Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Removing Scorpion Saver Adware/Malware [Solved]

scorpion savermalwarevirus PUP removal adware Adpeak help

  • This topic is locked This topic is locked
43 replies to this topic

#1 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 14 December 2013 - 02:51 PM

Hi,

 

A program called Scorpion Saver by Adpeak recently downloaded itself onto my computer. It is slowing everything down drastically, and ads pop up all over when I use the internet. I tried uninstalling it, but I got this error: "Could not delete key\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser\Helper Objects. Verify that you have sufficient access to that key, or contact your support personnel."

 

How do I get rid of this program so I can use my computer again? Thanks!


    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 16 December 2013 - 11:46 AM

Hi and Welcome!!   

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpg  AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


Posted Image
 
 

#3 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 December 2013 - 11:12 PM

Hi Jeff,
 
Thanks so much for your help. Here's the result from the DDS scan:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.40.2
Run by Sierra Larson at 23:30:11 on 2013-12-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1048 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\ProgramData\Updater\updater.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sierra Larson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.findwide.com/?guid={CB53F4A3-220D-404C-A77A-C705DF790135}&serpv=22
uDefault_Page_URL = hxxp://search.findwide.com/?guid={CB53F4A3-220D-404C-A77A-C705DF790135}&serpv=22
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: ScorpionSaver: {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: FindWide Toolbar: {7C8D4A29-2DC9-4970-83B8-1E51B961E00F} - C:\Users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: FindWide Toolbar: {7C8D4A29-2DC9-4970-83B8-1E51B961E00F} - C:\Users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport.dll
uRun: [Google Update] "C:\Users\Sierra Larson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
LSP: C:\Windows\System32\AdpeakProxy.dll
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{94A10594-7F81-4AB1-BBA3-EF669E6A99B5} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{94A10594-7F81-4AB1-BBA3-EF669E6A99B5}\2656C6B696E6E2168356 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{94A10594-7F81-4AB1-BBA3-EF669E6A99B5}\4586F6D60737F6E6 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll 
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: FindWide Toolbar: {7C8D4A29-2DC9-4970-83B8-1E51B961E00F} - C:\Users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [lxddmon.exe] "C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe"
x64-Run: [lxddamon] "C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2013-4-1 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2013-4-1 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-5-7 1390680]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSviA64.sys [2013-5-6 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2013-4-1 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2013-4-1 386168]
R2 AdpeakProxy;AdpeakProxy;C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [2013-10-16 3688448]
R2 BitGuard;BitGuard;C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-11-21 3780064]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2011-9-19 87368]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-21 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-1-17 1860672]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-1-17 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-17 436840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 ExpressInvoiceService;Express Invoice;C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2013-8-23 2620456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2013-12-15 18:03:18 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-15 18:03:18 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-15 18:03:17 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-15 18:03:16 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-15 05:13:36 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-15 05:13:36 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-15 05:13:26 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-15 05:11:33 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-15 05:11:33 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-15 05:08:49 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-15 05:08:49 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-15 05:03:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-15 05:03:52 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-15 05:03:14 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-15 05:03:14 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-15 04:57:05 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-15 04:57:05 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-15 04:57:05 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-15 04:57:05 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-15 04:57:04 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-15 04:57:04 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-15 04:57:04 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-15 04:57:04 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-14 20:30:26 -------- d-----w- C:\ProgramData\TubeDimmer
2013-12-12 13:45:00 -------- d-----w- C:\Program Files\ScorpionSaver Services
2013-12-11 05:12:48 1397248 ----a-w- C:\Windows\SysWow64\win_utilman.exe
2013-12-11 05:12:35 -------- d-----w- C:\Users\Sierra Larson\AppData\Roaming\_MDLogs
2013-12-05 03:05:00 -------- d-----w- C:\Users\Sierra Larson\AppData\Local\{205C6323-10C2-4CE2-B353-4CBA23784CED}
2013-12-04 03:08:33 -------- d-----w- C:\Users\Sierra Larson\AppData\Local\{BDD4CD1D-7142-43AE-B5CC-943DA92F9793}
2013-11-30 01:41:59 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-30 01:33:42 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll
2013-11-30 01:33:36 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll
2013-11-27 05:37:40 -------- d-----w- C:\Program Files\Level Quality Watcher
2013-11-22 15:20:38 -------- d-----w- C:\Users\Sierra Larson\AppData\Local\{806B2C22-662E-4E76-A794-6C28FD256241}
2013-11-22 02:56:45 -------- d-----w- C:\Users\Sierra Larson\AppData\Local\{7984C131-69C9-4845-A638-169628E35C7D}
.
==================== Find3M  ====================
.
2013-11-30 01:41:59 942592 ----a-w- C:\Windows\System32\jsIntl.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 23:33:23.55 ===============

 

TDSSKiller Report:

 

23:43:17.0822 4920  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:43:38.0860 4920  ============================================================
23:43:38.0860 4920  Current date / time: 2013/12/16 23:43:38.0860
23:43:38.0860 4920  SystemInfo:
23:43:38.0860 4920  
23:43:38.0860 4920  OS Version: 6.1.7601 ServicePack: 1.0
23:43:38.0860 4920  Product type: Workstation
23:43:38.0861 4920  ComputerName: SIERRALARSON-HP
23:43:38.0861 4920  UserName: Sierra Larson
23:43:38.0861 4920  Windows directory: C:\Windows
23:43:38.0861 4920  System windows directory: C:\Windows
23:43:38.0861 4920  Running under WOW64
23:43:38.0861 4920  Processor architecture: Intel x64
23:43:38.0861 4920  Number of processors: 4
23:43:38.0861 4920  Page size: 0x1000
23:43:38.0861 4920  Boot type: Normal boot
23:43:38.0861 4920  ============================================================
23:43:39.0937 4920  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:43:39.0945 4920  ============================================================
23:43:39.0946 4920  \Device\Harddisk0\DR0:
23:43:39.0946 4920  MBR partitions:
23:43:39.0946 4920  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:43:39.0946 4920  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38685800
23:43:39.0946 4920  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x386E9800, BlocksNum 0x1C68800
23:43:39.0946 4920  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
23:43:39.0946 4920  ============================================================
23:43:39.0971 4920  C: <-> \Device\Harddisk0\DR0\Partition2
23:43:40.0027 4920  D: <-> \Device\Harddisk0\DR0\Partition3
23:43:40.0027 4920  ============================================================
23:43:40.0028 4920  Initialize success
23:43:40.0028 4920  ============================================================
23:43:41.0551 3000  ============================================================
23:43:41.0551 3000  Scan started
23:43:41.0551 3000  Mode: Manual; 
23:43:41.0552 3000  ============================================================
23:43:44.0160 3000  ================ Scan system memory ========================
23:43:44.0160 3000  System memory - ok
23:43:44.0161 3000  ================ Scan services =============================
23:43:44.0438 3000  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:43:44.0443 3000  1394ohci - ok
23:43:44.0498 3000  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:43:44.0504 3000  ACPI - ok
23:43:44.0531 3000  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:43:44.0533 3000  AcpiPmi - ok
23:43:44.0611 3000  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:43:44.0613 3000  AdobeARMservice - ok
23:43:44.0738 3000  [ 249A44DCFA2500EB1C020E33A3E9F25B ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:43:44.0741 3000  AdobeFlashPlayerUpdateSvc - ok
23:43:44.0783 3000  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:43:44.0792 3000  adp94xx - ok
23:43:44.0823 3000  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:43:44.0830 3000  adpahci - ok
23:43:45.0054 3000  [ 8CBE07B5AA098830ACB1E1F555C7F92B ] AdpeakProxy     C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
23:43:45.0146 3000  AdpeakProxy - ok
23:43:45.0193 3000  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:43:45.0198 3000  adpu320 - ok
23:43:45.0229 3000  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:43:45.0231 3000  AeLookupSvc - ok
23:43:45.0282 3000  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
23:43:45.0292 3000  AFD - ok
23:43:45.0329 3000  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:43:45.0331 3000  agp440 - ok
23:43:45.0363 3000  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:43:45.0365 3000  ALG - ok
23:43:45.0406 3000  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:43:45.0408 3000  aliide - ok
23:43:45.0427 3000  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:43:45.0429 3000  amdide - ok
23:43:45.0475 3000  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:43:45.0477 3000  AmdK8 - ok
23:43:45.0486 3000  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:43:45.0488 3000  AmdPPM - ok
23:43:45.0524 3000  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:43:45.0527 3000  amdsata - ok
23:43:45.0563 3000  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:43:45.0567 3000  amdsbs - ok
23:43:45.0582 3000  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:43:45.0585 3000  amdxata - ok
23:43:45.0619 3000  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
23:43:45.0621 3000  AppID - ok
23:43:45.0644 3000  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:43:45.0645 3000  AppIDSvc - ok
23:43:45.0669 3000  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
23:43:45.0671 3000  Appinfo - ok
23:43:45.0738 3000  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:43:45.0741 3000  Apple Mobile Device - ok
23:43:45.0777 3000  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
23:43:45.0780 3000  arc - ok
23:43:45.0791 3000  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:43:45.0794 3000  arcsas - ok
23:43:45.0806 3000  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:43:45.0808 3000  AsyncMac - ok
23:43:45.0840 3000  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
23:43:45.0842 3000  atapi - ok
23:43:45.0898 3000  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:43:45.0910 3000  AudioEndpointBuilder - ok
23:43:45.0926 3000  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:43:45.0933 3000  AudioSrv - ok
23:43:45.0971 3000  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:43:45.0975 3000  AxInstSV - ok
23:43:46.0021 3000  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:43:46.0029 3000  b06bdrv - ok
23:43:46.0071 3000  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:43:46.0076 3000  b57nd60a - ok
23:43:46.0136 3000  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:43:46.0140 3000  BBSvc - ok
23:43:46.0202 3000  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
23:43:46.0226 3000  BCM43XX - ok
23:43:46.0257 3000  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:43:46.0260 3000  BDESVC - ok
23:43:46.0290 3000  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:43:46.0291 3000  Beep - ok
23:43:46.0369 3000  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
23:43:46.0383 3000  BFE - ok
23:43:46.0527 3000  [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys
23:43:46.0553 3000  BHDrvx64 - ok
23:43:46.0754 3000  [ 44E5B5DC6A27EA109B8A234E640BB5FD ] BitGuard        C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
23:43:46.0866 3000  BitGuard - ok
23:43:46.0921 3000  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
23:43:46.0938 3000  BITS - ok
23:43:46.0997 3000  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:43:46.0999 3000  blbdrive - ok
23:43:47.0043 3000  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:43:47.0051 3000  Bonjour Service - ok
23:43:47.0087 3000  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:43:47.0090 3000  bowser - ok
23:43:47.0114 3000  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:43:47.0116 3000  BrFiltLo - ok
23:43:47.0122 3000  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:43:47.0124 3000  BrFiltUp - ok
23:43:47.0156 3000  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
23:43:47.0159 3000  Browser - ok
23:43:47.0193 3000  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:43:47.0199 3000  Brserid - ok
23:43:47.0209 3000  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:43:47.0211 3000  BrSerWdm - ok
23:43:47.0221 3000  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:43:47.0223 3000  BrUsbMdm - ok
23:43:47.0233 3000  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:43:47.0235 3000  BrUsbSer - ok
23:43:47.0247 3000  BTCFilterService - ok
23:43:47.0256 3000  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:43:47.0259 3000  BTHMODEM - ok
23:43:47.0289 3000  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:43:47.0291 3000  bthserv - ok
23:43:47.0323 3000  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:43:47.0325 3000  cdfs - ok
23:43:47.0360 3000  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:43:47.0364 3000  cdrom - ok
23:43:47.0400 3000  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:43:47.0403 3000  CertPropSvc - ok
23:43:47.0434 3000  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
23:43:47.0436 3000  circlass - ok
23:43:47.0467 3000  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:43:47.0475 3000  CLFS - ok
23:43:47.0530 3000  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:43:47.0534 3000  clr_optimization_v2.0.50727_32 - ok
23:43:47.0598 3000  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:43:47.0602 3000  clr_optimization_v2.0.50727_64 - ok
23:43:47.0671 3000  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:43:47.0675 3000  clr_optimization_v4.0.30319_32 - ok
23:43:47.0751 3000  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:43:47.0755 3000  clr_optimization_v4.0.30319_64 - ok
23:43:47.0796 3000  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
23:43:47.0798 3000  clwvd - ok
23:43:47.0829 3000  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:43:47.0831 3000  CmBatt - ok
23:43:47.0867 3000  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:43:47.0869 3000  cmdide - ok
23:43:47.0915 3000  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:43:47.0924 3000  CNG - ok
23:43:47.0963 3000  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:43:47.0965 3000  Compbatt - ok
23:43:47.0987 3000  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:43:47.0989 3000  CompositeBus - ok
23:43:48.0003 3000  COMSysApp - ok
23:43:48.0018 3000  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:43:48.0020 3000  crcdisk - ok
23:43:48.0069 3000  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:43:48.0074 3000  CryptSvc - ok
23:43:48.0117 3000  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:43:48.0129 3000  DcomLaunch - ok
23:43:48.0173 3000  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:43:48.0181 3000  defragsvc - ok
23:43:48.0247 3000  [ 74C1305F6F784A725B0A40D693FF4A09 ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
23:43:48.0250 3000  DeviceMonitorService - ok
23:43:48.0278 3000  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:43:48.0281 3000  DfsC - ok
23:43:48.0318 3000  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:43:48.0325 3000  Dhcp - ok
23:43:48.0345 3000  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:43:48.0346 3000  discache - ok
23:43:48.0379 3000  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
23:43:48.0382 3000  Disk - ok
23:43:48.0403 3000  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:43:48.0407 3000  Dnscache - ok
23:43:48.0446 3000  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:43:48.0452 3000  dot3svc - ok
23:43:48.0472 3000  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
23:43:48.0476 3000  DPS - ok
23:43:48.0509 3000  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:43:48.0510 3000  drmkaud - ok
23:43:48.0577 3000  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:43:48.0594 3000  DXGKrnl - ok
23:43:48.0626 3000  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:43:48.0630 3000  EapHost - ok
23:43:48.0736 3000  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:43:48.0839 3000  ebdrv - ok
23:43:48.0910 3000  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:43:48.0919 3000  eeCtrl - ok
23:43:48.0959 3000  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
23:43:48.0963 3000  EFS - ok
23:43:49.0070 3000  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:43:49.0082 3000  ehRecvr - ok
23:43:49.0099 3000  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:43:49.0101 3000  ehSched - ok
23:43:49.0131 3000  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:43:49.0139 3000  elxstor - ok
23:43:49.0171 3000  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:43:49.0175 3000  EraserUtilRebootDrv - ok
23:43:49.0216 3000  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:43:49.0217 3000  ErrDev - ok
23:43:49.0331 3000  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:43:49.0340 3000  EventSystem - ok
23:43:49.0372 3000  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:43:49.0377 3000  exfat - ok
23:43:49.0598 3000  [ 3773762DB2DF05F721EE01F53ACE38DF ] ExpressInvoiceService C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
23:43:49.0647 3000  ExpressInvoiceService - ok
23:43:49.0673 3000  ezSharedSvc - ok
23:43:49.0702 3000  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:43:49.0706 3000  fastfat - ok
23:43:49.0756 3000  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
23:43:49.0769 3000  Fax - ok
23:43:49.0789 3000  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
23:43:49.0791 3000  fdc - ok
23:43:49.0818 3000  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:43:49.0821 3000  fdPHost - ok
23:43:49.0836 3000  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:43:49.0839 3000  FDResPub - ok
23:43:49.0864 3000  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:43:49.0866 3000  FileInfo - ok
23:43:49.0887 3000  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:43:49.0889 3000  Filetrace - ok
23:43:49.0915 3000  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:43:49.0918 3000  flpydisk - ok
23:43:49.0939 3000  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:43:49.0945 3000  FltMgr - ok
23:43:50.0005 3000  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
23:43:50.0026 3000  FontCache - ok
23:43:50.0064 3000  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:43:50.0067 3000  FontCache3.0.0.0 - ok
23:43:50.0087 3000  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:43:50.0090 3000  FsDepends - ok
23:43:50.0121 3000  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:43:50.0123 3000  Fs_Rec - ok
23:43:50.0165 3000  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:43:50.0169 3000  fvevol - ok
23:43:50.0213 3000  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:43:50.0215 3000  gagp30kx - ok
23:43:50.0281 3000  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:43:50.0286 3000  GamesAppService - ok
23:43:50.0313 3000  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:43:50.0314 3000  GEARAspiWDM - ok
23:43:50.0350 3000  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
23:43:50.0364 3000  gpsvc - ok
23:43:50.0425 3000  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:43:50.0427 3000  gupdate - ok
23:43:50.0433 3000  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:43:50.0435 3000  gupdatem - ok
23:43:50.0451 3000  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:43:50.0453 3000  hcw85cir - ok
23:43:50.0465 3000  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:43:50.0472 3000  HdAudAddService - ok
23:43:50.0501 3000  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:43:50.0504 3000  HDAudBus - ok
23:43:50.0529 3000  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:43:50.0530 3000  HECIx64 - ok
23:43:50.0552 3000  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:43:50.0554 3000  HidBatt - ok
23:43:50.0570 3000  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:43:50.0573 3000  HidBth - ok
23:43:50.0580 3000  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:43:50.0582 3000  HidIr - ok
23:43:50.0648 3000  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
23:43:50.0651 3000  hidserv - ok
23:43:50.0732 3000  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
23:43:50.0733 3000  HidUsb - ok
23:43:50.0779 3000  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:43:50.0782 3000  hkmsvc - ok
23:43:50.0797 3000  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:43:50.0804 3000  HomeGroupListener - ok
23:43:50.0864 3000  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:43:50.0870 3000  HomeGroupProvider - ok
23:43:51.0003 3000  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:43:51.0006 3000  HP Support Assistant Service - ok
23:43:51.0063 3000  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
23:43:51.0069 3000  HPClientSvc - ok
23:43:51.0135 3000  [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv         C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
23:43:51.0152 3000  hpCMSrv - ok
23:43:51.0218 3000  [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:43:51.0222 3000  HPDrvMntSvc.exe - ok
23:43:51.0273 3000  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:43:51.0288 3000  hpqwmiex - ok
23:43:51.0328 3000  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:43:51.0331 3000  HpSAMD - ok
23:43:51.0379 3000  [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:43:51.0380 3000  HPWMISVC - ok
23:43:51.0425 3000  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:43:51.0436 3000  HTTP - ok
23:43:51.0456 3000  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:43:51.0457 3000  hwpolicy - ok
23:43:51.0499 3000  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:43:51.0501 3000  i8042prt - ok
23:43:51.0526 3000  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:43:51.0531 3000  iaStor - ok
23:43:51.0609 3000  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:43:51.0610 3000  IAStorDataMgrSvc - ok
23:43:51.0669 3000  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:43:51.0678 3000  iaStorV - ok
23:43:51.0789 3000  [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
23:43:51.0824 3000  IconMan_R - ok
23:43:51.0886 3000  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:43:51.0898 3000  idsvc - ok
23:43:51.0994 3000  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSvia64.sys
23:43:52.0002 3000  IDSVia64 - ok
23:43:52.0016 3000  IEEtwCollectorService - ok
23:43:52.0407 3000  [ 78527E6A4D78B1153925914C55872BEB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:43:52.0723 3000  igfx - ok
23:43:52.0773 3000  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:43:52.0776 3000  iirsp - ok
23:43:52.0832 3000  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:43:52.0850 3000  IKEEXT - ok
23:43:52.0903 3000  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
23:43:52.0907 3000  Impcd - ok
23:43:52.0967 3000  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:43:52.0974 3000  IntcDAud - ok
23:43:53.0010 3000  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:43:53.0012 3000  intelide - ok
23:43:53.0046 3000  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:43:53.0047 3000  intelppm - ok
23:43:53.0069 3000  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:43:53.0072 3000  IPBusEnum - ok
23:43:53.0098 3000  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:43:53.0101 3000  IpFilterDriver - ok
23:43:53.0142 3000  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:43:53.0154 3000  iphlpsvc - ok
23:43:53.0161 3000  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:43:53.0164 3000  IPMIDRV - ok
23:43:53.0192 3000  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:43:53.0196 3000  IPNAT - ok
23:43:53.0250 3000  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:43:53.0260 3000  iPod Service - ok
23:43:53.0284 3000  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:43:53.0285 3000  IRENUM - ok
23:43:53.0316 3000  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:43:53.0317 3000  isapnp - ok
23:43:53.0342 3000  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:43:53.0348 3000  iScsiPrt - ok
23:43:53.0377 3000  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:43:53.0379 3000  kbdclass - ok
23:43:53.0418 3000  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:43:53.0419 3000  kbdhid - ok
23:43:53.0442 3000  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
23:43:53.0444 3000  KeyIso - ok
23:43:53.0476 3000  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:43:53.0477 3000  KSecDD - ok
23:43:53.0511 3000  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:43:53.0513 3000  KSecPkg - ok
23:43:53.0553 3000  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:43:53.0555 3000  ksthunk - ok
23:43:53.0605 3000  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:43:53.0614 3000  KtmRm - ok
23:43:53.0663 3000  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:43:53.0671 3000  LanmanServer - ok
23:43:53.0696 3000  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:43:53.0701 3000  LanmanWorkstation - ok
23:43:53.0748 3000  Level Quality Watcher - ok
23:43:53.0793 3000  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:43:53.0796 3000  lltdio - ok
23:43:53.0826 3000  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:43:53.0835 3000  lltdsvc - ok
23:43:53.0851 3000  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:43:53.0855 3000  lmhosts - ok
23:43:53.0924 3000  [ 9D8B95C0EAE145C46BC4A727B23DA395 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:43:53.0930 3000  LMS - ok
23:43:53.0968 3000  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:43:53.0971 3000  LSI_FC - ok
23:43:53.0984 3000  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:43:53.0987 3000  LSI_SAS - ok
23:43:53.0995 3000  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:43:53.0998 3000  LSI_SAS2 - ok
23:43:54.0010 3000  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:43:54.0014 3000  LSI_SCSI - ok
23:43:54.0042 3000  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:43:54.0045 3000  luafv - ok
23:43:54.0122 3000  [ B712940A0A11D8C70C36B06135EC3FFA ] lxddCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe
23:43:54.0127 3000  lxddCATSCustConnectService - ok
23:43:54.0136 3000  lxdd_device - ok
23:43:54.0173 3000  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:43:54.0179 3000  Mcx2Svc - ok
23:43:54.0201 3000  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:43:54.0203 3000  megasas - ok
23:43:54.0228 3000  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:43:54.0235 3000  MegaSR - ok
23:43:54.0418 3000  Microsoft SharePoint Workspace Audit Service - ok
23:43:54.0448 3000  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:43:54.0451 3000  MMCSS - ok
23:43:54.0471 3000  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:43:54.0472 3000  Modem - ok
23:43:54.0509 3000  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:43:54.0510 3000  monitor - ok
23:43:54.0536 3000  motccgp - ok
23:43:54.0550 3000  motccgpfl - ok
23:43:54.0565 3000  motmodem - ok
23:43:54.0618 3000  [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper      C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
23:43:54.0622 3000  MotoHelper - ok
23:43:54.0647 3000  MotoSwitchService - ok
23:43:54.0657 3000  Motousbnet - ok
23:43:54.0669 3000  motusbdevice - ok
23:43:54.0686 3000  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:43:54.0688 3000  mouclass - ok
23:43:54.0733 3000  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
23:43:54.0735 3000  mouhid - ok
23:43:54.0754 3000  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:43:54.0756 3000  mountmgr - ok
23:43:54.0772 3000  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:43:54.0776 3000  mpio - ok
23:43:54.0800 3000  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:43:54.0805 3000  mpsdrv - ok
23:43:54.0883 3000  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:43:54.0900 3000  MpsSvc - ok
23:43:54.0958 3000  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:43:54.0962 3000  MRxDAV - ok
23:43:55.0032 3000  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:43:55.0036 3000  mrxsmb - ok
23:43:55.0082 3000  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:43:55.0088 3000  mrxsmb10 - ok
23:43:55.0133 3000  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:43:55.0136 3000  mrxsmb20 - ok
23:43:55.0173 3000  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:43:55.0176 3000  msahci - ok
23:43:55.0202 3000  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:43:55.0205 3000  msdsm - ok
23:43:55.0226 3000  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:43:55.0232 3000  MSDTC - ok
23:43:55.0259 3000  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:43:55.0261 3000  Msfs - ok
23:43:55.0274 3000  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:43:55.0276 3000  mshidkmdf - ok
23:43:55.0290 3000  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:43:55.0292 3000  msisadrv - ok
23:43:55.0332 3000  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:43:55.0338 3000  MSiSCSI - ok
23:43:55.0344 3000  msiserver - ok
23:43:55.0385 3000  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:43:55.0387 3000  MSKSSRV - ok
23:43:55.0395 3000  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:43:55.0397 3000  MSPCLOCK - ok
23:43:55.0410 3000  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:43:55.0412 3000  MSPQM - ok
23:43:55.0436 3000  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:43:55.0443 3000  MsRPC - ok
23:43:55.0473 3000  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:43:55.0475 3000  mssmbios - ok
23:43:55.0495 3000  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:43:55.0497 3000  MSTEE - ok
23:43:55.0506 3000  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:43:55.0507 3000  MTConfig - ok
23:43:55.0534 3000  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:43:55.0537 3000  Mup - ok
23:43:55.0588 3000  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:43:55.0599 3000  napagent - ok
23:43:55.0647 3000  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:43:55.0653 3000  NativeWifiP - ok
23:43:55.0703 3000  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130507.019\ENG64.SYS
23:43:55.0706 3000  NAVENG - ok
23:43:55.0767 3000  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130507.019\EX64.SYS
23:43:55.0799 3000  NAVEX15 - ok
23:43:55.0849 3000  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:43:55.0863 3000  NDIS - ok
23:43:55.0887 3000  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:43:55.0890 3000  NdisCap - ok
23:43:55.0917 3000  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:43:55.0919 3000  NdisTapi - ok
23:43:55.0932 3000  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:43:55.0935 3000  Ndisuio - ok
23:43:55.0948 3000  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:43:55.0952 3000  NdisWan - ok
23:43:55.0982 3000  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:43:55.0984 3000  NDProxy - ok
23:43:56.0011 3000  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:43:56.0013 3000  NetBIOS - ok
23:43:56.0032 3000  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:43:56.0036 3000  NetBT - ok
23:43:56.0049 3000  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
23:43:56.0052 3000  Netlogon - ok
23:43:56.0103 3000  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:43:56.0111 3000  Netman - ok
23:43:56.0124 3000  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:43:56.0134 3000  netprofm - ok
23:43:56.0226 3000  [ 31609B481CC202BFB441E37FEBCDEA05 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
23:43:56.0253 3000  netr28x - ok
23:43:56.0277 3000  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:43:56.0280 3000  NetTcpPortSharing - ok
23:43:56.0323 3000  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:43:56.0325 3000  nfrd960 - ok
23:43:56.0387 3000  [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
23:43:56.0389 3000  NIS - ok
23:43:56.0410 3000  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:43:56.0418 3000  NlaSvc - ok
23:43:56.0435 3000  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:43:56.0436 3000  Npfs - ok
23:43:56.0457 3000  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:43:56.0459 3000  nsi - ok
23:43:56.0479 3000  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:43:56.0481 3000  nsiproxy - ok
23:43:56.0543 3000  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:43:56.0567 3000  Ntfs - ok
23:43:56.0588 3000  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:43:56.0589 3000  Null - ok
23:43:56.0622 3000  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
23:43:56.0631 3000  NVENETFD - ok
23:43:56.0651 3000  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:43:56.0655 3000  nvraid - ok
23:43:56.0697 3000  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:43:56.0702 3000  nvstor - ok
23:43:56.0730 3000  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:43:56.0734 3000  nv_agp - ok
23:43:56.0751 3000  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:43:56.0754 3000  ohci1394 - ok
23:43:56.0789 3000  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:43:56.0793 3000  ose - ok
23:43:56.0954 3000  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:43:57.0081 3000  osppsvc - ok
23:43:57.0124 3000  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:43:57.0132 3000  p2pimsvc - ok
23:43:57.0159 3000  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:43:57.0171 3000  p2psvc - ok
23:43:57.0208 3000  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
23:43:57.0211 3000  Parport - ok
23:43:57.0241 3000  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:43:57.0244 3000  partmgr - ok
23:43:57.0280 3000  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:43:57.0287 3000  PcaSvc - ok
23:43:57.0317 3000  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
23:43:57.0321 3000  pci - ok
23:43:57.0350 3000  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:43:57.0352 3000  pciide - ok
23:43:57.0388 3000  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:43:57.0393 3000  pcmcia - ok
23:43:57.0409 3000  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:43:57.0412 3000  pcw - ok
23:43:57.0440 3000  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:43:57.0453 3000  PEAUTH - ok
23:43:57.0547 3000  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:43:57.0550 3000  PerfHost - ok
23:43:57.0615 3000  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
23:43:57.0640 3000  pla - ok
23:43:57.0684 3000  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:43:57.0693 3000  PlugPlay - ok
23:43:57.0712 3000  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:43:57.0717 3000  PNRPAutoReg - ok
23:43:57.0735 3000  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:43:57.0741 3000  PNRPsvc - ok
23:43:57.0779 3000  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:43:57.0789 3000  PolicyAgent - ok
23:43:57.0829 3000  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:43:57.0835 3000  Power - ok
23:43:57.0877 3000  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:43:57.0881 3000  PptpMiniport - ok
23:43:57.0903 3000  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
23:43:57.0905 3000  Processor - ok
23:43:57.0943 3000  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:43:57.0950 3000  ProfSvc - ok
23:43:57.0971 3000  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
23:43:57.0974 3000  ProtectedStorage - ok
23:43:58.0005 3000  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:43:58.0008 3000  Psched - ok
23:43:58.0062 3000  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:43:58.0086 3000  ql2300 - ok
23:43:58.0107 3000  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:43:58.0110 3000  ql40xx - ok
23:43:58.0134 3000  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:43:58.0140 3000  QWAVE - ok
23:43:58.0160 3000  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:43:58.0162 3000  QWAVEdrv - ok
23:43:58.0187 3000  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:43:58.0189 3000  RasAcd - ok
23:43:58.0219 3000  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:43:58.0221 3000  RasAgileVpn - ok
23:43:58.0251 3000  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:43:58.0255 3000  RasAuto - ok
23:43:58.0284 3000  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:43:58.0287 3000  Rasl2tp - ok
23:43:58.0325 3000  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:43:58.0332 3000  RasMan - ok
23:43:58.0363 3000  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:43:58.0366 3000  RasPppoe - ok
23:43:58.0385 3000  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:43:58.0388 3000  RasSstp - ok
23:43:58.0426 3000  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:43:58.0432 3000  rdbss - ok
23:43:58.0448 3000  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:43:58.0450 3000  rdpbus - ok
23:43:58.0469 3000  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:43:58.0471 3000  RDPCDD - ok
23:43:58.0489 3000  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:43:58.0491 3000  RDPENCDD - ok
23:43:58.0508 3000  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:43:58.0510 3000  RDPREFMP - ok
23:43:58.0540 3000  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:43:58.0543 3000  RDPWD - ok
23:43:58.0571 3000  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:43:58.0575 3000  rdyboost - ok
23:43:58.0599 3000  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:43:58.0603 3000  RemoteAccess - ok
23:43:58.0636 3000  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:43:58.0641 3000  RemoteRegistry - ok
23:43:58.0700 3000  [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
23:43:58.0707 3000  RoxioNow Service - ok
23:43:58.0731 3000  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:43:58.0734 3000  RpcEptMapper - ok
23:43:58.0768 3000  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:43:58.0770 3000  RpcLocator - ok
23:43:58.0806 3000  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
23:43:58.0821 3000  RpcSs - ok
23:43:58.0865 3000  [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
23:43:58.0871 3000  RSPCIESTOR - ok
23:43:58.0904 3000  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:43:58.0906 3000  rspndr - ok
23:43:58.0955 3000  [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:43:58.0962 3000  RTL8167 - ok
23:43:58.0982 3000  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
23:43:58.0984 3000  SamSs - ok
23:43:59.0017 3000  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:43:59.0020 3000  sbp2port - ok
23:43:59.0042 3000  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:43:59.0048 3000  SCardSvr - ok
23:43:59.0064 3000  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:43:59.0066 3000  scfilter - ok
23:43:59.0097 3000  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:43:59.0115 3000  Schedule - ok
23:43:59.0145 3000  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:43:59.0147 3000  SCPolicySvc - ok
23:43:59.0181 3000  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
23:43:59.0184 3000  sdbus - ok
23:43:59.0209 3000  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:43:59.0214 3000  SDRSVC - ok
23:43:59.0270 3000  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:43:59.0273 3000  SeaPort - ok
23:43:59.0299 3000  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:43:59.0301 3000  secdrv - ok
23:43:59.0324 3000  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:43:59.0327 3000  seclogon - ok
23:43:59.0342 3000  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
23:43:59.0346 3000  SENS - ok
23:43:59.0388 3000  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:43:59.0390 3000  SensrSvc - ok
23:43:59.0403 3000  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:43:59.0405 3000  Serenum - ok
23:43:59.0429 3000  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
23:43:59.0431 3000  Serial - ok
23:43:59.0440 3000  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:43:59.0442 3000  sermouse - ok
23:43:59.0474 3000  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:43:59.0479 3000  SessionEnv - ok
23:43:59.0484 3000  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:43:59.0486 3000  sffdisk - ok
23:43:59.0492 3000  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:43:59.0494 3000  sffp_mmc - ok
23:43:59.0500 3000  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:43:59.0501 3000  sffp_sd - ok
23:43:59.0507 3000  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:43:59.0509 3000  sfloppy - ok
23:43:59.0550 3000  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:43:59.0557 3000  SharedAccess - ok
23:43:59.0585 3000  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:43:59.0594 3000  ShellHWDetection - ok
23:43:59.0642 3000  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:43:59.0644 3000  SiSRaid2 - ok
23:43:59.0650 3000  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:43:59.0653 3000  SiSRaid4 - ok
23:43:59.0713 3000  [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:43:59.0716 3000  SkypeUpdate - ok
23:43:59.0748 3000  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:43:59.0750 3000  Smb - ok
23:43:59.0789 3000  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:43:59.0792 3000  SNMPTRAP - ok
23:43:59.0808 3000  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:43:59.0811 3000  spldr - ok
23:43:59.0853 3000  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
23:43:59.0867 3000  Spooler - ok
23:43:59.0990 3000  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:44:00.0085 3000  sppsvc - ok
23:44:00.0116 3000  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:44:00.0122 3000  sppuinotify - ok
23:44:00.0187 3000  [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP           C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
23:44:00.0202 3000  SRTSP - ok
23:44:00.0234 3000  [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX          C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
23:44:00.0237 3000  SRTSPX - ok
23:44:00.0276 3000  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:44:00.0285 3000  srv - ok
23:44:00.0312 3000  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:44:00.0321 3000  srv2 - ok
23:44:00.0355 3000  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:44:00.0362 3000  SrvHsfHDA - ok
23:44:00.0410 3000  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:44:00.0435 3000  SrvHsfV92 - ok
23:44:00.0455 3000  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:44:00.0470 3000  SrvHsfWinac - ok
23:44:00.0501 3000  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:44:00.0506 3000  srvnet - ok
23:44:00.0553 3000  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:44:00.0561 3000  SSDPSRV - ok
23:44:00.0575 3000  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:44:00.0581 3000  SstpSvc - ok
23:44:00.0639 3000  [ 54DE4331FBCFABCDFDA5C845F856D848 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
23:44:00.0645 3000  STacSV - ok
23:44:00.0671 3000  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:44:00.0674 3000  stexstor - ok
23:44:00.0724 3000  [ 400EBAC444D0622CB0F7FBA23B234B82 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
23:44:00.0738 3000  STHDA - ok
23:44:00.0779 3000  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:44:00.0793 3000  stisvc - ok
23:44:00.0829 3000  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:44:00.0831 3000  swenum - ok
23:44:00.0888 3000  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:44:00.0898 3000  SwitchBoard - ok
23:44:00.0949 3000  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:44:00.0960 3000  swprv - ok
23:44:00.0981 3000  [ 6160145C7A87FC7672E8E3B886888176 ] SymDS           C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
23:44:00.0990 3000  SymDS - ok
23:44:01.0035 3000  [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA          C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
23:44:01.0049 3000  SymEFA - ok
23:44:01.0082 3000  [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:44:01.0086 3000  SymEvent - ok
23:44:01.0112 3000  [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON         C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
23:44:01.0115 3000  SymIRON - ok
23:44:01.0141 3000  [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS         C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
23:44:01.0149 3000  SymNetS - ok
23:44:01.0221 3000  [ 08425CD92972C6430F350A9697F4A553 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:44:01.0243 3000  SynTP - ok
23:44:01.0305 3000  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
23:44:01.0332 3000  SysMain - ok
23:44:01.0341 3000  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:44:01.0348 3000  TabletInputService - ok
23:44:01.0359 3000  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:44:01.0368 3000  TapiSrv - ok
23:44:01.0389 3000  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:44:01.0392 3000  TBS - ok
23:44:01.0485 3000  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:44:01.0514 3000  Tcpip - ok
23:44:01.0575 3000  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:44:01.0595 3000  TCPIP6 - ok
23:44:01.0633 3000  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:44:01.0634 3000  tcpipreg - ok
23:44:01.0667 3000  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:44:01.0669 3000  TDPIPE - ok
23:44:01.0695 3000  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:44:01.0696 3000  TDTCP - ok
23:44:01.0727 3000  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:44:01.0730 3000  tdx - ok
23:44:01.0746 3000  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:44:01.0748 3000  TermDD - ok
23:44:01.0792 3000  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
23:44:01.0810 3000  TermService - ok
23:44:01.0824 3000  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:44:01.0830 3000  Themes - ok
23:44:01.0870 3000  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:44:01.0872 3000  THREADORDER - ok
23:44:01.0901 3000  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:44:01.0906 3000  TrkWks - ok
23:44:01.0944 3000  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:44:01.0947 3000  TrustedInstaller - ok
23:44:01.0977 3000  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:44:01.0979 3000  tssecsrv - ok
23:44:02.0020 3000  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:44:02.0022 3000  TsUsbFlt - ok
23:44:02.0040 3000  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:44:02.0041 3000  TsUsbGD - ok
23:44:02.0065 3000  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:44:02.0068 3000  tunnel - ok
23:44:02.0079 3000  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:44:02.0081 3000  uagp35 - ok
23:44:02.0100 3000  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:44:02.0106 3000  udfs - ok
23:44:02.0139 3000  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:44:02.0143 3000  UI0Detect - ok
23:44:02.0176 3000  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:44:02.0179 3000  uliagpkx - ok
23:44:02.0209 3000  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:44:02.0211 3000  umbus - ok
23:44:02.0222 3000  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:44:02.0223 3000  UmPass - ok
23:44:02.0360 3000  [ 0B0B9F55B12767A755932C26B5FED715 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:44:02.0397 3000  UNS - ok
23:44:02.0431 3000  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:44:02.0438 3000  upnphost - ok
23:44:02.0478 3000  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:44:02.0481 3000  USBAAPL64 - ok
23:44:02.0501 3000  [ ACCEA6BC68D0C9A78EB97EE159028B4E ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:44:02.0504 3000  usbccgp - ok
23:44:02.0549 3000  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:44:02.0551 3000  usbcir - ok
23:44:02.0585 3000  [ 311C1DD1088E55BEAE15954D17F50646 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:44:02.0588 3000  usbehci - ok
23:44:02.0634 3000  [ 280E90CBF4B2DDD169F0728CB44D726F ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:44:02.0639 3000  usbhub - ok
23:44:02.0676 3000  [ 9406D801042FAF859CF81B2C886413DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:44:02.0677 3000  usbohci - ok
23:44:02.0718 3000  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:44:02.0719 3000  usbprint - ok
23:44:02.0776 3000  [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
23:44:02.0777 3000  usbscan - ok
23:44:02.0812 3000  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:44:02.0815 3000  USBSTOR - ok
23:44:02.0864 3000  [ A83D0EC9AE4C31704442099D40BA2471 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:44:02.0866 3000  usbuhci - ok
23:44:02.0913 3000  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:44:02.0917 3000  usbvideo - ok
23:44:02.0949 3000  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:44:02.0953 3000  UxSms - ok
23:44:02.0971 3000  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
23:44:02.0974 3000  VaultSvc - ok
23:44:02.0990 3000  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:44:02.0992 3000  vdrvroot - ok
23:44:03.0035 3000  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
23:44:03.0051 3000  vds - ok
23:44:03.0071 3000  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:44:03.0074 3000  vga - ok
23:44:03.0089 3000  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:44:03.0091 3000  VgaSave - ok
23:44:03.0110 3000  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:44:03.0116 3000  vhdmp - ok
23:44:03.0142 3000  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:44:03.0145 3000  viaide - ok
23:44:03.0178 3000  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:44:03.0182 3000  volmgr - ok
23:44:03.0219 3000  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:44:03.0231 3000  volmgrx - ok
23:44:03.0247 3000  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:44:03.0254 3000  volsnap - ok
23:44:03.0282 3000  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:44:03.0287 3000  vsmraid - ok
23:44:03.0353 3000  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
23:44:03.0388 3000  VSS - ok
23:44:03.0433 3000  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:44:03.0435 3000  vwifibus - ok
23:44:03.0464 3000  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:44:03.0467 3000  vwififlt - ok
23:44:03.0507 3000  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:44:03.0517 3000  W32Time - ok
23:44:03.0545 3000  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:44:03.0548 3000  WacomPen - ok
23:44:03.0580 3000  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:44:03.0584 3000  WANARP - ok
23:44:03.0593 3000  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:44:03.0595 3000  Wanarpv6 - ok
23:44:03.0697 3000  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:44:03.0722 3000  WatAdminSvc - ok
23:44:03.0793 3000  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:44:03.0824 3000  wbengine - ok
23:44:03.0864 3000  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:44:03.0873 3000  WbioSrvc - ok
23:44:03.0932 3000  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:44:03.0945 3000  wcncsvc - ok
23:44:03.0975 3000  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:44:03.0982 3000  WcsPlugInService - ok
23:44:04.0039 3000  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
23:44:04.0041 3000  Wd - ok
23:44:04.0107 3000  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:44:04.0120 3000  Wdf01000 - ok
23:44:04.0150 3000  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:44:04.0154 3000  WdiServiceHost - ok
23:44:04.0161 3000  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:44:04.0166 3000  WdiSystemHost - ok
23:44:04.0202 3000  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
23:44:04.0210 3000  WebClient - ok
23:44:04.0240 3000  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:44:04.0250 3000  Wecsvc - ok
23:44:04.0363 3000  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:44:04.0368 3000  wercplsupport - ok
23:44:04.0407 3000  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:44:04.0412 3000  WerSvc - ok
23:44:04.0433 3000  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:44:04.0435 3000  WfpLwf - ok
23:44:04.0458 3000  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:44:04.0460 3000  WIMMount - ok
23:44:04.0488 3000  WinDefend - ok
23:44:04.0504 3000  WinHttpAutoProxySvc - ok
23:44:04.0564 3000  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:44:04.0569 3000  Winmgmt - ok
23:44:04.0667 3000  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
23:44:04.0708 3000  WinRM - ok
23:44:04.0775 3000  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:44:04.0778 3000  WinUsb - ok
23:44:04.0826 3000  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:44:04.0846 3000  Wlansvc - ok
23:44:04.0904 3000  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:44:04.0906 3000  wlcrasvc - ok
23:44:04.0983 3000  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:44:05.0020 3000  wlidsvc - ok
23:44:05.0042 3000  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:44:05.0044 3000  WmiAcpi - ok
23:44:05.0075 3000  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:44:05.0080 3000  wmiApSrv - ok
23:44:05.0113 3000  WMPNetworkSvc - ok
23:44:05.0144 3000  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:44:05.0150 3000  WPCSvc - ok
23:44:05.0166 3000  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:44:05.0174 3000  WPDBusEnum - ok
23:44:05.0203 3000  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:44:05.0205 3000  ws2ifsl - ok
23:44:05.0236 3000  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
23:44:05.0243 3000  wscsvc - ok
23:44:05.0252 3000  WSearch - ok
23:44:05.0354 3000  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:44:05.0398 3000  wuauserv - ok
23:44:05.0426 3000  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:44:05.0428 3000  WudfPf - ok
23:44:05.0459 3000  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:44:05.0464 3000  WUDFRd - ok
23:44:05.0496 3000  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:44:05.0500 3000  wudfsvc - ok
23:44:05.0532 3000  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:44:05.0540 3000  WwanSvc - ok
23:44:05.0565 3000  ================ Scan global ===============================
23:44:05.0590 3000  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:44:05.0642 3000  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
23:44:05.0661 3000  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
23:44:05.0700 3000  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:44:05.0724 3000  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:44:05.0733 3000  [Global] - ok
23:44:05.0739 3000  ================ Scan MBR ==================================
23:44:05.0749 3000  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:44:06.0007 3000  \Device\Harddisk0\DR0 - ok
23:44:06.0009 3000  ================ Scan VBR ==================================
23:44:06.0026 3000  [ 70811275E37718DD2764D08885E63538 ] \Device\Harddisk0\DR0\Partition1
23:44:06.0030 3000  \Device\Harddisk0\DR0\Partition1 - ok
23:44:06.0047 3000  [ 85CCD80ECDBAA7FB0CD7FF59D11A86FE ] \Device\Harddisk0\DR0\Partition2
23:44:06.0050 3000  \Device\Harddisk0\DR0\Partition2 - ok
23:44:06.0080 3000  [ 55A745135FFCC5D9794CA11B1C100B3D ] \Device\Harddisk0\DR0\Partition3
23:44:06.0083 3000  \Device\Harddisk0\DR0\Partition3 - ok
23:44:06.0098 3000  [ F55C4B1C759F289E625A2B5B1C092937 ] \Device\Harddisk0\DR0\Partition4
23:44:06.0099 3000  \Device\Harddisk0\DR0\Partition4 - ok
23:44:06.0100 3000  ============================================================
23:44:06.0100 3000  Scan finished
23:44:06.0100 3000  ============================================================
23:44:06.0119 6188  Detected object count: 0
23:44:06.0120 6188  Actual detected object count: 0
 

Attached Files



#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 December 2013 - 06:33 AM

Hi,
 
Ok so we have quite a bit to do here so this may take more than one pass.  I appreciate your patience while we are working.  :)
 
ComboFix

Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.



--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Posted Image
 
 

#5 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 17 December 2013 - 08:40 PM

Hey Jeff,

 

Here's the report. Everything labeled "Classified\Cal and Me" I want to keep.

 

ComboFix 13-12-17.02 - Sierra Larson 12/17/2013  20:24:29.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1433 [GMT -5:00]
Running from: c:\users\Sierra Larson\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\classified
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg
c:\classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip
c:\classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg
c:\classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg
c:\classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg
c:\classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg
c:\classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 050.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 051.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 052.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 053.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 054.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 055.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 056.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 057.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 058.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 059.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 060.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 061.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 062.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 063.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 064.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 065.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 066.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 067.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 068.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 069.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 070.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 071.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 072.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 073.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 074.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 075.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 076.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 077.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 078.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 079.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 080.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 081.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 082.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 083.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 084.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 085.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 086.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 087.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 088.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 089.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 090.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 091.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 092.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 093 (2).jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 093.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 094.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 095.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 096.jpg
c:\classified\Cal and Me\2012-04-29 002 2012-04-29 001.jpg
c:\classified\Cal and Me\2012-04-29 002 2012-04-29 003.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 002.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 006.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 007.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 008.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 009.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 010.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 011.jpg
c:\classified\Cal and Me\2012-06-21 001 2012-06-21 010.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 001.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 002.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 003.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 004.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 005.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 016.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 025.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 001.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 002.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 003.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 004.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 005.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 006.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 007.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 008.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 009.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 010.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 011.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 012.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 013.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 014.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 015.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 016.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 017.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 018.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 019.jpg
c:\classified\Cal and Me\badboy.jpg
c:\classified\Cal and Me\Boondock Saints.jpg
c:\classified\Cal and Me\Pic 10.jpg
c:\classified\Cal and Me\Pic 11.jpg
c:\classified\Cal and Me\Pic 12.jpg
c:\classified\Cal and Me\Pic 13.jpg
c:\classified\Cal and Me\Pic 14.jpg
c:\classified\Cal and Me\Pic 3.1.jpg
c:\classified\Cal and Me\Pic 3.jpg
c:\classified\Cal and Me\Pic 4.jpg
c:\classified\Cal and Me\Pic 5.jpg
c:\classified\Cal and Me\Pic 6.jpg
c:\classified\Cal and Me\Pic 7.jpg
c:\classified\Cal and Me\Pic 8.jpg
c:\classified\Cal and Me\Pic 9.jpg
c:\classified\Cal and Me\Pics Folder 1.zip
c:\classified\Cal and Me\Pics Folder 2.zip
c:\classified\Cal and Me\Proposal.jpg
c:\classified\Cal and Me\ring 1.jpg
c:\classified\Cal and Me\ring 10.jpg
c:\classified\Cal and Me\ring 11.jpg
c:\classified\Cal and Me\ring 12.jpg
c:\classified\Cal and Me\ring 13.jpg
c:\classified\Cal and Me\ring 2.png
c:\classified\Cal and Me\ring 3.png
c:\classified\Cal and Me\ring 4.jpg
c:\classified\Cal and Me\ring 5.jpg
c:\classified\Cal and Me\ring 6.jpg
c:\classified\Cal and Me\ring 7.jpg
c:\classified\Cal and Me\ring 8.jpg
c:\classified\Cal and Me\ring 9.jpg
c:\classified\Cal and Me\Wedding (2).jpg
c:\classified\Cal and Me\wedding 1.jpg
c:\classified\Cal and Me\Wedding.jpg
c:\classified\Cal and Me\Weekend at Westpoint April '12.zip
c:\classified\Cal and Me\WP '12.jpg
c:\classified\Cal and Me\WP 2012 Friends.jpg
c:\classified\Cal and Me\WP 2012.jpg
c:\program files (x86)\24x7Help
c:\program files (x86)\24x7Help\unins000.dat
c:\program files (x86)\24x7Help\unins000.msg
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\ScorpionSaver
c:\program files (x86)\ScorpionSaver\CustomActionInstall
c:\program files (x86)\ScorpionSaver\CustomActionUninstall
c:\program files (x86)\ScorpionSaver\ff_addon_runner.js
c:\program files (x86)\ScorpionSaver\ff_addonkit_page-mod.js
c:\program files (x86)\ScorpionSaver\ff_addonkit_private-browsing.js
c:\program files (x86)\ScorpionSaver\ff_addonkit_request.js
c:\program files (x86)\ScorpionSaver\ff_addonkit_windows.js
c:\program files (x86)\ScorpionSaver\ff_base_api-utils.js
c:\program files (x86)\ScorpionSaver\ff_base_base64.js
c:\program files (x86)\ScorpionSaver\ff_base_byte-streams.js
c:\program files (x86)\ScorpionSaver\ff_base_collection.js
c:\program files (x86)\ScorpionSaver\ff_base_content.js
c:\program files (x86)\ScorpionSaver\ff_base_cortex.js
c:\program files (x86)\ScorpionSaver\ff_base_cuddlefish.js
c:\program files (x86)\ScorpionSaver\ff_base_deprecate.js
c:\program files (x86)\ScorpionSaver\ff_base_environment.js
c:\program files (x86)\ScorpionSaver\ff_base_errors.js
c:\program files (x86)\ScorpionSaver\ff_base_events.js
c:\program files (x86)\ScorpionSaver\ff_base_file.js
c:\program files (x86)\ScorpionSaver\ff_base_functional.js
c:\program files (x86)\ScorpionSaver\ff_base_globals.js
c:\program files (x86)\ScorpionSaver\ff_base_heritage.js
c:\program files (x86)\ScorpionSaver\ff_base_hidden-frame.js
c:\program files (x86)\ScorpionSaver\ff_base_light-traits.js
c:\program files (x86)\ScorpionSaver\ff_base_list.js
c:\program files (x86)\ScorpionSaver\ff_base_loader.js
c:\program files (x86)\ScorpionSaver\ff_base_match-pattern.js
c:\program files (x86)\ScorpionSaver\ff_base_memory.js
c:\program files (x86)\ScorpionSaver\ff_base_namespace.js
c:\program files (x86)\ScorpionSaver\ff_base_observer-service.js
c:\program files (x86)\ScorpionSaver\ff_base_plain-text-console.js
c:\program files (x86)\ScorpionSaver\ff_base_preferences-service.js
c:\program files (x86)\ScorpionSaver\ff_base_promise.js
c:\program files (x86)\ScorpionSaver\ff_base_querystring.js
c:\program files (x86)\ScorpionSaver\ff_base_runtime.js
c:\program files (x86)\ScorpionSaver\ff_base_sandbox.js
c:\program files (x86)\ScorpionSaver\ff_base_self.js
c:\program files (x86)\ScorpionSaver\ff_base_system.js
c:\program files (x86)\ScorpionSaver\ff_base_text-streams.js
c:\program files (x86)\ScorpionSaver\ff_base_timer.js
c:\program files (x86)\ScorpionSaver\ff_base_traceback.js
c:\program files (x86)\ScorpionSaver\ff_base_traits.js
c:\program files (x86)\ScorpionSaver\ff_base_unload.js
c:\program files (x86)\ScorpionSaver\ff_base_url.js
c:\program files (x86)\ScorpionSaver\ff_base_uuid.js
c:\program files (x86)\ScorpionSaver\ff_base_window-utils.js
c:\program files (x86)\ScorpionSaver\ff_base_xhr.js
c:\program files (x86)\ScorpionSaver\ff_base_xpcom.js
c:\program files (x86)\ScorpionSaver\ff_base_xul-app.js
c:\program files (x86)\ScorpionSaver\ff_bootstrap.js
c:\program files (x86)\ScorpionSaver\ff_content_content-proxy.js
c:\program files (x86)\ScorpionSaver\ff_content_content-worker.js
c:\program files (x86)\ScorpionSaver\ff_content_loader.js
c:\program files (x86)\ScorpionSaver\ff_content_symbiont.js
c:\program files (x86)\ScorpionSaver\ff_content_worker.js
c:\program files (x86)\ScorpionSaver\ff_dom_events.js
c:\program files (x86)\ScorpionSaver\ff_event_core.js
c:\program files (x86)\ScorpionSaver\ff_event_target.js
c:\program files (x86)\ScorpionSaver\ff_events_assembler.js
c:\program files (x86)\ScorpionSaver\ff_harness-options.json
c:\program files (x86)\ScorpionSaver\ff_icon.png
c:\program files (x86)\ScorpionSaver\ff_icon64.png
c:\program files (x86)\ScorpionSaver\ff_install.rdf
c:\program files (x86)\ScorpionSaver\ff_l10n_core.js
c:\program files (x86)\ScorpionSaver\ff_l10n_html.js
c:\program files (x86)\ScorpionSaver\ff_l10n_loader.js
c:\program files (x86)\ScorpionSaver\ff_l10n_locale.js
c:\program files (x86)\ScorpionSaver\ff_l10n_prefs.js
c:\program files (x86)\ScorpionSaver\ff_locales.json
c:\program files (x86)\ScorpionSaver\ff_main.js
c:\program files (x86)\ScorpionSaver\ff_main.js.old
c:\program files (x86)\ScorpionSaver\ff_prefs.js
c:\program files (x86)\ScorpionSaver\ff_privatebrowsing_utils.js
c:\program files (x86)\ScorpionSaver\ff_system_events.js
c:\program files (x86)\ScorpionSaver\ff_tabs_events.js
c:\program files (x86)\ScorpionSaver\ff_tabs_observer.js
c:\program files (x86)\ScorpionSaver\ff_tabs_tab.js
c:\program files (x86)\ScorpionSaver\ff_tabs_utils.js
c:\program files (x86)\ScorpionSaver\ff_traits_core.js
c:\program files (x86)\ScorpionSaver\ff_utils_data.js
c:\program files (x86)\ScorpionSaver\ff_utils_object.js
c:\program files (x86)\ScorpionSaver\ff_utils_registry.js
c:\program files (x86)\ScorpionSaver\ff_utils_thumbnail.js
c:\program files (x86)\ScorpionSaver\ff_window_utils.js
c:\program files (x86)\ScorpionSaver\ff_windows_dom.js
c:\program files (x86)\ScorpionSaver\ff_windows_loader.js
c:\program files (x86)\ScorpionSaver\ff_windows_observer.js
c:\program files (x86)\ScorpionSaver\ff_windows_tabs.js
c:\program files (x86)\ScorpionSaver\IECore.dll
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml
c:\program files (x86)\ScorpionSaver\SendJson.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\24x7Help.org.url
c:\users\Sierra Larson\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5D537198-D8EA-49AE-9C3B-BA41A711E252}.xps
c:\users\Sierra Larson\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63385306-0B40-4091-B949-66FEDA0BF1D1}.xps
c:\users\Sierra Larson\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BCEF22E-BCE2-4305-80E6-73367507C959}.xps
c:\users\Sierra Larson\Documents\~WRL0401.tmp
c:\users\Sierra Larson\Documents\~WRL0663.tmp
c:\users\Sierra Larson\Documents\~WRL0667.tmp
c:\users\Sierra Larson\Documents\~WRL1061.tmp
c:\users\Sierra Larson\Documents\~WRL1487.tmp
c:\users\Sierra Larson\Documents\~WRL2005.tmp
c:\users\Sierra Larson\Documents\~WRL2677.tmp
c:\users\Sierra Larson\Documents\~WRL2764.tmp
c:\users\Sierra Larson\Documents\~WRL3436.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdpeakProxy
-------\Service_Level Quality Watcher
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-18 to 2013-12-18  )))))))))))))))))))))))))))))))
.
.
2013-12-18 01:43 . 2013-12-18 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-17 05:07 . 2013-12-17 05:10 -------- d-----w- C:\AdwCleaner
2013-12-17 04:57 . 2013-12-17 04:57 -------- d-----w- c:\program files (x86)\OpenIt
2013-12-15 18:03 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-15 05:13 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-15 05:13 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-15 05:13 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-15 05:11 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-15 05:11 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-15 05:08 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-15 05:08 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-15 05:03 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-15 05:03 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-15 05:03 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-15 05:03 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-15 04:57 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-15 04:57 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-15 04:57 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-15 04:57 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-15 04:57 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-15 04:57 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-14 20:30 . 2013-12-15 13:39 -------- d-----w- c:\programdata\TubeDimmer
2013-12-12 13:45 . 2013-12-12 13:45 -------- d-----w- c:\program files\ScorpionSaver Services
2013-12-11 05:12 . 2009-07-14 01:14 1397248 ----a-w- c:\windows\SysWow64\win_utilman.exe
2013-12-11 05:12 . 2013-12-11 05:12 -------- d-----w- c:\users\Sierra Larson\AppData\Roaming\_MDLogs
2013-11-30 01:46 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-30 01:41 . 2013-11-30 01:41 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-30 01:33 . 2013-10-16 15:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll
2013-11-30 01:33 . 2013-10-16 15:18 338944 ----a-w- c:\windows\SysWow64\AdpeakProxy.dll
2013-11-27 05:37 . 2013-11-27 05:37 -------- d-----w- c:\program files\Level Quality Watcher
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 02:30 . 2013-11-13 22:18 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 22:18 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 22:18 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 22:18 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 22:18 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-14 01:23 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 01:23 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 01:13 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 01:13 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 01:13 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 01:13 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 01:13 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 01:13 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 22:19 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 22:19 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-14 00:03 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-14 00:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-14 00:38 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-14 00:38 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-14 00:38 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-14 00:38 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-14 00:38 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-14 00:38 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-14 00:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-14 00:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-14 00:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-14 00:38 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-14 00:38 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-14 00:38 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}"= "c:\users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport.dll" [2013-11-04 11520]
.
[HKEY_CLASSES_ROOT\clsid\{7c8d4a29-2dc9-4970-83b8-1e51b961e00f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20588704]
"Updater"="c:\programdata\Updater\updater.exe" [2013-09-25 297336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Updater"="c:\programdata\Updater\Updater.exe" [2013-09-25 297336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BitGuard\271832~1.68\{C16C1~1\BitGuard.dll
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxddserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe;c:\windows\SYSNATIVE\lxddcoms.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-11 04:32 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 01:20]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 01:20]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565193607-854521613-1741241799-1001Core.job
- c:\users\Sierra Larson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-03 01:20]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565193607-854521613-1741241799-1001UA.job
- c:\users\Sierra Larson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-03 01:20]
.
2013-11-19 c:\windows\Tasks\HPCeeScheduleForSIERRALARSON-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}"= "c:\users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport64.dll" [2013-11-04 12032]
.
[HKEY_CLASSES_ROOT\CLSID\{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.findwide.com/?guid={CB53F4A3-220D-404C-A77A-C705DF790135}&serpv=22
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10AD2C61-0898-4348-8600-14A342F22AC3} - c:\program files (x86)\ScorpionSaver\IECore.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\schtasks.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\programdata\RHelpers\ChromeHelper\ChromeHelper.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\programdata\RHelpers\FireFoxHelper\FireFoxHelper.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\programdata\RHelpers\IEHelper\IeHelper.exe
.
**************************************************************************
.
Completion time: 2013-12-17  21:01:25 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-18 02:01
.
Pre-Run: 389,113,868,288 bytes free
Post-Run: 389,006,213,120 bytes free
.
- - End Of File - - FF76C2945E3980EED4190BDFEED1560B


#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 December 2013 - 06:36 AM

Ok looks like there were a bunch of pictures that were removed??  It looks as though they were saved in your C:/ directory and that is why they were removed.  We can fix this but what I would like for you to do is to create a new folder on your Desktop and name it whatever you like.  Once we restore those pictures, I want you to put them all in that folder so that they won't be removed again....ok?  :)
 
Please go to the file here >> C:\Qoobox\ComboFix-quarantined-files.txt 
 
Post that file to your next reply.  :)


Posted Image
 
 

#7 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 18 December 2013 - 09:02 PM

Hi Jeff, 

 

Yes, thanks, I would like to restore those files. Yes, they are pictures.

 

I've attached the file requested below. What should I do next?

Attached Files



#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 December 2013 - 07:00 AM

Hi,
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::

    Dequarantine::
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\WP 2012.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\WP 2012 Friends.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\WP '12.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Weekend at Westpoint April '12.zip.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Wedding.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\wedding 1.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Wedding (2).jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 9.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 8.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 7.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 6.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 5.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 4.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 3.png.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 13.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 2.png.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 12.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 10.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 11.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\ring 1.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Proposal.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pics Folder 2.zip.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pics Folder 1.zip.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 9.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 8.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 7.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 6.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 5.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 4.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 3.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 3.1.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 14.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 13.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 12.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 11.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Pic 10.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\Boondock Saints.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 019.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\badboy.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 018.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 017.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 016.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 015.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 014.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 013.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 012.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 011.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 009.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 006.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 004.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-08-02 001 2012-08-02 001.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 016.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 025.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 004.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-21 001 2012-06-21 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-06-24 001 2012-06-24 001.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 011.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 009.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 006.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-05-01 001 2012-05-01 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 002 2012-04-29 001.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 002 2012-04-29 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 096.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 095.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 094.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 093.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 093 (2).jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 091.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 092.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 090.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 088.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 089.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 087.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 086.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 084.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 085.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 083.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 082.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 080.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 081.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 079.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 078.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 076.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 077.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 074.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 075.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 072.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 073.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 071.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 069.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 070.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 068.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 066.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 067.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 065.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 063.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 064.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 062.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 059.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 060.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 061.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 058.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 057.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 055.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 056.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 054.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 053.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 052.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 050.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 051.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg.vir
    C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg.vir

    DDS::
    uStart Page = hxxp://search.findwide.com/?guid={CB53F4A3-220D-404C-A77A-C705DF790135}&serpv=22
    uInternet Settings,ProxyOverride = *.local;192.168.*.*

    File::
    c:\windows\system32\AdpeakProxy64.dll
    c:\windows\SysWow64\AdpeakProxy.dll

    Folder::
    c:\program files\ScorpionSaver Services

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know if you got your pictures back and how your system is running now.  :)


Posted Image
 
 

#9 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 19 December 2013 - 09:36 AM

Hey, I ran everything, then did a seach of my computer for the files, but I couldn't find them. Where would they be, and what would they be under? Here's the log:

 

C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip.vir -> C:\Classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg.vir -> C:\Classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg.vir -> C:\Classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg.vir -> C:\Classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg.vir -> C:\Classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg.vir -> C:\Classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 050.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 050.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 051.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 051.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 052.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 052.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 053.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 053.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 054.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 054.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 055.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 055.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 056.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 056.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 057.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 057.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 058.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 058.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 059.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 059.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 060.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 060.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 061.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 061.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 062.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 062.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 063.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 063.jpg


#10 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 19 December 2013 - 09:39 AM

The pictures are still under C:/Qoobox/Quarantine/C/Classified/Cal and Me, marked as ".vir". 


    Advertisements

Register to Remove


#11 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 December 2013 - 09:59 AM

Hi,

 

Check in your C:/ folder and there should be a new folder named Classified like it was before?  Let me know if they are there.  :)


Posted Image
 
 

#12 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 19 December 2013 - 10:20 AM

Hey,

 

It's not there. I ran the log again, this is what it said:

 

ComboFix 13-12-18.01 - Sierra Larson 12/19/2013  10:51:13.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1330 [GMT -5:00]
Running from: c:\users\Sierra Larson\Downloads\ComboFix.exe
Command switches used :: c:\users\Sierra Larson\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\AdpeakProxy64.dll"
"c:\windows\SysWow64\AdpeakProxy.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\classified
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg
c:\classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip
c:\classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg
c:\classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg
c:\classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg
c:\classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg
c:\classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 050.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 051.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 052.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 053.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 054.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 055.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 056.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 057.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 058.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 059.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 060.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 061.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 062.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 063.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 064.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 065.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 066.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 067.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 068.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 069.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 070.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 071.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 072.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 073.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 074.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 075.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 076.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 077.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 078.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 079.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 080.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 081.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 082.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 083.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 084.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 085.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 086.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 087.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 088.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 089.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 090.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 091.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 092.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 093 (2).jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 093.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 094.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 095.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 096.jpg
c:\classified\Cal and Me\2012-04-29 002 2012-04-29 001.jpg
c:\classified\Cal and Me\2012-04-29 002 2012-04-29 003.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 002.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 006.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 007.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 008.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 009.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 010.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 011.jpg
c:\classified\Cal and Me\2012-06-21 001 2012-06-21 010.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 001.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 002.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 003.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 004.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 005.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 016.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 025.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 001.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 002.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 003.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 004.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 005.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 006.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 007.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 008.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 009.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 010.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 011.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 012.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 013.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 014.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 015.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 016.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 017.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 018.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 019.jpg
c:\classified\Cal and Me\Boondock Saints.jpg
c:\classified\Cal and Me\Pic 10.jpg
c:\classified\Cal and Me\Pic 11.jpg
c:\classified\Cal and Me\Pic 12.jpg
c:\classified\Cal and Me\Pic 13.jpg
c:\classified\Cal and Me\Pic 14.jpg
c:\classified\Cal and Me\Pic 3.1.jpg
c:\classified\Cal and Me\Pic 3.jpg
c:\classified\Cal and Me\Pic 4.jpg
c:\classified\Cal and Me\Pic 5.jpg
c:\classified\Cal and Me\Pic 6.jpg
c:\classified\Cal and Me\Pic 7.jpg
c:\classified\Cal and Me\Pic 8.jpg
c:\classified\Cal and Me\Pic 9.jpg
c:\classified\Cal and Me\Pics Folder 1.zip
c:\classified\Cal and Me\Pics Folder 2.zip
c:\classified\Cal and Me\Proposal.jpg
c:\classified\Cal and Me\ring 1.jpg
c:\classified\Cal and Me\ring 10.jpg
c:\classified\Cal and Me\ring 11.jpg
c:\classified\Cal and Me\ring 12.jpg
c:\classified\Cal and Me\ring 13.jpg
c:\classified\Cal and Me\ring 2.png
c:\classified\Cal and Me\ring 3.png
c:\classified\Cal and Me\ring 4.jpg
c:\classified\Cal and Me\ring 5.jpg
c:\classified\Cal and Me\ring 6.jpg
c:\classified\Cal and Me\ring 7.jpg
c:\classified\Cal and Me\ring 8.jpg
c:\classified\Cal and Me\ring 9.jpg
c:\classified\Cal and Me\Wedding (2).jpg
c:\classified\Cal and Me\wedding 1.jpg
c:\classified\Cal and Me\Wedding.jpg
c:\classified\Cal and Me\Weekend at Westpoint April '12.zip
c:\classified\Cal and Me\WP '12.jpg
c:\classified\Cal and Me\WP 2012 Friends.jpg
c:\classified\Cal and Me\WP 2012.jpg
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-19 to 2013-12-19  )))))))))))))))))))))))))))))))
.
.
2013-12-19 16:03 . 2013-12-19 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-17 05:07 . 2013-12-17 05:10 -------- d-----w- C:\AdwCleaner
2013-12-17 04:57 . 2013-12-17 04:57 -------- d-----w- c:\program files (x86)\OpenIt
2013-12-15 18:03 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-15 05:13 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-15 05:13 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-15 05:13 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-15 05:11 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-15 05:11 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-15 05:08 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-15 05:08 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-15 05:03 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-15 05:03 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-15 05:03 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-15 05:03 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-15 04:57 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-15 04:57 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-15 04:57 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-15 04:57 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-15 04:57 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-15 04:57 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-14 20:30 . 2013-12-15 13:39 -------- d-----w- c:\programdata\TubeDimmer
2013-12-11 05:12 . 2009-07-14 01:14 1397248 ----a-w- c:\windows\SysWow64\win_utilman.exe
2013-12-11 05:12 . 2013-12-11 05:12 -------- d-----w- c:\users\Sierra Larson\AppData\Roaming\_MDLogs
2013-11-30 01:46 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-30 01:41 . 2013-11-30 01:41 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll


#13 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 December 2013 - 02:32 PM

Hi,

 

Move ComboFix to your Desktop and then follow the instructions that I posted in Post 8.

 

Let me know if you find the files back where they were supposed to be.  :)


Posted Image
 
 

#14 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 19 December 2013 - 09:29 PM

Hey Jeff,
 
I figured out how to move it to my desktop and ran it again. The pictures are still not restored. Below is the log:
 
ComboFix 13-12-18.01 - Sierra Larson 12/19/2013  22:07:12.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1531 [GMT -5:00]
Running from: c:\users\Sierra Larson\Desktop\ComboFix.exe
Command switches used :: c:\users\Sierra Larson\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\AdpeakProxy64.dll"
"c:\windows\SysWow64\AdpeakProxy.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\classified
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg
c:\classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg
c:\classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip
c:\classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg
c:\classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg
c:\classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg
c:\classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg
c:\classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg
c:\classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 050.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 051.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 052.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 053.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 054.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 055.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 056.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 057.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 058.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 059.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 060.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 061.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 062.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 063.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 064.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 065.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 066.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 067.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 068.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 069.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 070.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 071.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 072.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 073.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 074.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 075.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 076.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 077.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 078.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 079.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 080.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 081.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 082.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 083.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 084.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 085.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 086.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 087.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 088.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 089.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 090.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 091.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 092.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 093 (2).jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 093.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 094.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 095.jpg
c:\classified\Cal and Me\2012-04-29 001 2012-04-29 096.jpg
c:\classified\Cal and Me\2012-04-29 002 2012-04-29 001.jpg
c:\classified\Cal and Me\2012-04-29 002 2012-04-29 003.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 002.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 006.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 007.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 008.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 009.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 010.jpg
c:\classified\Cal and Me\2012-05-01 001 2012-05-01 011.jpg
c:\classified\Cal and Me\2012-06-21 001 2012-06-21 010.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 001.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 002.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 003.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 004.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 005.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 016.jpg
c:\classified\Cal and Me\2012-06-24 001 2012-06-24 025.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 001.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 002.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 003.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 004.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 005.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 006.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 007.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 008.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 009.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 010.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 011.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 012.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 013.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 014.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 015.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 016.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 017.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 018.jpg
c:\classified\Cal and Me\2012-08-02 001 2012-08-02 019.jpg
c:\classified\Cal and Me\Boondock Saints.jpg
c:\classified\Cal and Me\Pic 10.jpg
c:\classified\Cal and Me\Pic 11.jpg
c:\classified\Cal and Me\Pic 12.jpg
c:\classified\Cal and Me\Pic 13.jpg
c:\classified\Cal and Me\Pic 14.jpg
c:\classified\Cal and Me\Pic 3.1.jpg
c:\classified\Cal and Me\Pic 3.jpg
c:\classified\Cal and Me\Pic 4.jpg
c:\classified\Cal and Me\Pic 5.jpg
c:\classified\Cal and Me\Pic 6.jpg
c:\classified\Cal and Me\Pic 7.jpg
c:\classified\Cal and Me\Pic 8.jpg
c:\classified\Cal and Me\Pic 9.jpg
c:\classified\Cal and Me\Pics Folder 1.zip
c:\classified\Cal and Me\Pics Folder 2.zip
c:\classified\Cal and Me\Proposal.jpg
c:\classified\Cal and Me\ring 1.jpg
c:\classified\Cal and Me\ring 10.jpg
c:\classified\Cal and Me\ring 11.jpg
c:\classified\Cal and Me\ring 12.jpg
c:\classified\Cal and Me\ring 13.jpg
c:\classified\Cal and Me\ring 2.png
c:\classified\Cal and Me\ring 3.png
c:\classified\Cal and Me\ring 4.jpg
c:\classified\Cal and Me\ring 5.jpg
c:\classified\Cal and Me\ring 6.jpg
c:\classified\Cal and Me\ring 7.jpg
c:\classified\Cal and Me\ring 8.jpg
c:\classified\Cal and Me\ring 9.jpg
c:\classified\Cal and Me\Wedding (2).jpg
c:\classified\Cal and Me\wedding 1.jpg
c:\classified\Cal and Me\Wedding.jpg
c:\classified\Cal and Me\Weekend at Westpoint April '12.zip
c:\classified\Cal and Me\WP '12.jpg
c:\classified\Cal and Me\WP 2012 Friends.jpg
c:\classified\Cal and Me\WP 2012.jpg
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-20 to 2013-12-20  )))))))))))))))))))))))))))))))
.
.
2013-12-20 03:20 . 2013-12-20 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-17 05:07 . 2013-12-17 05:10 -------- d-----w- C:\AdwCleaner
2013-12-17 04:57 . 2013-12-17 04:57 -------- d-----w- c:\program files (x86)\OpenIt
2013-12-15 18:03 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-15 05:13 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-15 05:13 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-15 05:13 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-15 05:11 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-15 05:11 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-15 05:08 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-15 05:08 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-15 05:03 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-15 05:03 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-15 05:03 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-15 05:03 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-15 04:57 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-15 04:57 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-15 04:57 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-15 04:57 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-15 04:57 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-15 04:57 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-14 20:30 . 2013-12-15 13:39 -------- d-----w- c:\programdata\TubeDimmer
2013-12-11 05:12 . 2009-07-14 01:14 1397248 ----a-w- c:\windows\SysWow64\win_utilman.exe
2013-12-11 05:12 . 2013-12-11 05:12 -------- d-----w- c:\users\Sierra Larson\AppData\Roaming\_MDLogs
2013-11-30 01:46 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-30 01:41 . 2013-11-30 01:41 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-27 05:37 . 2013-11-27 05:37 -------- d-----w- c:\program files\Level Quality Watcher
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 02:30 . 2013-11-13 22:18 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 22:18 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 22:18 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 22:18 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 22:18 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-14 01:23 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 01:23 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 01:13 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 01:13 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 01:13 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 01:13 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 01:13 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 01:13 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 22:19 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 22:19 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-14 00:03 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-14 00:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-14 00:38 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-14 00:38 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-14 00:38 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-14 00:38 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-14 00:38 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-14 00:38 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-14 00:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-14 00:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-14 00:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-14 00:38 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-14 00:38 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-14 00:38 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
c:\program files (x86)\ScorpionSaver\IECore.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}"= "c:\users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport.dll" [2013-11-04 11520]
.
[HKEY_CLASSES_ROOT\clsid\{7c8d4a29-2dc9-4970-83b8-1e51b961e00f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20588704]
"Updater"="c:\programdata\Updater\updater.exe" [2013-09-25 297336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Updater"="c:\programdata\Updater\Updater.exe" [2013-09-25 297336]
.
c:\users\Sierra Larson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BitGuard\271832~1.68\{C16C1~1\BitGuard.dll
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxddserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe;c:\windows\SYSNATIVE\lxddcoms.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-11 04:32 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 01:20]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 01:20]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565193607-854521613-1741241799-1001Core.job
- c:\users\Sierra Larson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-03 01:20]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565193607-854521613-1741241799-1001UA.job
- c:\users\Sierra Larson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-03 01:20]
.
2013-12-19 c:\windows\Tasks\HPCeeScheduleForSIERRALARSON-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}"= "c:\users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport64.dll" [2013-11-04 12032]
.
[HKEY_CLASSES_ROOT\CLSID\{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-19  22:25:27
ComboFix-quarantined-files.txt  2013-12-20 03:25
ComboFix2.txt  2013-12-19 16:07
ComboFix3.txt  2013-12-19 14:29
ComboFix4.txt  2013-12-18 02:01
C:\DeQuarantine.txt
.
Pre-Run: 388,301,279,232 bytes free
Post-Run: 388,225,421,312 bytes free
.
- - End Of File - - 5A71532B9EE88DA445003F21F32D135C


#15 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 19 December 2013 - 09:57 PM

This was the dequarantine log that opened up. What am I supposed to do with it (if anything)?

 

C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 001.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 003.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 010.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 016.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 018.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 020.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 022.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 024.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 026.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 028.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 030.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 032.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 034.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 036.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 038.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 040.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg.vir -> C:\Classified\Cal and Me\2012-02-04 001 2012-02-04 042.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip.vir -> C:\Classified\Cal and Me\2012-02-16 001 2012-02-16 019.zip
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg.vir -> C:\Classified\Cal and Me\2012-02-16 001 2012-02-16 030.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg.vir -> C:\Classified\Cal and Me\2012-02-16 001 2012-02-16 031.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 004.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 006.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg.vir -> C:\Classified\Cal and Me\2012-02-19 001 2012-02-19 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg.vir -> C:\Classified\Cal and Me\2012-03-08 001 2012-03-08 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg.vir -> C:\Classified\Cal and Me\2012-03-08 001 2012-03-08 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg.vir -> C:\Classified\Cal and Me\2012-03-25 001 2012-03-25 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 001.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 002.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 003.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 004.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 005.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 006.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 007.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 008.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 009.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 010.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 011.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 012.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 013.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 014.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 015.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 016.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 017.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 018.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 019.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 020.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 021.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 022.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 023.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 024.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 025.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 026.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 027.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 028.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 030.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 031.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 033.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 034.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 035.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 036.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 037.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 038.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 039.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 040.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 041.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 042.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 043.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 044.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 045.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 046.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 047.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 048.jpg
C:\Qoobox\Quarantine\C\Classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg.vir -> C:\Classified\Cal and Me\2012-04-29 001 2012-04-29 049.jpg

Related Topics




Also tagged with one or more of these keywords: scorpion savermalwarevirus, PUP, removal, adware, Adpeak, help

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users