Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Conduit and Lavasoft tabs on Chrome


(!)

jgatses's Avatar
jgatses jgatses is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Feb 2013
25-Feb-2013, 10:35 PM #1
Conduit and Lavasoft tabs on Chrome
Hello,
I'm having problems with removing this stuff inadvertently installed on my computer. I am running Windows 8. I have a Lavasoft Secure Search and Conduit Search Tab that pops up every time I open Chrome. It was happening in explorer too, but somehow I was able to stop that issue, but I fear my computer is infested with unwanted malware/spyware. I ran AdAware (assuming this is where the lavasoft came in), SpyBot, MalwareBytes, etc. I have since uninstalled all, because none seem to do the trick. I have Norton 360 installed, but this is obviously useless. Need help please. I'm not the most computer-literate person, so if I don't quite understand a response, I apologize in advance.
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
26-Feb-2013, 08:00 AM #2
Hello jgatses and welcome to TSG.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Uninstall Google Chrome

For the time being I would like for you to uninstall Google Chrome and only use Firefox or Internet Explorer. You can reinstall it later if you like. We need to remove some entries and that is the easiest way to do so with Google Chrome.

If asked about user data or settings, don’t check the box that asks to remember settings. We need to remove those also.

====================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.
===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop
  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.
Logs to include in the next post:

AdwCleaner log
JRT.txt


Thanks

Satchfan
jgatses's Avatar
jgatses jgatses is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Feb 2013
26-Feb-2013, 09:30 AM #3
Thanks Satchfan! I attached the logs. Hope this works.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
26-Feb-2013, 10:56 AM #4
Thanks for the logs.

It appears that you have already run AdwCleaner previously which has obviously cleaned up a lot so we’ll have a look now and see what is left.

Download and run OTL
  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT
  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.
===================================================

Run aswMBR

Download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply.
Logs to include with next post:

OTL.txt
Extras.txt
aswMBR log


Thanks

Satchfan
jgatses's Avatar
jgatses jgatses is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Feb 2013
26-Feb-2013, 12:23 PM #5
Something went wrong.... (1 of 2)
I ran OTL and the txt is pasted below. When I ran the ansMBR, it begins to scan but then stops. I get the following message:
"avast! Antirootkit has stopped working
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available"
Not sure what this means. Anyhow, here are the txt pastes:

OTL logfile created on: 2/26/2013 10:10:16 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 76.79% Memory free
15.95 Gb Paging File | 14.13 Gb Available in Paging File | 88.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.45 Gb Total Space | 47.50 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1559.68 Gb Free Space | 83.72% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 6.68 Gb Free Space | 90.33% Space Free | Partition Type: FAT32

Computer Name: HOME-OFFICE_PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/26 09:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/04 19:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccsvchst.exe
PRC - [2012/11/18 22:13:12 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2012/10/26 16:17:52 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012/10/19 02:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/08 16:40:38 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/10/02 15:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/18 22:13:12 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 17:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/05 22:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/05 22:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/05 22:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/09/20 03:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 00:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 21:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/04 19:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/10/26 16:17:52 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012/10/19 02:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/08 16:40:38 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/10/02 15:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/02/18 09:28:53 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/01/09 19:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/04 19:57:29 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/11/26 21:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 01:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 01:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/11/02 17:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 23:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 01:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/08 19:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 19:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 19:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/09/25 22:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/09/20 01:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 01:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 01:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 01:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/06 20:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/06 20:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/09/06 19:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/09/06 19:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/20 13:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 23:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 22:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/25 20:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/25 20:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/17 20:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/02 08:34:38 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2012/06/02 08:34:38 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2012/06/02 08:34:38 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2012/06/02 08:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011/04/09 01:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV - [2013/01/17 17:07:11 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130226.003\ex64.sys -- (NAVEX15)
DRV - [2013/01/17 17:07:11 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130226.003\eng64.sys -- (NAVENG)
DRV - [2013/01/15 20:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/12/03 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/12/03 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/02 17:32:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130223.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = http://www.bing.com/search?q={search...ox&FORM=IE10SR
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1004\..\SearchScopes,DefaultScope =


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/12/04 19:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/02/26 07:14:31 | 000,000,000 | ---D | M]

[2013/02/17 13:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (KeyDownload Class) - {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\KeyDownload-Addon\KeyDownload.dll (KeyDownload)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001..\Run: [uTorrent] C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080E84B1-E448-4A51-8E5F-7C7BC9CBD427}: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/17 18:28:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/09 19:10:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 06:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5a2f989b-3e85-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
O33 - MountPoints2\{5a2f989b-3e85-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{e852d86b-3acf-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
O33 - MountPoints2\{e852d86b-3acf-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{e852d87c-3acf-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
O33 - MountPoints2\{e852d87c-3acf-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

*CREATERESTOREPOINT*
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/26 10:08:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
[2013/02/26 10:04:50 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2013/02/26 09:54:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2013/02/26 07:17:02 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\files
[2013/02/26 07:16:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/26 07:16:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/26 07:15:13 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\John\Desktop\JRT.exe
[2013/02/24 21:45:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Deployment
[2013/02/24 21:45:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apps
[2013/02/23 15:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyDownload-Addon
[2013/02/23 13:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/02/23 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Real
[2013/02/23 13:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/02/23 13:28:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\uTorrent
[2013/02/22 07:59:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/18 09:32:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\LavasoftStatistics
[2013/02/18 09:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/02/18 09:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/02/18 09:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/02/18 09:28:53 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/17 18:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/02/17 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/02/17 13:39:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2013/02/17 13:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/17 13:39:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/17 13:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/17 13:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/17 13:33:02 | 067,823,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/02/17 13:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/17 13:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/02/17 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Programs
[2013/02/17 13:04:01 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/02/17 13:04:01 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/02/17 13:03:49 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/02/17 13:03:49 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/02/17 13:03:49 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/02/17 13:03:49 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2013/02/17 13:03:48 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/02/17 13:03:48 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/02/17 13:03:48 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2013/02/17 13:03:48 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/02/17 13:03:48 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/02/17 13:03:48 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/02/17 13:03:48 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmstormod.dll
[2013/02/17 13:03:48 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/02/17 13:03:47 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/02/17 13:03:47 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/02/17 13:03:47 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/02/17 13:03:47 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/02/17 13:03:47 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/02/17 13:03:47 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/02/17 13:03:47 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srm.dll
[2013/02/17 13:03:47 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srm.dll
[2013/02/17 13:03:47 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/02/17 13:03:47 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/02/17 13:03:47 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmstormod.dll
[2013/02/17 13:03:47 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/02/17 13:03:47 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/02/17 13:03:47 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/02/17 13:03:47 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/02/17 13:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/02/17 13:03:47 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/02/17 13:03:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/02/17 13:03:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/02/17 13:03:47 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/02/17 13:03:47 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/02/17 13:03:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/02/13 17:24:59 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 10:59:18 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/13 10:59:17 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/02/13 10:59:17 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/13 10:59:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/13 10:59:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/13 10:59:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/13 10:59:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/13 10:59:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/13 10:59:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/02/13 10:59:17 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/02/13 10:59:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/02/13 10:59:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/12 18:31:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/02/09 10:45:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CutePDF Writer
[2013/02/09 10:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2013/02/09 10:43:38 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/02/09 10:43:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CRE
[2013/02/09 10:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla FireFox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/26 10:06:13 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2013/02/26 09:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2013/02/26 07:20:05 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/26 07:20:05 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/26 07:20:05 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/26 07:15:14 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\John\Desktop\JRT.exe
[2013/02/26 07:15:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/26 07:13:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/02/26 07:13:06 | 2533,916,671 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/26 07:10:57 | 000,594,019 | ---- | M] () -- C:\Users\John\Desktop\adwcleaner.exe
[2013/02/24 22:00:27 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/24 21:58:59 | 000,000,171 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/24 14:51:35 | 1464,859,669 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/23 15:16:50 | 000,000,110 | ---- | M] () -- C:\prefs.js
[2013/02/23 15:15:45 | 000,000,884 | RHS- | M] () -- C:\Users\John\ntuser.pol
[2013/02/23 13:30:05 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/02/23 13:30:05 | 000,000,836 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/02/18 11:49:59 | 000,357,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 09:28:53 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/17 18:28:28 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/02/09 10:45:27 | 000,118,924 | ---- | M] () -- C:\Users\John\Desktop\label.pdf
[2013/02/06 17:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/06 17:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/04 22:29:08 | 067,823,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/26 07:10:57 | 000,594,019 | ---- | C] () -- C:\Users\John\Desktop\adwcleaner.exe
[2013/02/24 21:58:56 | 000,000,171 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/23 15:16:50 | 000,000,110 | ---- | C] () -- C:\prefs.js
[2013/02/23 15:15:45 | 000,000,884 | RHS- | C] () -- C:\Users\John\ntuser.pol
[2013/02/23 13:30:05 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/02/23 13:30:05 | 000,000,836 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/02/22 07:59:54 | 1464,859,669 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/18 11:49:58 | 000,357,056 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 09:30:17 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/17 18:28:28 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/02/17 13:03:47 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/02/09 10:46:02 | 000,118,924 | ---- | C] () -- C:\Users\John\Desktop\label.pdf
[2012/11/26 19:42:45 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/25 16:15:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/25 16:15:32 | 000,033,550 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/11/25 16:15:31 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/02/24 21:45:54 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/01/09 17:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 17:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< *%SYSTEMDRIVE%\*.exe* >

< MD5 for: 16191203AECACD015E4700006012B80E.AMD64_MICROSOFT-WINDOWS-WINLOGON_31BF3856AD364E35_6.2.9200.16433_NONE_C8C1B9B35E8E0A07_WINLOGON.EXE _AC37D0C5 >
[2012/11/24 19:41:38 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows.old\Windows\WinSxS\Temp\PendingRenames\16191203aecacd015e4700006 012b80e.amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07_winlogon.exe _ac37d0c5

< MD5 for: AMD64_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16384_NONE_0E8501058F11F3DC_SVCHOST.EXE_4 DD0F0BC >
[2012/07/26 02:12:08 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows.old\Windows\WinSxS\Backup\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc_svchost.exe_4 dd0f0bc

< MD5 for: AMD64_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16420_NONE_0EC1E14B8EE4E401_SVCHOST.EXE_4 DD0F0BC >
[2012/11/27 03:08:54 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\Backup\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401_svchost.exe_4 dd0f0bc

< MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON.RESOURCES_31BF3856AD364E35_6.2.9200.16384_EN-US_23C238EF8DDAA831_WINLOGON.EXE.MUI_3280FC46 >
[2012/07/26 01:49:21 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows.old\Windows\WinSxS\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831_winlogon.exe.mui_3280fc46
[2012/07/26 01:49:21 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831_winlogon.exe.mui_3280fc46

< MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON_31BF3856AD364E35_6.2.9200.16384_NONE_C88CA87B5EB5B1EC_WINLOGON.EXE _AC37D0C5 >
[2012/07/26 02:12:10 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows.old\Windows\WinSxS\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec_winlogon.exe _ac37d0c5

< MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON_31BF3856AD364E35_6.2.9200.16433_NONE_C8C1B9B35E8E0A07_WINLOGON.EXE _AC37D0C5 >
[2012/11/27 03:00:56 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07_winlogon.exe _ac37d0c5

< MD5 for: C5371D73AECACD01E86700006012B80E.X86_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16420_NONE_B2A345C7D68772CB_SVCHOST.EXE_4 DD0F0BC >
[2012/11/24 19:44:46 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows.old\Windows\WinSxS\Temp\PendingRenames\c5371d73aecacd01e86700006 012b80e.x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb_svchost.exe_4 dd0f0bc

< MD5 for: EXPLORER.EXE >
[2012/10/10 23:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012/10/10 23:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012/10/11 02:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2012/10/11 02:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2012/07/25 21:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2012/07/25 21:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012/07/25 21:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012/07/25 22:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows.old\Windows\explorer.exe
[2012/07/25 22:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012/07/25 22:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012/10/10 23:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2012/10/10 23:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
[2012/10/10 23:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2012/10/11 01:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2012/10/11 01:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
[2012/10/11 01:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows.old\Windows\en-US\explorer.exe.mui
[2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows.old\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui
[2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\en-US\explorer.exe.mui
[2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2013/02/26 07:17:05 | 000,315,928 | ---- | M] () MD5=3F5F2D145BA1158CF2D2A990E40F278B -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
[2012/11/24 20:41:54 | 000,169,890 | ---- | M] () MD5=B5FE6BE7635A1C3620D2C5D0E7500025 -- C:\Windows.old\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: F8D67C70AECACD01A66700006012B80E.AMD64_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16420_NONE_0EC1E14B8EE4E401_SVCHOST.EXE_4 DD0F0BC >
[2012/11/24 19:44:42 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows.old\Windows\WinSxS\Temp\PendingRenames\f8d67c70aecacd01a66700006 012b80e.amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401_svchost.exe_4 dd0f0bc

< MD5 for: OP-EXPLORER.EXE-A80E4F97-000000F5.PF >
[2013/02/24 21:42:37 | 000,060,426 | ---- | M] () MD5=480EAB6436093941A54B6BBCAA6F08F1 -- C:\Windows\Prefetch\Op-EXPLORER.EXE-A80E4F97-000000F5.pf

< MD5 for: SMSVCHOST.EXE >
[2012/10/09 19:36:23 | 000,117,344 | ---- | M] (Microsoft Corporation) MD5=2303259DAC9F9F59E9E1CC532D58DB0C -- C:\Windows\WinSxS\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.2.9200.20533_none_e797efb417ff5a55\SMSvcHost.e xe
[2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0 .0__b03f5f7f11d50a3a\SMSvcHost.exe
[2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
[2012/07/11 20:01:13 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
[2012/07/11 20:01:13 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\WinSxS\amd64_netfx4-smsvchost_b03f5f7f11d50a3a_4.0.9200.16384_none_9a9bcd079a6094b5\SMSvcHost.e xe
[2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_4.0.9200.1638 4_none_b74923267f5500f8\SMSvcHost.exe
[2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f 11d50a3a\SMSvcHost.exe
[2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
[2012/07/11 20:01:13 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
[2012/07/11 20:01:13 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\WinSxS\amd64_netfx4-smsvchost_b03f5f7f11d50a3a_4.0.9200.16384_none_9a9bcd079a6094b5\SMSvcHost.e xe
[2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_4.0.9200.16384_none_b7492 3267f5500f8\SMSvcHost.exe
[2012/07/05 20:02:29 | 000,129,608 | ---- | M] (Microsoft Corporation) MD5=5E86280C580BEA60DAD686B0BDF122DC -- C:\Windows.old\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_6.2.9200.1638 4_none_1d5a5b840449e418\SMSvcHost.exe
[2012/07/05 20:02:29 | 000,129,608 | ---- | M] () MD5=5E86280C580BEA60DAD686B0BDF122DC -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost. exe
[2012/07/05 20:02:29 | 000,129,608 | ---- | M] (Microsoft Corporation) MD5=5E86280C580BEA60DAD686B0BDF122DC -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
[2012/07/05 20:02:29 | 000,129,608 | ---- | M] (Microsoft Corporation) MD5=5E86280C580BEA60DAD686B0BDF122DC -- C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_6.2.9200.16384_none_1d5a5 b840449e418\SMSvcHost.exe
[2012/10/09 19:36:08 | 000,129,632 | ---- | M] (Microsoft Corporation) MD5=6A56FEEAE74F2FA12C8A4A4517A81610 -- C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_6.2.9200.20533_none_0687c 9f61df5ac1b\SMSvcHost.exe
[2012/07/05 20:02:29 | 000,117,320 | ---- | M] (Microsoft Corporation) MD5=AABC045A313259EBE5D1BB88383859D6 -- C:\Windows.old\Windows\WinSxS\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.2.9200.16384_none_fe6a8141fe539252\SMSvcHost.e xe
[2012/07/05 20:02:29 | 000,117,320 | ---- | M] (Microsoft Corporation) MD5=AABC045A313259EBE5D1BB88383859D6 -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
[2012/07/05 20:02:29 | 000,117,320 | ---- | M] (Microsoft Corporation) MD5=AABC045A313259EBE5D1BB88383859D6 -- C:\Windows\WinSxS\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.2.9200.16384_none_fe6a8141fe539252\SMSvcHost.e xe

< MD5 for: SMSVCHOST.EXE.CONFIG >
[2012/06/02 08:35:10 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows.old\Windows\WinSxS\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.2.9200.16384_none_4d7da561a2d21df2\S MSvcHost.exe.config
[2012/11/25 17:12:52 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
[2012/11/25 17:12:52 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
[2012/06/02 08:35:10 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\WinSxS\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.2.9200.16384_none_4d7da561a2d21df2\S MSvcHost.exe.config
[2012/06/02 08:35:12 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\WinSxS\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.2.9200.16384_none_f15f09ddea74acbc\S MSvcHost.exe.config
[2012/07/26 02:11:35 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows.old\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.con fig
[2012/07/26 02:11:35 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows.old\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.c onfig
[2012/06/02 08:33:38 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows.old\Windows\WinSxS\amd64_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.9200.16384_none_57ec81168331f997\ SMSvcHost.exe.config
[2012/06/02 08:34:41 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows.old\Windows\WinSxS\x86_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.9200.16384_none_9f99b7ed97ae229d\ SMSvcHost.exe.config
[2012/07/26 02:11:35 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config
[2012/07/26 02:11:35 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.config
[2012/06/02 08:33:38 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\WinSxS\amd64_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.9200.16384_none_57ec81168331f997\ SMSvcHost.exe.config
[2012/06/02 08:34:41 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\WinSxS\x86_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.9200.16384_none_9f99b7ed97ae229d\ SMSvcHost.exe.config

< MD5 for: SVCHOST.EXE >
[2012/07/25 21:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2012/07/25 21:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012/07/25 21:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012/07/25 21:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows.old\Windows\System32\svchost.exe
[2012/07/25 21:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/07/25 21:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/09/20 00:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012/09/20 00:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012/09/19 23:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2012/09/19 23:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/09/19 23:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2012/09/20 00:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012/09/20 00:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012/09/20 00:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012/09/19 23:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
[2012/09/19 23:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe

< MD5 for: SVCHOST.EXE.MUI >
[2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=3666CDC3EE92A59BD2BDC1A5291D6744 -- C:\Windows.old\Windows\System32\en-US\svchost.exe.mui
[2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=3666CDC3EE92A59BD2BDC1A5291D6744 -- C:\Windows.old\Windows\SysWOW64\en-US\svchost.exe.mui
[2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=3666CDC3EE92A59BD2BDC1A5291D6744 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.2.9200.16384_en-us_aa12983e313dd967\svchost.exe.mui
[2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=3666CDC3EE92A59BD2BDC1A5291D6744 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.2.9200.16384_en-us_4df3fcba78e06831\svchost.exe.mui
[2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\svchost.exe.mui
[2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\en-US\svchost.exe.mui
[2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.2.9200.16384_en-us_aa12983e313dd967\svchost.exe.mui
[2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.2.9200.16384_en-us_4df3fcba78e06831\svchost.exe.mui

< MD5 for: SVCHOST.EXE-594A37BD.PF >
[2012/11/24 19:40:29 | 000,021,028 | ---- | M] () MD5=A8167F0AD0B81E40C4F8FFD7824AA3A9 -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-594A37BD.pf

< MD5 for: SVCHOST.EXE-61AE5AB6.PF >
[2012/11/24 19:40:11 | 000,027,320 | ---- | M] () MD5=D8656C48A05AC054B08E7ED70DCF8B34 -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf

< MD5 for: SVCHOST.EXE-7AC6742A.PF >
[2013/02/26 08:00:35 | 000,021,278 | ---- | M] () MD5=8C08C797916A59B6BF229B1C65E9F3CB -- C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf

< MD5 for: SVCHOST.EXE-7CFEDEA3.PF >
[2013/02/26 10:10:57 | 000,020,570 | ---- | M] () MD5=8630F4AD4255C093DEF8B4229B23D446 -- C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
[2012/11/24 19:41:05 | 000,018,040 | ---- | M] () MD5=9CB6384CDC913E0D996635EE652D427E -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf

< MD5 for: SVCHOST.EXE-80F4A784.PF >
[2013/02/26 10:08:09 | 000,019,644 | ---- | M] () MD5=7B07AC8DF58D5B748FAC0A4468C2677A -- C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
[2012/11/24 19:12:23 | 000,008,984 | ---- | M] () MD5=F29F2FAE0790404E53E5B8FE8F43BD91 -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf

< MD5 for: SVCHOST.EXE-DD9DE812.PF >
[2012/11/24 20:42:12 | 000,014,244 | ---- | M] () MD5=B7B5EF2E378B4F0D6D54738CE364A67F -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-DD9DE812.pf

< MD5 for: USERINIT.EXE >
[2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows.old\Windows\System32\userinit.exe
[2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
[2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: USERINIT.EXE.MUI >
[2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows.old\Windows\System32\en-US\userinit.exe.mui
[2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows.old\Windows\SysWOW64\en-US\userinit.exe.mui
[2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_e8ba4d905c16c8bd\userinit.exe.mui
[2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_8c9bb20ca3b95787\userinit.exe.mui
[2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows\SysNative\en-US\userinit.exe.mui
[2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
[2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_e8ba4d905c16c8bd\userinit.exe.mui
[2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows\WinSxS\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_8c9bb20ca3b95787\userinit.exe.mui

< MD5 for: USERINIT.EXE-2257A3E7.PF >
[2012/11/24 20:41:54 | 000,016,102 | ---- | M] () MD5=103E57C105D1C953EC9BBC3F9751B694 -- C:\Windows.old\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf

< MD5 for: WINLOGON.EXE >
[2012/09/20 00:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012/09/20 00:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/09/20 00:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/09/20 00:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/07/25 21:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows.old\Windows\System32\winlogon.exe
[2012/07/25 21:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012/07/25 21:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012/10/10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012/10/10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012/10/10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012/10/10 23:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2012/10/10 23:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2012/07/26 01:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows.old\Windows\System32\en-US\winlogon.exe.mui
[2012/07/26 01:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui
[2012/07/26 01:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2012/07/26 01:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui

< MD5 for: WINLOGON.EXE-B020DC41.PF >
[2012/11/25 15:40:30 | 000,028,142 | ---- | M] () MD5=856F6FD3EE229B8C794D8D16ABD1D72B -- C:\Windows.old\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf

< MD5 for: X86_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16384_NONE_B2666581D6B482A6_SVCHOST.EXE_4 DD0F0BC >
[2012/07/26 02:11:51 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows.old\Windows\WinSxS\Backup\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6_svchost.exe_4 dd0f0bc

< MD5 for: X86_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16420_NONE_B2A345C7D68772CB_SVCHOST.EXE_4 DD0F0BC >
[2012/11/27 03:08:59 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\Backup\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb_svchost.exe_4 dd0f0bc

< *%systemroot%\*. /rp /s* >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: INTEL SSDSC2CW120A
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD Ext HDD 1021 USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Generic STORAGE DEVICE USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 350.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 111.00GB
Starting Offset: 368050176
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 4194304
Hidden sectors: 0

< End of report >
jgatses's Avatar
jgatses jgatses is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Feb 2013
26-Feb-2013, 12:25 PM #6
Something went wrong....(2 of 2)
OTL Extras logfile created on: 2/26/2013 9:56:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.88% Memory free
15.95 Gb Paging File | 14.16 Gb Available in Paging File | 88.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.45 Gb Total Space | 47.73 Gb Free Space | 42.82% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1559.68 Gb Free Space | 83.72% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 6.68 Gb Free Space | 90.33% Space Free | Partition Type: FAT32

Computer Name: HOME-OFFICE_PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0AAF002F-58F8-4FDD-BCD3-87381B9909D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{0FC36CAB-CA64-4975-AF1A-0DD90FAA030E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17C3C2FD-6134-4C6D-AC7F-3C40F95E7E4E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{23B89CC4-2C3C-4EFF-8317-E19D9CFBCC57}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C299EE0-71B8-4F0B-8780-ACA170A8634E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49C2F2A2-FCEE-4128-A402-2EFCF6858B52}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4A188E63-A905-4EF1-B135-7EE8C1868806}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6ECB4B70-FC32-406E-AE86-93974A2F8FF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70783446-E8F1-46B3-A183-D49C4A809C37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{892EC4D9-BEF5-4E7D-8580-0AC58F34C4F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D4B1E03-49F6-4789-AB0D-C87D0E846F24}" = lport=138 | protocol=17 | dir=in | app=system |
"{A23DA8D0-C964-46FC-A68B-3E7725AA7951}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3C02E87-7515-488C-80F3-78C0DB0CC988}" = rport=139 | protocol=6 | dir=out | app=system |
"{C8E00ACC-6CCB-49BE-86F0-528E47C41CA4}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBF468A8-4019-4975-9AEC-33379602B814}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CE5BCCA7-CD7C-4E1C-89B6-1DDC1AFD33D0}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0030E54-C36A-402E-957A-7687B7AE75C0}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5A56E3B-6650-451D-BCA0-5D2931F224A1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DCB05A7F-08A2-4B2D-B4F3-960BA00AAB54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB77D4DA-AA91-4A3B-8A51-6C3E0895F1A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7A4E5C2-0308-46B4-860E-99964988231A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{016904F4-DF46-49FA-BFF9-CD75D7246AA4}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_...resources/news} |
"{103296A4-C2FF-4248-80DE-7D5BDB8D77E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1358E435-3C4A-4DE0-977D-075291A7AA75}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64_...urces/app_name} |
"{1C81A526-5355-426D-9839-496F4D94FDC6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1CB4AF80-56A1-457B-A00C-B8C245BC8BF0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21D4A9AF-2CF2-4E0C-82AA-2B02E3F2D702}" = protocol=6 | dir=out | app=system |
"{2298DF28-0255-45AB-BBED-97C0E5F56EF3}" = dir=in | name=@{microsoft.windowsphotos_16.4....o/residappname} |
"{2547DBDE-0244-4788-9B04-7E1F530756A3}" = dir=out | name=@{microsoft.bingtravel_1.5.1.24...urces/apptitle} |
"{254902C8-7952-4B38-8A57-D52127FA2664}" = dir=out | name=@{microsoft.windowsphotos_16.4....o/residappname} |
"{30529600-8113-4925-9885-8A9820D0241B}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0...esources/33270} |
"{34672386-4116-4EC1-8614-4A08D6ED48A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{37518899-C9FD-4894-8654-60A2E27379EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3ED1A7BD-ABAA-4656-A7F2-6D45977E16BD}" = dir=out | name=google search |
"{422412E9-9059-4AE5-B2DC-9A562B2F66DE}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\utorrent\utorrent.exe |
"{439DF41F-0612-4C34-BCA5-A8E91E63FDBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46CA9962-C631-4DEE-9468-CF6E1E78BC48}" = dir=out | name=pinball fx2 |
"{55F42BC4-CCF2-4172-8BF2-23110BA2E2E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{58A7D501-E3D5-454C-83F3-F6C41016B7A7}" = dir=out | name=dropbox |
"{5DF31A23-C498-4364-8479-45005C57AD24}" = dir=out | name=@{microsoft.microsoftskydrive_1...ortproductname} |
"{67B2C9FF-7A64-41DC-B971-074E9E9DA47A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6CB9E8D2-65D7-4306-940C-69F28314BE91}" = dir=out | name=@{microsoft.reader_6.2.9200.205...ortdisplayname} |
"{6F926873-1EFC-43B2-AF60-71BE1B0F443D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A220166-8B4D-4BAB-B0AB-D9A152C19374}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C3ACFD0-3773-4504-9E64-8683A38F7D8E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C5A20B7-A75A-4BE7-AF03-D7C50A573A46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources...es/displayname} |
"{8471F62F-C6A9-4787-B9A5-15C897549B53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90EF6CBB-16F5-4DDC-8905-CF85733B9C2B}" = dir=out | name=@{microsoft.bingsports_1.5.1.24...ces/bingsports} |
"{980DCD72-8B39-4D4C-BB9E-C7766F35DE8E}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{985AB504-A75E-4E5E-99E9-5F40FCB92680}" = dir=in | name=pinball fx2 |
"{A0B44177-4024-4651-A715-B4A4B83EF860}" = dir=in | name=@{microsoft.reader_6.2.9200.205...ortdisplayname} |
"{A5076CF0-D8DE-4887-B570-86A6D30BC915}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE51D5DC-26FB-4BCC-8D8A-8B97448A6438}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{B1F53B0B-7806-4549-93A1-7AC0CD046EE2}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\utorrent\utorrent.exe |
"{B3E5E2CC-75C9-45ED-8510-AF4C8499FE5E}" = dir=out | name=@{microsoft.xboxlivegames_1.1.1...esources/34150} |
"{B9BDB6A7-C027-4495-ADC6-B9F9DF55293B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C24BE32A-4D83-457C-B675-1787EF5BCF08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CA0ABB22-A5A1-431B-A70A-FA1C3956DA88}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0...esources/33273} |
"{CE7BFE08-95F7-4B7C-AF6F-0B7E023751BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D756F677-8811-465C-B924-4D43EFC8310B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbw e?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E2B6452C-6C78-4746-9E9B-45AB89FB65C5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbw e?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E4E22944-555E-49D7-A862-E892C6D953AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E58CC246-530E-4C39-834F-81A1002B51FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources...es/displayname} |
"{F170A28C-2332-4883-8FFC-BEC41AD3EDA2}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{FBAB31A3-C96B-4D10-98A3-D84059855A15}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_...appdisplayname} |
"{FC963C55-5E45-4674-9852-12E19A6A1174}" = dir=out | name=@{microsoft.bingweather_1.5.1.2...urces/apptitle} |
"{FCE58970-81ED-4898-8462-A62961DBF085}" = dir=out | name=@{microsoft.bingfinance_1.5.1.4...urces/apptitle} |
"{FEBB20C8-F066-4990-ADD5-35255D307C99}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{5DC3BFF3-B84F-4CBE-B2BD-FB52B6C247CA}" = HTC Sync Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"Adobe AIR" = Adobe AIR
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"uTorrent" = µTorrent

< End of report >
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
26-Feb-2013, 12:56 PM #7
Try running it again.

If it still doesn't work, try it in safe mode.

Also:

Run Security Check

Download Security Check by screen317 from here or here.
  • save it to your Desktop
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.
I have to go out for a few hours so won't be replying straight away.

Satchfan
jgatses's Avatar
jgatses jgatses is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Feb 2013
26-Feb-2013, 04:27 PM #8
OK. Had to start it up in Safe Mode.
Here is the contents of the checkup txt file:

Results of screen317's Security Check version 0.99.59
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Windows Defender
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Thank you so munch for all your help with this. I don't know what you do or how you do it, but I'm thankful there are people like you to help us along.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
26-Feb-2013, 06:58 PM #9
Quote:
I'm thankful there are people like you to help us along.
You are welcome.


SecurityCheck should not have had a problem in normal mode. Please try running it again in normal mode.
jgatses's Avatar
jgatses jgatses is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Feb 2013
26-Feb-2013, 07:16 PM #10
Results of screen317's Security Check version 0.99.59
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Windows Defender
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
26-Feb-2013, 07:43 PM #11
P2P - I see you have P2P software, (BitTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Note: Please temporarily disable MalwareBytes Anti-Malware for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL
  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code:
:Services

   
:OTL
IE - HKLM\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O3 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
===================================================

Run MiniToolBox

Note: Please make sure Firefox is closed before you run this.

Please download MiniToolBox, save it to your desktop and run it.

Place a checkmark in the following checkboxes:
List IP configuration
List Users, Partitions and Memory size.
List last 10 Event Viewer log
List Installed Programs
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Logs to include in the next post:

OTL fix log
New OTL log
Result.txt


Thanks

Satchfan
jgatses's Avatar
jgatses jgatses is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Feb 2013
26-Feb-2013, 08:24 PM #12
I deleted the u torrent....I never once used this, so I'm certain that nothing was from this. All the same, it is gone.

I ran the otl, hit the run fix and this is what it gave:

All processes killed
Error: Unable to interpret <*:Services> in the current context!
Error: Unable to interpret < * *> in the current context!
Error: Unable to interpret <:OTL*> in the current context!
Error: Unable to interpret <*IE - HKLM\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC (http://www.bing.com/search?q=%7Bsear...7D&FORM=IE8SRC)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <*> in the current context!
Error: Unable to interpret <*:Commands> in the current context!
Error: Unable to interpret <[purity]> in the current context!
Error: Unable to interpret <[emptytemp]*> in the current context!
Error: Unable to interpret <*[Reboot]*> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 02262013_181306
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

I'm not sure what you post the New OTL. Am I supposed to copy/paste the info and run scan again?

The Result.txt is attached.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jgatses's Avatar
jgatses jgatses is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Feb 2013
27-Feb-2013, 07:56 AM #13
Disrgard the previous post:

I copied the text for the custom scan/fix box from an email, and it didn't have all the text which was posted in the forum: below is the fix file and new OTL file after the fix Sorry for the confusion:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1862456514-1726756359-4083149293-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 77257790 bytes
->Temporary Internet Files folder emptied: 229826303 bytes
->Flash cache emptied: 61445 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715727 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7305778 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 280994 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 302.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02272013_053619
Files\Folders moved on Reboot...
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N435TPWP\0[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N435TPWP\launch[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CHWDHY31\1090980-conduit-lavasoft-tabs-chrome[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CHWDHY31\um[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C999SPJ9\facebook_com[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BN7AOD9V\ai[6].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BN7AOD9V\um[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\66NWATTX\si[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\0[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\aceUAC[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\aceUAC[2].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\csc-render[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\ext-render-secure[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\fc[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\si[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...





OTL logfile created on: 2/27/2013 5:44:43 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 82.08% Memory free
15.95 Gb Paging File | 14.48 Gb Available in Paging File | 90.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.45 Gb Total Space | 47.49 Gb Free Space | 42.61% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1559.68 Gb Free Space | 83.72% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 6.68 Gb Free Space | 90.33% Space Free | Partition Type: FAT32

Computer Name: HOME-OFFICE_PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/26 09:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2013/01/31 09:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/12/23 21:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccsvchst.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/18 22:13:12 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2012/10/26 16:17:52 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012/10/19 02:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/08 16:40:38 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/10/02 15:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/18 22:13:12 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 17:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/12/05 22:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/05 22:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/05 22:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/09/20 03:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 00:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 21:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2012/12/23 21:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/10/26 16:17:52 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012/10/19 02:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/08 16:40:38 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/10/02 15:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/02/18 09:28:53 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/30 21:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/01/30 21:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 19:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 19:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/21 20:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/01/09 19:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/04 19:57:29 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/11/26 21:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/15 20:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/11/15 20:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/11/06 01:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 01:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/11/02 17:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 23:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 01:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/25 22:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/09/20 01:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 01:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 01:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 01:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/06 20:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 23:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 22:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/25 20:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/25 20:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/17 20:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/02 08:34:38 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2012/06/02 08:34:38 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2012/06/02 08:34:38 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2012/06/02 08:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011/04/09 01:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV - [2013/01/17 17:07:11 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130226.025\ex64.sys -- (NAVEX15)
DRV - [2013/01/17 17:07:11 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130226.025\eng64.sys -- (NAVENG)
DRV - [2013/01/15 20:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/12/03 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/12/03 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/02 17:32:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130226.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = http://www.bing.com/search?q={search...ox&FORM=IE10SR
IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1004\..\SearchScopes,DefaultScope =


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/12/04 19:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/02/26 07:14:31 | 000,000,000 | ---D | M]

[2013/02/17 13:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (KeyDownload Class) - {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\KeyDownload-Addon\KeyDownload.dll (KeyDownload)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080E84B1-E448-4A51-8E5F-7C7BC9CBD427}: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/17 18:28:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/09 19:10:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 06:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5a2f989b-3e85-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
O33 - MountPoints2\{5a2f989b-3e85-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{e852d86b-3acf-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
O33 - MountPoints2\{e852d86b-3acf-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{e852d87c-3acf-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
O33 - MountPoints2\{e852d87c-3acf-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/26 18:15:00 | 000,752,287 | ---- | C] (Farbar) -- C:\Users\John\Desktop\MiniToolBox.exe
[2013/02/26 18:08:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/26 17:15:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\adawarebp
[2013/02/26 10:08:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
[2013/02/26 10:04:50 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2013/02/26 09:54:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2013/02/26 07:17:02 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\files
[2013/02/26 07:16:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/26 07:16:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/26 07:15:13 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\John\Desktop\JRT.exe
[2013/02/24 21:45:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Deployment
[2013/02/24 21:45:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apps
[2013/02/23 15:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyDownload-Addon
[2013/02/23 13:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/02/23 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Real
[2013/02/23 13:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/02/23 13:28:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\uTorrent
[2013/02/22 07:59:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/18 09:32:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\LavasoftStatistics
[2013/02/18 09:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/02/18 09:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/02/18 09:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/02/18 09:28:53 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/17 18:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/02/17 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/02/17 13:39:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2013/02/17 13:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/17 13:39:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/17 13:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/17 13:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/17 13:33:02 | 067,823,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/02/17 13:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/17 13:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/02/17 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Programs
[2013/02/17 13:04:01 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/02/17 13:04:01 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/02/17 13:03:49 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/02/17 13:03:49 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/02/17 13:03:49 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/02/17 13:03:49 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2013/02/17 13:03:48 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/02/17 13:03:48 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/02/17 13:03:48 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2013/02/17 13:03:48 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/02/17 13:03:48 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/02/17 13:03:48 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/02/17 13:03:48 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmstormod.dll
[2013/02/17 13:03:48 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/02/17 13:03:47 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/02/17 13:03:47 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/02/17 13:03:47 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/02/17 13:03:47 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/02/17 13:03:47 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/02/17 13:03:47 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/02/17 13:03:47 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srm.dll
[2013/02/17 13:03:47 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srm.dll
[2013/02/17 13:03:47 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/02/17 13:03:47 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/02/17 13:03:47 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmstormod.dll
[2013/02/17 13:03:47 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/02/17 13:03:47 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/02/17 13:03:47 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/02/17 13:03:47 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/02/17 13:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/02/17 13:03:47 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/02/17 13:03:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/02/17 13:03:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/02/17 13:03:47 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/02/17 13:03:47 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/02/17 13:03:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/02/13 17:24:59 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 10:59:18 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/13 10:59:17 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/02/13 10:59:17 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/13 10:59:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/13 10:59:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/13 10:59:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/13 10:59:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/13 10:59:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/13 10:59:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/02/13 10:59:17 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/02/13 10:59:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/02/13 10:59:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/12 18:31:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/02/09 10:45:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CutePDF Writer
[2013/02/09 10:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2013/02/09 10:43:38 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/02/09 10:43:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CRE
[2013/02/09 10:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla FireFox

========== Files - Modified Within 30 Days ==========

[2013/02/27 05:45:20 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/27 05:45:20 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/27 05:45:20 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/27 05:42:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/27 05:40:31 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/02/27 05:40:29 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/02/27 05:40:29 | 002,092,605 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
[2013/02/27 05:40:26 | 2533,916,671 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 05:40:25 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
[2013/02/26 18:15:00 | 000,752,287 | ---- | M] (Farbar) -- C:\Users\John\Desktop\MiniToolBox.exe
[2013/02/26 14:22:23 | 000,881,935 | ---- | M] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2013/02/26 10:06:13 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2013/02/26 09:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2013/02/26 07:15:14 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\John\Desktop\JRT.exe
[2013/02/26 07:10:57 | 000,594,019 | ---- | M] () -- C:\Users\John\Desktop\adwcleaner.exe
[2013/02/24 22:00:27 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/24 21:58:59 | 000,000,171 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/24 14:51:35 | 1464,859,669 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/23 15:16:50 | 000,000,110 | ---- | M] () -- C:\prefs.js
[2013/02/23 15:15:45 | 000,000,884 | RHS- | M] () -- C:\Users\John\ntuser.pol
[2013/02/18 11:49:59 | 000,357,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 09:28:53 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/17 18:28:28 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/02/14 11:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
[2013/02/09 10:45:27 | 000,118,924 | ---- | M] () -- C:\Users\John\Desktop\label.pdf
[2013/02/06 17:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/06 17:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/04 22:29:08 | 067,823,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/01/31 21:55:07 | 000,007,589 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat
[2013/01/31 21:55:06 | 000,007,585 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat
[2013/01/30 21:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys
[2013/01/30 21:18:11 | 000,001,440 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnet.inf
[2013/01/30 21:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys
[2013/01/30 21:18:06 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symvtcer.dat
[2013/01/30 21:18:06 | 000,007,587 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.cat
[2013/01/30 21:18:06 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa.inf
[2013/01/30 21:17:58 | 000,007,581 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.cat
[2013/01/28 19:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys
[2013/01/28 19:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys
[2013/01/28 19:45:19 | 000,001,420 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.inf
[2013/01/28 19:45:18 | 000,001,438 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.inf

========== Files Created - No Company Name ==========

[2013/02/26 14:22:23 | 000,881,935 | ---- | C] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2013/02/26 07:10:57 | 000,594,019 | ---- | C] () -- C:\Users\John\Desktop\adwcleaner.exe
[2013/02/24 21:58:56 | 000,000,171 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/23 15:16:50 | 000,000,110 | ---- | C] () -- C:\prefs.js
[2013/02/23 15:15:45 | 000,000,884 | RHS- | C] () -- C:\Users\John\ntuser.pol
[2013/02/22 07:59:54 | 1464,859,669 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/18 11:49:58 | 000,357,056 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/18 09:30:17 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/02/17 18:28:28 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/02/17 13:03:47 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/02/09 10:46:02 | 000,118,924 | ---- | C] () -- C:\Users\John\Desktop\label.pdf
[2012/11/26 19:42:45 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/25 16:15:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/25 16:15:32 | 000,033,550 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/11/25 16:15:31 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/02/24 21:45:54 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/01/09 17:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 17:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
jgatses's Avatar
jgatses jgatses is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Feb 2013
27-Feb-2013, 08:00 AM #14
Here is the new result too. I ran it again after the OTL incase anything changed:
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
27-Feb-2013, 11:29 AM #15
You did well sussing the OTL problem out!

Please disable Windows firewall.

Norton has its own firewall and you cannot have two running.

Can you tell me if there are any outstanding problems.

Satchfan
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
conduit, jgats, lavasoft, malware, spyware

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑