??\C:\Program Files (x86)\Verizon Games on Demand Player\X5XS64Ex.Sys
0x065CE000 \??\C:\Program Files (x86)\Verizon Games Player\X5XSEx.Sys
0x06400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0683A000 \SystemRoot\System32\DRIVERS\srv.sys
0x068D2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06903000 \??\C:\Windows\system32\drivers\mbam.sys
0x0697E000 \??\C:\Users\Lincicum\AppData\Local\Temp\aswMBR.sys
0x08E9E000 \SystemRoot\System32\Drivers\NISx64\1301010.003\SRTSP64.SYS
0x08F7C000 \SystemRoot\System32\drivers\SMR210.SYS
0x09005000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111107.035\EX64.SYS
0x08E35000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111107.035\ENG64.SYS
0x76FB0000 \Windows\System32\ntdll.dll
0x47B00000 \Windows\System32\smss.exe
0xFF2D0000 \Windows\System32\apisetschema.dll
0xFF3A0000 \Windows\System32\autochk.exe
0xFF240000 \Windows\System32\shlwapi.dll
0xFF1A0000 \Windows\System32\comdlg32.dll
0xFF170000 \Windows\System32\imm32.dll
0xFF040000 \Windows\System32\rpcrt4.dll
0xFF030000 \Windows\System32\nsi.dll
0x76E50000 \Windows\System32\wininet.dll
0xFEFD0000 \Windows\System32\Wldap32.dll
0xFEEC0000 \Windows\System32\msctf.dll
0xFEE40000 \Windows\System32\difxapi.dll
0x77180000 \Windows\System32\psapi.dll
0xFEC60000 \Windows\System32\setupapi.dll
0xFEC50000 \Windows\System32\lpk.dll
0xFEBE0000 \Windows\System32\gdi32.dll
0x77170000 \Windows\System32\normaliz.dll
0xFEB40000 \Windows\System32\clbcatq.dll
0xFE930000 \Windows\System32\ole32.dll
0xFE8E0000 \Windows\System32\ws2_32.dll
0x76D50000 \Windows\System32\user32.dll
0xFE800000 \Windows\System32\advapi32.dll
0x76B40000 \Windows\System32\iertutil.dll
0xFE7E0000 \Windows\System32\imagehlp.dll
0xFE710000 \Windows\System32\usp10.dll
0xFE670000 \Windows\System32\msvcrt.dll
0x76A20000 \Windows\System32\kernel32.dll
0xFE590000 \Windows\System32\oleaut32.dll
0xFD800000 \Windows\System32\shell32.dll
0xFD7E0000 \Windows\System32\sechost.dll
0x768D0000 \Windows\System32\urlmon.dll
0xFD670000 \Windows\System32\crypt32.dll
0xFD5D0000 \Windows\System32\comctl32.dll
0xFD590000 \Windows\System32\cfgmgr32.dll
0xFD570000 \Windows\System32\devobj.dll
0xFD500000 \Windows\System32\KernelBase.dll
0xFD4C0000 \Windows\System32\wintrust.dll
0xFD4B0000 \Windows\System32\msasn1.dll

Processes (total 91):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
452 csrss.exe
512 C:\Windows\System32\wininit.exe
536 csrss.exe
588 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\nvvsvc.exe
852 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
116 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\nvvsvc.exe
1136 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\spoolsv.exe
1372 C:\Windows\System32\svchost.exe
1484 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1560 C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
1580 C:\Program Files\Bonjour\mDNSResponder.exe
1612 C:\Windows\System32\svchost.exe
1676 C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
1732 C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
1756 C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
1864 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1888 C:\Windows\SysWOW64\svchost.exe
1920 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
1980 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2032 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
1520 C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
1812 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2068 C:\Windows\System32\svchost.exe
2096 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2180 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2420 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2460 unsecapp.exe
2636 WmiPrvSE.exe
2936 C:\Windows\System32\svchost.exe
2996 C:\Windows\System32\SearchIndexer.exe
3188 C:\Windows\System32\svchost.exe
3224 WUDFHost.exe
3664 C:\Windows\System32\taskhost.exe
3740 C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
2620 C:\Windows\System32\dwm.exe
3860 C:\Windows\explorer.exe
3884 C:\Windows\System32\taskeng.exe
948 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2916 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
3100 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3932 C:\Program Files\Windows Media Player\wmpnetwk.exe
3776 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
1020 C:\Program Files (x86)\Steam\Steam.exe
1568 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
1236 C:\Program Files (x86)\Verizon Games Player\GPlayer.exe
2740 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
3788 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3528 C:\Users\Lincicum\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
2492 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
4220 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
4236 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
4244 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
4304 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
4348 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4368 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4392 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
4904 C:\Program Files\iPod\bin\iPodService.exe
4120 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
4276 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
748 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
4340 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
5760 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
6056 C:\Windows\System32\svchost.exe
4576 dllhost.exe
5992 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3384 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2092 C:\Windows\splwow64.exe
6464 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
3548 C:\Windows\System32\conhost.exe
844 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
8008 C:\Windows\System32\conhost.exe
3732 C:\Windows\System32\svchost.exe
3972 C:\Windows\System32\audiodg.exe
8668 C:\Windows\servicing\TrustedInstaller.exe
6808 C:\Windows\System32\SearchProtocolHost.exe
1764 C:\Windows\System32\SearchFilterHost.exe
5712 C:\Users\Lincicum\Desktop\MBRCheck.exe
7020 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000092`42c00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-65A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 836B8222B52E34680FA039ADD53A167DBB60B89E

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#11
Homburg

Posted 09 November 2011 - 02:35 PM

Trusted Helper

Malware Removal
665 posts

Hi,

I'd like you to upload a copy of your MBR for online analysis, can you please do the following:

Step 1:

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Enter 1 and press Enter

The following dialog will be presented:

Please select the MBR code to write to this drive:

Enter 0 and press Enter

Type mbrdump when asked for the filename and press enter.

Type -1 and then press enter and then press enter again to exit the program.

This will have saved a copy of your MBR to the desktop which is where you should have the MBRcheck program.

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Click the browse button next to the "Suspicious files to scan" box on the top of the page and browse to the following file on your desktop :
- mbrdump
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button which is at the bottom of the page. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

If VirSCAN is busy or unavailable then go to Jotti for an online scan. Click in the browse box and navigate to the mbrdump file on your desk top and press submit.

Please post the report.

Are you having anymore warnings or problems?

#12
GinaVA3

Posted 10 November 2011 - 09:34 AM

New Member

Topic Starter
Member
9 posts

I have not had any more warnings.

VirSCAN.org Scanned Report :
Scanned time : 2011/11/10 10:31:45 (EST)
Scanner results: Scanners did not find malware!
File Name : mbrdump
File Size : 512 byte
File Type : x86 boot sector; partition 1
MD5 : c32946b60f13e01c8cbc4e66b2506663
SHA1 : 68163879755b0a68f8eb2497f5fb2cbc7f89d71b
Online report : http://r.virscan.org...36091d8b6087a72

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111110200244 2011-11-10 0.27 -
AhnLab V3 2011.11.11.00 2011.11.11 2011-11-11 2.56 -
AntiVir 8.2.6.108 7.11.17.121 2011-11-10 0.27 -
Antiy 2.0.18 20111110.13785877 2011-11-10 0.02 -
Arcavir 2011 201111100211 2011-11-10 2.94 -
Authentium 5.1.1 201111101255 2011-11-10 1.47 -
AVAST! 4.7.4 111110-0 2011-11-10 0.00 -
AVG 8.5.850 271.1.1/3941 2011-10-06 0.23 -
BitDefender 7.90123.9401226 7.39819 2011-11-10 4.56 -
ClamAV 0.97.1 13911 2011-11-10 0.00 -
Comodo 5.1 10735 2011-11-10 1.89 -
CP Secure 1.3.0.5 2011.11.10 2011-11-10 0.02 -
Dr.Web 5.0.2.3300 2011.11.10 2011-11-10 15.83 -
F-Prot 4.6.2.117 20111110 2011-11-10 0.79 -
F-Secure 7.02.73807 2011.11.10.01 2011-11-10 0.10 -
Fortinet 4.3.370 14.337 2011-11-09 0.39 -
GData 22.2744 20111110 2011-11-10 5.78 -
ViRobot 20111110 2011.11.10 2011-11-10 0.38 -
Ikarus T3.1.32.20.0 2011.11.10.79762 2011-11-10 4.83 -
JiangMin 13.0.900 2011.11.10 2011-11-10 2.20 -
Kaspersky 5.5.10 2011.11.10 2011-11-10 0.03 -
KingSoft 2009.2.5.15 2011.11.10.9 2011-11-10 0.87 -
McAfee 5400.1158 6525 2011-11-09 10.88 -
Microsoft 1.7801 2011.11.10 2011-11-10 5.39 -
NOD32 3.0.21 6614 2011-11-09 0.01 -
Norman 6.07.11 6.07.00 2011-09-17 26.03 -
Panda 9.05.01 2011.11.10 2011-11-10 4.94 -
Trend Micro 9.500-1005 8.564.05 2011-11-10 0.02 -
Quick Heal 11.00 2011.11.10 2011-11-10 1.07 -
Rising 20.0 23.83.03.02 2011-11-10 2.91 -
Sophos 3.24.4 4.70 2011-11-10 4.58 -
Sunbelt 3.9.2515.2 11011 2011-11-09 1.43 -
Symantec 1.3.0.24 20111109.007 2011-11-09 0.30 -
nProtect 20111109.01 13164008 2011-11-09 9.32 -
The Hacker 6.7.0.1 v00341 2011-11-10 0.52 -
VBA32 3.12.16.4 20111110.1103 2011-11-10 5.75 -
VirusBuster 5.4.0.10 14.1.56.0/6757028 2011-11-10 0.01 -

#13
Homburg

Posted 10 November 2011 - 02:22 PM

Trusted Helper

Malware Removal
665 posts

Hi,
Everything is looking good, I'd like you to run two final scans just to check for orphans and anything lurking that may not have been picked up by the other tools.

Step 1:

Start Posted Image

MalwareBytes if you still have it, if not download from Here

If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

Step 2:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

#14
GinaVA3

Posted 11 November 2011 - 06:07 AM

New Member

Topic Starter
Member
9 posts

I didn't see Show Results, maybe because it didn't find anything?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8136

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/10/2011 9:17:02 PM
mbam-log-2011-11-10 (21-17-02).txt

Scan type: Quick scan
Objects scanned: 172891
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET found 1 file:

C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan cleaned by deleting - quarantined

I couldn't find that log file in my C: drive.

#15
Homburg

Posted 11 November 2011 - 01:55 PM

Trusted Helper

Malware Removal
665 posts

Hello,

Your PC is now clean

First we'll remove the tools that we've used then look at preventing getting infected again. It's important to remove the tools as it also removes the malware that we currently have quarantined.

Please do the following:

Clean up with OTL:

Double-click OTL.exe to start the program.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.

Follow these steps to uninstall Combofix

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
Please follow the prompts to uninstall Combofix.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

I would advise you to keep MalwareBytes and run it every couple of weeks.

Please delete aswMBR and any remaining logs from your desktop.

Windows Updates.

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.

To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :yes: