Advertisement
Advertisement
 Search | |
| |
18-Jul-2012, 04:05 AM
#1 | ||||||
| Norton Power Eraser keeps informing me of trojan.patchep!sys, cannot remove I seemed to have randomly gotten this virus, apparently its located in C:\windows\system32\services.exe and I cannot get rid of it with Norton Power Eraser. Google and Yahoo! search results redirects to infected sites, along with my computer becoming a lot slower. Currently in Safe Mode with Networking OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz, Intel64 Family 6 Model 42 Stepping 7 Processor Count: 4 RAM: 6048 Mb Graphics Card: Intel(R) HD Graphics, -1988 Mb Hard Drives: C: Total - 939431 MB, Free - 834478 MB; Motherboard: Gateway, IPISB-VR Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled (Currently using Norton 360, AVG Free Edition is no longer my anti-virus software though it appears in my logs.) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:45:01 AM, on 7/18/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Safe mode with network support Running processes: C:\Users\Sotike\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Sotike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Users\Sotike\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109...0074de2b170474 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Compress Image Using Image Compressor 2008 - C:\Program Files (x86)\MasRizal\IMC2008\imcieex_compress.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe -- End of file - 12850 bytes . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Sotike at 2:49:38 on 2012-07-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.4466 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Users\Sotike\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Sotike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\System32\svchost.exe -k swprv "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\wbem\wmiprvse.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=109936&tt=100512_4_&babsrc=HP_ss&mntrId=9ef66ed300000000000074de2b17 0474 uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mStart Page = hxxp://www.bing.com/?pc=MAGW uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: &Compress Image Using Image Compressor 2008 - C:\Program Files (x86)\MasRizal\IMC2008\imcieex_compress.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.15.1 TCP: Interfaces\{B60A66F4-5999-4B00-9E62-9FEEB2F7F56A} : DhcpNameServer = 192.168.15.1 TCP: Interfaces\{B60A66F4-5999-4B00-9E62-9FEEB2F7F56A}\1627279637534376 : DhcpNameServer = 24.116.1.157 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO-X64: Canon Easy-WebPrint EX BHO - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll BHO-X64: Searchqu Toolbar - No File BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll TB-X64: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Sotike\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.d ll FF - plugin: C:\Users\Sotike\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Sotike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Sotike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109936&tt=100512_4_ FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 9ef66ed300000000000074de2b170474 FF - user.js: extensions.BabylonToolbar_i.hardId - 9ef66ed300000000000074de2b170474 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15472 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:15:48 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?] R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376] S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-14 509088] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [?] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-2 136176] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-15 13336] S2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-7-13 821592] S2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-15 244624] S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-7-10 138232] S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856] S2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?] S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-13 2656280] S2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2011-12-16 127272] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250056] S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-7-10 138912] S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-7-13 21384] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-2 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120] S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-7-13 33224] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-7-13 21904] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-15 05:30:56 356352 ----a-w- C:\Users\Sotike\AppData\Local\tubhmifm.exe 2012-07-13 05:16:55 -------- d-----w- C:\Users\Sotike\AppData\Roaming\IObit 2012-07-13 05:16:54 -------- d-----w- C:\Program Files (x86)\IObit 2012-07-13 03:23:13 -------- d-----w- C:\Users\Sotike\AppData\Local\ElevatedDiagnostics 2012-07-12 17:53:36 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-07-11 05:20:51 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 04:22:53 -------- d-----w- C:\Users\Sotike\AppData\Local\NPE 2012-07-11 04:14:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 04:14:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 04:14:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 04:14:11 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 04:14:11 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 04:14:11 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-11 04:12:14 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-07-11 04:12:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-07-11 04:12:14 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-07-11 04:12:14 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-07-11 04:12:14 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-07-11 04:12:14 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-07-11 04:12:14 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-07-11 04:12:14 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-07-11 04:12:14 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-07-11 01:00:12 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2012-07-09 07:16:03 -------- d-----w- C:\Users\Sotike\AppData\Local\libimobiledevice 2012-07-09 06:52:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll 2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll 2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2012-07-07 04:10:38 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2012-07-06 06:18:37 -------- d-----w- C:\Users\Sotike\AppData\Local\{A7A3FEAB-F3EC-4B24-9F03-01DD152E75B5} 2012-07-06 06:18:17 -------- d-----w- C:\Users\Sotike\AppData\Local\{6A84B818-3148-416B-91B0-70D4E41BA763} 2012-07-05 05:26:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-05 05:26:58 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-03 09:46:27 -------- d-----w- C:\Users\Sotike\AppData\Roaming\TuneUp Software 2012-07-03 09:46:23 -------- d-----w- C:\ProgramData\TuneUp Software 2012-07-03 09:46:19 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-06-21 22:14:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 22:13:56 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 22:13:45 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 22:13:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-19 05:48:35 -------- d-----w- C:\Program Files (x86)\AMD 2012-06-19 05:48:32 -------- d-----w- C:\Users\Sotike\AppData\Local\Downloaded Installations 2012-06-19 05:48:30 -------- d-----w- C:\Windows\SysWow64\AGEIA 2012-06-19 05:48:26 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2012-06-19 05:48:18 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll 2012-06-19 05:48:18 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2012-06-19 05:48:18 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll 2012-06-19 05:48:18 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2012-06-19 05:48:17 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll 2012-06-19 05:48:17 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll . ==================== Find3M ==================== . 2012-07-12 04:41:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 04:41:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-11 02:46:17 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 2:49:44.42 =============== |
20-Jul-2012, 05:18 AM
#3 | ||||||
| Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684 let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot post back with its log By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. Logs have names like: UtilityName.Version_Date_Time_log.txt. E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
21-Jul-2012, 04:55 AM
#4 | ||||||
| Nothing was detected 03:48:01.0861 2604 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 03:48:02.0382 2604 ============================================================ 03:48:02.0382 2604 Current date / time: 2012/07/21 03:48:02.0382 03:48:02.0382 2604 SystemInfo: 03:48:02.0382 2604 03:48:02.0382 2604 OS Version: 6.1.7601 ServicePack: 1.0 03:48:02.0382 2604 Product type: Workstation 03:48:02.0382 2604 ComputerName: MITZUKI 03:48:02.0382 2604 UserName: Sotike 03:48:02.0382 2604 Windows directory: C:\Windows 03:48:02.0382 2604 System windows directory: C:\Windows 03:48:02.0382 2604 Running under WOW64 03:48:02.0382 2604 Processor architecture: Intel x64 03:48:02.0382 2604 Number of processors: 4 03:48:02.0382 2604 Page size: 0x1000 03:48:02.0382 2604 Boot type: Safe boot with network 03:48:02.0382 2604 ============================================================ 03:48:02.0991 2604 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 03:48:03.0022 2604 ============================================================ 03:48:03.0022 2604 \Device\Harddisk0\DR0: 03:48:03.0022 2604 MBR partitions: 03:48:03.0022 2604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000 03:48:03.0022 2604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x72AD3DB0 03:48:03.0022 2604 ============================================================ 03:48:03.0055 2604 C: <-> \Device\Harddisk0\DR0\Partition1 03:48:03.0055 2604 ============================================================ 03:48:03.0055 2604 Initialize success 03:48:03.0055 2604 ============================================================ 03:48:04.0685 2648 ============================================================ 03:48:04.0685 2648 Scan started 03:48:04.0685 2648 Mode: Manual; 03:48:04.0686 2648 ============================================================ 03:48:04.0977 2648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 03:48:04.0979 2648 1394ohci - ok 03:48:05.0024 2648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 03:48:05.0027 2648 ACPI - ok 03:48:05.0035 2648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 03:48:05.0035 2648 AcpiPmi - ok 03:48:05.0133 2648 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 03:48:05.0135 2648 AdobeARMservice - ok 03:48:05.0251 2648 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 03:48:05.0253 2648 AdobeFlashPlayerUpdateSvc - ok 03:48:05.0301 2648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 03:48:05.0315 2648 adp94xx - ok 03:48:05.0348 2648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 03:48:05.0351 2648 adpahci - ok 03:48:05.0360 2648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 03:48:05.0362 2648 adpu320 - ok 03:48:05.0392 2648 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 03:48:05.0392 2648 AeLookupSvc - ok 03:48:05.0449 2648 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 03:48:05.0463 2648 AFD - ok 03:48:05.0496 2648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 03:48:05.0497 2648 agp440 - ok 03:48:05.0530 2648 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 03:48:05.0531 2648 ALG - ok 03:48:05.0550 2648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 03:48:05.0551 2648 aliide - ok 03:48:05.0553 2648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 03:48:05.0554 2648 amdide - ok 03:48:05.0559 2648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 03:48:05.0560 2648 AmdK8 - ok 03:48:05.0565 2648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 03:48:05.0566 2648 AmdPPM - ok 03:48:05.0589 2648 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 03:48:05.0591 2648 amdsata - ok 03:48:05.0607 2648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 03:48:05.0609 2648 amdsbs - ok 03:48:05.0627 2648 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 03:48:05.0628 2648 amdxata - ok 03:48:05.0662 2648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 03:48:05.0663 2648 AppID - ok 03:48:05.0686 2648 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 03:48:05.0687 2648 AppIDSvc - ok 03:48:05.0718 2648 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 03:48:05.0719 2648 Appinfo - ok 03:48:05.0825 2648 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 03:48:05.0827 2648 Apple Mobile Device - ok 03:48:05.0843 2648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 03:48:05.0844 2648 arc - ok 03:48:06.0123 2648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 03:48:06.0125 2648 arcsas - ok 03:48:06.0159 2648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 03:48:06.0160 2648 AsyncMac - ok 03:48:06.0177 2648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 03:48:06.0178 2648 atapi - ok 03:48:06.0229 2648 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 03:48:06.0247 2648 AudioEndpointBuilder - ok 03:48:06.0252 2648 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 03:48:06.0255 2648 AudioSrv - ok 03:48:06.0288 2648 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 03:48:06.0290 2648 AxInstSV - ok 03:48:06.0333 2648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 03:48:06.0336 2648 b06bdrv - ok 03:48:06.0383 2648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 03:48:06.0385 2648 b57nd60a - ok 03:48:06.0414 2648 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 03:48:06.0415 2648 BDESVC - ok 03:48:06.0429 2648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 03:48:06.0429 2648 Beep - ok 03:48:06.0623 2648 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys 03:48:06.0646 2648 BHDrvx64 - ok 03:48:06.0707 2648 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 03:48:06.0898 2648 BITS - ok 03:48:06.0951 2648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 03:48:06.0952 2648 blbdrive - ok 03:48:07.0060 2648 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 03:48:07.0075 2648 Bonjour Service - ok 03:48:07.0104 2648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 03:48:07.0105 2648 bowser - ok 03:48:07.0120 2648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 03:48:07.0121 2648 BrFiltLo - ok 03:48:07.0124 2648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 03:48:07.0124 2648 BrFiltUp - ok 03:48:07.0159 2648 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 03:48:07.0161 2648 Browser - ok 03:48:07.0173 2648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 03:48:07.0176 2648 Brserid - ok 03:48:07.0179 2648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 03:48:07.0180 2648 BrSerWdm - ok 03:48:07.0183 2648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 03:48:07.0184 2648 BrUsbMdm - ok 03:48:07.0187 2648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 03:48:07.0187 2648 BrUsbSer - ok 03:48:07.0221 2648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 03:48:07.0286 2648 BTHMODEM - ok 03:48:07.0313 2648 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 03:48:07.0314 2648 bthserv - ok 03:48:07.0402 2648 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys 03:48:07.0404 2648 ccSet_N360 - ok 03:48:07.0421 2648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 03:48:07.0422 2648 cdfs - ok 03:48:07.0448 2648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 03:48:07.0450 2648 cdrom - ok 03:48:07.0470 2648 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 03:48:07.0471 2648 CertPropSvc - ok 03:48:07.0475 2648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 03:48:07.0476 2648 circlass - ok 03:48:07.0500 2648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 03:48:07.0503 2648 CLFS - ok 03:48:07.0562 2648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 03:48:07.0564 2648 clr_optimization_v2.0.50727_32 - ok 03:48:07.0589 2648 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 03:48:07.0591 2648 clr_optimization_v2.0.50727_64 - ok 03:48:07.0648 2648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 03:48:07.0712 2648 clr_optimization_v4.0.30319_32 - ok 03:48:07.0734 2648 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 03:48:07.0737 2648 clr_optimization_v4.0.30319_64 - ok 03:48:07.0769 2648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 03:48:07.0770 2648 CmBatt - ok 03:48:07.0773 2648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 03:48:07.0773 2648 cmdide - ok 03:48:07.0824 2648 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 03:48:07.0838 2648 CNG - ok 03:48:07.0846 2648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 03:48:07.0847 2648 Compbatt - ok 03:48:07.0874 2648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 03:48:07.0874 2648 CompositeBus - ok 03:48:07.0885 2648 COMSysApp - ok 03:48:07.0950 2648 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe 03:48:08.0057 2648 cphs - ok 03:48:08.0060 2648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 03:48:08.0060 2648 crcdisk - ok 03:48:08.0094 2648 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 03:48:08.0095 2648 CryptSvc - ok 03:48:08.0138 2648 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 03:48:08.0151 2648 DcomLaunch - ok 03:48:08.0187 2648 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 03:48:08.0189 2648 defragsvc - ok 03:48:08.0227 2648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 03:48:08.0228 2648 DfsC - ok 03:48:08.0246 2648 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 03:48:08.0248 2648 Dhcp - ok 03:48:08.0265 2648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 03:48:08.0266 2648 discache - ok 03:48:08.0290 2648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 03:48:08.0291 2648 Disk - ok 03:48:08.0310 2648 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 03:48:08.0311 2648 Dnscache - ok 03:48:08.0332 2648 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 03:48:08.0334 2648 dot3svc - ok 03:48:08.0343 2648 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 03:48:08.0344 2648 DPS - ok 03:48:08.0365 2648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 03:48:08.0366 2648 drmkaud - ok 03:48:08.0416 2648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 03:48:08.0434 2648 DXGKrnl - ok 03:48:08.0481 2648 EagleX64 - ok 03:48:08.0500 2648 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 03:48:08.0502 2648 EapHost - ok 03:48:08.0667 2648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 03:48:08.0720 2648 ebdrv - ok 03:48:08.0844 2648 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 03:48:08.0848 2648 eeCtrl - ok 03:48:08.0945 2648 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 03:48:08.0946 2648 EFS - ok 03:48:09.0024 2648 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 03:48:09.0053 2648 ehRecvr - ok 03:48:09.0095 2648 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 03:48:09.0096 2648 ehSched - ok 03:48:09.0164 2648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 03:48:09.0176 2648 elxstor - ok 03:48:09.0278 2648 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 03:48:09.0279 2648 EraserUtilRebootDrv - ok 03:48:09.0282 2648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 03:48:09.0282 2648 ErrDev - ok 03:48:09.0313 2648 EtronHub3 (cfba28fab72e6a39add71d958f219648) C:\Windows\system32\Drivers\EtronHub3.sys 03:48:09.0314 2648 EtronHub3 - ok 03:48:09.0333 2648 EtronXHCI (0241ce183139ff15cea7234058ccf995) C:\Windows\system32\Drivers\EtronXHCI.sys 03:48:09.0334 2648 EtronXHCI - ok 03:48:09.0367 2648 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 03:48:09.0370 2648 EventSystem - ok 03:48:09.0395 2648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 03:48:09.0396 2648 exfat - ok 03:48:09.0411 2648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 03:48:09.0413 2648 fastfat - ok 03:48:09.0453 2648 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 03:48:09.0483 2648 Fax - ok 03:48:09.0487 2648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 03:48:09.0488 2648 fdc - ok 03:48:09.0507 2648 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 03:48:09.0507 2648 fdPHost - ok 03:48:09.0513 2648 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 03:48:09.0513 2648 FDResPub - ok 03:48:09.0523 2648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 03:48:09.0524 2648 FileInfo - ok 03:48:09.0636 2648 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys 03:48:09.0637 2648 FileMonitor - ok 03:48:09.0650 2648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 03:48:09.0651 2648 Filetrace - ok 03:48:09.0654 2648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 03:48:09.0654 2648 flpydisk - ok 03:48:09.0687 2648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 03:48:09.0690 2648 FltMgr - ok 03:48:09.0753 2648 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 03:48:09.0785 2648 FontCache - ok 03:48:09.0853 2648 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 03:48:09.0854 2648 FontCache3.0.0.0 - ok 03:48:09.0892 2648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 03:48:09.0893 2648 FsDepends - ok 03:48:09.0914 2648 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 03:48:09.0914 2648 Fs_Rec - ok 03:48:09.0925 2648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 03:48:09.0927 2648 fvevol - ok 03:48:09.0946 2648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 03:48:09.0947 2648 gagp30kx - ok 03:48:10.0000 2648 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 03:48:10.0002 2648 GamesAppService - ok 03:48:10.0047 2648 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys 03:48:10.0047 2648 GEARAspiWDM - ok 03:48:10.0098 2648 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 03:48:10.0123 2648 gpsvc - ok 03:48:10.0169 2648 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe 03:48:10.0170 2648 GREGService - ok 03:48:10.0256 2648 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03:48:10.0257 2648 gupdate - ok 03:48:10.0263 2648 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03:48:10.0264 2648 gupdatem - ok 03:48:10.0300 2648 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 03:48:10.0302 2648 gusvc - ok 03:48:10.0310 2648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 03:48:10.0311 2648 hcw85cir - ok 03:48:10.0352 2648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 03:48:10.0355 2648 HdAudAddService - ok 03:48:10.0385 2648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 03:48:10.0386 2648 HDAudBus - ok 03:48:10.0388 2648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 03:48:10.0389 2648 HidBatt - ok 03:48:10.0395 2648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 03:48:10.0396 2648 HidBth - ok 03:48:10.0414 2648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 03:48:10.0415 2648 HidIr - ok 03:48:10.0438 2648 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 03:48:10.0439 2648 hidserv - ok 03:48:10.0457 2648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 03:48:10.0457 2648 HidUsb - ok 03:48:10.0479 2648 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 03:48:10.0481 2648 hkmsvc - ok 03:48:10.0501 2648 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 03:48:10.0503 2648 HomeGroupListener - ok 03:48:10.0540 2648 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 03:48:10.0542 2648 HomeGroupProvider - ok 03:48:10.0547 2648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 03:48:10.0548 2648 HpSAMD - ok 03:48:10.0606 2648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 03:48:10.0632 2648 HTTP - ok 03:48:10.0661 2648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 03:48:10.0662 2648 hwpolicy - ok 03:48:10.0684 2648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 03:48:10.0685 2648 i8042prt - ok 03:48:10.0711 2648 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys 03:48:10.0713 2648 iaStor - ok 03:48:10.0770 2648 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 03:48:10.0772 2648 IAStorDataMgrSvc - ok 03:48:10.0818 2648 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 03:48:10.0821 2648 iaStorV - ok 03:48:10.0922 2648 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 03:48:10.0955 2648 idsvc - ok 03:48:11.0124 2648 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSvia64.sys 03:48:11.0137 2648 IDSVia64 - ok 03:48:11.0701 2648 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys 03:48:11.0901 2648 igfx - ok 03:48:11.0966 2648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 03:48:11.0967 2648 iirsp - ok 03:48:12.0049 2648 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 03:48:12.0051 2648 IJPLMSVC - ok 03:48:12.0114 2648 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 03:48:12.0128 2648 IKEEXT - ok 03:48:12.0216 2648 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe 03:48:12.0222 2648 IMFservice - ok 03:48:12.0392 2648 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys 03:48:12.0402 2648 IntcAzAudAddService - ok 03:48:12.0484 2648 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 03:48:12.0486 2648 IntcDAud - ok 03:48:12.0499 2648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 03:48:12.0499 2648 intelide - ok 03:48:12.0526 2648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 03:48:12.0527 2648 intelppm - ok 03:48:12.0549 2648 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 03:48:12.0551 2648 IPBusEnum - ok 03:48:12.0556 2648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 03:48:12.0557 2648 IpFilterDriver - ok 03:48:12.0567 2648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 03:48:12.0568 2648 IPMIDRV - ok 03:48:12.0574 2648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 03:48:12.0575 2648 IPNAT - ok 03:48:12.0674 2648 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 03:48:12.0685 2648 iPod Service - ok 03:48:12.0712 2648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 03:48:12.0713 2648 IRENUM - ok 03:48:12.0727 2648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 03:48:12.0728 2648 isapnp - ok 03:48:12.0747 2648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 03:48:12.0750 2648 iScsiPrt - ok 03:48:12.0765 2648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 03:48:12.0765 2648 kbdclass - ok 03:48:12.0783 2648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 03:48:12.0783 2648 kbdhid - ok 03:48:12.0809 2648 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:48:12.0810 2648 KeyIso - ok 03:48:12.0836 2648 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 03:48:12.0838 2648 KSecDD - ok 03:48:12.0859 2648 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 03:48:12.0860 2648 KSecPkg - ok 03:48:12.0873 2648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 03:48:12.0874 2648 ksthunk - ok 03:48:12.0908 2648 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 03:48:12.0911 2648 KtmRm - ok 03:48:12.0935 2648 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 03:48:12.0938 2648 LanmanServer - ok 03:48:12.0965 2648 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 03:48:12.0967 2648 LanmanWorkstation - ok 03:48:13.0011 2648 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe 03:48:13.0013 2648 Live Updater Service - ok 03:48:13.0029 2648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 03:48:13.0030 2648 lltdio - ok 03:48:13.0053 2648 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 03:48:13.0056 2648 lltdsvc - ok 03:48:13.0063 2648 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 03:48:13.0064 2648 lmhosts - ok 03:48:13.0135 2648 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 03:48:13.0138 2648 LMS - ok 03:48:13.0178 2648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 03:48:13.0179 2648 LSI_FC - ok 03:48:13.0186 2648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 03:48:13.0187 2648 LSI_SAS - ok 03:48:13.0192 2648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 03:48:13.0193 2648 LSI_SAS2 - ok 03:48:13.0199 2648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 03:48:13.0201 2648 LSI_SCSI - ok 03:48:13.0224 2648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 03:48:13.0225 2648 luafv - ok 03:48:13.0245 2648 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 03:48:13.0247 2648 Mcx2Svc - ok 03:48:13.0251 2648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 03:48:13.0252 2648 megasas - ok 03:48:13.0265 2648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 03:48:13.0267 2648 MegaSR - ok 03:48:13.0283 2648 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 03:48:13.0283 2648 MEIx64 - ok 03:48:13.0299 2648 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 03:48:13.0300 2648 MMCSS - ok 03:48:13.0304 2648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 03:48:13.0304 2648 Modem - ok 03:48:13.0347 2648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 03:48:13.0347 2648 monitor - ok 03:48:13.0359 2648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 03:48:13.0360 2648 mouclass - ok 03:48:13.0380 2648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 03:48:13.0380 2648 mouhid - ok 03:48:13.0396 2648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 03:48:13.0397 2648 mountmgr - ok 03:48:13.0464 2648 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 03:48:13.0466 2648 MozillaMaintenance - ok 03:48:13.0480 2648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 03:48:13.0481 2648 mpio - ok 03:48:13.0503 2648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 03:48:13.0504 2648 mpsdrv - ok 03:48:13.0511 2648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 03:48:13.0512 2648 MRxDAV - ok 03:48:13.0540 2648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 03:48:13.0542 2648 mrxsmb - ok 03:48:13.0569 2648 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 03:48:13.0571 2648 mrxsmb10 - ok 03:48:13.0589 2648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 03:48:13.0590 2648 mrxsmb20 - ok 03:48:13.0598 2648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 03:48:13.0599 2648 msahci - ok 03:48:13.0607 2648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 03:48:13.0609 2648 msdsm - ok 03:48:13.0641 2648 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 03:48:13.0643 2648 MSDTC - ok 03:48:13.0666 2648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 03:48:13.0667 2648 Msfs - ok 03:48:13.0679 2648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 03:48:13.0680 2648 mshidkmdf - ok 03:48:13.0682 2648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 03:48:13.0683 2648 msisadrv - ok 03:48:13.0714 2648 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 03:48:13.0716 2648 MSiSCSI - ok 03:48:13.0718 2648 msiserver - ok 03:48:13.0740 2648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 03:48:13.0741 2648 MSKSSRV - ok 03:48:13.0749 2648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 03:48:13.0750 2648 MSPCLOCK - ok 03:48:13.0752 2648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 03:48:13.0753 2648 MSPQM - ok 03:48:13.0783 2648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 03:48:13.0786 2648 MsRPC - ok 03:48:13.0801 2648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 03:48:13.0802 2648 mssmbios - ok 03:48:13.0826 2648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 03:48:13.0827 2648 MSTEE - ok 03:48:13.0829 2648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 03:48:13.0830 2648 MTConfig - ok 03:48:13.0847 2648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 03:48:13.0848 2648 Mup - ok 03:48:13.0990 2648 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe 03:48:13.0993 2648 N360 - ok 03:48:14.0034 2648 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 03:48:14.0048 2648 napagent - ok 03:48:14.0085 2648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 03:48:14.0088 2648 NativeWifiP - ok 03:48:14.0152 2648 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe 03:48:14.0185 2648 NAUpdate - ok 03:48:14.0348 2648 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120714.017\ENG64.SYS 03:48:14.0350 2648 NAVENG - ok 03:48:14.0438 2648 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120714.017\EX64.SYS 03:48:14.0457 2648 NAVEX15 - ok 03:48:14.0599 2648 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 03:48:14.0605 2648 NDIS - ok 03:48:14.0625 2648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 03:48:14.0626 2648 NdisCap - ok 03:48:14.0646 2648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 03:48:14.0646 2648 NdisTapi - ok 03:48:14.0666 2648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 03:48:14.0666 2648 Ndisuio - ok 03:48:14.0675 2648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 03:48:14.0676 2648 NdisWan - ok 03:48:14.0687 2648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 03:48:14.0688 2648 NDProxy - ok 03:48:14.0704 2648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 03:48:14.0704 2648 NetBIOS - ok 03:48:14.0717 2648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 03:48:14.0719 2648 NetBT - ok 03:48:14.0743 2648 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:48:14.0744 2648 Netlogon - ok 03:48:14.0789 2648 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 03:48:14.0792 2648 Netman - ok 03:48:14.0810 2648 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 03:48:14.0813 2648 netprofm - ok 03:48:14.0894 2648 netr28x (5758fd37bf31e759f8610311e4d08eca) C:\Windows\system32\DRIVERS\netr28x.sys 03:48:14.0900 2648 netr28x - ok 03:48:14.0952 2648 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 03:48:14.0953 2648 NetTcpPortSharing - ok 03:48:15.0023 2648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 03:48:15.0024 2648 nfrd960 - ok 03:48:15.0055 2648 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 03:48:15.0058 2648 NlaSvc - ok 03:48:15.0092 2648 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys 03:48:15.0093 2648 NPF - ok 03:48:15.0107 2648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 03:48:15.0108 2648 Npfs - ok 03:48:15.0114 2648 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 03:48:15.0115 2648 nsi - ok 03:48:15.0138 2648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 03:48:15.0138 2648 nsiproxy - ok 03:48:15.0231 2648 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 03:48:15.0243 2648 Ntfs - ok 03:48:15.0275 2648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 03:48:15.0281 2648 Null - ok 03:48:15.0323 2648 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 03:48:15.0324 2648 nvraid - ok 03:48:15.0346 2648 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 03:48:15.0347 2648 nvstor - ok 03:48:15.0378 2648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 03:48:15.0379 2648 nv_agp - ok 03:48:15.0385 2648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 03:48:15.0385 2648 ohci1394 - ok 03:48:15.0412 2648 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 03:48:15.0415 2648 p2pimsvc - ok 03:48:15.0440 2648 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 03:48:15.0456 2648 p2psvc - ok 03:48:15.0461 2648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 03:48:15.0462 2648 Parport - ok 03:48:15.0496 2648 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 03:48:15.0497 2648 partmgr - ok 03:48:15.0506 2648 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 03:48:15.0508 2648 PcaSvc - ok 03:48:15.0529 2648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 03:48:15.0531 2648 pci - ok 03:48:15.0533 2648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 03:48:15.0534 2648 pciide - ok 03:48:15.0555 2648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 03:48:15.0594 2648 pcmcia - ok 03:48:15.0606 2648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 03:48:15.0607 2648 pcw - ok 03:48:15.0633 2648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 03:48:15.0638 2648 PEAUTH - ok 03:48:15.0699 2648 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 03:48:15.0716 2648 PerfHost - ok 03:48:15.0864 2648 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 03:48:15.0880 2648 pla - ok 03:48:15.0927 2648 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 03:48:15.0930 2648 PlugPlay - ok 03:48:15.0942 2648 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 03:48:15.0943 2648 PNRPAutoReg - ok 03:48:15.0979 2648 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 03:48:15.0980 2648 PNRPsvc - ok 03:48:16.0024 2648 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 03:48:16.0037 2648 PolicyAgent - ok 03:48:16.0060 2648 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 03:48:16.0062 2648 Power - ok 03:48:16.0111 2648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 03:48:16.0112 2648 PptpMiniport - ok 03:48:16.0131 2648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 03:48:16.0132 2648 Processor - ok 03:48:16.0159 2648 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 03:48:16.0162 2648 ProfSvc - ok 03:48:16.0188 2648 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:48:16.0188 2648 ProtectedStorage - ok 03:48:16.0209 2648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 03:48:16.0210 2648 Psched - ok 03:48:16.0284 2648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 03:48:16.0305 2648 ql2300 - ok 03:48:16.0384 2648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 03:48:16.0385 2648 ql40xx - ok 03:48:16.0408 2648 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 03:48:16.0410 2648 QWAVE - ok 03:48:16.0430 2648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 03:48:16.0431 2648 QWAVEdrv - ok 03:48:16.0434 2648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 03:48:16.0434 2648 RasAcd - ok 03:48:16.0463 2648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 03:48:16.0464 2648 RasAgileVpn - ok 03:48:16.0480 2648 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 03:48:16.0482 2648 RasAuto - ok 03:48:16.0496 2648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 03:48:16.0497 2648 Rasl2tp - ok 03:48:16.0513 2648 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 03:48:16.0515 2648 RasMan - ok 03:48:16.0551 2648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 03:48:16.0552 2648 RasPppoe - ok 03:48:16.0564 2648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 03:48:16.0565 2648 RasSstp - ok 03:48:16.0593 2648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 03:48:16.0595 2648 rdbss - ok 03:48:16.0608 2648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 03:48:16.0609 2648 rdpbus - ok 03:48:16.0630 2648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 03:48:16.0630 2648 RDPCDD - ok 03:48:16.0649 2648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 03:48:16.0650 2648 RDPENCDD - ok 03:48:16.0653 2648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 03:48:16.0654 2648 RDPREFMP - ok 03:48:16.0693 2648 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 03:48:16.0694 2648 RDPWD - ok 03:48:16.0705 2648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 03:48:16.0706 2648 rdyboost - ok 03:48:16.0827 2648 RegFilter (5f9ac3243c206ec95f32e4348ae67c13) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 03:48:16.0828 2648 RegFilter - ok 03:48:16.0868 2648 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 03:48:16.0869 2648 RemoteAccess - ok 03:48:16.0883 2648 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 03:48:16.0884 2648 RemoteRegistry - ok 03:48:16.0954 2648 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe 03:48:16.0955 2648 rpcapd - ok 03:48:16.0969 2648 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 03:48:16.0970 2648 RpcEptMapper - ok 03:48:16.0983 2648 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 03:48:16.0984 2648 RpcLocator - ok 03:48:17.0015 2648 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 03:48:17.0018 2648 RpcSs - ok 03:48:17.0031 2648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 03:48:17.0033 2648 rspndr - ok 03:48:17.0084 2648 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys 03:48:17.0086 2648 RTL8167 - ok 03:48:17.0102 2648 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:48:17.0102 2648 SamSs - ok 03:48:17.0122 2648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 03:48:17.0123 2648 sbp2port - ok 03:48:17.0140 2648 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 03:48:17.0143 2648 SCardSvr - ok 03:48:17.0157 2648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 03:48:17.0157 2648 scfilter - ok 03:48:17.0209 2648 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 03:48:17.0227 2648 Schedule - ok 03:48:17.0249 2648 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 03:48:17.0249 2648 SCPolicySvc - ok 03:48:17.0269 2648 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 03:48:17.0271 2648 SDRSVC - ok 03:48:17.0318 2648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 03:48:17.0319 2648 secdrv - ok 03:48:17.0337 2648 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 03:48:17.0338 2648 seclogon - ok 03:48:17.0352 2648 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 03:48:17.0353 2648 SENS - ok 03:48:17.0373 2648 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 03:48:17.0374 2648 SensrSvc - ok 03:48:17.0390 2648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 03:48:17.0390 2648 Serenum - ok 03:48:17.0398 2648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 03:48:17.0399 2648 Serial - ok 03:48:17.0415 2648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 03:48:17.0416 2648 sermouse - ok 03:48:17.0440 2648 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 03:48:17.0442 2648 SessionEnv - ok 03:48:17.0445 2648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 03:48:17.0446 2648 sffdisk - ok 03:48:17.0448 2648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 03:48:17.0449 2648 sffp_mmc - ok 03:48:17.0451 2648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 03:48:17.0452 2648 sffp_sd - ok 03:48:17.0454 2648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 03:48:17.0455 2648 sfloppy - ok 03:48:17.0486 2648 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 03:48:17.0489 2648 ShellHWDetection - ok 03:48:17.0500 2648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 03:48:17.0501 2648 SiSRaid2 - ok 03:48:17.0506 2648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 03:48:17.0506 2648 SiSRaid4 - ok 03:48:17.0588 2648 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe 03:48:17.0589 2648 SkypeUpdate - ok 03:48:17.0605 2648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 03:48:17.0607 2648 Smb - ok 03:48:17.0626 2648 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 03:48:17.0627 2648 SNMPTRAP - ok 03:48:17.0640 2648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 03:48:17.0641 2648 spldr - ok 03:48:17.0672 2648 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 03:48:17.0691 2648 Spooler - ok 03:48:17.0792 2648 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 03:48:17.0847 2648 sppsvc - ok 03:48:17.0942 2648 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 03:48:17.0944 2648 sppuinotify - ok 03:48:18.0074 2648 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSP64.SYS 03:48:18.0080 2648 SRTSP - ok 03:48:18.0108 2648 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS 03:48:18.0109 2648 SRTSPX - ok 03:48:18.0149 2648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 03:48:18.0164 2648 srv - ok 03:48:18.0192 2648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 03:48:18.0196 2648 srv2 - ok 03:48:18.0213 2648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 03:48:18.0215 2648 srvnet - ok 03:48:18.0237 2648 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 03:48:18.0239 2648 SSDPSRV - ok 03:48:18.0255 2648 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 03:48:18.0256 2648 SstpSvc - ok 03:48:18.0291 2648 Steam Client Service - ok 03:48:18.0318 2648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 03:48:18.0319 2648 stexstor - ok 03:48:18.0370 2648 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 03:48:18.0392 2648 stisvc - ok 03:48:18.0403 2648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 03:48:18.0403 2648 swenum - ok 03:48:18.0441 2648 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 03:48:18.0454 2648 swprv - ok 03:48:18.0552 2648 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS 03:48:18.0556 2648 SymDS - ok 03:48:18.0698 2648 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS 03:48:18.0710 2648 SymEFA - ok 03:48:18.0763 2648 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 03:48:18.0765 2648 SymEvent - ok 03:48:18.0820 2648 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS 03:48:18.0822 2648 SymIRON - ok 03:48:18.0873 2648 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS 03:48:18.0876 2648 SymNetS - ok 03:48:18.0958 2648 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 03:48:18.0977 2648 SysMain - ok 03:48:19.0067 2648 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 03:48:19.0069 2648 TabletInputService - ok 03:48:19.0291 2648 TabletServicePen (25999f2134be3ea656d1f8d50fa089e6) C:\Windows\system32\Pen_Tablet.exe 03:48:19.0370 2648 TabletServicePen - ok 03:48:19.0428 2648 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 03:48:19.0431 2648 TapiSrv - ok 03:48:19.0448 2648 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 03:48:19.0449 2648 TBS - ok 03:48:19.0568 2648 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 03:48:19.0581 2648 Tcpip - ok 03:48:19.0683 2648 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 03:48:19.0690 2648 TCPIP6 - ok 03:48:19.0742 2648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 03:48:19.0743 2648 tcpipreg - ok 03:48:19.0760 2648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 03:48:19.0760 2648 TDPIPE - ok 03:48:19.0786 2648 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 03:48:19.0787 2648 TDTCP - ok 03:48:19.0801 2648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 03:48:19.0802 2648 tdx - ok 03:48:19.0819 2648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 03:48:19.0819 2648 TermDD - ok 03:48:19.0863 2648 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 03:48:19.0872 2648 TermService - ok 03:48:19.0885 2648 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 03:48:19.0886 2648 Themes - ok 03:48:19.0900 2648 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 03:48:19.0901 2648 THREADORDER - ok 03:48:19.0910 2648 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 03:48:19.0912 2648 TrkWks - ok 03:48:19.0946 2648 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 03:48:19.0948 2648 TrustedInstaller - ok 03:48:19.0965 2648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 03:48:19.0966 2648 tssecsrv - ok 03:48:19.0989 2648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 03:48:19.0990 2648 TsUsbFlt - ok 03:48:19.0994 2648 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 03:48:19.0995 2648 TsUsbGD - ok 03:48:20.0022 2648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 03:48:20.0023 2648 tunnel - ok 03:48:20.0027 2648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 03:48:20.0028 2648 uagp35 - ok 03:48:20.0058 2648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 03:48:20.0120 2648 udfs - ok 03:48:20.0156 2648 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 03:48:20.0157 2648 UI0Detect - ok 03:48:20.0161 2648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 03:48:20.0162 2648 uliagpkx - ok 03:48:20.0187 2648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 03:48:20.0188 2648 umbus - ok 03:48:20.0190 2648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 03:48:20.0191 2648 UmPass - ok 03:48:20.0367 2648 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 03:48:20.0405 2648 UNS - ok 03:48:20.0505 2648 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 03:48:20.0508 2648 upnphost - ok 03:48:20.0589 2648 UrlFilter (241080f1b28e68f0d00f8f1066a3780d) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 03:48:20.0590 2648 UrlFilter - ok 03:48:20.0654 2648 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 03:48:20.0655 2648 USBAAPL64 - ok 03:48:20.0678 2648 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 03:48:20.0679 2648 usbccgp - ok 03:48:20.0708 2648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 03:48:20.0709 2648 usbcir - ok 03:48:20.0727 2648 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 03:48:20.0728 2648 usbehci - ok 03:48:20.0763 2648 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 03:48:20.0765 2648 usbhub - ok 03:48:20.0781 2648 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 03:48:20.0782 2648 usbohci - ok 03:48:20.0794 2648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 03:48:20.0795 2648 usbprint - ok 03:48:20.0827 2648 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 03:48:20.0828 2648 usbscan - ok 03:48:20.0849 2648 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 03:48:20.0850 2648 USBSTOR - ok 03:48:20.0875 2648 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 03:48:20.0876 2648 usbuhci - ok 03:48:20.0889 2648 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 03:48:20.0891 2648 UxSms - ok 03:48:20.0901 2648 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:48:20.0902 2648 VaultSvc - ok 03:48:20.0938 2648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 03:48:20.0939 2648 vdrvroot - ok 03:48:20.0977 2648 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 03:48:20.0989 2648 vds - ok 03:48:20.0996 2648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 03:48:20.0997 2648 vga - ok 03:48:21.0007 2648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 03:48:21.0008 2648 VgaSave - ok 03:48:21.0018 2648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 03:48:21.0020 2648 vhdmp - ok 03:48:21.0022 2648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 03:48:21.0023 2648 viaide - ok 03:48:21.0032 2648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 03:48:21.0033 2648 volmgr - ok 03:48:21.0057 2648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 03:48:21.0060 2648 volmgrx - ok 03:48:21.0072 2648 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 03:48:21.0075 2648 volsnap - ok 03:48:21.0105 2648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 03:48:21.0106 2648 vsmraid - ok 03:48:21.0167 2648 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 03:48:21.0192 2648 VSS - ok 03:48:21.0282 2648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 03:48:21.0282 2648 vwifibus - ok 03:48:21.0312 2648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 03:48:21.0313 2648 vwififlt - ok 03:48:21.0350 2648 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 03:48:21.0351 2648 vwifimp - ok 03:48:21.0368 2648 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 03:48:21.0371 2648 W32Time - ok 03:48:21.0397 2648 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) C:\Windows\system32\DRIVERS\wacmoumonitor.sys 03:48:21.0398 2648 wacmoumonitor - ok 03:48:21.0434 2648 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys 03:48:21.0434 2648 wacommousefilter - ok 03:48:21.0437 2648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 03:48:21.0438 2648 WacomPen - ok 03:48:21.0447 2648 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys 03:48:21.0447 2648 wacomvhid - ok 03:48:21.0462 2648 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys 03:48:21.0462 2648 WacomVKHid - ok 03:48:21.0494 2648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 03:48:21.0495 2648 WANARP - ok 03:48:21.0497 2648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 03:48:21.0498 2648 Wanarpv6 - ok 03:48:21.0594 2648 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 03:48:21.0606 2648 WatAdminSvc - ok 03:48:21.0666 2648 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 03:48:21.0688 2648 wbengine - ok 03:48:21.0781 2648 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 03:48:21.0783 2648 WbioSrvc - ok 03:48:21.0809 2648 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 03:48:21.0812 2648 wcncsvc - ok 03:48:21.0826 2648 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 03:48:21.0828 2648 WcsPlugInService - ok 03:48:21.0861 2648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 03:48:21.0861 2648 Wd - ok 03:48:21.0899 2648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 03:48:21.0908 2648 Wdf01000 - ok 03:48:21.0918 2648 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 03:48:21.0919 2648 WdiServiceHost - ok 03:48:21.0925 2648 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 03:48:21.0927 2648 WdiSystemHost - ok 03:48:21.0939 2648 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 03:48:21.0955 2648 WebClient - ok 03:48:21.0986 2648 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 03:48:21.0989 2648 Wecsvc - ok 03:48:22.0000 2648 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 03:48:22.0002 2648 wercplsupport - ok 03:48:22.0021 2648 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 03:48:22.0023 2648 WerSvc - ok 03:48:22.0036 2648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 03:48:22.0037 2648 WfpLwf - ok 03:48:22.0056 2648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 03:48:22.0089 2648 WIMMount - ok 03:48:22.0092 2648 WinHttpAutoProxySvc - ok 03:48:22.0170 2648 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 03:48:22.0171 2648 Winmgmt - ok 03:48:22.0278 2648 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 03:48:22.0296 2648 WinRM - ok 03:48:22.0414 2648 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 03:48:22.0415 2648 WinUsb - ok 03:48:22.0464 2648 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 03:48:22.0478 2648 Wlansvc - ok 03:48:22.0525 2648 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 03:48:22.0527 2648 wlcrasvc - ok 03:48:22.0657 2648 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 03:48:22.0692 2648 wlidsvc - ok 03:48:22.0741 2648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 03:48:22.0742 2648 WmiAcpi - ok 03:48:22.0799 2648 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 03:48:22.0801 2648 wmiApSrv - ok 03:48:22.0825 2648 WMPNetworkSvc - ok 03:48:22.0845 2648 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 03:48:22.0847 2648 WPCSvc - ok 03:48:22.0862 2648 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 03:48:22.0864 2648 WPDBusEnum - ok 03:48:22.0878 2648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 03:48:22.0878 2648 ws2ifsl - ok 03:48:22.0880 2648 WSearch - ok 03:48:22.0950 2648 WTouchService (21903f2fc8f70c1fc2aaaa2f06c2c665) C:\Program Files\WTouch\WTouchService.exe 03:48:22.0952 2648 WTouchService - ok 03:48:23.0078 2648 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 03:48:23.0120 2648 wuauserv - ok 03:48:23.0214 2648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 03:48:23.0215 2648 WudfPf - ok 03:48:23.0232 2648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 03:48:23.0234 2648 WUDFRd - ok 03:48:23.0250 2648 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 03:48:23.0252 2648 wudfsvc - ok 03:48:23.0275 2648 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 03:48:23.0333 2648 WwanSvc - ok 03:48:23.0392 2648 X6va005 - ok 03:48:23.0435 2648 X6va008 - ok 03:48:23.0453 2648 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys 03:48:23.0455 2648 xusb21 - ok 03:48:23.0491 2648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 03:48:23.0659 2648 \Device\Harddisk0\DR0 - ok 03:48:23.0660 2648 Boot (0x1200) (c7e6f22c8c0781caa951123ce1e23175) \Device\Harddisk0\DR0\Partition0 03:48:23.0661 2648 \Device\Harddisk0\DR0\Partition0 - ok 03:48:23.0668 2648 Boot (0x1200) (a994c9a0cf4a5376a3d827b6e8dbd8ce) \Device\Harddisk0\DR0\Partition1 03:48:23.0670 2648 \Device\Harddisk0\DR0\Partition1 - ok 03:48:23.0670 2648 ============================================================ 03:48:23.0670 2648 Scan finished 03:48:23.0670 2648 ============================================================ 03:48:23.0675 2640 Detected object count: 0 03:48:23.0675 2640 Actual detected object count: 0 03:51:10.0030 2560 ============================================================ 03:51:10.0030 2560 Scan started 03:51:10.0030 2560 Mode: Manual; 03:51:10.0030 2560 ============================================================ 03:51:11.0175 2560 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 03:51:11.0176 2560 1394ohci - ok 03:51:11.0256 2560 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 03:51:11.0258 2560 ACPI - ok 03:51:11.0363 2560 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 03:51:11.0363 2560 AcpiPmi - ok 03:51:11.0533 2560 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 03:51:11.0534 2560 AdobeARMservice - ok 03:51:12.0114 2560 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 03:51:12.0115 2560 AdobeFlashPlayerUpdateSvc - ok 03:51:12.0157 2560 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 03:51:12.0159 2560 adp94xx - ok 03:51:12.0182 2560 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 03:51:12.0184 2560 adpahci - ok 03:51:12.0193 2560 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 03:51:12.0193 2560 adpu320 - ok 03:51:12.0225 2560 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 03:51:12.0226 2560 AeLookupSvc - ok 03:51:12.0272 2560 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 03:51:12.0274 2560 AFD - ok 03:51:12.0296 2560 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 03:51:12.0297 2560 agp440 - ok 03:51:12.0308 2560 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 03:51:12.0308 2560 ALG - ok 03:51:12.0317 2560 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 03:51:12.0317 2560 aliide - ok 03:51:12.0319 2560 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 03:51:12.0320 2560 amdide - ok 03:51:12.0324 2560 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 03:51:12.0325 2560 AmdK8 - ok 03:51:12.0329 2560 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 03:51:12.0329 2560 AmdPPM - ok 03:51:12.0356 2560 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 03:51:12.0357 2560 amdsata - ok 03:51:12.0375 2560 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 03:51:12.0375 2560 amdsbs - ok 03:51:12.0394 2560 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 03:51:12.0395 2560 amdxata - ok 03:51:12.0418 2560 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 03:51:12.0419 2560 AppID - ok 03:51:12.0431 2560 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 03:51:12.0431 2560 AppIDSvc - ok 03:51:12.0452 2560 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 03:51:12.0452 2560 Appinfo - ok 03:51:12.0547 2560 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 03:51:12.0548 2560 Apple Mobile Device - ok 03:51:12.0553 2560 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 03:51:12.0554 2560 arc - ok 03:51:12.0559 2560 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 03:51:12.0559 2560 arcsas - ok 03:51:12.0571 2560 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 03:51:12.0571 2560 AsyncMac - ok 03:51:12.0578 2560 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 03:51:12.0578 2560 atapi - ok 03:51:12.0630 2560 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 03:51:12.0632 2560 AudioEndpointBuilder - ok 03:51:12.0637 2560 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 03:51:12.0640 2560 AudioSrv - ok 03:51:12.0667 2560 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 03:51:12.0667 2560 AxInstSV - ok 03:51:12.0710 2560 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 03:51:12.0712 2560 b06bdrv - ok 03:51:12.0739 2560 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 03:51:12.0740 2560 b57nd60a - ok 03:51:12.0759 2560 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 03:51:12.0760 2560 BDESVC - ok 03:51:12.0773 2560 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 03:51:12.0773 2560 Beep - ok 03:51:12.0946 2560 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys 03:51:12.0951 2560 BHDrvx64 - ok 03:51:13.0008 2560 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 03:51:13.0012 2560 BITS - ok 03:51:13.0063 2560 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 03:51:13.0063 2560 blbdrive - ok 03:51:13.0150 2560 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 03:51:13.0152 2560 Bonjour Service - ok 03:51:13.0171 2560 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 03:51:13.0171 2560 bowser - ok 03:51:13.0187 2560 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 03:51:13.0188 2560 BrFiltLo - ok 03:51:13.0190 2560 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 03:51:13.0190 2560 BrFiltUp - ok 03:51:13.0215 2560 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 03:51:13.0216 2560 Browser - ok 03:51:13.0229 2560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 03:51:13.0230 2560 Brserid - ok 03:51:13.0233 2560 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 03:51:13.0234 2560 BrSerWdm - ok 03:51:13.0237 2560 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 03:51:13.0237 2560 BrUsbMdm - ok 03:51:13.0240 2560 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 03:51:13.0240 2560 BrUsbSer - ok 03:51:13.0266 2560 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 03:51:13.0266 2560 BTHMODEM - ok 03:51:13.0292 2560 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 03:51:13.0292 2560 bthserv - ok 03:51:13.0358 2560 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys 03:51:13.0359 2560 ccSet_N360 - ok 03:51:13.0377 2560 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 03:51:13.0377 2560 cdfs - ok 03:51:13.0393 2560 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 03:51:13.0394 2560 cdrom - ok 03:51:13.0658 2560 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 03:51:13.0658 2560 CertPropSvc - ok 03:51:13.0680 2560 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 03:51:13.0680 2560 circlass - ok 03:51:13.0820 2560 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 03:51:13.0821 2560 CLFS - ok 03:51:14.0493 2560 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 03:51:14.0494 2560 clr_optimization_v2.0.50727_32 - ok 03:51:14.0811 2560 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 03:51:14.0812 2560 clr_optimization_v2.0.50727_64 - ok 03:51:14.0881 2560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 03:51:14.0882 2560 clr_optimization_v4.0.30319_32 - ok 03:51:14.0935 2560 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 03:51:14.0936 2560 clr_optimization_v4.0.30319_64 - ok 03:51:14.0959 2560 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 03:51:14.0959 2560 CmBatt - ok 03:51:14.0963 2560 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 03:51:14.0963 2560 cmdide - ok 03:51:15.0013 2560 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 03:51:15.0014 2560 CNG - ok 03:51:15.0046 2560 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 03:51:15.0047 2560 Compbatt - ok 03:51:15.0118 2560 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 03:51:15.0118 2560 CompositeBus - ok 03:51:15.0121 2560 COMSysApp - ok 03:51:15.0195 2560 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe 03:51:15.0196 2560 cphs - ok 03:51:15.0200 2560 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 03:51:15.0200 2560 crcdisk - ok 03:51:15.0271 2560 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 03:51:15.0272 2560 CryptSvc - ok 03:51:15.0316 2560 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 03:51:15.0318 2560 DcomLaunch - ok 03:51:15.0376 2560 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 03:51:15.0377 2560 defragsvc - ok 03:51:15.0405 2560 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 03:51:15.0405 2560 DfsC - ok 03:51:15.0419 2560 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 03:51:15.0421 2560 Dhcp - ok 03:51:15.0598 2560 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 03:51:15.0598 2560 discache - ok 03:51:15.0690 2560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 03:51:15.0690 2560 Disk - ok 03:51:15.0710 2560 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 03:51:15.0711 2560 Dnscache - ok 03:51:16.0328 2560 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 03:51:16.0329 2560 dot3svc - ok 03:51:16.0679 2560 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 03:51:16.0680 2560 DPS - ok 03:51:16.0699 2560 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 03:51:16.0699 2560 drmkaud - ok 03:51:16.0784 2560 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 03:51:16.0788 2560 DXGKrnl - ok 03:51:16.0790 2560 EagleX64 - ok 03:51:17.0385 2560 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 03:51:17.0386 2560 EapHost - ok 03:51:17.0736 2560 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 03:51:17.0749 2560 ebdrv - ok 03:51:18.0077 2560 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 03:51:18.0079 2560 eeCtrl - ok 03:51:18.0187 2560 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 03:51:18.0188 2560 EFS - ok 03:51:18.0258 2560 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 03:51:18.0261 2560 ehRecvr - ok 03:51:18.0295 2560 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 03:51:18.0296 2560 ehSched - ok 03:51:18.0343 2560 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 03:51:18.0345 2560 elxstor - ok 03:51:18.0423 2560 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 03:51:18.0423 2560 EraserUtilRebootDrv - ok 03:51:18.0426 2560 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 03:51:18.0427 2560 ErrDev - ok 03:51:18.0446 2560 EtronHub3 (cfba28fab72e6a39add71d958f219648) C:\Windows\system32\Drivers\EtronHub3.sys 03:51:18.0447 2560 EtronHub3 - ok 03:51:18.0467 2560 EtronXHCI (0241ce183139ff15cea7234058ccf995) C:\Windows\system32\Drivers\EtronXHCI.sys 03:51:18.0467 2560 EtronXHCI - ok 03:51:18.0501 2560 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 03:51:18.0503 2560 EventSystem - ok 03:51:18.0539 2560 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 03:51:18.0540 2560 exfat - ok 03:51:18.0556 2560 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 03:51:18.0557 2560 fastfat - ok 03:51:18.0598 2560 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 03:51:18.0601 2560 Fax - ok 03:51:18.0604 2560 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 03:51:18.0604 2560 fdc - ok 03:51:18.0629 2560 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 03:51:18.0629 2560 fdPHost - ok 03:51:18.0635 2560 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 03:51:18.0636 2560 FDResPub - ok 03:51:18.0657 2560 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 03:51:18.0657 2560 FileInfo - ok 03:51:18.0781 2560 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys 03:51:18.0781 2560 FileMonitor - ok 03:51:18.0816 2560 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 03:51:18.0817 2560 Filetrace - ok 03:51:18.0927 2560 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 03:51:18.0927 2560 flpydisk - ok 03:51:18.0998 2560 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 03:51:18.0999 2560 FltMgr - ok 03:51:19.0085 2560 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 03:51:19.0089 2560 FontCache - ok 03:51:19.0164 2560 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 03:51:19.0164 2560 FontCache3.0.0.0 - ok 03:51:19.0203 2560 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 03:51:19.0203 2560 FsDepends - ok 03:51:19.0225 2560 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 03:51:19.0225 2560 Fs_Rec - ok 03:51:19.0244 2560 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 03:51:19.0245 2560 fvevol - ok 03:51:19.0269 2560 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 03:51:19.0269 2560 gagp30kx - ok 03:51:19.0322 2560 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 03:51:19.0323 2560 GamesAppService - ok 03:51:19.0358 2560 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys 03:51:19.0358 2560 GEARAspiWDM - ok 03:51:19.0409 2560 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 03:51:19.0412 2560 gpsvc - ok 03:51:19.0469 2560 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe 03:51:19.0469 2560 GREGService - ok 03:51:19.0600 2560 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03:51:19.0601 2560 gupdate - ok 03:51:19.0603 2560 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03:51:19.0604 2560 gupdatem - ok 03:51:20.0202 2560 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 03:51:20.0203 2560 gusvc - ok 03:51:20.0665 2560 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 03:51:20.0665 2560 hcw85cir - ok 03:51:20.0743 2560 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 03:51:20.0744 2560 HdAudAddService - ok 03:51:20.0762 2560 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 03:51:20.0763 2560 HDAudBus - ok 03:51:20.0766 2560 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 03:51:20.0766 2560 HidBatt - ok 03:51:20.0773 2560 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 03:51:20.0773 2560 HidBth - ok 03:51:20.0777 2560 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 03:51:20.0777 2560 HidIr - ok 03:51:20.0794 2560 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 03:51:20.0795 2560 hidserv - ok 03:51:20.0801 2560 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 03:51:20.0801 2560 HidUsb - ok 03:51:20.0824 2560 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 03:51:20.0825 2560 hkmsvc - ok 03:51:20.0845 2560 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 03:51:20.0847 2560 HomeGroupListener - ok 03:51:20.0873 2560 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 03:51:20.0874 2560 HomeGroupProvider - ok 03:51:20.0880 2560 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 03:51:20.0880 2560 HpSAMD - ok 03:51:20.0928 2560 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 03:51:20.0931 2560 HTTP - ok 03:51:20.0961 2560 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 03:51:20.0962 2560 hwpolicy - ok 03:51:20.0968 2560 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 03:51:20.0968 2560 i8042prt - ok 03:51:20.0988 2560 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys 03:51:20.0990 2560 iaStor - ok 03:51:21.0059 2560 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 03:51:21.0059 2560 IAStorDataMgrSvc - ok 03:51:21.0195 2560 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 03:51:21.0197 2560 iaStorV - ok 03:51:22.0407 2560 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 03:51:22.0410 2560 idsvc - ok 03:51:22.0568 2560 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSvia64.sys 03:51:22.0570 2560 IDSVia64 - ok 03:51:23.0284 2560 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys 03:51:23.0341 2560 igfx - ok 03:51:23.0410 2560 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 03:51:23.0411 2560 iirsp - ok 03:51:24.0179 2560 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 03:51:24.0179 2560 IJPLMSVC - ok 03:51:24.0325 2560 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 03:51:24.0329 2560 IKEEXT - ok 03:51:24.0405 2560 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe 03:51:24.0409 2560 IMFservice - ok 03:51:24.0592 2560 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys 03:51:24.0602 2560 IntcAzAudAddService - ok 03:51:24.0684 2560 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 03:51:24.0686 2560 IntcDAud - ok 03:51:24.0699 2560 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 03:51:24.0699 2560 intelide - ok 03:51:24.0715 2560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 03:51:24.0715 2560 intelppm - ok 03:51:24.0739 2560 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 03:51:24.0740 2560 IPBusEnum - ok 03:51:24.0745 2560 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 03:51:24.0745 2560 IpFilterDriver - ok 03:51:24.0750 2560 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 03:51:24.0751 2560 IPMIDRV - ok 03:51:24.0762 2560 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 03:51:24.0763 2560 IPNAT - ok 03:51:24.0874 2560 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 03:51:24.0878 2560 iPod Service - ok 03:51:24.0890 2560 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 03:51:24.0890 2560 IRENUM - ok 03:51:24.0893 2560 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 03:51:24.0894 2560 isapnp - ok 03:51:24.0914 2560 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 03:51:24.0916 2560 iScsiPrt - ok 03:51:24.0931 2560 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 03:51:24.0932 2560 kbdclass - ok 03:51:24.0938 2560 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 03:51:24.0939 2560 kbdhid - ok 03:51:25.0020 2560 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:51:25.0021 2560 KeyIso - ok 03:51:25.0047 2560 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 03:51:25.0048 2560 KSecDD - ok 03:51:25.0069 2560 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 03:51:25.0070 2560 KSecPkg - ok 03:51:25.0084 2560 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 03:51:25.0085 2560 ksthunk - ok 03:51:25.0119 2560 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 03:51:25.0122 2560 KtmRm - ok 03:51:25.0158 2560 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 03:51:25.0160 2560 LanmanServer - ok 03:51:25.0177 2560 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 03:51:25.0178 2560 LanmanWorkstation - ok 03:51:25.0221 2560 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe 03:51:25.0222 2560 Live Updater Service - ok 03:51:25.0240 2560 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 03:51:25.0241 2560 lltdio - ok 03:51:25.0264 2560 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 03:51:25.0266 2560 lltdsvc - ok 03:51:25.0274 2560 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 03:51:25.0275 2560 lmhosts - ok 03:51:25.0346 2560 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 03:51:25.0347 2560 LMS - ok 03:51:25.0367 2560 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 03:51:25.0368 2560 LSI_FC - ok 03:51:25.0375 2560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 03:51:25.0375 2560 LSI_SAS - ok 03:51:25.0385 2560 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 03:51:25.0385 2560 LSI_SAS2 - ok 03:51:25.0391 2560 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 03:51:25.0392 2560 LSI_SCSI - ok 03:51:25.0435 2560 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 03:51:25.0436 2560 luafv - ok 03:51:25.0457 2560 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 03:51:25.0457 2560 Mcx2Svc - ok 03:51:25.0461 2560 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 03:51:25.0461 2560 megasas - ok 03:51:25.0474 2560 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 03:51:25.0475 2560 MegaSR - ok 03:51:25.0493 2560 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 03:51:25.0494 2560 MEIx64 - ok 03:51:25.0522 2560 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 03:51:25.0522 2560 MMCSS - ok 03:51:25.0526 2560 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 03:51:25.0526 2560 Modem - ok 03:51:25.0558 2560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 03:51:25.0558 2560 monitor - ok 03:51:25.0570 2560 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 03:51:25.0571 2560 mouclass - ok 03:51:25.0580 2560 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 03:51:25.0580 2560 mouhid - ok 03:51:25.0596 2560 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 03:51:25.0596 2560 mountmgr - ok 03:51:25.0631 2560 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 03:51:25.0631 2560 MozillaMaintenance - ok 03:51:25.0646 2560 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 03:51:25.0647 2560 mpio - ok 03:51:25.0658 2560 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 03:51:25.0659 2560 mpsdrv - ok 03:51:25.0666 2560 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 03:51:25.0667 2560 MRxDAV - ok 03:51:26.0216 2560 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 03:51:26.0216 2560 mrxsmb - ok 03:51:26.0236 2560 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 03:51:26.0237 2560 mrxsmb10 - ok 03:51:26.0255 2560 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 03:51:26.0256 2560 mrxsmb20 - ok 03:51:26.0264 2560 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 03:51:26.0265 2560 msahci - ok 03:51:26.0273 2560 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 03:51:26.0274 2560 msdsm - ok 03:51:26.0297 2560 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 03:51:26.0298 2560 MSDTC - ok 03:51:26.0311 2560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 03:51:26.0311 2560 Msfs - ok 03:51:26.0323 2560 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 03:51:26.0324 2560 mshidkmdf - ok 03:51:26.0326 2560 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 03:51:26.0326 2560 msisadrv - ok 03:51:26.0347 2560 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 03:51:26.0349 2560 MSiSCSI - ok 03:51:26.0357 2560 msiserver - ok 03:51:26.0360 2560 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 03:51:26.0361 2560 MSKSSRV - ok 03:51:26.0363 2560 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 03:51:26.0363 2560 MSPCLOCK - ok 03:51:26.0367 2560 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 03:51:26.0367 2560 MSPQM - ok 03:51:26.0406 2560 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 03:51:26.0407 2560 MsRPC - ok 03:51:26.0424 2560 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 03:51:26.0424 2560 mssmbios - ok 03:51:26.0437 2560 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 03:51:26.0437 2560 MSTEE - ok 03:51:26.0445 2560 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 03:51:26.0445 2560 MTConfig - ok 03:51:26.0458 2560 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 03:51:26.0458 2560 Mup - ok 03:51:26.0590 2560 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe 03:51:26.0591 2560 N360 - ok 03:51:26.0689 2560 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 03:51:26.0692 2560 napagent - ok 03:51:26.0730 2560 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 03:51:26.0731 2560 NativeWifiP - ok 03:51:26.0796 2560 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe 03:51:26.0798 2560 NAUpdate - ok 03:51:27.0003 2560 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120714.017\ENG64.SYS 03:51:27.0004 2560 NAVENG - ok 03:51:27.0103 2560 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120714.017\EX64.SYS 03:51:27.0111 2560 NAVEX15 - ok 03:51:27.0254 2560 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 03:51:27.0258 2560 NDIS - ok 03:51:27.0270 2560 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 03:51:27.0270 2560 NdisCap - ok 03:51:27.0279 2560 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 03:51:27.0279 2560 NdisTapi - ok 03:51:27.0288 2560 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 03:51:27.0288 2560 Ndisuio - ok 03:51:27.0296 2560 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 03:51:27.0297 2560 NdisWan - ok 03:51:27.0309 2560 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 03:51:27.0310 2560 NDProxy - ok 03:51:27.0326 2560 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 03:51:27.0326 2560 NetBIOS - ok 03:51:27.0338 2560 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 03:51:27.0339 2560 NetBT - ok 03:51:27.0365 2560 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:51:27.0366 2560 Netlogon - ok 03:51:27.0400 2560 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 03:51:27.0402 2560 Netman - ok 03:51:27.0420 2560 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 03:51:27.0423 2560 netprofm - ok 03:51:27.0495 2560 netr28x (5758fd37bf31e759f8610311e4d08eca) C:\Windows\system32\DRIVERS\netr28x.sys 03:51:27.0501 2560 netr28x - ok 03:51:27.0563 2560 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 03:51:27.0564 2560 NetTcpPortSharing - ok 03:51:27.0601 2560 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 03:51:27.0602 2560 nfrd960 - ok 03:51:27.0632 2560 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 03:51:27.0634 2560 NlaSvc - ok 03:51:27.0659 2560 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys 03:51:27.0659 2560 NPF - ok 03:51:27.0674 2560 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 03:51:27.0674 2560 Npfs - ok 03:51:27.0692 2560 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 03:51:27.0692 2560 nsi - ok 03:51:27.0704 2560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 03:51:27.0705 2560 nsiproxy - ok 03:51:27.0803 2560 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 03:51:27.0809 2560 Ntfs - ok 03:51:27.0836 2560 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 03:51:27.0837 2560 Null - ok 03:51:27.0867 2560 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 03:51:27.0868 2560 nvraid - ok 03:51:27.0901 2560 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 03:51:27.0902 2560 nvstor - ok 03:51:27.0923 2560 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 03:51:27.0924 2560 nv_agp - ok 03:51:27.0929 2560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 03:51:27.0929 2560 ohci1394 - ok 03:51:27.0956 2560 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 03:51:27.0958 2560 p2pimsvc - ok 03:51:27.0984 2560 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 03:51:27.0986 2560 p2psvc - ok 03:51:27.0991 2560 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 03:51:27.0992 2560 Parport - ok 03:51:28.0018 2560 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 03:51:28.0019 2560 partmgr - ok 03:51:28.0028 2560 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 03:51:28.0029 2560 PcaSvc - ok 03:51:28.0051 2560 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 03:51:28.0052 2560 pci - ok 03:51:28.0054 2560 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 03:51:28.0055 2560 pciide - ok 03:51:28.0099 2560 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 03:51:28.0100 2560 pcmcia - ok 03:51:28.0118 2560 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 03:51:28.0118 2560 pcw - ok 03:51:28.0153 2560 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 03:51:28.0155 2560 PEAUTH - ok 03:51:28.0287 2560 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 03:51:28.0288 2560 PerfHost - ok 03:51:28.0456 2560 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 03:51:28.0463 2560 pla - ok 03:51:28.0517 2560 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 03:51:28.0519 2560 PlugPlay - ok 03:51:28.0531 2560 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 03:51:28.0532 2560 PNRPAutoReg - ok 03:51:28.0568 2560 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 03:51:28.0569 2560 PNRPsvc - ok 03:51:28.0613 2560 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 03:51:28.0615 2560 PolicyAgent - ok 03:51:28.0638 2560 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 03:51:28.0639 2560 Power - ok 03:51:28.0666 2560 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 03:51:28.0667 2560 PptpMiniport - ok 03:51:28.0686 2560 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 03:51:28.0687 2560 Processor - ok 03:51:28.0715 2560 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 03:51:28.0716 2560 ProfSvc - ok 03:51:28.0743 2560 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:51:28.0744 2560 ProtectedStorage - ok 03:51:28.0764 2560 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 03:51:28.0765 2560 Psched - ok 03:51:28.0835 2560 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 03:51:28.0842 2560 ql2300 - ok 03:51:28.0918 2560 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 03:51:28.0919 2560 ql40xx - ok 03:51:28.0942 2560 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 03:51:28.0943 2560 QWAVE - ok 03:51:28.0964 2560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 03:51:28.0964 2560 QWAVEdrv - ok 03:51:28.0967 2560 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 03:51:28.0967 2560 RasAcd - ok 03:51:28.0997 2560 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 03:51:28.0997 2560 RasAgileVpn - ok 03:51:29.0013 2560 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 03:51:29.0014 2560 RasAuto - ok 03:51:29.0030 2560 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 03:51:29.0031 2560 Rasl2tp - ok 03:51:29.0047 2560 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 03:51:29.0049 2560 RasMan - ok 03:51:29.0062 2560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 03:51:29.0063 2560 RasPppoe - ok 03:51:29.0075 2560 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 03:51:29.0076 2560 RasSstp - ok 03:51:29.0115 2560 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 03:51:29.0116 2560 rdbss - ok 03:51:29.0130 2560 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 03:51:29.0130 2560 rdpbus - ok 03:51:29.0141 2560 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 03:51:29.0141 2560 RDPCDD - ok 03:51:29.0149 2560 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 03:51:29.0150 2560 RDPENCDD - ok 03:51:29.0153 2560 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 03:51:29.0153 2560 RDPREFMP - ok 03:51:29.0192 2560 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 03:51:29.0193 2560 RDPWD - ok 03:51:29.0204 2560 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 03:51:29.0205 2560 rdyboost - ok 03:51:29.0305 2560 RegFilter (5f9ac3243c206ec95f32e4348ae67c13) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 03:51:29.0305 2560 RegFilter - ok 03:51:29.0334 2560 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 03:51:29.0335 2560 RemoteAccess - ok 03:51:29.0349 2560 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 03:51:29.0351 2560 RemoteRegistry - ok 03:51:29.0376 2560 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe 03:51:29.0376 2560 rpcapd - ok 03:51:29.0391 2560 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 03:51:29.0392 2560 RpcEptMapper - ok 03:51:29.0405 2560 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 03:51:29.0406 2560 RpcLocator - ok 03:51:29.0438 2560 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 03:51:29.0440 2560 RpcSs - ok 03:51:29.0454 2560 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 03:51:29.0454 2560 rspndr - ok 03:51:29.0506 2560 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys 03:51:29.0508 2560 RTL8167 - ok 03:51:29.0524 2560 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:51:29.0525 2560 SamSs - ok 03:51:29.0544 2560 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 03:51:29.0545 2560 sbp2port - ok 03:51:29.0563 2560 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 03:51:29.0564 2560 SCardSvr - ok 03:51:29.0579 2560 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 03:51:29.0579 2560 scfilter - ok 03:51:29.0642 2560 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 03:51:29.0647 2560 Schedule - ok 03:51:29.0671 2560 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 03:51:29.0671 2560 SCPolicySvc - ok 03:51:29.0692 2560 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 03:51:29.0693 2560 SDRSVC - ok 03:51:29.0729 2560 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 03:51:29.0729 2560 secdrv - ok 03:51:29.0748 2560 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 03:51:29.0749 2560 seclogon - ok 03:51:29.0763 2560 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 03:51:29.0764 2560 SENS - ok 03:51:29.0784 2560 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 03:51:29.0785 2560 SensrSvc - ok 03:51:29.0787 2560 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 03:51:29.0788 2560 Serenum - ok 03:51:29.0804 2560 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 03:51:29.0804 2560 Serial - ok 03:51:29.0807 2560 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 03:51:29.0808 2560 sermouse - ok 03:51:29.0829 2560 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 03:51:29.0831 2560 SessionEnv - ok 03:51:29.0833 2560 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 03:51:29.0834 2560 sffdisk - ok 03:51:29.0836 2560 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 03:51:29.0836 2560 sffp_mmc - ok 03:51:29.0839 2560 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 03:51:29.0839 2560 sffp_sd - ok 03:51:29.0842 2560 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 03:51:29.0842 2560 sfloppy - ok 03:51:29.0875 2560 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 03:51:29.0877 2560 ShellHWDetection - ok 03:51:29.0881 2560 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 03:51:29.0881 2560 SiSRaid2 - ok 03:51:29.0886 2560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 03:51:29.0886 2560 SiSRaid4 - ok 03:51:29.0943 2560 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe 03:51:29.0944 2560 SkypeUpdate - ok 03:51:29.0950 2560 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 03:51:29.0950 2560 Smb - ok 03:51:29.0970 2560 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 03:51:29.0971 2560 SNMPTRAP - ok 03:51:29.0984 2560 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 03:51:29.0985 2560 spldr - ok 03:51:30.0006 2560 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 03:51:30.0009 2560 Spooler - ok 03:51:30.0194 2560 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 03:51:30.0209 2560 sppsvc - ok 03:51:30.0320 2560 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 03:51:30.0321 2560 sppuinotify - ok 03:51:30.0442 2560 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSP64.SYS 03:51:30.0444 2560 SRTSP - ok 03:51:30.0474 2560 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS 03:51:30.0475 2560 SRTSPX - ok 03:51:30.0516 2560 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 03:51:30.0517 2560 srv - ok 03:51:30.0570 2560 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 03:51:30.0571 2560 srv2 - ok 03:51:30.0591 2560 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 03:51:30.0592 2560 srvnet - ok 03:51:30.0601 2560 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 03:51:30.0603 2560 SSDPSRV - ok 03:51:30.0621 2560 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 03:51:30.0622 2560 SstpSvc - ok 03:51:30.0669 2560 Steam Client Service - ok 03:51:30.0729 2560 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 03:51:30.0729 2560 stexstor - ok 03:51:30.0854 2560 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 03:51:30.0857 2560 stisvc - ok 03:51:30.0903 2560 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 03:51:30.0903 2560 swenum - ok 03:51:30.0942 2560 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 03:51:30.0944 2560 swprv - ok 03:51:31.0053 2560 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS 03:51:31.0055 2560 SymDS - ok 03:51:31.0209 2560 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS 03:51:31.0213 2560 SymEFA - ok 03:51:31.0253 2560 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 03:51:31.0254 2560 SymEvent - ok 03:51:31.0308 2560 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS 03:51:31.0309 2560 SymIRON - ok 03:51:31.0362 2560 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS 03:51:31.0364 2560 SymNetS - ok 03:51:31.0445 2560 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 03:51:31.0453 2560 SysMain - ok 03:51:31.0545 2560 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 03:51:31.0546 2560 TabletInputService - ok 03:51:31.0749 2560 TabletServicePen (25999f2134be3ea656d1f8d50fa089e6) C:\Windows\system32\Pen_Tablet.exe 03:51:31.0770 2560 TabletServicePen - ok 03:51:31.0828 2560 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 03:51:31.0829 2560 TapiSrv - ok 03:51:31.0837 2560 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 03:51:31.0838 2560 TBS - ok 03:51:31.0957 2560 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 03:51:31.0965 2560 Tcpip - ok 03:51:32.0097 2560 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 03:51:32.0105 2560 TCPIP6 - ok 03:51:32.0197 2560 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 03:51:32.0198 2560 tcpipreg - ok 03:51:32.0215 2560 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 03:51:32.0216 2560 TDPIPE - ok 03:51:32.0242 2560 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 03:51:32.0242 2560 TDTCP - ok 03:51:32.0257 2560 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 03:51:32.0257 2560 tdx - ok 03:51:32.0274 2560 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 03:51:32.0275 2560 TermDD - ok 03:51:32.0321 2560 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 03:51:32.0324 2560 TermService - ok 03:51:32.0395 2560 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 03:51:32.0396 2560 Themes - ok 03:51:32.0444 2560 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 03:51:32.0445 2560 THREADORDER - ok 03:51:32.0466 2560 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 03:51:32.0467 2560 TrkWks - ok 03:51:32.0523 2560 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 03:51:32.0524 2560 TrustedInstaller - ok 03:51:32.0543 2560 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 03:51:32.0543 2560 tssecsrv - ok 03:51:32.0556 2560 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 03:51:32.0556 2560 TsUsbFlt - ok 03:51:32.0560 2560 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 03:51:32.0560 2560 TsUsbGD - ok 03:51:32.0577 2560 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 03:51:32.0578 2560 tunnel - ok 03:51:32.0583 2560 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 03:51:32.0583 2560 uagp35 - ok 03:51:32.0598 2560 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 03:51:32.0599 2560 udfs - ok 03:51:32.0644 2560 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 03:51:32.0646 2560 UI0Detect - ok 03:51:32.0650 2560 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 03:51:32.0650 2560 uliagpkx - ok 03:51:32.0665 2560 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 03:51:32.0665 2560 umbus - ok 03:51:32.0668 2560 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 03:51:32.0668 2560 UmPass - ok 03:51:32.0879 2560 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 03:51:32.0889 2560 UNS - ok 03:51:33.0017 2560 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 03:51:33.0019 2560 upnphost - ok 03:51:33.0100 2560 UrlFilter (241080f1b28e68f0d00f8f1066a3780d) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 03:51:33.0100 2560 UrlFilter - ok 03:51:33.0363 2560 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 03:51:33.0364 2560 USBAAPL64 - ok 03:51:33.0411 2560 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 03:51:33.0412 2560 usbccgp - ok 03:51:33.0761 2560 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 03:51:33.0761 2560 usbcir - ok 03:51:33.0782 2560 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 03:51:33.0783 2560 usbehci - ok 03:51:33.0850 2560 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 03:51:33.0851 2560 usbhub - ok 03:51:33.0870 2560 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 03:51:33.0870 2560 usbohci - ok 03:51:33.0894 2560 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 03:51:33.0895 2560 usbprint - ok 03:51:33.0949 2560 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 03:51:33.0950 2560 usbscan - ok 03:51:33.0971 2560 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 03:51:33.0972 2560 USBSTOR - ok 03:51:34.0008 2560 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 03:51:34.0008 2560 usbuhci - ok 03:51:34.0045 2560 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 03:51:34.0046 2560 UxSms - ok 03:51:34.0065 2560 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 03:51:34.0066 2560 VaultSvc - ok 03:51:34.0072 2560 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 03:51:34.0072 2560 vdrvroot - ok 03:51:34.0110 2560 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 03:51:34.0113 2560 vds - ok 03:51:34.0174 2560 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 03:51:34.0175 2560 vga - ok 03:51:34.0196 2560 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 03:51:34.0196 2560 VgaSave - ok 03:51:34.0207 2560 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 03:51:34.0208 2560 vhdmp - ok 03:51:34.0211 2560 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 03:51:34.0211 2560 viaide - ok 03:51:34.0221 2560 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 03:51:34.0221 2560 volmgr - ok 03:51:34.0247 2560 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 03:51:34.0249 2560 volmgrx - ok 03:51:34.0284 2560 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 03:51:34.0285 2560 volsnap - ok 03:51:34.0327 2560 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 03:51:34.0328 2560 vsmraid - ok 03:51:34.0398 2560 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 03:51:34.0405 2560 VSS - ok 03:51:34.0560 2560 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 03:51:34.0560 2560 vwifibus - ok 03:51:34.0568 2560 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 03:51:34.0568 2560 vwififlt - ok 03:51:34.0584 2560 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 03:51:34.0584 2560 vwifimp - ok 03:51:34.0601 2560 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 03:51:34.0603 2560 W32Time - ok 03:51:34.0630 2560 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) C:\Windows\system32\DRIVERS\wacmoumonitor.sys 03:51:34.0631 2560 wacmoumonitor - ok 03:51:34.0656 2560 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys 03:51:34.0656 2560 wacommousefilter - ok 03:51:34.0659 2560 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 03:51:34.0660 2560 WacomPen - ok 03:51:34.0669 2560 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys 03:51:34.0670 2560 wacomvhid - ok 03:51:34.0706 2560 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys 03:51:34.0706 2560 WacomVKHid - ok 03:51:34.0728 2560 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 03:51:34.0728 2560 WANARP - ok 03:51:34.0730 2560 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 03:51:34.0730 2560 Wanarpv6 - ok 03:51:34.0828 2560 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 03:51:34.0833 2560 WatAdminSvc - ok 03:51:34.0913 2560 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 03:51:34.0919 2560 wbengine - ok 03:51:35.0003 2560 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 03:51:35.0005 2560 WbioSrvc - ok 03:51:35.0031 2560 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 03:51:35.0033 2560 wcncsvc - ok 03:51:35.0048 2560 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 03:51:35.0049 2560 WcsPlugInService - ok 03:51:35.0067 2560 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 03:51:35.0067 2560 Wd - ok 03:51:35.0099 2560 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 03:51:35.0102 2560 Wdf01000 - ok 03:51:35.0117 2560 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 03:51:35.0119 2560 WdiServiceHost - ok 03:51:35.0121 2560 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 03:51:35.0122 2560 WdiSystemHost - ok 03:51:35.0134 2560 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 03:51:35.0136 2560 WebClient - ok 03:51:35.0184 2560 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 03:51:35.0186 2560 Wecsvc - ok 03:51:35.0288 2560 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 03:51:35.0290 2560 wercplsupport - ok 03:51:35.0299 2560 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 03:51:35.0300 2560 WerSvc - ok 03:51:35.0314 2560 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 03:51:35.0314 2560 WfpLwf - ok 03:51:35.0317 2560 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 03:51:35.0318 2560 WIMMount - ok 03:51:35.0321 2560 WinHttpAutoProxySvc - ok 03:51:35.0370 2560 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 03:51:35.0371 2560 Winmgmt - ok 03:51:35.0477 2560 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 03:51:35.0486 2560 WinRM - ok 03:51:35.0647 2560 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 03:51:35.0648 2560 WinUsb - ok 03:51:35.0698 2560 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 03:51:35.0702 2560 Wlansvc - ok 03:51:35.0770 2560 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 03:51:35.0770 2560 wlcrasvc - ok 03:51:35.0902 2560 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 03:51:35.0911 2560 wlidsvc - ok 03:51:35.0963 2560 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 03:51:35.0964 2560 WmiAcpi - ok 03:51:36.0021 2560 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 03:51:36.0022 2560 wmiApSrv - ok 03:51:36.0052 2560 WMPNetworkSvc - ok 03:51:36.0090 2560 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 03:51:36.0091 2560 WPCSvc - ok 03:51:36.0106 2560 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 03:51:36.0108 2560 WPDBusEnum - ok 03:51:36.0188 2560 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 03:51:36.0189 2560 ws2ifsl - ok 03:51:36.0191 2560 WSearch - ok 03:51:36.0250 2560 WTouchService (21903f2fc8f70c1fc2aaaa2f06c2c665) C:\Program Files\WTouch\WTouchService.exe 03:51:36.0251 2560 WTouchService - ok 03:51:36.0433 2560 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 03:51:36.0444 2560 wuauserv - ok 03:51:36.0536 2560 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 03:51:36.0536 2560 WudfPf - ok 03:51:36.0554 2560 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 03:51:36.0555 2560 WUDFRd - ok 03:51:36.0572 2560 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 03:51:36.0573 2560 wudfsvc - ok 03:51:36.0597 2560 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 03:51:36.0599 2560 WwanSvc - ok 03:51:36.0628 2560 X6va005 - ok 03:51:36.0669 2560 X6va008 - ok 03:51:36.0698 2560 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys 03:51:36.0698 2560 xusb21 - ok 03:51:36.0713 2560 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 03:51:36.0882 2560 \Device\Harddisk0\DR0 - ok 03:51:36.0884 2560 Boot (0x1200) (c7e6f22c8c0781caa951123ce1e23175) \Device\Harddisk0\DR0\Partition0 03:51:36.0885 2560 \Device\Harddisk0\DR0\Partition0 - ok 03:51:36.0891 2560 Boot (0x1200) (a994c9a0cf4a5376a3d827b6e8dbd8ce) \Device\Harddisk0\DR0\Partition1 03:51:36.0892 2560 \Device\Harddisk0\DR0\Partition1 - ok 03:51:36.0892 2560 ============================================================ 03:51:36.0892 2560 Scan finished 03:51:36.0892 2560 ============================================================ 03:51:36.0897 2056 Detected object count: 0 03:51:36.0897 2056 Actual detected object count: 0 |
21-Jul-2012, 06:06 AM
#5 | ||||||
| next step Delete any existing version of ComboFix you have sitting on your desktop Please read and follow all these instructions very carefully Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help. Download ComboFix from Hereto your Desktop. As you download it rename it to username123.exe **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer** -------------------------------------------------------------------- 1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
2. Close any open browsers and any other programs you might have running Double click on renamed combofix.exe & follow the prompts. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. Please tell us if it has cured the problems or if there are any outstanding issues *EXTRA NOTES*
Post the log in next reply please...
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
22-Jul-2012, 02:58 AM
#6 | ||||||
| ComboFix Log ComboFix 12-07-21.01 - Sotike 07/22/2012 1:09.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.4801 [GMT -5:00] Running from: c:\users\Sotike\Desktop\username123.exe.exe Command switches used :: c:\users\Sotike\Desktop\username123.exe.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\I Want This c:\program files (x86)\I Want This\I Want This.ico c:\users\Sotike\AppData\Local\tubhmifm.exe c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome.manifest c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome\content\background.html c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome\content\options.js c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome\content\options.xul c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\chrome\content\update.html c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\install.rdf c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\button1.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\button2.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\button3.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\button4.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\button5.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\icon128.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\icon16.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\icon24.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\icon48.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\popup.html c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\skin.css c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\e xtensions\crossriderapp2258@crossrider.com\skin\update.css c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\@ c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\L\00000004.@ c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\L\1afb2d56 c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\L\201d3dde c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\00000004.@ c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\00000008.@ c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\000000cb.@ c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\80000000.@ c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\80000032.@ c:\windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\80000064.@ . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy1_!Windows!System32!services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 ))))))))))))))))))))))))))))))) . . 2012-07-22 06:21 . 2012-07-22 06:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-13 05:16 . 2012-07-13 05:16 -------- d-----w- c:\users\Sotike\AppData\Roaming\IObit 2012-07-13 05:16 . 2012-07-13 05:16 -------- d-----w- c:\program files (x86)\IObit 2012-07-13 03:23 . 2012-07-13 03:23 -------- d-----w- c:\users\Sotike\AppData\Local\ElevatedDiagnostics 2012-07-12 17:53 . 2012-07-12 17:53 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-07-11 05:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 04:22 . 2012-07-13 04:41 -------- d-----w- c:\users\Sotike\AppData\Local\NPE 2012-07-11 04:21 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-07-11 04:14 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 04:14 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 04:14 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-11 04:14 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-11 04:14 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-11 04:14 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-11 04:12 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-11 04:12 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 04:12 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-11 04:12 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 04:12 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 04:12 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-07-11 04:12 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-07-11 04:12 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-11 04:12 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-07-11 02:46 . 2012-07-11 02:46 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files\Symantec 2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\windows\system32\drivers\N360x64 2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files (x86)\Norton 360 2012-07-11 01:00 . 2012-07-11 01:00 -------- d-----w- c:\program files (x86)\NortonInstaller 2012-07-09 07:16 . 2012-07-09 07:16 -------- d-----w- c:\users\Sotike\AppData\Local\libimobiledevice 2012-07-09 06:52 . 2012-07-09 06:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2012-07-05 05:26 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-07-05 05:26 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-07-03 19:50 . 2012-07-03 19:50 -------- d-----w- c:\users\Mari\AppData\Roaming\TuneUp Software 2012-07-03 09:46 . 2012-07-03 09:46 -------- d-----w- c:\users\Sotike\AppData\Roaming\TuneUp Software 2012-07-03 09:46 . 2012-07-03 09:46 -------- d-----w- c:\programdata\TuneUp Software 2012-07-03 09:46 . 2012-07-03 09:46 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 04:41 . 2012-04-03 02:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 04:41 . 2011-07-15 08:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 05:19 . 2011-12-16 03:31 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-04 09:25 . 2012-06-04 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F8B20A0-5A56-453D-A1D0-7FF15B4D193D}\offreg.dll 2012-06-02 22:19 . 2012-06-21 22:13 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 22:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 22:14 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 22:14 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 22:13 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 22:14 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 22:13 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-21 22:13 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:15 . 2012-06-21 22:13 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-08 17:02 . 2012-06-01 16:37 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F8B20A0-5A56-453D-A1D0-7FF15B4D193D}\mpengine.dll 2012-05-04 11:06 . 2012-06-14 01:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 01:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 01:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 01:04 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 01:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 01:04 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 01:04 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 01:04 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 01:04 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 01:04 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 01:04 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 01:04 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 01:04 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 01:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioE ndpointBuilder] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audios rv] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudA ddService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudB us] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFser vice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 96C-E325-11CE-BFC1-08002BE10318}] @="[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !]" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{64016 7b4-59b0-47a6-b335-a6b3c0695aea}] @="Portable Media Devices" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-25 18216] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736] R3 X6va005;X6va005;c:\users\Sotike\AppData\Local\Temp\0055FD6.tmp [x] R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSvia64.sys [2012-07-10 509088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592] S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 5414184] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-11 138912] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-06-30 54784] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-06-30 77696] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-19 1488448] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:41] . 2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000Core.job - c:\users\Sotike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 04:48] . 2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000UA.job - c:\users\Sotike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 04:48] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 05:42] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 05:42] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000Core.job - c:\users\Sotike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 02:56] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000UA.job - c:\users\Sotike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 02:56] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1003Core.job - c:\users\Mari\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 18:39] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1003UA.job - c:\users\Mari\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 18:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/?affID=109936&tt=100512_4_&babsrc=HP_ss&mntrId=9ef66ed300000000000074de2b17 0474 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com/?pc=MAGW mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Compress Image Using Image Compressor 2008 - c:\program files (x86)\MasRizal\IMC2008\imcieex_compress.html TCP: DhcpNameServer = 192.168.15.1 FF - ProfilePath - c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109936&tt=100512_4_ FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 9ef66ed300000000000074de2b170474 FF - user.js: extensions.BabylonToolbar_i.hardId - 9ef66ed300000000000074de2b170474 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15472 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:15 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) SafeBoot-drmkaud Toolbar-Locked - (no file) Toolbar-10 - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Sotike\AppData\Local\Temp\0055FD6.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX .exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-07-22 01:35:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-22 06:35 . Pre-Run: 874,964,787,200 bytes free Post-Run: 875,076,337,664 bytes free . - - End Of File - - 4D85C92C29B22C808C8B6D92CF023263 |
22-Jul-2012, 05:45 AM
#7 | ||||||
| that should have cleared the patched trojan and rootkit you had now to clear up teh adware junk it dropped ( babylon & datamanager) you appear to have MBAM installed so update it & run a full scan & let it fix everything it finds post back with its log |
22-Jul-2012, 10:14 AM
#8 | ||||||
| Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.22.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sotike :: MITZUKI [administrator] 7/22/2012 8:17:13 AM mbam-log-2012-07-22 (08-17-13).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 416407 Time elapsed: 52 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Qoobox\Quarantine\C\Users\Sotike\AppData\Local\tubhmifm.exe.vir (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Windows\Installer\{1a3d4a8f-9d52-42cd-d6fe-548f10537d46}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Users\Sotike\Downloads\quicktime setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully. C:\Users\Sotike\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. (end) |
22-Jul-2012, 01:19 PM
#9 | ||||||
| Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save) Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished Close any open browsers Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.  This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply . Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
22-Jul-2012, 03:30 PM
#10 | ||||||
| Combo Log ComboFix 12-07-21.01 - Sotike 07/22/2012 14:07:08.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.4343 [GMT -5:00] Running from: c:\users\Sotike\Desktop\username123.exe.exe Command switches used :: c:\users\Sotike\Desktop\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\progra~2\WI3C8A~1 c:\progra~2\WI3C8A~1\Datamngr\BROWSE~1.DLL c:\progra~2\WI3C8A~1\Datamngr\BrowserConnection.dll c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\datamngrUI.exe c:\progra~2\WI3C8A~1\Datamngr\DnsBHO.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll c:\progra~2\WI3C8A~1\Datamngr\ToolBar\as_guid.dat c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\bandoocode.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\data\search\engines.xm l c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\data\search\search.xsl c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\about.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparen t.xul c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin. xul c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierprovi ders.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\external.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\imeshcode.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\vmncode.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsm c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop. js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\neterror.xhtml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\partner.coupons.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\preferences.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\radiobeta.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\template.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\toolbar.htm c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\toolbar.xul c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\vmncode.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\babylon_logo.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\bandoo.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\bluelite.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\bluesky.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-search-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-search.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-settings.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-widgets.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn_settings.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\ca.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\dictionary.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\divider.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\downloadcom.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\dtxlogo.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\ebay.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\email.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\email_on.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\facebook.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\games.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred0.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred0_5.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred1.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred1_5.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred2.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred2_5.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred3.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred3_5.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred4.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred4_5.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred5.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphredna.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\grey.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\ico-shield.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_amazon.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_games.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_radio_png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_seperator_png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_twitter.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_youtube.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\images.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\imesh.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\add.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\aol.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\blank.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\chevron.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\collapse.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\comcast.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\dtx.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\expand.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\found.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\gmail.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\imap.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\lock.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.pn g c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white. png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\modify.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\move.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout .css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames .css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.c ss c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidge ts.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\di alog.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \bg.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \btn-search.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \btn-wide-close-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \btn-wide-close.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \default.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \tab-off-l.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \tab-off-r.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \tab-on-l.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \tab-on-r.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \transparent.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \ttlbar-left.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \ttlbar-mdl.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \ttlbar-right.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \win-btm-left.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \win-btm-mdl.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \win-btm-right-resize.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \win-btm-right.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \win-left.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images \win-right.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.h tml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\script s\defscript.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.x sl c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethu mb-on.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethu mb2-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb .png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt .png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchb ox-pnlbtm.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_ grey.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_ orange.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_ about.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets .png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.htm l c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.h tml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\pop.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapse d_button.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded _button.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollba r-handle.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollba r-track.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.p ng c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron .png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.pn g c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.ht ml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.ht ml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\reload.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\remove.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rename.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rss.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\search-go.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\search.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\c ond999.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\i cons.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\n a-s.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\n a-t.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\n a.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\add.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\arrowr-bluew5.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\bg-pnl.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\bg-pnl520x350.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\bg-pnl520x350blue-whitebg.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\bg-pnl520x350blue.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\box-check.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\box-uncheck.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\btn-close-grey.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\btn-close-greyover.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\btn-delete.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\btn-search-pnlbtm-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\btn-search-pnlbtm.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\btnarrow-next-off.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\btnarrow-next.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\btnarrow-previous-off.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\btnarrow-previous.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\ico-check.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\ico-hotandhumid-s.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\ico-hotandhumid.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\options-weather.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\over-blue.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\over-orange.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\powered-by-weatherbug.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\powered-by-weatherbug2.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\radio-checked.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\radio-unchecked.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\searchbox-pnlbtm.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ images\weather-contour.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ popupWeather.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\ popupWeather.html c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lichen.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo-about.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo-separator.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\mail.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\maps.bmp c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\modify-save.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\modify.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\modifyhot.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\music.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\news.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-main.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-search.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-weather.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\orange.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\pixsy.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\protect-id.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta.ico c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\relatedlinks.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-collapse.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-delete.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-expand.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-feed.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-folder.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-found.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-reload.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rssback.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rsstopback.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search-over.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search_button_over_png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search_button_png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\settings.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\shopping.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\siteinfo.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-grey.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-lichen.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-orange.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-yellow.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\technorati.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\throbber.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\translate.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\video.bmp c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\vmn.css c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\vmn.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\weather.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\web.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\wikipedia.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\yahoosearch.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\yellow.gif c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\youtube.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\zoom.png c:\progra~2\WI3C8A~1\Datamngr\ToolBar\components\windowmediator.js c:\progra~2\WI3C8A~1\Datamngr\ToolBar\dtUser.exe c:\progra~2\WI3C8A~1\Datamngr\ToolBar\manifest.xml c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchquband.dll c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll c:\progra~2\WI3C8A~1\Datamngr\ToolBar\uninstall.exe c:\progra~2\WI3C8A~1\Datamngr\x64\BrowserConnection.dll c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\datamngrUI.exe c:\progra~2\WI3C8A~1\Datamngr\x64\DnsBHO.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll c:\progra~2\WI3C8A~1\sysid.ini c:\progra~2\WI3C8A~1\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 ))))))))))))))))))))))))))))))) . . 2012-07-22 19:16 . 2012-07-22 19:16 -------- d-----w- c:\users\Mari\AppData\Local\temp 2012-07-22 19:16 . 2012-07-22 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-22 19:16 . 2012-07-22 19:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-07-13 05:16 . 2012-07-13 05:16 -------- d-----w- c:\users\Sotike\AppData\Roaming\IObit 2012-07-13 05:16 . 2012-07-13 05:16 -------- d-----w- c:\program files (x86)\IObit 2012-07-13 03:23 . 2012-07-13 03:23 -------- d-----w- c:\users\Sotike\AppData\Local\ElevatedDiagnostics 2012-07-12 17:53 . 2012-07-12 17:53 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-07-11 05:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 04:22 . 2012-07-13 04:41 -------- d-----w- c:\users\Sotike\AppData\Local\NPE 2012-07-11 04:21 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-07-11 04:14 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 04:14 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 04:14 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-11 04:14 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-11 04:14 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-11 04:14 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-11 04:12 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-11 04:12 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 04:12 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-11 04:12 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 04:12 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 04:12 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-07-11 04:12 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-07-11 04:12 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-11 04:12 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-07-11 02:46 . 2012-07-11 02:46 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files\Symantec 2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\windows\system32\drivers\N360x64 2012-07-11 02:46 . 2012-07-11 02:46 -------- d-----w- c:\program files (x86)\Norton 360 2012-07-11 01:00 . 2012-07-11 01:00 -------- d-----w- c:\program files (x86)\NortonInstaller 2012-07-09 07:16 . 2012-07-09 07:16 -------- d-----w- c:\users\Sotike\AppData\Local\libimobiledevice 2012-07-09 06:52 . 2012-07-09 06:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2012-07-07 04:10 . 2012-07-07 04:10 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2012-07-05 05:26 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-07-05 05:26 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-07-03 19:50 . 2012-07-03 19:50 -------- d-----w- c:\users\Mari\AppData\Roaming\TuneUp Software 2012-07-03 09:46 . 2012-07-03 09:46 -------- d-----w- c:\users\Sotike\AppData\Roaming\TuneUp Software 2012-07-03 09:46 . 2012-07-03 09:46 -------- d-----w- c:\programdata\TuneUp Software 2012-07-03 09:46 . 2012-07-03 09:46 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 04:41 . 2012-04-03 02:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 04:41 . 2011-07-15 08:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 05:19 . 2011-12-16 03:31 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 18:46 . 2012-06-03 20:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-04 09:25 . 2012-06-04 09:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F8B20A0-5A56-453D-A1D0-7FF15B4D193D}\offreg.dll 2012-06-02 22:19 . 2012-06-21 22:13 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 22:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 22:14 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 22:14 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 22:13 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 22:14 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 22:13 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-21 22:13 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:15 . 2012-06-21 22:13 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-08 17:02 . 2012-06-01 16:37 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F8B20A0-5A56-453D-A1D0-7FF15B4D193D}\mpengine.dll 2012-05-04 11:06 . 2012-06-14 01:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 01:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 01:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 01:04 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 01:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 01:04 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 01:04 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 01:04 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 01:04 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 01:04 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 01:04 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 01:04 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 01:04 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 01:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-22_06.23.07 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-07-22 19:00 74116 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-22 19:00 36534 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-07-22 06:05 36534 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-12-07 05:09 . 2012-07-22 19:00 18842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3035520170-2446295505-2384992205-1000_UserData.bin + 2011-12-22 01:54 . 2012-07-22 06:37 3046 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-07-22 06:22 . 2012-07-22 06:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-22 19:17 . 2012-07-22 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-22 06:22 . 2012-07-22 06:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-22 19:17 . 2012-07-22 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-07-22 06:22 285152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-22 19:16 285152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-07-17 22:32 . 2012-07-17 22:32 7919616 c:\windows\Installer\adbf.msi + 2011-12-07 08:31 . 2012-07-22 19:16 32651140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3035520170-2446295505-2384992205-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioE ndpointBuilder] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audios rv] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudA ddService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudB us] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFser vice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E 96C-E325-11CE-BFC1-08002BE10318}] @="[6cFgE][S?û?d, ?ìdeô ??d gª?è ¢o?tr?l?è?š !!! !!! !]" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{64016 7b4-59b0-47a6-b335-a6b3c0695aea}] @="Portable Media Devices" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ru n-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-25 18216] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736] R3 X6va005;X6va005;c:\users\Sotike\AppData\Local\Temp\0055FD6.tmp [x] R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120720.001\IDSvia64.sys [2012-07-10 509088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592] S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 5414184] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-11 138912] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-06-30 54784] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-06-30 77696] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-19 1488448] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:41] . 2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000Core.job - c:\users\Sotike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 04:48] . 2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000UA.job - c:\users\Sotike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-01 04:48] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 05:42] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 05:42] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000Core.job - c:\users\Sotike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 02:56] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1000UA.job - c:\users\Sotike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 02:56] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1003Core.job - c:\users\Mari\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 18:39] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3035520170-2446295505-2384992205-1003UA.job - c:\users\Mari\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26 18:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com/?pc=MAGW mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Compress Image Using Image Compressor 2008 - c:\program files (x86)\MasRizal\IMC2008\imcieex_compress.html TCP: DhcpNameServer = 192.168.15.1 FF - ProfilePath - c:\users\Sotike\AppData\Roaming\Mozilla\Firefox\Profiles\wgb225ar.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WI3C8A~1\Datamngr\DATAMN~1.EXE AddRemove-Windows Searchqu Toolbar - c:\program files (x86)\Windows iLivid Toolbar\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Sotike\AppData\Local\Temp\0055FD6.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX .exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-07-22 14:22:49 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-22 19:22 ComboFix2.txt 2012-07-22 06:35 . Pre-Run: 874,150,375,424 bytes free Post-Run: 874,069,962,752 bytes free . - - End Of File - - C6B1800238A8A7093076981A5AAED148 |
23-Jul-2012, 05:28 AM
#13 | ||||||
| *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware* * Click START then RUN * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.  This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot. go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks. and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
__________________ Derek Microsoft MVP/Windows - Security | Thespykiller Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue |
24-Jul-2012, 03:24 AM
#14 | ||||||
| I tried uninstalling Combofix with the method prescribed but instead it launched the program and asked if I wanted to update to the newest version and for me to turn off my antivirus protection. Also when I tried doing it instead in my start menu (I have a Window 7 computer) it tells me "Windows cannot find 'username123.exe.exe'. Make sure you typed the name correctly, and then try again." and when I typed out username123.exe.exe /uninstall, nothing shows up. Last edited by Sotike; 24-Jul-2012 at 03:54 AM.. |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
Yay~!!