Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Use of all system resources and one blue screen


  • Please log in to reply

#1
Sin Cera

Sin Cera

    New Member

  • Member
  • Pip
  • 6 posts
Hello All,

My Laptop has been having problems as of late. I recently have been without my antivirus software and just after I was able to get it back working I have noticed many changes in my computer. I have had a blue screen of death, my computer freezing or taking forever to process information when I have Modzilla open and working; When I have Task Manager open, I have duplicate programs running such as ccsvchst.exe*32 and csrss.exe in my system or WmiPrvSE.exe in both my System and Network. There are many times when I try to close these duplicate programs or others I believe should not be running and they just refuse to close. There are times when I open Modzilla and the saved webpages are unable to open back up and it gives me an error. My laptop has even gone as far as to require me to restore my system due to uninstalling a program I believed to be the problem (movee reveel). I hope that you will be able to help me. I know that something is wrong here and needs to be fixed. I have Norton Antivirus, HiJack This, TuneUpUtilities, and OTL (of which I will post below), but believe that whatever is infecting my system is invisible to Norton. I appreciate your assistance in advance!

-Sin Cera

OTL logfile created on: 4/8/2012 8:25:29 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\SinCera\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.39% Memory free
3.49 Gb Paging File | 2.04 Gb Available in Paging File | 58.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.63 Gb Total Space | 133.46 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.57 Mb Free Space | 93.33% Space Free | Partition Type: FAT32

Computer Name: SINCERA-PC | User Name: SinCera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/08 08:24:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\SinCera\Downloads\OTL.exe
PRC - [2012/03/23 22:46:00 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/16 18:29:35 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/16 18:29:34 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\SinCera\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccsvchst.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/05/16 00:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/05/16 00:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/05/16 00:35:50 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/23 22:46:00 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/16 18:29:34 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/02/18 18:35:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/18 18:35:37 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/27 04:26:56 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/13 12:32:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/08 12:31:40 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/04/14 19:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2009/08/05 00:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2012/03/16 18:29:35 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe -- (NAV)
SRV - [2011/12/08 12:37:14 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 12:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/05/16 00:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/05/16 00:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/25 19:48:20 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 18:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/01/17 18:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/01/17 18:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/01/17 18:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/01/17 18:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/16 16:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/21 23:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/05 01:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 10:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2012/04/08 03:21:42 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\VirusDefs\20120407.016\ex64.sys -- (NAVEX15)
DRV - [2012/04/08 03:21:42 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - [2012/04/08 03:21:42 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\VirusDefs\20120407.016\eng64.sys -- (NAVENG)
DRV - [2012/03/24 16:11:26 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/03/23 15:14:40 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\IPSDefs\20120406.002_b6d\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/17 02:15:00 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\BASHDefs\20120317.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/02/10 10:22:58 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9880938F-ED6F-40A6-AD7F-9C9619124643}
IE:64bit: - HKLM\..\SearchScopes\{86AFD897-95B8-42DB-9AAA-1A0FD3789130}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{9880938F-ED6F-40A6-AD7F-9C9619124643}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {9880938F-ED6F-40A6-AD7F-9C9619124643}
IE - HKLM\..\SearchScopes\{86AFD897-95B8-42DB-9AAA-1A0FD3789130}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{9880938F-ED6F-40A6-AD7F-9C9619124643}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {9880938F-ED6F-40A6-AD7F-9C9619124643}
IE - HKCU\..\SearchScopes\{86AFD897-95B8-42DB-9AAA-1A0FD3789130}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2011-12-13 17:54:53&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9880938F-ED6F-40A6-AD7F-9C9619124643}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/31 06:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\IPSFFPlgn\ [2012/04/08 07:13:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/23 22:46:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/11 01:51:25 | 000,000,000 | ---D | M]

[2011/02/16 22:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SinCera\AppData\Roaming\Mozilla\Extensions
[2012/01/26 04:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SinCera\AppData\Roaming\Mozilla\Firefox\Profiles\964p6d1x.default\extensions
[2012/01/26 04:01:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\SinCera\AppData\Roaming\Mozilla\Firefox\Profiles\964p6d1x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/13 18:55:10 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\SinCera\AppData\Roaming\Mozilla\Firefox\Profiles\964p6d1x.default\extensions\[email protected]
[2011/11/11 01:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/23 22:46:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/16 18:29:33 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/25 21:41:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/25 21:41:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\SinCera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\SinCera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1554F6A7-D38C-483A-928D-6EE74FA06F66}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6696AEB-8B9F-48BD-9821-6AC3BD641B68}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6ddc680e-4565-11e1-b868-c80aa94c82bc}\Shell - "" = AutoRun
O33 - MountPoints2\{6ddc680e-4565-11e1-b868-c80aa94c82bc}\Shell\AutoRun\command - "" = G:\PhotoViewer.exe
O33 - MountPoints2\{6ddc6822-4565-11e1-b868-c80aa94c82bc}\Shell - "" = AutoRun
O33 - MountPoints2\{6ddc6822-4565-11e1-b868-c80aa94c82bc}\Shell\AutoRun\command - "" = G:\PhotoViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 03:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2012/04/01 02:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/01 02:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/01 02:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/30 05:31:31 | 000,000,000 | ---D | C] -- C:\Users\SinCera\AppData\Local\Microsoft Games
[2012/03/25 19:48:02 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symnets.sys
[2012/03/25 19:48:01 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symefa64.sys
[2012/03/25 19:48:01 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symds64.sys
[2012/03/25 19:48:01 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.sys
[2012/03/25 19:48:00 | 000,738,936 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.sys
[2012/03/25 19:48:00 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ironx64.sys
[2012/03/25 19:48:00 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.sys
[2012/03/25 19:47:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A
[2012/03/24 15:51:54 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/24 15:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/24 15:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/03/24 15:50:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012/03/24 15:50:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/03/24 15:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012/03/24 15:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2012/03/23 21:56:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/08 07:23:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/08 03:51:30 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSinCera.job
[2012/04/08 03:23:30 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/08 03:23:30 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/08 03:23:30 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/08 03:22:53 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 03:22:53 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 03:19:51 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2012/04/08 03:18:01 | 001,997,334 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\Cat.DB
[2012/04/08 03:16:07 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/01 02:08:05 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/27 23:42:37 | 000,002,397 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/03/27 23:41:50 | 000,008,727 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\VT20120301.009
[2012/03/25 19:48:20 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/25 19:48:20 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/25 19:48:20 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/23 21:56:10 | 305,270,949 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/20 00:45:38 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\isolate.ini
[2012/03/14 03:29:35 | 000,354,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/09 08:48:03 | 000,006,264 | ---- | M] () -- C:\Users\SinCera\Documents\Model Resume 2011.rtf
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 02:08:04 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/27 23:41:50 | 001,997,334 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\Cat.DB
[2012/03/27 23:41:50 | 000,008,727 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\VT20120301.009
[2012/03/25 19:48:02 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symnet64.cat
[2012/03/25 19:48:02 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symnet.inf
[2012/03/25 19:48:01 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symds64.cat
[2012/03/25 19:48:01 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.cat
[2012/03/25 19:48:01 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symefa64.cat
[2012/03/25 19:48:01 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symefa.inf
[2012/03/25 19:48:01 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symds.inf
[2012/03/25 19:48:01 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.inf
[2012/03/25 19:48:00 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.cat
[2012/03/25 19:48:00 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.cat
[2012/03/25 19:48:00 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\iron.cat
[2012/03/25 19:48:00 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.inf
[2012/03/25 19:48:00 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.inf
[2012/03/25 19:48:00 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\iron.inf
[2012/03/25 19:47:21 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symvtcer.dat
[2012/03/25 19:47:21 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\isolate.ini
[2012/03/24 15:51:54 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/24 15:51:54 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/24 15:51:44 | 000,002,397 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/03/23 21:56:10 | 305,270,949 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/04 14:33:29 | 000,743,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/17 00:16:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/17 00:10:39 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/02/17 00:10:39 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2011/02/18 15:49:31 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/08 03:17:27 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\Dropbox
[2012/04/08 07:13:03 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\FinalTorrent
[2011/02/16 22:32:14 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\PictureMover
[2012/03/30 00:14:38 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\SoftGrid Client
[2011/09/10 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\Tific
[2011/08/09 03:00:10 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\TP
[2011/03/23 12:02:46 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\TuneUp Software
[2011/08/09 03:02:45 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2012/04/08 03:19:51 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\FinalTorrent Update Checker.job
[2011/09/10 12:43:58 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Sin Cera

Sin Cera

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I apologize for adding this, and I know this will delay my reply, but I feel that this information is important. I just realized that OTL gave me an Extras.txt in addition to the regular run. I hope that it helps diagnose the issue. Here is the report:

OTL Extras logfile created on: 4/8/2012 8:25:29 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\SinCera\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.39% Memory free
3.49 Gb Paging File | 2.04 Gb Available in Paging File | 58.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.63 Gb Total Space | 133.46 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.57 Mb Free Space | 93.33% Space Free | Partition Type: FAT32

Computer Name: SINCERA-PC | User Name: SinCera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB7D0926-37A5-4042-9DF4-046BAF608B76}" = Verizon Download Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG Secure Search" = AVG Security Toolbar
"FinalTorrent_is1" = FinalTorrent 2011
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NAV" = Norton AntiVirus
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Trusted Software Assistant_is1" = File Type Assistant
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2012 10:39:20 PM | Computer Name = SINCERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2652

Error - 4/6/2012 10:39:21 PM | Computer Name = SINCERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2012 10:39:21 PM | Computer Name = SINCERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4103

Error - 4/6/2012 10:39:21 PM | Computer Name = SINCERA-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4103

Error - 4/7/2012 2:13:26 AM | Computer Name = SinCera-PC | Source = Wininit | ID = 1015
Description = A critical system process, C:\Windows\system32\lsass.exe, failed with
status code 1. The machine must now be restarted.

Error - 4/8/2012 7:23:46 AM | Computer Name = SinCera-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/8/2012 7:23:47 AM | Computer Name = SinCera-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1823542

Error - 4/8/2012 7:23:47 AM | Computer Name = SinCera-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1823542

Error - 4/8/2012 8:04:08 AM | Computer Name = SinCera-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/8/2012 8:05:32 AM | Computer Name = SinCera-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ Hewlett-Packard Events ]
Error - 12/18/2011 3:16:04 AM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 12/18/2011 3:16:06 AM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 12/18/2011 3:16:07 AM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 12/18/2011 3:16:08 AM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 12/18/2011 3:16:08 AM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 12/18/2011 3:16:08 AM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 12/18/2011 3:16:09 AM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description =

Error - 1/27/2012 6:36:36 PM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 1/27/2012 6:36:37 PM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 3/9/2012 10:45:50 PM | Computer Name = SinCera-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ OSession Events ]
Error - 4/28/2011 2:57:51 PM | Computer Name = SinCera-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 87886
seconds with 3180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/17/2011 11:53:41 AM | Computer Name = SinCera-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the TuneUp.UtilitiesSvc service.

Error - 10/19/2011 1:08:31 PM | Computer Name = SinCera-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NIS service.

Error - 10/21/2011 11:39:00 PM | Computer Name = SinCera-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 10/22/2011 1:53:14 AM | Computer Name = SinCera-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 10/22/2011 9:01:50 AM | Computer Name = SinCera-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/22/2011 9:01:51 AM | Computer Name = SinCera-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/22/2011 1:38:41 PM | Computer Name = SinCera-PC | Source = bowser | ID = 8003
Description =

Error - 10/22/2011 4:15:09 PM | Computer Name = SinCera-PC | Source = bowser | ID = 8003
Description =

Error - 10/24/2011 12:22:20 PM | Computer Name = SinCera-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 10/24/2011 8:45:44 PM | Computer Name = SinCera-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter


< End of report >
  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#4
Sin Cera

Sin Cera

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have already followed the Malware Cleaning Guide and ran the OTL which is posted earlier. I have posted my updated/current OTL report below. This report did not give me an Extra.txt file this time around.

I have had several problems with my laptop. It has given me a blue screen. When I have attempted to uninstall certain programs, it either simply refuses to uninstall or the computer will go to system recovery and make me reinstall the program. At certain times, my laptop never sleeps, due to the fact that my internet is active with constant activity. When I open firefox, it has a problem loading any websites and I often have to reload the websites. Sometimes when I go to websites such as gmail, my bank account, or any other website that requires a logon, even though I am already logged on, the website has logged me out and insist that I log back in, and in some cases ask that I give more personal information such as my phone, social, etc. I have not done anything new since my last post to remove this malware, but I hope that you can help me.

Thank you in advance.

-Gina

OTL logfile created on: 4/12/2012 6:23:17 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\SinCera\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 50.84% Memory free
3.49 Gb Paging File | 2.22 Gb Available in Paging File | 63.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.63 Gb Total Space | 131.04 Gb Free Space | 59.94% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.31 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.57 Mb Free Space | 93.33% Space Free | Partition Type: FAT32

Computer Name: SINCERA-PC | User Name: SinCera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/08 08:24:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\SinCera\Desktop\OTL.exe
PRC - [2012/03/16 18:29:35 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/16 18:29:34 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\SinCera\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccsvchst.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/05/16 00:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/05/16 00:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/05/16 00:35:50 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/16 18:29:34 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/02/18 18:35:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/18 18:35:37 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/13 12:32:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/08 12:31:40 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/04/14 19:56:24 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2009/08/05 00:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2012/03/16 18:29:35 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe -- (NAV)
SRV - [2011/12/08 12:37:14 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 12:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/05/16 00:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/05/16 00:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/25 19:48:20 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 18:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/01/17 18:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/01/17 18:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/01/17 18:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/01/17 18:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/16 16:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/21 23:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/05 01:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 10:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2012/04/12 12:09:51 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\VirusDefs\20120412.001\ex64.sys -- (NAVEX15)
DRV - [2012/04/12 12:09:51 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\VirusDefs\20120412.001\eng64.sys -- (NAVENG)
DRV - [2012/04/10 20:21:19 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/02 19:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\BASHDefs\20120402.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/03/24 16:11:26 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/03/23 15:14:40 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\IPSDefs\20120411.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/10 10:22:58 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9880938F-ED6F-40A6-AD7F-9C9619124643}
IE:64bit: - HKLM\..\SearchScopes\{86AFD897-95B8-42DB-9AAA-1A0FD3789130}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{9880938F-ED6F-40A6-AD7F-9C9619124643}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {9880938F-ED6F-40A6-AD7F-9C9619124643}
IE - HKLM\..\SearchScopes\{86AFD897-95B8-42DB-9AAA-1A0FD3789130}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{9880938F-ED6F-40A6-AD7F-9C9619124643}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2534040931-2084844759-3894506853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-2534040931-2084844759-3894506853-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-2534040931-2084844759-3894506853-1001\..\SearchScopes,DefaultScope = {9880938F-ED6F-40A6-AD7F-9C9619124643}
IE - HKU\S-1-5-21-2534040931-2084844759-3894506853-1001\..\SearchScopes\{86AFD897-95B8-42DB-9AAA-1A0FD3789130}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKU\S-1-5-21-2534040931-2084844759-3894506853-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2011-12-13 17:54:53&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2534040931-2084844759-3894506853-1001\..\SearchScopes\{9880938F-ED6F-40A6-AD7F-9C9619124643}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2534040931-2084844759-3894506853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2534040931-2084844759-3894506853-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/31 06:28:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\IPSFFPlgn\ [2012/04/08 07:13:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/23 22:46:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/11 01:51:25 | 000,000,000 | ---D | M]

[2011/02/16 22:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SinCera\AppData\Roaming\Mozilla\Extensions
[2012/01/26 04:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SinCera\AppData\Roaming\Mozilla\Firefox\Profiles\964p6d1x.default\extensions
[2012/01/26 04:01:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\SinCera\AppData\Roaming\Mozilla\Firefox\Profiles\964p6d1x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/13 18:55:10 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\SinCera\AppData\Roaming\Mozilla\Firefox\Profiles\964p6d1x.default\extensions\[email protected]
[2011/11/11 01:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/23 22:46:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/16 18:29:33 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/25 21:41:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/25 21:41:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2534040931-2084844759-3894506853-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\SinCera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\SinCera\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1554F6A7-D38C-483A-928D-6EE74FA06F66}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6696AEB-8B9F-48BD-9821-6AC3BD641B68}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6ddc680e-4565-11e1-b868-c80aa94c82bc}\Shell - "" = AutoRun
O33 - MountPoints2\{6ddc680e-4565-11e1-b868-c80aa94c82bc}\Shell\AutoRun\command - "" = G:\PhotoViewer.exe
O33 - MountPoints2\{6ddc6822-4565-11e1-b868-c80aa94c82bc}\Shell - "" = AutoRun
O33 - MountPoints2\{6ddc6822-4565-11e1-b868-c80aa94c82bc}\Shell\AutoRun\command - "" = G:\PhotoViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 08:24:38 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\SinCera\Desktop\OTL.exe
[2012/04/08 03:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2012/04/01 02:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/01 02:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/01 02:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/30 05:31:31 | 000,000,000 | ---D | C] -- C:\Users\SinCera\AppData\Local\Microsoft Games
[2012/03/25 19:48:02 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symnets.sys
[2012/03/25 19:48:01 | 001,092,728 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symefa64.sys
[2012/03/25 19:48:01 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symds64.sys
[2012/03/25 19:48:01 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.sys
[2012/03/25 19:48:00 | 000,738,936 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.sys
[2012/03/25 19:48:00 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ironx64.sys
[2012/03/25 19:48:00 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.sys
[2012/03/25 19:47:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A
[2012/03/24 15:51:54 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/24 15:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/24 15:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/03/24 15:50:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2012/03/24 15:50:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/03/24 15:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2012/03/24 15:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2012/03/23 21:56:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/12 17:47:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/12 12:24:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 12:24:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 12:09:52 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\VT20120410.034
[2012/04/11 03:39:32 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/11 03:39:32 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/11 03:39:32 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/11 03:38:54 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2012/04/11 03:34:12 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSinCera.job
[2012/04/11 03:33:53 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/11 03:05:46 | 002,012,190 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\Cat.DB
[2012/04/08 08:24:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\SinCera\Desktop\OTL.exe
[2012/04/01 02:08:05 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/27 23:42:37 | 000,002,397 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/03/25 19:48:20 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/25 19:48:20 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/25 19:48:20 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/23 21:56:10 | 305,270,949 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/20 00:45:38 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\isolate.ini
[2012/03/14 03:29:35 | 000,354,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/12 12:10:28 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\VT20120410.034
[2012/04/01 02:08:04 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/27 23:41:50 | 002,012,190 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\Cat.DB
[2012/03/25 19:48:02 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symnet64.cat
[2012/03/25 19:48:02 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symnet.inf
[2012/03/25 19:48:01 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symds64.cat
[2012/03/25 19:48:01 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.cat
[2012/03/25 19:48:01 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symefa64.cat
[2012/03/25 19:48:01 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symefa.inf
[2012/03/25 19:48:01 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symds.inf
[2012/03/25 19:48:01 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtspx64.inf
[2012/03/25 19:48:00 | 000,007,468 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.cat
[2012/03/25 19:48:00 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.cat
[2012/03/25 19:48:00 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\iron.cat
[2012/03/25 19:48:00 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\srtsp64.inf
[2012/03/25 19:48:00 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\ccsetx64.inf
[2012/03/25 19:48:00 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\iron.inf
[2012/03/25 19:47:21 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\symvtcer.dat
[2012/03/25 19:47:21 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1306020.00A\isolate.ini
[2012/03/24 15:51:54 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/24 15:51:54 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/24 15:51:44 | 000,002,397 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/03/23 21:56:10 | 305,270,949 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/04 14:33:29 | 000,743,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/17 00:16:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/17 00:10:39 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/02/17 00:10:39 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2011/02/18 15:49:31 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/11 03:36:02 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\Dropbox
[2012/04/08 07:13:03 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\FinalTorrent
[2011/02/16 22:32:14 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\PictureMover
[2012/03/30 00:14:38 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\SoftGrid Client
[2011/09/10 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\Tific
[2011/08/09 03:00:10 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\TP
[2011/03/23 12:02:46 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\TuneUp Software
[2011/08/09 03:02:45 | 000,000,000 | ---D | M] -- C:\Users\SinCera\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2012/04/11 03:38:54 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\FinalTorrent Update Checker.job
[2011/09/10 12:43:58 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#5
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
Sin Cera

Sin Cera

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello,

I have run both programs and below are both logs. I have reboot the computer and the computer is still slow to start and firefox still takes quite a bit of resources from the pc when it runs, therefore I still feel that there is something still wrong with my computer.

10:20:42.0271 0876 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
10:20:42.0505 0876 ============================================================
10:20:42.0505 0876 Current date / time: 2012/04/13 10:20:42.0505
10:20:42.0505 0876 SystemInfo:
10:20:42.0505 0876
10:20:42.0505 0876 OS Version: 6.1.7601 ServicePack: 1.0
10:20:42.0505 0876 Product type: Workstation
10:20:42.0505 0876 ComputerName: SINCERA-PC
10:20:42.0505 0876 UserName: SinCera
10:20:42.0505 0876 Windows directory: C:\Windows
10:20:42.0505 0876 System windows directory: C:\Windows
10:20:42.0505 0876 Running under WOW64
10:20:42.0505 0876 Processor architecture: Intel x64
10:20:42.0505 0876 Number of processors: 1
10:20:42.0505 0876 Page size: 0x1000
10:20:42.0505 0876 Boot type: Normal boot
10:20:42.0505 0876 ============================================================
10:20:44.0627 0876 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:20:44.0689 0876 \Device\Harddisk0\DR0:
10:20:44.0689 0876 MBR used
10:20:44.0689 0876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:20:44.0689 0876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B542800
10:20:44.0689 0876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B5A6800, BlocksNum 0x1BEB000
10:20:44.0689 0876 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
10:20:44.0861 0876 Initialize success
10:20:44.0861 0876 ============================================================
10:20:57.0372 3836 ============================================================
10:20:57.0372 3836 Scan started
10:20:57.0372 3836 Mode: Manual; SigCheck; TDLFS;
10:20:57.0372 3836 ============================================================
10:20:59.0899 3836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:21:00.0211 3836 1394ohci - ok
10:21:00.0289 3836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:21:00.0352 3836 ACPI - ok
10:21:00.0398 3836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:21:00.0539 3836 AcpiPmi - ok
10:21:00.0586 3836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:21:00.0617 3836 adp94xx - ok
10:21:00.0648 3836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:21:00.0664 3836 adpahci - ok
10:21:00.0695 3836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:21:00.0742 3836 adpu320 - ok
10:21:00.0773 3836 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:21:00.0991 3836 AeLookupSvc - ok
10:21:01.0069 3836 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
10:21:01.0163 3836 AESTFilters - ok
10:21:01.0241 3836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:21:01.0381 3836 AFD - ok
10:21:01.0459 3836 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
10:21:01.0537 3836 AgereModemAudio - ok
10:21:01.0615 3836 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
10:21:01.0709 3836 AgereSoftModem - ok
10:21:01.0771 3836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:21:01.0818 3836 agp440 - ok
10:21:01.0865 3836 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:21:01.0943 3836 ALG - ok
10:21:02.0005 3836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:21:02.0021 3836 aliide - ok
10:21:02.0083 3836 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe
10:21:02.0208 3836 AMD External Events Utility - ok
10:21:02.0239 3836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:21:02.0255 3836 amdide - ok
10:21:02.0302 3836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:21:02.0411 3836 AmdK8 - ok
10:21:02.0458 3836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:21:02.0504 3836 AmdPPM - ok
10:21:02.0551 3836 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:21:02.0567 3836 amdsata - ok
10:21:02.0598 3836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:21:02.0614 3836 amdsbs - ok
10:21:02.0645 3836 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:21:02.0645 3836 amdxata - ok
10:21:02.0692 3836 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:21:02.0816 3836 AppID - ok
10:21:02.0848 3836 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:21:02.0941 3836 AppIDSvc - ok
10:21:02.0988 3836 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:21:03.0050 3836 Appinfo - ok
10:21:03.0144 3836 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:21:03.0191 3836 Apple Mobile Device - ok
10:21:03.0238 3836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:21:03.0253 3836 arc - ok
10:21:03.0269 3836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:21:03.0284 3836 arcsas - ok
10:21:03.0331 3836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:03.0425 3836 AsyncMac - ok
10:21:03.0456 3836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:21:03.0472 3836 atapi - ok
10:21:03.0534 3836 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
10:21:03.0628 3836 athr - ok
10:21:03.0846 3836 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
10:21:04.0033 3836 atikmdag - ok
10:21:04.0111 3836 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:21:04.0158 3836 AtiPcie - ok
10:21:04.0205 3836 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:21:04.0283 3836 AudioEndpointBuilder - ok
10:21:04.0330 3836 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:21:04.0361 3836 AudioSrv - ok
10:21:04.0423 3836 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:21:04.0532 3836 AxInstSV - ok
10:21:04.0579 3836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:21:04.0673 3836 b06bdrv - ok
10:21:04.0720 3836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:21:04.0766 3836 b57nd60a - ok
10:21:04.0907 3836 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:21:04.0938 3836 BBSvc - ok
10:21:05.0016 3836 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:21:05.0063 3836 BBUpdate - ok
10:21:05.0141 3836 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:21:05.0234 3836 BDESVC - ok
10:21:05.0297 3836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:21:05.0390 3836 Beep - ok
10:21:05.0453 3836 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:21:05.0531 3836 BFE - ok
10:21:05.0687 3836 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
10:21:05.0734 3836 BHDrvx64 - ok
10:21:05.0796 3836 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:21:05.0905 3836 BITS - ok
10:21:05.0952 3836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:21:05.0968 3836 blbdrive - ok
10:21:06.0077 3836 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:21:06.0139 3836 Bonjour Service - ok
10:21:06.0170 3836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:21:06.0217 3836 bowser - ok
10:21:06.0248 3836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:21:06.0358 3836 BrFiltLo - ok
10:21:06.0389 3836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:21:06.0404 3836 BrFiltUp - ok
10:21:06.0436 3836 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:21:06.0514 3836 Browser - ok
10:21:06.0545 3836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:21:06.0623 3836 Brserid - ok
10:21:06.0654 3836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:21:06.0701 3836 BrSerWdm - ok
10:21:06.0732 3836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:21:06.0763 3836 BrUsbMdm - ok
10:21:06.0810 3836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:21:06.0841 3836 BrUsbSer - ok
10:21:06.0888 3836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:21:06.0950 3836 BTHMODEM - ok
10:21:06.0997 3836 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:21:07.0060 3836 bthserv - ok
10:21:07.0153 3836 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys
10:21:07.0184 3836 ccSet_NAV - ok
10:21:07.0200 3836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:21:07.0278 3836 cdfs - ok
10:21:07.0340 3836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:21:07.0387 3836 cdrom - ok
10:21:07.0450 3836 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:21:07.0528 3836 CertPropSvc - ok
10:21:07.0559 3836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:21:07.0590 3836 circlass - ok
10:21:07.0621 3836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:21:07.0637 3836 CLFS - ok
10:21:07.0699 3836 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:21:07.0730 3836 clr_optimization_v2.0.50727_32 - ok
10:21:07.0762 3836 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:21:07.0777 3836 clr_optimization_v2.0.50727_64 - ok
10:21:07.0840 3836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:21:07.0871 3836 clr_optimization_v4.0.30319_32 - ok
10:21:07.0918 3836 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:21:07.0933 3836 clr_optimization_v4.0.30319_64 - ok
10:21:07.0964 3836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:21:07.0996 3836 CmBatt - ok
10:21:08.0058 3836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:21:08.0089 3836 cmdide - ok
10:21:08.0136 3836 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:21:08.0198 3836 CNG - ok
10:21:08.0292 3836 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:21:08.0323 3836 Com4QLBEx - ok
10:21:08.0354 3836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:21:08.0370 3836 Compbatt - ok
10:21:08.0401 3836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:21:08.0432 3836 CompositeBus - ok
10:21:08.0464 3836 COMSysApp - ok
10:21:08.0495 3836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:21:08.0510 3836 crcdisk - ok
10:21:08.0557 3836 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:21:08.0651 3836 CryptSvc - ok
10:21:08.0760 3836 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:21:08.0822 3836 cvhsvc - ok
10:21:08.0900 3836 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:21:08.0963 3836 DcomLaunch - ok
10:21:09.0025 3836 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:21:09.0119 3836 defragsvc - ok
10:21:09.0166 3836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:21:09.0228 3836 DfsC - ok
10:21:09.0290 3836 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:21:09.0400 3836 Dhcp - ok
10:21:09.0571 3836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:21:09.0727 3836 discache - ok
10:21:09.0758 3836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:21:09.0774 3836 Disk - ok
10:21:09.0836 3836 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:21:09.0930 3836 Dnscache - ok
10:21:10.0008 3836 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:21:10.0055 3836 dot3svc - ok
10:21:10.0117 3836 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:21:10.0180 3836 DPS - ok
10:21:10.0226 3836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:21:10.0273 3836 drmkaud - ok
10:21:10.0336 3836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:21:10.0382 3836 DXGKrnl - ok
10:21:10.0429 3836 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:21:10.0492 3836 EapHost - ok
10:21:10.0648 3836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:21:10.0804 3836 ebdrv - ok
10:21:10.0975 3836 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:21:11.0022 3836 eeCtrl - ok
10:21:11.0100 3836 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:21:11.0194 3836 EFS - ok
10:21:11.0303 3836 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:21:11.0428 3836 ehRecvr - ok
10:21:11.0474 3836 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:21:11.0537 3836 ehSched - ok
10:21:11.0584 3836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:21:11.0615 3836 elxstor - ok
10:21:11.0724 3836 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:21:11.0740 3836 EraserUtilRebootDrv - ok
10:21:11.0771 3836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:21:11.0818 3836 ErrDev - ok
10:21:11.0880 3836 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:21:11.0942 3836 EventSystem - ok
10:21:11.0989 3836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:21:12.0036 3836 exfat - ok
10:21:12.0067 3836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:21:12.0130 3836 fastfat - ok
10:21:12.0192 3836 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:21:12.0286 3836 Fax - ok
10:21:12.0317 3836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:21:12.0364 3836 fdc - ok
10:21:12.0426 3836 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:21:12.0504 3836 fdPHost - ok
10:21:12.0535 3836 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:21:12.0582 3836 FDResPub - ok
10:21:12.0629 3836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:21:12.0644 3836 FileInfo - ok
10:21:12.0676 3836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:21:12.0738 3836 Filetrace - ok
10:21:12.0769 3836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:21:12.0800 3836 flpydisk - ok
10:21:12.0847 3836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:21:12.0878 3836 FltMgr - ok
10:21:12.0956 3836 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:21:13.0081 3836 FontCache - ok
10:21:13.0144 3836 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:21:13.0159 3836 FontCache3.0.0.0 - ok
10:21:13.0206 3836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:21:13.0222 3836 FsDepends - ok
10:21:13.0268 3836 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:21:13.0284 3836 Fs_Rec - ok
10:21:13.0331 3836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:21:13.0362 3836 fvevol - ok
10:21:13.0393 3836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:21:13.0409 3836 gagp30kx - ok
10:21:13.0518 3836 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:21:13.0596 3836 GameConsoleService - ok
10:21:13.0658 3836 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:21:13.0690 3836 GEARAspiWDM - ok
10:21:13.0799 3836 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:21:13.0861 3836 gpsvc - ok
10:21:13.0939 3836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:21:14.0033 3836 hcw85cir - ok
10:21:14.0080 3836 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:21:14.0142 3836 HdAudAddService - ok
10:21:14.0173 3836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:21:14.0220 3836 HDAudBus - ok
10:21:14.0267 3836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:21:14.0314 3836 HidBatt - ok
10:21:14.0470 3836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:21:14.0563 3836 HidBth - ok
10:21:14.0594 3836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:21:14.0626 3836 HidIr - ok
10:21:14.0672 3836 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:21:14.0735 3836 hidserv - ok
10:21:14.0813 3836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:21:14.0860 3836 HidUsb - ok
10:21:14.0906 3836 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:21:14.0969 3836 hkmsvc - ok
10:21:15.0000 3836 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:21:15.0062 3836 HomeGroupListener - ok
10:21:15.0109 3836 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:21:15.0140 3836 HomeGroupProvider - ok
10:21:15.0234 3836 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:21:15.0265 3836 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
10:21:15.0265 3836 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
10:21:15.0359 3836 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:21:15.0421 3836 HpqKbFiltr - ok
10:21:15.0499 3836 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:21:15.0530 3836 hpqwmiex - ok
10:21:15.0593 3836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:21:15.0608 3836 HpSAMD - ok
10:21:15.0655 3836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:21:15.0733 3836 HTTP - ok
10:21:15.0749 3836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:21:15.0764 3836 hwpolicy - ok
10:21:15.0827 3836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:21:15.0842 3836 i8042prt - ok
10:21:15.0889 3836 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:21:15.0920 3836 iaStorV - ok
10:21:15.0983 3836 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:21:16.0030 3836 idsvc - ok
10:21:16.0279 3836 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\IPSDefs\20120412.001\IDSvia64.sys
10:21:16.0342 3836 IDSVia64 - ok
10:21:16.0607 3836 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:21:16.0810 3836 igfx - ok
10:21:16.0856 3836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:21:16.0872 3836 iirsp - ok
10:21:16.0934 3836 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:21:17.0028 3836 IKEEXT - ok
10:21:17.0075 3836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:21:17.0090 3836 intelide - ok
10:21:17.0137 3836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:21:17.0168 3836 intelppm - ok
10:21:17.0231 3836 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:21:17.0262 3836 IPBusEnum - ok
10:21:17.0309 3836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:17.0402 3836 IpFilterDriver - ok
10:21:17.0543 3836 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:21:17.0683 3836 iphlpsvc - ok
10:21:17.0746 3836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:21:17.0839 3836 IPMIDRV - ok
10:21:17.0980 3836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:21:18.0058 3836 IPNAT - ok
10:21:18.0245 3836 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:21:18.0292 3836 iPod Service - ok
10:21:18.0338 3836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:21:18.0416 3836 IRENUM - ok
10:21:18.0463 3836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:21:18.0479 3836 isapnp - ok
10:21:18.0510 3836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:21:18.0541 3836 iScsiPrt - ok
10:21:18.0572 3836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:21:18.0588 3836 kbdclass - ok
10:21:18.0619 3836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:21:18.0713 3836 kbdhid - ok
10:21:18.0775 3836 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:21:18.0822 3836 KeyIso - ok
10:21:18.0884 3836 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:21:19.0025 3836 KSecDD - ok
10:21:19.0134 3836 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:21:19.0150 3836 KSecPkg - ok
10:21:19.0181 3836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:21:19.0290 3836 ksthunk - ok
10:21:19.0430 3836 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:21:19.0571 3836 KtmRm - ok
10:21:19.0914 3836 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:21:20.0008 3836 LanmanServer - ok
10:21:20.0054 3836 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:21:20.0132 3836 LanmanWorkstation - ok
10:21:20.0242 3836 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:21:20.0273 3836 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:21:20.0273 3836 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:21:20.0351 3836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:21:20.0460 3836 lltdio - ok
10:21:20.0616 3836 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:21:20.0725 3836 lltdsvc - ok
10:21:20.0772 3836 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:21:20.0819 3836 lmhosts - ok
10:21:20.0881 3836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:21:20.0897 3836 LSI_FC - ok
10:21:20.0959 3836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:21:20.0975 3836 LSI_SAS - ok
10:21:21.0022 3836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:21:21.0037 3836 LSI_SAS2 - ok
10:21:21.0068 3836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:21:21.0100 3836 LSI_SCSI - ok
10:21:21.0115 3836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:21:21.0178 3836 luafv - ok
10:21:21.0240 3836 lxeb_device - ok
10:21:21.0302 3836 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:21:21.0318 3836 Mcx2Svc - ok
10:21:21.0334 3836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:21:21.0349 3836 megasas - ok
10:21:21.0380 3836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:21:21.0412 3836 MegaSR - ok
10:21:21.0458 3836 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:21:21.0536 3836 MMCSS - ok
10:21:21.0568 3836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:21:21.0661 3836 Modem - ok
10:21:21.0708 3836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:21:21.0739 3836 monitor - ok
10:21:21.0802 3836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:21:21.0817 3836 mouclass - ok
10:21:21.0880 3836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:21:21.0926 3836 mouhid - ok
10:21:21.0989 3836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:21:22.0004 3836 mountmgr - ok
10:21:22.0036 3836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:21:22.0051 3836 mpio - ok
10:21:22.0082 3836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:21:22.0285 3836 mpsdrv - ok
10:21:22.0394 3836 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:21:22.0504 3836 MpsSvc - ok
10:21:22.0566 3836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:21:22.0628 3836 MRxDAV - ok
10:21:22.0691 3836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:22.0769 3836 mrxsmb - ok
10:21:22.0816 3836 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:22.0847 3836 mrxsmb10 - ok
10:21:22.0862 3836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:22.0894 3836 mrxsmb20 - ok
10:21:22.0925 3836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:21:22.0940 3836 msahci - ok
10:21:22.0972 3836 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:21:22.0987 3836 msdsm - ok
10:21:23.0034 3836 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:21:23.0081 3836 MSDTC - ok
10:21:23.0128 3836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:21:23.0159 3836 Msfs - ok
10:21:23.0206 3836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:21:23.0252 3836 mshidkmdf - ok
10:21:23.0284 3836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:21:23.0299 3836 msisadrv - ok
10:21:23.0330 3836 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:21:23.0393 3836 MSiSCSI - ok
10:21:23.0408 3836 msiserver - ok
10:21:23.0455 3836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:21:23.0518 3836 MSKSSRV - ok
10:21:23.0533 3836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:23.0580 3836 MSPCLOCK - ok
10:21:23.0611 3836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:21:23.0674 3836 MSPQM - ok
10:21:23.0736 3836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:21:23.0752 3836 MsRPC - ok
10:21:23.0798 3836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:21:23.0908 3836 mssmbios - ok
10:21:23.0970 3836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:21:24.0032 3836 MSTEE - ok
10:21:24.0064 3836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:21:24.0095 3836 MTConfig - ok
10:21:24.0110 3836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:21:24.0126 3836 Mup - ok
10:21:24.0188 3836 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:21:24.0266 3836 napagent - ok
10:21:24.0344 3836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:21:24.0391 3836 NativeWifiP - ok
10:21:24.0516 3836 NAV (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
10:21:24.0563 3836 NAV - ok
10:21:24.0688 3836 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\VirusDefs\20120412.032\ENG64.SYS
10:21:24.0703 3836 NAVENG - ok
10:21:24.0781 3836 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\VirusDefs\20120412.032\EX64.SYS
10:21:24.0859 3836 NAVEX15 - ok
10:21:25.0109 3836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:21:25.0187 3836 NDIS - ok
10:21:25.0234 3836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:21:25.0280 3836 NdisCap - ok
10:21:25.0343 3836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:25.0374 3836 NdisTapi - ok
10:21:25.0421 3836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:25.0468 3836 Ndisuio - ok
10:21:25.0499 3836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:25.0546 3836 NdisWan - ok
10:21:25.0592 3836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:21:25.0639 3836 NDProxy - ok
10:21:25.0655 3836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:21:25.0717 3836 NetBIOS - ok
10:21:25.0764 3836 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:21:25.0826 3836 NetBT - ok
10:21:25.0873 3836 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:21:25.0889 3836 Netlogon - ok
10:21:25.0982 3836 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:21:26.0076 3836 Netman - ok
10:21:26.0107 3836 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:21:26.0185 3836 netprofm - ok
10:21:26.0248 3836 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:21:26.0263 3836 NetTcpPortSharing - ok
10:21:26.0482 3836 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
10:21:26.0653 3836 netw5v64 - ok
10:21:26.0669 3836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:21:26.0700 3836 nfrd960 - ok
10:21:26.0747 3836 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:21:26.0809 3836 NlaSvc - ok
10:21:26.0825 3836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:21:26.0872 3836 Npfs - ok
10:21:26.0918 3836 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:21:26.0950 3836 nsi - ok
10:21:26.0981 3836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:21:27.0043 3836 nsiproxy - ok
10:21:27.0121 3836 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:21:27.0215 3836 Ntfs - ok
10:21:27.0246 3836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:21:27.0308 3836 Null - ok
10:21:27.0355 3836 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:21:27.0371 3836 nvraid - ok
10:21:27.0402 3836 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:21:27.0418 3836 nvstor - ok
10:21:27.0449 3836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:21:27.0464 3836 nv_agp - ok
10:21:27.0574 3836 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:21:27.0620 3836 odserv - ok
10:21:27.0652 3836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:21:27.0683 3836 ohci1394 - ok
10:21:27.0745 3836 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:21:27.0823 3836 ose - ok
10:21:27.0979 3836 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:21:28.0182 3836 osppsvc - ok
10:21:28.0276 3836 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:21:28.0400 3836 p2pimsvc - ok
10:21:28.0463 3836 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:21:28.0494 3836 p2psvc - ok
10:21:28.0541 3836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:21:28.0556 3836 Parport - ok
10:21:28.0603 3836 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:21:28.0619 3836 partmgr - ok
10:21:28.0650 3836 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:21:28.0697 3836 PcaSvc - ok
10:21:28.0744 3836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:21:28.0759 3836 pci - ok
10:21:28.0790 3836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:21:28.0806 3836 pciide - ok
10:21:28.0837 3836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:21:28.0853 3836 pcmcia - ok
10:21:28.0915 3836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:21:28.0946 3836 pcw - ok
10:21:28.0993 3836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:21:29.0071 3836 PEAUTH - ok
10:21:29.0165 3836 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:21:29.0227 3836 PerfHost - ok
10:21:29.0430 3836 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:21:29.0539 3836 pla - ok
10:21:29.0711 3836 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:21:29.0836 3836 PlugPlay - ok
10:21:29.0882 3836 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:21:29.0898 3836 PNRPAutoReg - ok
10:21:29.0945 3836 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:21:29.0960 3836 PNRPsvc - ok
10:21:30.0070 3836 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:21:30.0241 3836 PolicyAgent - ok
10:21:30.0413 3836 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:21:30.0506 3836 Power - ok
10:21:30.0740 3836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:21:30.0850 3836 PptpMiniport - ok
10:21:30.0974 3836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:21:31.0084 3836 Processor - ok
10:21:31.0224 3836 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:21:31.0349 3836 ProfSvc - ok
10:21:31.0442 3836 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:21:31.0489 3836 ProtectedStorage - ok
10:21:31.0583 3836 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:21:31.0630 3836 Psched - ok
10:21:31.0754 3836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:21:31.0832 3836 ql2300 - ok
10:21:31.0864 3836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:21:31.0879 3836 ql40xx - ok
10:21:31.0926 3836 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:21:31.0988 3836 QWAVE - ok
10:21:32.0020 3836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:21:32.0051 3836 QWAVEdrv - ok
10:21:32.0082 3836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:21:32.0160 3836 RasAcd - ok
10:21:32.0347 3836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:32.0425 3836 RasAgileVpn - ok
10:21:32.0472 3836 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:21:32.0534 3836 RasAuto - ok
10:21:32.0581 3836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:32.0644 3836 Rasl2tp - ok
10:21:32.0690 3836 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:21:32.0737 3836 RasMan - ok
10:21:32.0753 3836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:32.0815 3836 RasPppoe - ok
10:21:32.0831 3836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:21:32.0893 3836 RasSstp - ok
10:21:32.0956 3836 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:21:33.0049 3836 rdbss - ok
10:21:33.0080 3836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:21:33.0096 3836 rdpbus - ok
10:21:33.0127 3836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:33.0190 3836 RDPCDD - ok
10:21:33.0236 3836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:21:33.0283 3836 RDPENCDD - ok
10:21:33.0314 3836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:21:33.0346 3836 RDPREFMP - ok
10:21:33.0392 3836 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:21:33.0455 3836 RDPWD - ok
10:21:33.0502 3836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:21:33.0533 3836 rdyboost - ok
10:21:33.0580 3836 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:21:33.0642 3836 RemoteAccess - ok
10:21:33.0704 3836 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:21:33.0782 3836 RemoteRegistry - ok
10:21:33.0892 3836 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:21:33.0923 3836 RichVideo - ok
10:21:33.0985 3836 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:21:34.0048 3836 RpcEptMapper - ok
10:21:34.0094 3836 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:21:34.0126 3836 RpcLocator - ok
10:21:34.0172 3836 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:21:34.0219 3836 RpcSs - ok
10:21:34.0266 3836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:21:34.0328 3836 rspndr - ok
10:21:34.0375 3836 RSUSBSTOR - ok
10:21:34.0422 3836 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:21:34.0500 3836 RTL8167 - ok
10:21:34.0547 3836 RtsUIR - ok
10:21:34.0594 3836 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:21:34.0609 3836 SamSs - ok
10:21:34.0640 3836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:21:34.0672 3836 sbp2port - ok
10:21:34.0703 3836 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:21:34.0765 3836 SCardSvr - ok
10:21:34.0812 3836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:21:34.0890 3836 scfilter - ok
10:21:34.0952 3836 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:21:35.0030 3836 Schedule - ok
10:21:35.0202 3836 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:21:35.0249 3836 SCPolicySvc - ok
10:21:35.0296 3836 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:21:35.0327 3836 sdbus - ok
10:21:35.0358 3836 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:21:35.0452 3836 SDRSVC - ok
10:21:35.0498 3836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:21:35.0576 3836 secdrv - ok
10:21:35.0608 3836 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:21:35.0670 3836 seclogon - ok
10:21:35.0717 3836 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:21:35.0795 3836 SENS - ok
10:21:35.0857 3836 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:21:35.0935 3836 SensrSvc - ok
10:21:35.0982 3836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:21:36.0013 3836 Serenum - ok
10:21:36.0060 3836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:21:36.0076 3836 Serial - ok
10:21:36.0107 3836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:21:36.0154 3836 sermouse - ok
10:21:36.0216 3836 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:21:36.0278 3836 SessionEnv - ok
10:21:36.0294 3836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:21:36.0341 3836 sffdisk - ok
10:21:36.0372 3836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:21:36.0403 3836 sffp_mmc - ok
10:21:36.0419 3836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:21:36.0466 3836 sffp_sd - ok
10:21:36.0497 3836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:21:36.0512 3836 sfloppy - ok
10:21:36.0559 3836 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:21:36.0606 3836 Sftfs - ok
10:21:36.0684 3836 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:21:36.0731 3836 sftlist - ok
10:21:36.0762 3836 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:21:36.0793 3836 Sftplay - ok
10:21:36.0824 3836 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:21:36.0824 3836 Sftredir - ok
10:21:36.0887 3836 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:21:36.0902 3836 Sftvol - ok
10:21:36.0918 3836 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:21:36.0949 3836 sftvsa - ok
10:21:36.0996 3836 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:21:37.0074 3836 SharedAccess - ok
10:21:37.0121 3836 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:21:37.0199 3836 ShellHWDetection - ok
10:21:37.0230 3836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:21:37.0261 3836 SiSRaid2 - ok
10:21:37.0292 3836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:21:37.0308 3836 SiSRaid4 - ok
10:21:37.0339 3836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:21:37.0402 3836 Smb - ok
10:21:37.0464 3836 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:21:37.0480 3836 SNMPTRAP - ok
10:21:37.0495 3836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:21:37.0511 3836 spldr - ok
10:21:37.0558 3836 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:21:37.0620 3836 Spooler - ok
10:21:37.0698 3836 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:21:37.0870 3836 sppsvc - ok
10:21:37.0901 3836 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:21:37.0948 3836 sppuinotify - ok
10:21:38.0026 3836 sprtsvc_verizondm - ok
10:21:38.0119 3836 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NAVx64\1306020.00A\SRTSP64.SYS
10:21:38.0182 3836 SRTSP - ok
10:21:38.0213 3836 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NAVx64\1306020.00A\SRTSPX64.SYS
10:21:38.0228 3836 SRTSPX - ok
10:21:38.0275 3836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:21:38.0353 3836 srv - ok
10:21:38.0400 3836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:21:38.0447 3836 srv2 - ok
10:21:38.0494 3836 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:21:38.0525 3836 SrvHsfHDA - ok
10:21:38.0572 3836 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:21:38.0650 3836 SrvHsfV92 - ok
10:21:38.0712 3836 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:21:38.0790 3836 SrvHsfWinac - ok
10:21:38.0837 3836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:21:38.0868 3836 srvnet - ok
10:21:38.0930 3836 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:21:38.0993 3836 SSDPSRV - ok
10:21:39.0040 3836 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:21:39.0071 3836 SstpSvc - ok
10:21:39.0149 3836 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
10:21:39.0211 3836 STacSV - ok
10:21:39.0258 3836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:21:39.0289 3836 stexstor - ok
10:21:39.0352 3836 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
10:21:39.0383 3836 STHDA - ok
10:21:39.0414 3836 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:21:39.0476 3836 stisvc - ok
10:21:39.0523 3836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:21:39.0539 3836 swenum - ok
10:21:39.0664 3836 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:21:39.0757 3836 swprv - ok
10:21:39.0913 3836 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS
10:21:39.0976 3836 SymDS - ok
10:21:40.0038 3836 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS
10:21:40.0085 3836 SymEFA - ok
10:21:40.0132 3836 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:21:40.0147 3836 SymEvent - ok
10:21:40.0163 3836 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS
10:21:40.0194 3836 SymIRON - ok
10:21:40.0256 3836 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS
10:21:40.0303 3836 SymNetS - ok
10:21:40.0366 3836 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
10:21:40.0381 3836 SynTP - ok
10:21:40.0444 3836 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:21:40.0522 3836 SysMain - ok
10:21:40.0568 3836 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:21:40.0584 3836 TabletInputService - ok
10:21:40.0631 3836 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:21:40.0693 3836 TapiSrv - ok
10:21:40.0740 3836 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:21:40.0787 3836 TBS - ok
10:21:40.0865 3836 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:21:40.0958 3836 Tcpip - ok
10:21:41.0052 3836 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:21:41.0099 3836 TCPIP6 - ok
10:21:41.0146 3836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:21:41.0192 3836 tcpipreg - ok
10:21:41.0255 3836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:21:41.0317 3836 TDPIPE - ok
10:21:41.0348 3836 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:21:41.0395 3836 TDTCP - ok
10:21:41.0458 3836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:21:41.0504 3836 tdx - ok
10:21:41.0567 3836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:21:41.0598 3836 TermDD - ok
10:21:41.0645 3836 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:21:41.0707 3836 TermService - ok
10:21:41.0754 3836 tgsrvc_verizondm - ok
10:21:41.0801 3836 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:21:41.0848 3836 Themes - ok
10:21:41.0894 3836 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:21:41.0957 3836 THREADORDER - ok
10:21:41.0988 3836 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:21:42.0035 3836 TrkWks - ok
10:21:42.0066 3836 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:21:42.0113 3836 TrustedInstaller - ok
10:21:42.0160 3836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:42.0238 3836 tssecsrv - ok
10:21:42.0300 3836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:21:42.0331 3836 TsUsbFlt - ok
10:21:42.0487 3836 TuneUp.UtilitiesSvc (535a376629a37e03f993d769490e8eed) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
10:21:42.0565 3836 TuneUp.UtilitiesSvc - ok
10:21:42.0643 3836 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
10:21:42.0674 3836 TuneUpUtilitiesDrv - ok
10:21:42.0721 3836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:21:42.0752 3836 tunnel - ok
10:21:42.0799 3836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:21:42.0815 3836 uagp35 - ok
10:21:42.0862 3836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:21:42.0908 3836 udfs - ok
10:21:42.0955 3836 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:21:42.0986 3836 UI0Detect - ok
10:21:43.0018 3836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:21:43.0033 3836 uliagpkx - ok
10:21:43.0080 3836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:21:43.0111 3836 umbus - ok
10:21:43.0158 3836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:21:43.0189 3836 UmPass - ok
10:21:43.0220 3836 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:21:43.0298 3836 upnphost - ok
10:21:43.0345 3836 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:21:43.0439 3836 USBAAPL64 - ok
10:21:43.0470 3836 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:43.0532 3836 usbccgp - ok
10:21:43.0548 3836 USBCCID - ok
10:21:43.0595 3836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:21:43.0626 3836 usbcir - ok
10:21:43.0657 3836 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:21:43.0688 3836 usbehci - ok
10:21:43.0735 3836 usbfilter (44d9c773febff10593b50ddfc2d6bc27) C:\Windows\system32\DRIVERS\usbfilter.sys
10:21:43.0766 3836 usbfilter - ok
10:21:43.0813 3836 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:21:43.0891 3836 usbhub - ok
10:21:43.0922 3836 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:21:43.0938 3836 usbohci - ok
10:21:43.0985 3836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:21:44.0032 3836 usbprint - ok
10:21:44.0078 3836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:21:44.0125 3836 usbscan - ok
10:21:44.0172 3836 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:44.0250 3836 USBSTOR - ok
10:21:44.0281 3836 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:21:44.0312 3836 usbuhci - ok
10:21:44.0344 3836 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:21:44.0406 3836 UxSms - ok
10:21:44.0484 3836 UxTuneUp (6f10c7ff1f1e3f45d7e20dd6e398682e) C:\Windows\System32\uxtuneup.dll
10:21:44.0515 3836 UxTuneUp - ok
10:21:44.0546 3836 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:21:44.0562 3836 VaultSvc - ok
10:21:44.0609 3836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:21:44.0624 3836 vdrvroot - ok
10:21:44.0656 3836 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:21:44.0718 3836 vds - ok
10:21:44.0765 3836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:44.0780 3836 vga - ok
10:21:44.0812 3836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:21:44.0874 3836 VgaSave - ok
10:21:44.0905 3836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:21:44.0936 3836 vhdmp - ok
10:21:44.0952 3836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:21:44.0968 3836 viaide - ok
10:21:44.0999 3836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:21:45.0014 3836 volmgr - ok
10:21:45.0046 3836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:21:45.0077 3836 volmgrx - ok
10:21:45.0108 3836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:21:45.0124 3836 volsnap - ok
10:21:45.0155 3836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:21:45.0186 3836 vsmraid - ok
10:21:45.0373 3836 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:21:45.0498 3836 VSS - ok
10:21:45.0654 3836 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
10:21:45.0701 3836 vToolbarUpdater10.2.0 - ok
10:21:45.0748 3836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:21:45.0794 3836 vwifibus - ok
10:21:45.0841 3836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:45.0857 3836 vwififlt - ok
10:21:45.0904 3836 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:45.0935 3836 vwifimp - ok
10:21:45.0982 3836 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:21:46.0028 3836 W32Time - ok
10:21:46.0075 3836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:21:46.0091 3836 WacomPen - ok
10:21:46.0153 3836 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:46.0231 3836 WANARP - ok
10:21:46.0247 3836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:46.0278 3836 Wanarpv6 - ok
10:21:46.0387 3836 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:21:46.0450 3836 WatAdminSvc - ok
10:21:46.0512 3836 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:21:46.0606 3836 wbengine - ok
10:21:46.0652 3836 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:21:46.0699 3836 WbioSrvc - ok
10:21:46.0730 3836 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:21:46.0777 3836 wcncsvc - ok
10:21:46.0808 3836 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:21:46.0840 3836 WcsPlugInService - ok
10:21:46.0871 3836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:21:46.0886 3836 Wd - ok
10:21:46.0918 3836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:21:46.0964 3836 Wdf01000 - ok
10:21:46.0996 3836 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:21:47.0120 3836 WdiServiceHost - ok
10:21:47.0120 3836 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:21:47.0152 3836 WdiSystemHost - ok
10:21:47.0214 3836 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:21:47.0292 3836 WebClient - ok
10:21:47.0354 3836 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:21:47.0417 3836 Wecsvc - ok
10:21:47.0448 3836 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:21:47.0495 3836 wercplsupport - ok
10:21:47.0542 3836 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:21:47.0620 3836 WerSvc - ok
10:21:47.0666 3836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:21:47.0713 3836 WfpLwf - ok
10:21:47.0744 3836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:21:47.0760 3836 WIMMount - ok
10:21:47.0791 3836 WinDefend - ok
10:21:47.0807 3836 WinHttpAutoProxySvc - ok
10:21:47.0869 3836 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:21:47.0932 3836 Winmgmt - ok
10:21:48.0010 3836 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:21:48.0134 3836 WinRM - ok
10:21:48.0212 3836 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:21:48.0244 3836 WinUsb - ok
10:21:48.0306 3836 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:21:48.0368 3836 Wlansvc - ok
10:21:48.0431 3836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:21:48.0446 3836 WmiAcpi - ok
10:21:48.0493 3836 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:21:48.0540 3836 wmiApSrv - ok
10:21:48.0618 3836 WMPNetworkSvc - ok
10:21:48.0665 3836 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:21:48.0712 3836 WPCSvc - ok
10:21:48.0758 3836 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:21:48.0805 3836 WPDBusEnum - ok
10:21:48.0852 3836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:21:48.0883 3836 ws2ifsl - ok
10:21:48.0914 3836 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:21:48.0961 3836 wscsvc - ok
10:21:48.0977 3836 WSearch - ok
10:21:49.0055 3836 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:21:49.0164 3836 wuauserv - ok
10:21:49.0226 3836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:21:49.0273 3836 WudfPf - ok
10:21:49.0336 3836 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:49.0382 3836 WUDFRd - ok
10:21:49.0398 3836 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:21:49.0445 3836 wudfsvc - ok
10:21:49.0476 3836 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:21:49.0523 3836 WwanSvc - ok
10:21:49.0570 3836 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
10:21:49.0648 3836 yukonw7 - ok
10:21:49.0710 3836 MBR (0x1B8) (d21e6ea2553c5443bb44db37289c5532) \Device\Harddisk0\DR0
10:21:49.0835 3836 \Device\Harddisk0\DR0 - ok
10:21:49.0866 3836 Boot (0x1200) (78a971eda97552d9f8db67baf547de39) \Device\Harddisk0\DR0\Partition0
10:21:49.0866 3836 \Device\Harddisk0\DR0\Partition0 - ok
10:21:49.0882 3836 Boot (0x1200) (00a76b126a5f04ad6f1e38c221f68584) \Device\Harddisk0\DR0\Partition1
10:21:49.0897 3836 \Device\Harddisk0\DR0\Partition1 - ok
10:21:49.0928 3836 Boot (0x1200) (cac8c384f4de184c37118ee4b1cfcc6f) \Device\Harddisk0\DR0\Partition2
10:21:49.0928 3836 \Device\Harddisk0\DR0\Partition2 - ok
10:21:49.0944 3836 Boot (0x1200) (215d872991f23b2469049cb54bf9fefd) \Device\Harddisk0\DR0\Partition3
10:21:49.0944 3836 \Device\Harddisk0\DR0\Partition3 - ok
10:21:49.0944 3836 ============================================================
10:21:49.0944 3836 Scan finished
10:21:49.0944 3836 ============================================================
10:21:49.0960 5632 Detected object count: 2
10:21:49.0960 5632 Actual detected object count: 2
10:22:48.0600 5632 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:22:48.0600 5632 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:22:48.0600 5632 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:22:48.0600 5632 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:26:07.0641 2152 Deinitialize success

ComboFix 12-04-13.01 - SinCera 04/13/2012 10:33:38.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1788.823 [GMT -4:00]
Running from: c:\users\SinCera\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 14:47 . 2012-04-13 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 07:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 07:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 07:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 07:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 07:18 . 2012-04-08 07:18 -------- d-----w- c:\program files\LSI SoftModem
2012-04-01 06:07 . 2012-04-01 06:07 -------- d-----w- c:\program files\iPod
2012-04-01 06:07 . 2012-04-01 06:07 -------- d-----w- c:\program files\iTunes
2012-03-30 09:31 . 2012-03-30 09:31 -------- d-----w- c:\users\SinCera\AppData\Local\Microsoft Games
2012-03-24 19:51 . 2012-03-25 23:49 -------- d-----w- c:\program files\Symantec
2012-03-24 19:51 . 2012-03-25 23:48 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-24 19:51 . 2012-03-24 19:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-24 19:50 . 2012-03-28 03:42 -------- d-----w- c:\windows\system32\drivers\NAVx64
2012-03-24 19:50 . 2012-03-24 19:50 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2012-03-24 19:44 . 2012-03-24 19:44 -------- d-----w- c:\programdata\PCSettings
2012-03-24 02:46 . 2012-03-24 02:46 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 02:46 . 2012-03-24 02:46 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 07:28 . 2012-03-14 07:28 0 ----a-w- c:\windows\SysWow64\sho3239.tmp
2012-03-08 08:25 . 2012-03-08 08:25 0 ----a-w- c:\windows\SysWow64\sho936B.tmp
2012-02-17 06:38 . 2012-03-14 05:22 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:22 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:22 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-14 05:52 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:52 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 05:52 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-27 08:26 . 2011-05-19 05:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-25 06:38 . 2012-03-14 05:24 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 05:24 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 05:24 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-16 22:29 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-16 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\SinCera\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\SinCera\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\SinCera\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-05-16 206120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-16 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-26 928096]
.
c:\users\SinCera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\SinCera\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
"WirelessAssistant"=c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.0.0.128\Definitions\IPSDefs\20120412.001\IDSvia64.sys [2012-03-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-05-16 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-05-16 185640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-16 918880]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-11 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 28809700
*Deregistered* - 28809700
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-08-09 19:24]
.
2012-04-13 c:\windows\Tasks\HPCeeScheduleForSinCera.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\SinCera\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\SinCera\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\SinCera\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\SinCera\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\SinCera\AppData\Roaming\Mozilla\Firefox\Profiles\964p6d1x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-13 10:54:37
ComboFix-quarantined-files.txt 2012-04-13 14:54
.
Pre-Run: 139,485,597,696 bytes free
Post-Run: 139,215,941,632 bytes free
.
- - End Of File - - DCFA5E6B1DA517D755ADC4BC279F809B


Thanks again for all your help!

-Sin Cera
  • 0

#7
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
I don't see any malware in any of your logs, so I don't think malware is causing your problems. I suggest you start a new topic here. :thumbsup:


There is only a bit of cleanup left that we will deal with in this post.

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#8
Sin Cera

Sin Cera

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello All,

My problem seems to be getting worse. Programs are starting to not respond, my computer is starting to freeze or run at or over 100%, taking up all it's memory. There are some processes in task manager that disappear when I go to view "all" processes. This is what is currently running in my processes:
AESTSr64.exe
agr64svc.exe
AppleMobileDeviceService.exe *32
atiedxx.exe
ccsvchst.exe *32 (Sincera)
ccsvchst.exe *32 (System)
Com4QLBEx.exe *32
csrss.exe (system)
csrss.exe (system)
CVHSVC.EXE *32
distnoted.exe *32
Dropbox.exe *32
dwm.exe
explorer.exe
firefox.exe *32
HPHC_Service.exe
hpqWmiEx.exe *32
iPodService.exe
lsass.exe
lsm.exe
lxebcoms.exe
mDNSResponder.exe
plugin-container.exe *32
PresentationFontCache.exe
QLBCtrl.exe *32
RichVideo.exe *32
rundll32.exe
SearchIndexer.exe
services.exe
sftlist.exe *32
sftvsa.exe *32
smss.exe
spoolsv.exe
stacsv64.exe
svchost.exe x12 (4 in system, 6 in local, 2 in network)
SyncServer.exe *32
SynTPEnh.exe
SynTPHelper.exe
System
System Idle Process
taskhost.exe
taskmgr.exe
TuneUpUtilitiesApp64.exe
TuneUpUtilitiesServices64.exe
wininit.exe
winlogon.exe
WmiPrvSE.exe
wmpnetwk.exe
WUDFHost.exe

I also am starting to have problems getting to websites, and am also experiencing pop-ups on some sites. I am going to do what I can, and I hope that the information helps.

Thanks again,

Sin Cera
  • 0

#9
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Like I said in my previous post:

I don't see any malware in any of your logs, so I don't think malware is causing your problems. I suggest you start a new topic here.


If you're a 100% convinced it's malware though, you should start a new topic in the Malware Removal Forum instead of replying to this old one. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP