Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results in "Please click here if you are not redirected within a few seconds"


  • This topic is locked This topic is locked
44 replies to this topic

#1 KWK

KWK

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 08 September 2012 - 06:28 PM

The problems stared a few weeks ago with the back button not working. The drop down showed "http://www.google.ca/url?xxxxxxxxxxx" where "x" is a lengthy continuance of an address related to the search.
After getting a notice to update IE9 this problem cleared and a new one started.

I now get "Please click here if you are not redirected within a few seconds" appearing in the upper left when web searching with Google using Internet Explorer or Slimbrowser, which piggybacks IE.
Google Image search also results in a blank page with "Please click here if you are not redirected within a few seconds" appearing in the upper left. Clicking "here" in both cases takes me to the results page.
Web search result links seem to work normally, however Image search results are in what Google call basic version and clicking on a link results in a totally blank page with the status bar saying "done"

Also after updating IE9, when I do a Google search I get a security warning about others can see information, do you want to continue. Clicking yes changes internet options restricted sites from the default setting. Clicking no results in Google not working.
Google states my cookies are not enabled when I try to access my Google settings... they are enabled.
Using IE with Bing does not have this problem, nor does this problem occur in Firefox, Waterfox or Slimboat.

Resetting IE does not help.
Uninstalling IE9 reveals the same problem in IE8. I reinstalled IE9 and the problem persists.

Symantic Endpoint, Malwarebytes, Spybot and Ad-Aware do not find anything.
I installed PC Tools SpyDoctor, which finds some low priorty problems, but requires registering for removal. I have not registered.

Please help

Edited by KWK, 08 September 2012 - 06:37 PM.


BC AdBot (Login to Remove)

 


#2 KWK

KWK
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 08 September 2012 - 06:30 PM

Here is the DDS log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Ken at 16:10:49 on 2012-09-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.1620 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\SysWOW64\CTsvcCDA.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
D:\Program Files (x86)\SlimBoat\Beta\slimboat.exe
D:\Program Files (x86)\SlimBrowser\sbframe.exe
D:\Program Files (x86)\SlimBrowser\SBRender.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.ca/
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Creative Detector] "C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe" /R
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: ebay.com\cgi
Trusted Zone: google.ca\www
Trusted Zone: google.com\www
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: DhcpNameServer = 64.178.142.10 216.104.96.22
TCP: Interfaces\{12BA6F7A-A847-44B9-BCF9-B876713E5016} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BAC2D832-B320-476E-B190-B722EC8A4836} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{BAC2D832-B320-476E-B190-B722EC8A4836} : DhcpNameServer = 64.178.142.10 216.104.96.22
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SEP - D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
AppInit_DLLs:
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - C:\Windows\SysWOW64\ieframe.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64:
SEH-X64: Internet Shortcut: {FBF23B40-E3F0-101B-8488-00AA003E56F8} - C:\Windows\SysWOW64\ieframe.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\j2un338c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BashDefs\20120823.013\BHDrvx64.sys [2012-8-2 1161376]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120907.001\IDSviA64.sys [2012-9-6 513184]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [?]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-9-6 575448]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-15 1153368]
R2 SepMasterService;Symantec Endpoint Protection;D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-6-15 137224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-26 1262400]
S2 SkypeUpdate;Skype Updater;D:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250568]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-9 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-16 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-9-6 402368]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-9-6 1118680]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 SyDvCtrl;SyDvCtrl;D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-6-18 29664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-09-08 16:17:54 -------- d-----w- C:\Users\Ken\AppData\Local\{EC2DEF44-DD32-4FFE-8069-1DE8FBAF712E}
2012-09-07 17:38:32 -------- d-----w- C:\Users\Ken\AppData\Local\{2698C9F7-5EDD-4BD0-AA66-9850AAF2E1D4}
2012-09-07 05:37:58 -------- d-----w- C:\Users\Ken\AppData\Local\{0AC88F68-09AD-425C-A97C-2E5153B6ED77}
2012-09-06 19:15:00 85224 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
2012-09-06 19:14:59 767960 ----a-w- C:\Windows\BDTSupport.dll
2012-09-06 19:14:59 149464 ----a-w- C:\Windows\SGDetectionTool.dll
2012-09-06 19:14:58 2267096 ----a-w- C:\Windows\PCTBDCore.dll
2012-09-06 19:14:58 1689560 ----a-w- C:\Windows\PCTBDRes.dll
2012-09-06 19:14:20 341200 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-09-06 19:14:20 145464 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-09-06 19:14:13 14808 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2012-09-06 19:14:11 92928 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-09-06 19:14:04 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-09-06 19:06:43 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-09-06 19:06:43 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-09-06 19:06:41 426616 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-09-06 19:06:39 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-09-06 19:06:39 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-09-06 19:06:12 -------- d-----w- C:\Users\Ken\AppData\Roaming\TestApp
2012-09-06 19:06:12 -------- d-----w- C:\ProgramData\PC Tools
2012-09-06 17:35:57 -------- d-----w- C:\Users\Ken\AppData\Local\{93CEFC69-0EBC-41E9-9958-DDA8D90816FC}
2012-09-06 04:57:00 -------- d-----w- C:\Users\Ken\AppData\Roaming\Firestorm
2012-09-06 04:56:58 -------- d-----w- C:\Users\Ken\AppData\Local\Firestorm
2012-09-06 04:23:50 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C1444B00-FE9A-4001-82A0-5E99D449F5B9}\mpengine.dll
2012-09-05 18:21:45 -------- d-----w- C:\Users\Ken\AppData\Local\{7763DD5D-5473-4112-9DE1-A2153F9C372B}
2012-09-04 16:33:50 -------- d-----w- C:\Users\Ken\AppData\Local\{502CE67D-3FFC-444E-8588-5EBE04359BC1}
2012-09-03 17:07:26 -------- d-----w- C:\Users\Ken\AppData\Local\{AACB4724-0E87-4B2B-92FC-217B5735D8A5}
2012-09-02 17:17:22 -------- d-----w- C:\Users\Ken\AppData\Local\{F6C38F19-B152-4CC8-ADD1-C766D7B6641A}
2012-09-02 17:16:24 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 15:49:07 -------- d-----w- C:\Users\Ken\AppData\Local\{D7746AA1-5C80-481C-83EE-B894B9F07FF6}
2012-08-31 16:51:42 -------- d-----w- C:\Users\Ken\AppData\Local\{8F802791-33BD-430A-840B-4272CA641D41}
2012-08-30 19:25:06 -------- d-----w- C:\ProgramData\Caphyon
2012-08-30 19:22:30 -------- d-----w- C:\Users\Ken\AppData\Roaming\Waterfox Limited
2012-08-30 16:10:47 -------- d-----w- C:\Users\Ken\AppData\Local\{D980A6BE-96DD-4173-8671-C0F0AA77EFD9}
2012-08-29 17:20:07 -------- d-----w- C:\Users\Ken\AppData\Local\{D8D6F5E7-1553-45F8-AB6D-C8E40E7857BA}
2012-08-28 17:45:15 -------- d-----w- C:\Users\Ken\AppData\Local\{AA431FAE-EF02-4D39-9D72-EC6F6F20CFC7}
2012-08-27 08:23:04 -------- d-----w- C:\Users\Ken\AppData\Local\{E1464DD6-8CAC-4F6A-A3A7-6124AAF9CF6A}
2012-08-26 18:36:03 -------- d-----w- C:\Users\Ken\AppData\Local\{3595060A-E6D3-4967-9C9E-288B69525C01}
2012-08-25 16:32:33 -------- d-----w- C:\Users\Ken\AppData\Local\{43FF6E50-E58B-45E6-9E38-93210048C0D5}
2012-08-24 17:12:13 -------- d-----w- C:\Users\Ken\AppData\Local\{5BEE5C72-ED30-4A4E-A10A-AF2587B1EDFB}
2012-08-23 16:48:10 -------- d-----w- C:\Users\Ken\AppData\Local\{A2CE3934-458B-4B04-98C5-3E728F1BF0B2}
2012-08-22 16:01:57 -------- d-----w- C:\Users\Ken\AppData\Local\{75B84A99-352D-41C2-94FC-3489FB1237BE}
2012-08-22 03:51:16 -------- d-----w- C:\Users\Ken\AppData\Local\{1BFA26E5-37E7-4E99-8F27-06679D54ACE9}
2012-08-21 18:08:34 -------- d-----w- C:\Users\Ken\AppData\Roaming\SlimBrowser
2012-08-21 15:36:39 -------- d-----w- C:\Users\Ken\AppData\Local\{B04439A0-6DEB-4532-81A3-602C979F1C04}
2012-08-20 15:51:47 -------- d-----w- C:\Users\Ken\AppData\Local\{5D019037-3C80-40FD-A3D0-55592B81AF2C}
2012-08-19 15:59:11 -------- d-----w- C:\Users\Ken\AppData\Local\{D19D099E-E46E-4C1C-8C65-FC1BDAAE0FCC}
2012-08-18 16:31:02 -------- d-----w- C:\Users\Ken\AppData\Local\{A7AA4950-79C8-464F-BC31-F8A75BF71A3A}
2012-08-18 16:30:20 -------- d-----w- C:\Users\Ken\AppData\Local\{CD775477-8328-4D40-8E45-8FC09F09431A}
2012-08-17 19:14:21 -------- d-----w- C:\Users\Ken\AppData\Local\{C46518DC-DB47-420F-A1DF-79255C04C379}
2012-08-17 19:13:41 -------- d-----w- C:\Users\Ken\AppData\Local\{AC308159-BD87-4C7F-8212-077C6673E08C}
2012-08-17 07:13:01 -------- d-----w- C:\Users\Ken\AppData\Local\{B595D54B-2B7E-453A-B56F-EBDE1D9AD7F0}
2012-08-17 07:12:26 -------- d-----w- C:\Users\Ken\AppData\Local\{FBF6D3B2-522A-4174-B2EE-6CBC22134C4C}
2012-08-16 21:41:07 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-16 16:39:22 -------- d-----w- C:\Users\Ken\AppData\Local\{DCFC006D-4D2A-4281-A814-B37C3376AA08}
2012-08-16 16:38:47 -------- d-----w- C:\Users\Ken\AppData\Local\{5029C47E-FADF-45E3-BE10-674BB96B1477}
2012-08-16 16:05:23 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-16 16:05:23 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-16 16:05:20 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-16 16:05:20 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-16 16:05:20 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-16 16:05:20 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-16 16:05:18 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-16 16:05:18 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-16 16:05:17 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 16:04:46 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-16 16:04:44 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-16 04:13:03 -------- d-----w- C:\Users\Ken\AppData\Local\{EAB81862-0866-48E8-91C4-6264B0D46592}
2012-08-16 04:12:28 -------- d-----w- C:\Users\Ken\AppData\Local\{17A1C8D3-25E5-42ED-BAAF-6ECDBFF054BF}
2012-08-15 15:32:25 -------- d-----w- C:\Users\Ken\AppData\Local\{C41D06D7-5752-4FEC-9A1A-54AA6AA02C10}
2012-08-15 15:31:46 -------- d-----w- C:\Users\Ken\AppData\Local\{240310CE-5C5A-4454-A0EF-AC77B1CED686}
2012-08-13 16:00:25 -------- d-----w- C:\Users\Ken\AppData\Local\{8FFA6489-50A3-41B0-92CC-6D8263627C46}
2012-08-13 15:59:50 -------- d-----w- C:\Users\Ken\AppData\Local\{3C7094E3-01DD-4638-8636-9EE741CB24FA}
2012-08-12 16:29:35 -------- d-----w- C:\Users\Ken\AppData\Local\{3819A05E-BC15-421B-A1BF-60BB3B286307}
2012-08-12 16:28:58 -------- d-----w- C:\Users\Ken\AppData\Local\{383477A3-E0E4-4078-B56D-C0F8EF1DB09F}
2012-08-12 15:50:39 -------- d-----w- C:\Users\Ken\AppData\Local\{BE14FD5A-79A7-48B9-A2BD-D4DB219137D0}
2012-08-11 16:21:26 -------- d-----w- C:\Users\Ken\AppData\Local\{384FE70F-AD98-469D-9D69-C8D24DC956FB}
2012-08-11 16:20:51 -------- d-----w- C:\Users\Ken\AppData\Local\{EAE4812D-C4F3-453E-8C8E-F6BEC2480A7A}
2012-08-10 16:40:37 -------- d-----w- C:\Users\Ken\AppData\Local\{5C064DAA-E7D1-4911-ADFC-C2DFAFE0EF3E}
2012-08-10 16:40:01 -------- d-----w- C:\Users\Ken\AppData\Local\{A7456F6D-3AD0-4FD8-9C63-139BB3441585}
.
==================== Find3M ====================
.
2012-09-02 17:16:19 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-02 17:16:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:05:05 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 18:05:05 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 16:11:55.45 ===============

Attached Files


Edited by KWK, 08 September 2012 - 06:32 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 AM

Posted 09 September 2012 - 12:18 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 KWK

KWK
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 09 September 2012 - 08:39 PM

Hi Gringo, Thank you for helping.

Combofix took a little more then an hour to finish. It did not ask to restart my PC, so I restarted it.
Upon restarting Symantec EndPoint warned of 6 disabled features which I reenabled.

I opened the browser to see if the problem still exists, which it does.
What happens is when I do a Google search a security warning appears stating "When you send information to restricted sites, it might be possible for others to see that information. Do you want to continue?"
If I click no and press enter, nothing happens. If I click on the Google Search button the security warning reapears.
If I click yes, a blank page opens with "Please click here if you are not redirected within a few seconds." in the upper left. It does not redirect. Clicking "here" opens the search results page and links open website as normal. Clicking Images at the top of Google to do an image search results in the same "Please click here if you are not redirected within a few seconds." page. Clicking "here" opens the Iimage search results in what appears to be the google basic version.
Clicking on a link opens only a blank page with "done" or "ready" at the lower left and does not open any websites.
Clicking yes on the security warning also changes Internet Options/Security/Internet and Restricted Sites from the default setting. Resetting to default results in the security warning appearing again when doing a Google search.
Also the search typing suggestions no longer work.

Nothing has been resolved yet.
This is all the same problem behavior as before which only occurs with Internet Explorer or Slimbrowser using Google. Using Bing with IE or Slimbrowser works normally as does Slimboat, Firefox and Waterfox. I use Slimbrowser as my viewer of choice.


HERE IS THE SECURTY CHECK LOG:
Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
PC Tools Spyware Doctor 9.0
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (3.1.10) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


HERE IS THE COMBOFIX LOG:
ComboFix 12-09-09.02 - Ken 09/09/2012 16:00:52.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2291 [GMT -7:00]
Running from: c:\users\Ken\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\621443314F.sys
c:\programdata\whlb32g.dll
c:\users\Ken\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
c:\users\Ken\Favorites\SlimBoat Bookmarks.xbel
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-09 22:14 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77A4DB59-32D9-4C2B-95D0-D5BEC520F385}\mpengine.dll
2012-09-06 19:15 . 2012-06-22 18:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-09-06 19:14 . 2012-06-22 18:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-09-06 19:14 . 2012-06-22 18:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-09-06 19:06 . 2012-09-06 19:06 -------- d-----w- c:\users\Ken\AppData\Roaming\TestApp
2012-09-06 04:57 . 2012-09-06 04:58 -------- d-----w- c:\users\Ken\AppData\Roaming\Firestorm
2012-09-06 04:56 . 2012-09-07 09:11 -------- d-----w- c:\users\Ken\AppData\Local\Firestorm
2012-09-02 17:17 . 2012-09-02 17:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-02 17:16 . 2012-09-02 17:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 17:16 . 2012-09-02 17:16 -------- d-----w- c:\program files (x86)\Java
2012-08-30 19:25 . 2012-08-30 19:25 -------- d-----w- c:\programdata\Caphyon
2012-08-30 19:22 . 2012-08-30 19:22 -------- d-----w- c:\users\Ken\AppData\Roaming\Waterfox Limited
2012-08-23 16:53 . 2012-08-23 16:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-21 18:08 . 2012-09-09 22:52 -------- d-----w- c:\users\Ken\AppData\Roaming\SlimBrowser
2012-08-16 21:41 . 2012-08-16 21:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-16 16:05 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-16 16:05 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-16 16:05 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 16:05 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 16:05 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-16 16:05 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-16 16:05 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 16:05 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-16 16:05 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-16 16:05 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-16 16:04 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 16:04 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 17:16 . 2012-03-06 17:56 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-02 17:16 . 2011-10-10 22:48 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:05 . 2012-04-06 16:27 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:05 . 2011-05-20 16:28 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 16:05 . 2010-08-03 05:55 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2011-04-04 02:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 17:43 . 2012-09-06 19:14 3488 ----a-w- c:\windows\UDB.zip
2012-06-22 17:43 . 2012-09-06 19:14 131 ----a-w- c:\windows\IDB.zip
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Creative Detector"="c:\program files (x86)\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-19 47104]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 250568]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-19 158808]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-09 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-19 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-19 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-19 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-19 681048]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SyDvCtrl;SyDvCtrl;d:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-06-18 29664]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [2011-05-03 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [2011-05-18 928888]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120823.013\BHDrvx64.sys [2012-08-03 1161376]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120907.001\IDSvia64.sys [2012-09-06 513184]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [2011-05-11 170104]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SepMasterService;Symantec Endpoint Protection;d:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-06-15 137224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-19 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-19 706648]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-19 681048]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:05]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 07:08]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 07:08]
.
2012-09-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- d:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2010-09-15 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: ebay.com\cgi
Trusted Zone: google.ca\www
Trusted Zone: google.com\www
TCP: DhcpNameServer = 64.178.142.10 216.104.96.22
TCP: Interfaces\{BAC2D832-B320-476E-B190-B722EC8A4836}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\j2un338c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Notify-SEP - d:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SafeBoot-42426649.sys
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-HP PrecisionScan LTX - c:\program files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"d:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"d:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmcService]
"ImagePath"="\"d:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-09 17:41:29
ComboFix-quarantined-files.txt 2012-09-10 00:41
.
Pre-Run: 25,992,138,752 bytes free
Post-Run: 25,712,148,480 bytes free
.
- - End Of File - - 424A61C94C5B76A5FE47D9A24510FB15

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 AM

Posted 10 September 2012 - 12:34 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 KWK

KWK
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 10 September 2012 - 01:09 PM

Gringo,
I should mention I have been seeing a lot more port attack popups from Symantic Endpoint being blocking then normal since this problem started.
Also thought you should know I was asked by dev00790 in the "am I infected threat" to previously dowload and run: TDSSKiller.exe which showed 6 problems so this time there was nothing to report.
I was also asked to install and run "Security Check by screen317", "Farbar Service Scanner" and "MiniToolBox" and submit reports.

I ran both TDSSKiller and aswMBR.
The MBR log is a ".dat" file. What do you want me to do with it?


HERE IS THE TDSSKILLER LOG:
10:30:28.0908 4128 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:30:29.0439 4128 ============================================================
10:30:29.0439 4128 Current date / time: 2012/09/10 10:30:29.0439
10:30:29.0439 4128 SystemInfo:
10:30:29.0439 4128
10:30:29.0439 4128 OS Version: 6.1.7601 ServicePack: 1.0
10:30:29.0439 4128 Product type: Workstation
10:30:29.0439 4128 ComputerName: KEN
10:30:29.0439 4128 UserName: Ken
10:30:29.0439 4128 Windows directory: C:\Windows
10:30:29.0439 4128 System windows directory: C:\Windows
10:30:29.0439 4128 Running under WOW64
10:30:29.0439 4128 Processor architecture: Intel x64
10:30:29.0439 4128 Number of processors: 2
10:30:29.0439 4128 Page size: 0x1000
10:30:29.0439 4128 Boot type: Normal boot
10:30:29.0439 4128 ============================================================
10:30:30.0671 4128 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:30:30.0671 4128 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:30:30.0687 4128 ============================================================
10:30:30.0687 4128 \Device\Harddisk0\DR0:
10:30:30.0687 4128 MBR partitions:
10:30:30.0687 4128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
10:30:30.0687 4128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A962F0, BlocksNum 0xEF82420
10:30:30.0687 4128 \Device\Harddisk1\DR1:
10:30:30.0687 4128 MBR partitions:
10:30:30.0687 4128 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
10:30:30.0687 4128 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x249F1725
10:30:30.0687 4128 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x30D409F1, BlocksNum 0x249F1725
10:30:30.0687 4128 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x55732116, BlocksNum 0x1EFD38AB
10:30:30.0687 4128 ============================================================
10:30:30.0687 4128 C: <-> \Device\Harddisk1\DR1\Partition1
10:30:30.0702 4128 D: <-> \Device\Harddisk1\DR1\Partition2
10:30:30.0733 4128 E: <-> \Device\Harddisk1\DR1\Partition3
10:30:30.0749 4128 F: <-> \Device\Harddisk1\DR1\Partition4
10:30:30.0780 4128 H: <-> \Device\Harddisk0\DR0\Partition1
10:30:30.0811 4128 I: <-> \Device\Harddisk0\DR0\Partition2
10:30:30.0811 4128 ============================================================
10:30:30.0811 4128 Initialize success
10:30:30.0811 4128 ============================================================
10:30:39.0594 5080 ============================================================
10:30:39.0594 5080 Scan started
10:30:39.0594 5080 Mode: Manual;
10:30:39.0594 5080 ============================================================
10:30:40.0296 5080 ================ Scan system memory ========================
10:30:40.0296 5080 System memory - ok
10:30:40.0296 5080 ================ Scan services =============================
10:30:40.0421 5080 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:30:40.0421 5080 1394ohci - ok
10:30:40.0437 5080 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:30:40.0452 5080 ACPI - ok
10:30:40.0483 5080 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:30:40.0483 5080 AcpiPmi - ok
10:30:40.0593 5080 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:30:40.0608 5080 AdobeFlashPlayerUpdateSvc - ok
10:30:40.0655 5080 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:30:40.0671 5080 adp94xx - ok
10:30:40.0686 5080 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:30:40.0686 5080 adpahci - ok
10:30:40.0702 5080 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:30:40.0702 5080 adpu320 - ok
10:30:40.0717 5080 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:30:40.0717 5080 AeLookupSvc - ok
10:30:40.0749 5080 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:30:40.0764 5080 AFD - ok
10:30:40.0842 5080 [ 7E077309910CE334C3B2B7B8665A55C4 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
10:30:40.0858 5080 AffinegyService - ok
10:30:40.0858 5080 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:30:40.0873 5080 agp440 - ok
10:30:40.0889 5080 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:30:40.0889 5080 ALG - ok
10:30:40.0905 5080 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:30:40.0905 5080 aliide - ok
10:30:40.0905 5080 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:30:40.0905 5080 amdide - ok
10:30:40.0920 5080 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:30:40.0936 5080 AmdK8 - ok
10:30:40.0936 5080 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:30:40.0936 5080 AmdPPM - ok
10:30:40.0967 5080 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:30:40.0967 5080 amdsata - ok
10:30:40.0967 5080 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:30:40.0983 5080 amdsbs - ok
10:30:40.0998 5080 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:30:41.0014 5080 amdxata - ok
10:30:41.0029 5080 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:30:41.0029 5080 AppID - ok
10:30:41.0045 5080 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:30:41.0045 5080 AppIDSvc - ok
10:30:41.0076 5080 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:30:41.0076 5080 Appinfo - ok
10:30:41.0092 5080 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:30:41.0107 5080 AppMgmt - ok
10:30:41.0123 5080 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:30:41.0123 5080 arc - ok
10:30:41.0139 5080 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:30:41.0139 5080 arcsas - ok
10:30:41.0201 5080 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:30:41.0201 5080 aspnet_state - ok
10:30:41.0232 5080 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:30:41.0248 5080 AsyncMac - ok
10:30:41.0248 5080 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:30:41.0248 5080 atapi - ok
10:30:41.0279 5080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:30:41.0295 5080 AudioEndpointBuilder - ok
10:30:41.0295 5080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:30:41.0310 5080 AudioSrv - ok
10:30:41.0326 5080 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:30:41.0341 5080 AxInstSV - ok
10:30:41.0373 5080 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:30:41.0373 5080 b06bdrv - ok
10:30:41.0388 5080 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:30:41.0404 5080 b57nd60a - ok
10:30:41.0404 5080 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:30:41.0419 5080 BDESVC - ok
10:30:41.0419 5080 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:30:41.0435 5080 Beep - ok
10:30:41.0482 5080 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:30:41.0482 5080 BFE - ok
10:30:41.0653 5080 [ C8AB71A5102D0FC103F6DFC750005137 ] BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120823.013\BHDrvx64.sys
10:30:41.0653 5080 BHDrvx64 - ok
10:30:41.0685 5080 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:30:41.0685 5080 BITS - ok
10:30:41.0700 5080 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:30:41.0700 5080 blbdrive - ok
10:30:41.0731 5080 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:30:41.0731 5080 bowser - ok
10:30:41.0747 5080 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:30:41.0747 5080 BrFiltLo - ok
10:30:41.0747 5080 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:30:41.0763 5080 BrFiltUp - ok
10:30:41.0778 5080 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:30:41.0778 5080 BridgeMP - ok
10:30:41.0809 5080 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:30:41.0809 5080 Browser - ok
10:30:41.0872 5080 [ 7EFFCCD7B6EA4D3428F5B3ACE8DE8F5A ] Browser Defender Update Service C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
10:30:41.0887 5080 Browser Defender Update Service - ok
10:30:41.0887 5080 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:30:41.0903 5080 Brserid - ok
10:30:41.0903 5080 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:30:41.0903 5080 BrSerWdm - ok
10:30:41.0919 5080 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:30:41.0919 5080 BrUsbMdm - ok
10:30:41.0934 5080 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:30:41.0934 5080 BrUsbSer - ok
10:30:41.0934 5080 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:30:41.0934 5080 BTHMODEM - ok
10:30:41.0965 5080 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:30:41.0965 5080 bthserv - ok
10:30:41.0981 5080 catchme - ok
10:30:42.0012 5080 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:30:42.0012 5080 cdfs - ok
10:30:42.0028 5080 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:30:42.0028 5080 cdrom - ok
10:30:42.0090 5080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:30:42.0090 5080 CertPropSvc - ok
10:30:42.0106 5080 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:30:42.0106 5080 circlass - ok
10:30:42.0121 5080 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:30:42.0121 5080 CLFS - ok
10:30:42.0168 5080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:30:42.0184 5080 clr_optimization_v2.0.50727_32 - ok
10:30:42.0231 5080 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:30:42.0231 5080 clr_optimization_v2.0.50727_64 - ok
10:30:42.0277 5080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:30:42.0277 5080 clr_optimization_v4.0.30319_32 - ok
10:30:42.0293 5080 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:30:42.0293 5080 clr_optimization_v4.0.30319_64 - ok
10:30:42.0293 5080 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:30:42.0309 5080 CmBatt - ok
10:30:42.0309 5080 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:30:42.0309 5080 cmdide - ok
10:30:42.0340 5080 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:30:42.0355 5080 CNG - ok
10:30:42.0387 5080 [ F38ACFF40E9EDC2B3476EDD724CEA4A0 ] COMMONFX C:\Windows\system32\drivers\COMMONFX.SYS
10:30:42.0387 5080 COMMONFX - ok
10:30:42.0402 5080 [ F38ACFF40E9EDC2B3476EDD724CEA4A0 ] COMMONFX.SYS C:\Windows\System32\drivers\COMMONFX.SYS
10:30:42.0402 5080 COMMONFX.SYS - ok
10:30:42.0418 5080 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:30:42.0418 5080 Compbatt - ok
10:30:42.0433 5080 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:30:42.0433 5080 CompositeBus - ok
10:30:42.0449 5080 COMSysApp - ok
10:30:42.0496 5080 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
10:30:42.0496 5080 cpuz135 - ok
10:30:42.0496 5080 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:30:42.0496 5080 crcdisk - ok
10:30:42.0558 5080 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
10:30:42.0558 5080 Creative ALchemy AL6 Licensing Service - ok
10:30:42.0589 5080 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
10:30:42.0605 5080 Creative Audio Engine Licensing Service - ok
10:30:42.0683 5080 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\SysWOW64\CTsvcCDA.EXE
10:30:42.0683 5080 Creative Service for CDROM Access - ok
10:30:42.0730 5080 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:30:42.0730 5080 CryptSvc - ok
10:30:42.0761 5080 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:30:42.0761 5080 CSC - ok
10:30:42.0808 5080 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:30:42.0808 5080 CscService - ok
10:30:42.0855 5080 [ 095C566746217CD1482EDE40A70D87D2 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
10:30:42.0855 5080 ctac32k - ok
10:30:42.0886 5080 [ 157E2196FCCD002A2EDF3B06DF7B0C9A ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
10:30:42.0886 5080 ctaud2k - ok
10:30:42.0901 5080 [ 17979EE857E930CBFDF24A12E89D77A1 ] CTAUDFX C:\Windows\system32\drivers\CTAUDFX.SYS
10:30:42.0901 5080 CTAUDFX - ok
10:30:42.0917 5080 [ 17979EE857E930CBFDF24A12E89D77A1 ] CTAUDFX.SYS C:\Windows\System32\drivers\CTAUDFX.SYS
10:30:42.0917 5080 CTAUDFX.SYS - ok
10:30:43.0011 5080 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
10:30:43.0011 5080 CTAudSvcService - ok
10:30:43.0026 5080 [ FE3EAE37536C02D087E5C5D339663779 ] CTERFXFX C:\Windows\system32\drivers\CTERFXFX.SYS
10:30:43.0057 5080 CTERFXFX - ok
10:30:43.0057 5080 [ FE3EAE37536C02D087E5C5D339663779 ] CTERFXFX.SYS C:\Windows\System32\drivers\CTERFXFX.SYS
10:30:43.0057 5080 CTERFXFX.SYS - ok
10:30:43.0073 5080 [ 4E4FDAB4A7CF5AF56E3FA1FE35E8AD3C ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
10:30:43.0089 5080 ctprxy2k - ok
10:30:43.0104 5080 [ 4A7DE2E30B2B9253933A157401EC76D5 ] CTSBLFX C:\Windows\system32\drivers\CTSBLFX.SYS
10:30:43.0104 5080 CTSBLFX - ok
10:30:43.0120 5080 [ 4A7DE2E30B2B9253933A157401EC76D5 ] CTSBLFX.SYS C:\Windows\System32\drivers\CTSBLFX.SYS
10:30:43.0120 5080 CTSBLFX.SYS - ok
10:30:43.0167 5080 [ 065ADE032A044D518AB1407D3586B7D5 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
10:30:43.0167 5080 ctsfm2k - ok
10:30:43.0198 5080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:30:43.0213 5080 DcomLaunch - ok
10:30:43.0229 5080 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:30:43.0245 5080 defragsvc - ok
10:30:43.0291 5080 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:30:43.0291 5080 DfsC - ok
10:30:43.0307 5080 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:30:43.0307 5080 Dhcp - ok
10:30:43.0338 5080 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:30:43.0338 5080 discache - ok
10:30:43.0354 5080 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:30:43.0354 5080 Disk - ok
10:30:43.0385 5080 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:30:43.0385 5080 Dnscache - ok
10:30:43.0401 5080 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:30:43.0416 5080 dot3svc - ok
10:30:43.0447 5080 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:30:43.0447 5080 DPS - ok
10:30:43.0479 5080 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:30:43.0479 5080 drmkaud - ok
10:30:43.0510 5080 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:30:43.0510 5080 DXGKrnl - ok
10:30:43.0541 5080 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:30:43.0557 5080 EapHost - ok
10:30:43.0603 5080 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:30:43.0666 5080 ebdrv - ok
10:30:43.0713 5080 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:30:43.0713 5080 eeCtrl - ok
10:30:43.0744 5080 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:30:43.0744 5080 EFS - ok
10:30:43.0775 5080 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:30:43.0791 5080 ehRecvr - ok
10:30:43.0853 5080 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:30:43.0869 5080 ehSched - ok
10:30:43.0931 5080 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:30:43.0978 5080 elxstor - ok
10:30:44.0009 5080 [ F380FF5D6D80CECC6DBBC15569757613 ] emupia C:\Windows\system32\drivers\emupia2k.sys
10:30:44.0009 5080 emupia - ok
10:30:44.0056 5080 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:30:44.0056 5080 EraserUtilRebootDrv - ok
10:30:44.0087 5080 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:30:44.0087 5080 ErrDev - ok
10:30:44.0118 5080 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:30:44.0118 5080 EventSystem - ok
10:30:44.0134 5080 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:30:44.0134 5080 exfat - ok
10:30:44.0165 5080 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:30:44.0165 5080 fastfat - ok
10:30:44.0196 5080 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:30:44.0196 5080 Fax - ok
10:30:44.0212 5080 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:30:44.0212 5080 fdc - ok
10:30:44.0227 5080 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:30:44.0227 5080 fdPHost - ok
10:30:44.0243 5080 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:30:44.0243 5080 FDResPub - ok
10:30:44.0259 5080 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:30:44.0259 5080 FileInfo - ok
10:30:44.0274 5080 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:30:44.0274 5080 Filetrace - ok
10:30:44.0274 5080 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:30:44.0274 5080 flpydisk - ok
10:30:44.0337 5080 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:30:44.0337 5080 FltMgr - ok
10:30:44.0368 5080 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:30:44.0383 5080 FontCache - ok
10:30:44.0415 5080 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:30:44.0415 5080 FontCache3.0.0.0 - ok
10:30:44.0430 5080 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:30:44.0430 5080 FsDepends - ok
10:30:44.0446 5080 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:30:44.0446 5080 Fs_Rec - ok
10:30:44.0461 5080 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:30:44.0461 5080 fvevol - ok
10:30:44.0477 5080 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:30:44.0493 5080 gagp30kx - ok
10:30:44.0524 5080 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:30:44.0524 5080 gpsvc - ok
10:30:44.0602 5080 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:30:44.0602 5080 gupdate - ok
10:30:44.0617 5080 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:30:44.0617 5080 gupdatem - ok
10:30:44.0664 5080 [ 82B68F585110AE8500A6D23623AE1F74 ] ha10kx2k C:\Windows\system32\drivers\ha10kx2k.sys
10:30:44.0664 5080 ha10kx2k - ok
10:30:44.0680 5080 [ 83F647F9ACE9192556F758E528024F68 ] hap16v2k C:\Windows\system32\drivers\hap16v2k.sys
10:30:44.0680 5080 hap16v2k - ok
10:30:44.0695 5080 [ E815D29361DE89D24C8DBE3E5A7006C9 ] hap17v2k C:\Windows\system32\drivers\hap17v2k.sys
10:30:44.0727 5080 hap17v2k - ok
10:30:44.0742 5080 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:30:44.0742 5080 hcw85cir - ok
10:30:44.0773 5080 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:30:44.0789 5080 HdAudAddService - ok
10:30:44.0805 5080 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:30:44.0820 5080 HDAudBus - ok
10:30:44.0820 5080 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:30:44.0836 5080 HidBatt - ok
10:30:44.0851 5080 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:30:44.0851 5080 HidBth - ok
10:30:44.0867 5080 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:30:44.0867 5080 HidIr - ok
10:30:44.0883 5080 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:30:44.0883 5080 hidserv - ok
10:30:44.0898 5080 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:30:44.0898 5080 HidUsb - ok
10:30:44.0914 5080 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:30:44.0929 5080 hkmsvc - ok
10:30:44.0945 5080 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:30:44.0945 5080 HomeGroupListener - ok
10:30:44.0992 5080 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:30:44.0992 5080 HomeGroupProvider - ok
10:30:44.0992 5080 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:30:45.0007 5080 HpSAMD - ok
10:30:45.0023 5080 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:30:45.0039 5080 HTTP - ok
10:30:45.0070 5080 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:30:45.0070 5080 hwpolicy - ok
10:30:45.0085 5080 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:30:45.0085 5080 i8042prt - ok
10:30:45.0101 5080 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:30:45.0117 5080 iaStorV - ok
10:30:45.0163 5080 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:30:45.0163 5080 IDriverT - ok
10:30:45.0195 5080 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:30:45.0210 5080 idsvc - ok
10:30:45.0335 5080 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120907.001\IDSvia64.sys
10:30:45.0351 5080 IDSVia64 - ok
10:30:45.0366 5080 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:30:45.0382 5080 iirsp - ok
10:30:45.0413 5080 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:30:45.0429 5080 IKEEXT - ok
10:30:45.0444 5080 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:30:45.0444 5080 intelide - ok
10:30:45.0475 5080 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:30:45.0475 5080 intelppm - ok
10:30:45.0507 5080 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:30:45.0507 5080 IPBusEnum - ok
10:30:45.0522 5080 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:30:45.0522 5080 IpFilterDriver - ok
10:30:45.0553 5080 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:30:45.0569 5080 iphlpsvc - ok
10:30:45.0585 5080 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:30:45.0585 5080 IPMIDRV - ok
10:30:45.0600 5080 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:30:45.0600 5080 IPNAT - ok
10:30:45.0616 5080 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:30:45.0616 5080 IRENUM - ok
10:30:45.0631 5080 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:30:45.0631 5080 isapnp - ok
10:30:45.0647 5080 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:30:45.0647 5080 iScsiPrt - ok
10:30:45.0678 5080 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:30:45.0678 5080 kbdclass - ok
10:30:45.0678 5080 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:30:45.0694 5080 kbdhid - ok
10:30:45.0694 5080 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:30:45.0694 5080 KeyIso - ok
10:30:45.0725 5080 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:30:45.0725 5080 KSecDD - ok
10:30:45.0756 5080 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:30:45.0756 5080 KSecPkg - ok
10:30:45.0756 5080 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:30:45.0756 5080 ksthunk - ok
10:30:45.0787 5080 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:30:45.0803 5080 KtmRm - ok
10:30:45.0819 5080 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:30:45.0819 5080 LanmanServer - ok
10:30:45.0850 5080 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:30:45.0850 5080 LanmanWorkstation - ok
10:30:45.0881 5080 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:30:45.0881 5080 lltdio - ok
10:30:45.0897 5080 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:30:45.0897 5080 lltdsvc - ok
10:30:45.0912 5080 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:30:45.0912 5080 lmhosts - ok
10:30:45.0928 5080 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:30:45.0943 5080 LSI_FC - ok
10:30:45.0943 5080 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:30:45.0943 5080 LSI_SAS - ok
10:30:45.0959 5080 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:30:45.0959 5080 LSI_SAS2 - ok
10:30:45.0990 5080 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:30:45.0990 5080 LSI_SCSI - ok
10:30:46.0021 5080 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:30:46.0021 5080 luafv - ok
10:30:46.0068 5080 [ B2085E335F2B57077B0CBADB6F1245CD ] lvpopf64 C:\Windows\system32\DRIVERS\lvpopf64.sys
10:30:46.0084 5080 lvpopf64 - ok
10:30:46.0099 5080 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:30:46.0099 5080 LVPr2M64 - ok
10:30:46.0099 5080 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:30:46.0099 5080 LVPr2Mon - ok
10:30:46.0162 5080 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
10:30:46.0162 5080 LVPrcS64 - ok
10:30:46.0193 5080 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
10:30:46.0193 5080 LVRS64 - ok
10:30:46.0287 5080 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
10:30:46.0365 5080 LVUVC64 - ok
10:30:46.0411 5080 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:30:46.0411 5080 Mcx2Svc - ok
10:30:46.0427 5080 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:30:46.0427 5080 megasas - ok
10:30:46.0443 5080 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:30:46.0458 5080 MegaSR - ok
10:30:46.0458 5080 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:30:46.0474 5080 MMCSS - ok
10:30:46.0474 5080 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:30:46.0474 5080 Modem - ok
10:30:46.0489 5080 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:30:46.0505 5080 monitor - ok
10:30:46.0521 5080 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:30:46.0521 5080 mouclass - ok
10:30:46.0536 5080 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:30:46.0536 5080 mouhid - ok
10:30:46.0567 5080 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:30:46.0567 5080 mountmgr - ok
10:30:46.0614 5080 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:30:46.0614 5080 MozillaMaintenance - ok
10:30:46.0645 5080 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:30:46.0645 5080 mpio - ok
10:30:46.0661 5080 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:30:46.0661 5080 mpsdrv - ok
10:30:46.0692 5080 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:30:46.0708 5080 MpsSvc - ok
10:30:46.0723 5080 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:30:46.0723 5080 MRxDAV - ok
10:30:46.0770 5080 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:30:46.0770 5080 mrxsmb - ok
10:30:46.0801 5080 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:30:46.0801 5080 mrxsmb10 - ok
10:30:46.0817 5080 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:30:46.0817 5080 mrxsmb20 - ok
10:30:46.0833 5080 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:30:46.0833 5080 msahci - ok
10:30:46.0848 5080 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:30:46.0848 5080 msdsm - ok
10:30:46.0864 5080 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:30:46.0864 5080 MSDTC - ok
10:30:46.0879 5080 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:30:46.0879 5080 Msfs - ok
10:30:46.0911 5080 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:30:46.0911 5080 mshidkmdf - ok
10:30:46.0926 5080 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:30:46.0926 5080 msisadrv - ok
10:30:46.0942 5080 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:30:46.0957 5080 MSiSCSI - ok
10:30:46.0957 5080 msiserver - ok
10:30:46.0989 5080 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:30:46.0989 5080 MSKSSRV - ok
10:30:47.0020 5080 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:30:47.0020 5080 MSPCLOCK - ok
10:30:47.0035 5080 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:30:47.0035 5080 MSPQM - ok
10:30:47.0051 5080 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:30:47.0067 5080 MsRPC - ok
10:30:47.0082 5080 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:30:47.0082 5080 mssmbios - ok
10:30:47.0098 5080 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:30:47.0098 5080 MSTEE - ok
10:30:47.0113 5080 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:30:47.0113 5080 MTConfig - ok
10:30:47.0145 5080 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
10:30:47.0145 5080 MTsensor - ok
10:30:47.0160 5080 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:30:47.0160 5080 Mup - ok
10:30:47.0207 5080 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:30:47.0207 5080 napagent - ok
10:30:47.0238 5080 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:30:47.0238 5080 NativeWifiP - ok
10:30:47.0316 5080 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120909.008\ENG64.SYS
10:30:47.0316 5080 NAVENG - ok
10:30:47.0363 5080 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120909.008\EX64.SYS
10:30:47.0379 5080 NAVEX15 - ok
10:30:47.0425 5080 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:30:47.0441 5080 NDIS - ok
10:30:47.0441 5080 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:30:47.0441 5080 NdisCap - ok
10:30:47.0457 5080 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:30:47.0457 5080 NdisTapi - ok
10:30:47.0488 5080 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:30:47.0488 5080 Ndisuio - ok
10:30:47.0503 5080 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:30:47.0503 5080 NdisWan - ok
10:30:47.0535 5080 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:30:47.0535 5080 NDProxy - ok
10:30:47.0535 5080 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:30:47.0535 5080 NetBIOS - ok
10:30:47.0566 5080 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:30:47.0566 5080 NetBT - ok
10:30:47.0581 5080 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:30:47.0581 5080 Netlogon - ok
10:30:47.0628 5080 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:30:47.0628 5080 Netman - ok
10:30:47.0691 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:47.0691 5080 NetMsmqActivator - ok
10:30:47.0691 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:47.0691 5080 NetPipeActivator - ok
10:30:47.0706 5080 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:30:47.0722 5080 netprofm - ok
10:30:47.0722 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:47.0722 5080 NetTcpActivator - ok
10:30:47.0722 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:47.0722 5080 NetTcpPortSharing - ok
10:30:47.0737 5080 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:30:47.0737 5080 nfrd960 - ok
10:30:47.0753 5080 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:30:47.0769 5080 NlaSvc - ok
10:30:47.0769 5080 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:30:47.0784 5080 Npfs - ok
10:30:47.0784 5080 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:30:47.0800 5080 nsi - ok
10:30:47.0800 5080 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:30:47.0800 5080 nsiproxy - ok
10:30:47.0862 5080 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:30:47.0893 5080 Ntfs - ok
10:30:47.0893 5080 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:30:47.0893 5080 Null - ok
10:30:47.0940 5080 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
10:30:47.0940 5080 NVENETFD - ok
10:30:48.0190 5080 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:30:48.0252 5080 nvlddmkm - ok
10:30:48.0283 5080 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:30:48.0283 5080 nvraid - ok
10:30:48.0315 5080 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:30:48.0315 5080 nvstor - ok
10:30:48.0346 5080 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:30:48.0346 5080 nvsvc - ok
10:30:48.0439 5080 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:30:48.0455 5080 nvUpdatusService - ok
10:30:48.0486 5080 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:30:48.0486 5080 nv_agp - ok
10:30:48.0502 5080 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:30:48.0502 5080 ohci1394 - ok
10:30:48.0517 5080 [ 85EA378116E2C4385993BA5124536FFC ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
10:30:48.0517 5080 ossrv - ok
10:30:48.0533 5080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:30:48.0549 5080 p2pimsvc - ok
10:30:48.0564 5080 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:30:48.0564 5080 p2psvc - ok
10:30:48.0595 5080 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:30:48.0595 5080 Parport - ok
10:30:48.0627 5080 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:30:48.0627 5080 partmgr - ok
10:30:48.0627 5080 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:30:48.0642 5080 PcaSvc - ok
10:30:48.0642 5080 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:30:48.0658 5080 pci - ok
10:30:48.0658 5080 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:30:48.0658 5080 pciide - ok
10:30:48.0673 5080 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:30:48.0673 5080 pcmcia - ok
10:30:48.0720 5080 [ A87932FF09593BA8D197667A13E2A628 ] PCTBD C:\Windows\system32\Drivers\PCTBD64.sys
10:30:48.0720 5080 PCTBD - ok
10:30:48.0751 5080 [ 876FD95B7A3B7FE6179FBD16E7A6486C ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
10:30:48.0751 5080 PCTCore - ok
10:30:48.0767 5080 [ BA1F42A42F405F62CEFF6B69A2797F7C ] pctDS C:\Windows\system32\drivers\pctDS64.sys
10:30:48.0767 5080 pctDS - ok
10:30:48.0798 5080 [ 146CC91C93CED13E7FE40E8D8615BE39 ] pctEFA C:\Windows\system32\drivers\pctEFA64.sys
10:30:48.0814 5080 pctEFA - ok
10:30:48.0845 5080 [ C4775E7F54F3CC6307B73462B1B802C6 ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys
10:30:48.0845 5080 PCTSD - ok
10:30:48.0861 5080 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:30:48.0861 5080 pcw - ok
10:30:48.0876 5080 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:30:48.0892 5080 PEAUTH - ok
10:30:48.0923 5080 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:30:48.0939 5080 PeerDistSvc - ok
10:30:49.0001 5080 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:30:49.0001 5080 PerfHost - ok
10:30:49.0063 5080 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:30:49.0095 5080 pla - ok
10:30:49.0110 5080 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:30:49.0126 5080 PlugPlay - ok
10:30:49.0141 5080 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:30:49.0141 5080 PNRPAutoReg - ok
10:30:49.0157 5080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:30:49.0157 5080 PNRPsvc - ok
10:30:49.0173 5080 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:30:49.0173 5080 PolicyAgent - ok
10:30:49.0204 5080 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:30:49.0204 5080 Power - ok
10:30:49.0235 5080 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:30:49.0235 5080 PptpMiniport - ok
10:30:49.0251 5080 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:30:49.0251 5080 Processor - ok
10:30:49.0282 5080 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:30:49.0282 5080 ProfSvc - ok
10:30:49.0297 5080 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:30:49.0297 5080 ProtectedStorage - ok
10:30:49.0329 5080 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:30:49.0329 5080 Psched - ok
10:30:49.0360 5080 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:30:49.0391 5080 ql2300 - ok
10:30:49.0407 5080 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:30:49.0407 5080 ql40xx - ok
10:30:49.0438 5080 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:30:49.0438 5080 QWAVE - ok
10:30:49.0453 5080 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:30:49.0453 5080 QWAVEdrv - ok
10:30:49.0469 5080 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:30:49.0469 5080 RasAcd - ok
10:30:49.0485 5080 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:30:49.0485 5080 RasAgileVpn - ok
10:30:49.0500 5080 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:30:49.0500 5080 RasAuto - ok
10:30:49.0516 5080 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:30:49.0516 5080 Rasl2tp - ok
10:30:49.0531 5080 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:30:49.0547 5080 RasMan - ok
10:30:49.0547 5080 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:30:49.0547 5080 RasPppoe - ok
10:30:49.0563 5080 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:30:49.0563 5080 RasSstp - ok
10:30:49.0578 5080 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:30:49.0594 5080 rdbss - ok
10:30:49.0594 5080 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:30:49.0594 5080 rdpbus - ok
10:30:49.0609 5080 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:30:49.0609 5080 RDPCDD - ok
10:30:49.0609 5080 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:30:49.0641 5080 RDPDR - ok
10:30:49.0641 5080 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:30:49.0641 5080 RDPENCDD - ok
10:30:49.0656 5080 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:30:49.0656 5080 RDPREFMP - ok
10:30:49.0672 5080 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:30:49.0672 5080 RdpVideoMiniport - ok
10:30:49.0703 5080 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:30:49.0719 5080 RDPWD - ok
10:30:49.0734 5080 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:30:49.0734 5080 rdyboost - ok
10:30:49.0781 5080 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys
10:30:49.0781 5080 regi - ok
10:30:49.0812 5080 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:30:49.0812 5080 RemoteAccess - ok
10:30:49.0828 5080 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:30:49.0828 5080 RemoteRegistry - ok
10:30:49.0843 5080 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:30:49.0843 5080 RpcEptMapper - ok
10:30:49.0875 5080 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:30:49.0890 5080 RpcLocator - ok
10:30:49.0921 5080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:30:49.0921 5080 RpcSs - ok
10:30:49.0937 5080 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:30:49.0937 5080 rspndr - ok
10:30:49.0984 5080 [ 333224D4D25F9BCCA488E08345083E1C ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys
10:30:49.0984 5080 RTL8187 - ok
10:30:50.0015 5080 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:30:50.0015 5080 s3cap - ok
10:30:50.0015 5080 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:30:50.0015 5080 SamSs - ok
10:30:50.0031 5080 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:30:50.0031 5080 sbp2port - ok
10:30:50.0046 5080 SBRE - ok
10:30:50.0124 5080 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:30:50.0140 5080 SBSDWSCService - ok
10:30:50.0155 5080 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:30:50.0155 5080 SCardSvr - ok
10:30:50.0171 5080 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:30:50.0171 5080 scfilter - ok
10:30:50.0202 5080 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:30:50.0218 5080 Schedule - ok
10:30:50.0249 5080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:30:50.0249 5080 SCPolicySvc - ok
10:30:50.0296 5080 [ CFEB26A26452D5337C2F3AADD8218FC3 ] sdAuxService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
10:30:50.0296 5080 sdAuxService - ok
10:30:50.0327 5080 [ B906C04F469060F2DD7FCB84706B4493 ] sdCoreService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
10:30:50.0343 5080 sdCoreService - ok
10:30:50.0358 5080 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:30:50.0374 5080 SDRSVC - ok
10:30:50.0405 5080 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:30:50.0405 5080 secdrv - ok
10:30:50.0421 5080 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:30:50.0421 5080 seclogon - ok
10:30:50.0436 5080 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:30:50.0436 5080 SENS - ok
10:30:50.0452 5080 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:30:50.0452 5080 SensrSvc - ok
10:30:50.0530 5080 [ 7E2C360B6CC0D87B8EF38439B53DFC71 ] SepMasterService D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
10:30:50.0530 5080 SepMasterService - ok
10:30:50.0561 5080 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:30:50.0561 5080 Serenum - ok
10:30:50.0577 5080 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:30:50.0577 5080 Serial - ok
10:30:50.0608 5080 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:30:50.0608 5080 sermouse - ok
10:30:50.0639 5080 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:30:50.0639 5080 SessionEnv - ok
10:30:50.0655 5080 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:30:50.0655 5080 sffdisk - ok
10:30:50.0655 5080 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:30:50.0670 5080 sffp_mmc - ok
10:30:50.0670 5080 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:30:50.0670 5080 sffp_sd - ok
10:30:50.0686 5080 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:30:50.0686 5080 sfloppy - ok
10:30:50.0717 5080 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:30:50.0733 5080 SharedAccess - ok
10:30:50.0748 5080 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:30:50.0748 5080 ShellHWDetection - ok
10:30:50.0764 5080 [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132 C:\Windows\system32\DRIVERS\SI3132.sys
10:30:50.0764 5080 SI3132 - ok
10:30:50.0779 5080 [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
10:30:50.0779 5080 SiFilter - ok
10:30:50.0795 5080 [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
10:30:50.0795 5080 SiRemFil - ok
10:30:50.0795 5080 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:30:50.0811 5080 SiSRaid2 - ok
10:30:50.0826 5080 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:30:50.0826 5080 SiSRaid4 - ok
10:30:50.0873 5080 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate D:\Program Files (x86)\Skype\Updater\Updater.exe
10:30:50.0873 5080 SkypeUpdate - ok
10:30:50.0889 5080 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:30:50.0889 5080 Smb - ok
10:30:50.0967 5080 [ C9EE967406D9D5429C53718918164E8A ] SmcService D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
10:30:50.0998 5080 SmcService - ok
10:30:51.0029 5080 [ 7D93DA29D4EBA331187BF5843C9B6497 ] SNAC D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
10:30:51.0029 5080 SNAC - ok
10:30:51.0076 5080 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:30:51.0076 5080 SNMPTRAP - ok
10:30:51.0091 5080 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:30:51.0091 5080 spldr - ok
10:30:51.0123 5080 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:30:51.0138 5080 Spooler - ok
10:30:51.0201 5080 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:30:51.0247 5080 sppsvc - ok
10:30:51.0263 5080 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:30:51.0263 5080 sppuinotify - ok
10:30:51.0325 5080 [ 02B1685A670E4D48C2D1EE3913C122A4 ] SRTSP C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS
10:30:51.0325 5080 SRTSP - ok
10:30:51.0357 5080 [ C27436186A99B647C38B9EA6EF36E2DB ] SRTSPX C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS
10:30:51.0357 5080 SRTSPX - ok
10:30:51.0388 5080 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:30:51.0388 5080 srv - ok
10:30:51.0403 5080 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:30:51.0419 5080 srv2 - ok
10:30:51.0419 5080 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:30:51.0435 5080 srvnet - ok
10:30:51.0450 5080 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:30:51.0450 5080 SSDPSRV - ok
10:30:51.0466 5080 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:30:51.0466 5080 SstpSvc - ok
10:30:51.0528 5080 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:30:51.0528 5080 Stereo Service - ok
10:30:51.0575 5080 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:30:51.0575 5080 stexstor - ok
10:30:51.0606 5080 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:30:51.0606 5080 stisvc - ok
10:30:51.0637 5080 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:30:51.0637 5080 storflt - ok
10:30:51.0653 5080 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:30:51.0669 5080 storvsc - ok
10:30:51.0669 5080 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:30:51.0669 5080 swenum - ok
10:30:51.0793 5080 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:30:51.0793 5080 SwitchBoard - ok
10:30:51.0809 5080 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:30:51.0825 5080 swprv - ok
10:30:51.0856 5080 [ E2864E707BC59B2EAB09C6B2DB26A1AA ] SyDvCtrl D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys
10:30:51.0856 5080 SyDvCtrl - ok
10:30:51.0887 5080 [ F017987B177F7BBC989318D59309D091 ] SymDS C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS
10:30:51.0887 5080 SymDS - ok
10:30:51.0918 5080 [ BA589E090506AAE847F128AA6BBB376A ] SymEFA C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS
10:30:51.0934 5080 SymEFA - ok
10:30:51.0965 5080 [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:30:51.0981 5080 SymEvent - ok
10:30:51.0996 5080 [ 66B80D43191BA671A9BB8254E8236EB7 ] SymIRON C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS
10:30:52.0012 5080 SymIRON - ok
10:30:52.0012 5080 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SYMNETS C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS
10:30:52.0027 5080 SYMNETS - ok
10:30:52.0027 5080 Synth3dVsc - ok
10:30:52.0090 5080 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:30:52.0105 5080 SysMain - ok
10:30:52.0121 5080 [ 29C2A08F4B6566DD8735CDB737BBAF03 ] SysPlant C:\Windows\system32\Drivers\SysPlant.sys
10:30:52.0121 5080 SysPlant - ok
10:30:52.0152 5080 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:30:52.0168 5080 TabletInputService - ok
10:30:52.0199 5080 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:30:52.0199 5080 TapiSrv - ok
10:30:52.0215 5080 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:30:52.0215 5080 TBS - ok
10:30:52.0261 5080 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:30:52.0293 5080 Tcpip - ok
10:30:52.0339 5080 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:30:52.0339 5080 TCPIP6 - ok
10:30:52.0371 5080 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:30:52.0371 5080 tcpipreg - ok
10:30:52.0402 5080 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:30:52.0417 5080 TDPIPE - ok
10:30:52.0449 5080 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:30:52.0449 5080 TDTCP - ok
10:30:52.0464 5080 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:30:52.0464 5080 tdx - ok
10:30:52.0511 5080 [ CB21EA9DE4B89A3B281325DFE11A98AA ] Teefer2 C:\Windows\system32\DRIVERS\Teefer.sys
10:30:52.0511 5080 Teefer2 - ok
10:30:52.0527 5080 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:30:52.0527 5080 TermDD - ok
10:30:52.0558 5080 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:30:52.0573 5080 TermService - ok
10:30:52.0605 5080 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:30:52.0605 5080 Themes - ok
10:30:52.0620 5080 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:30:52.0620 5080 THREADORDER - ok
10:30:52.0636 5080 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:30:52.0651 5080 TrkWks - ok
10:30:52.0683 5080 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:30:52.0698 5080 TrustedInstaller - ok
10:30:52.0698 5080 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:30:52.0714 5080 tssecsrv - ok
10:30:52.0729 5080 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:30:52.0729 5080 TsUsbFlt - ok
10:30:52.0745 5080 tsusbhub - ok
10:30:52.0776 5080 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:30:52.0776 5080 tunnel - ok
10:30:52.0792 5080 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:30:52.0792 5080 uagp35 - ok
10:30:52.0807 5080 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:30:52.0823 5080 udfs - ok
10:30:52.0839 5080 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:30:52.0839 5080 UI0Detect - ok
10:30:52.0854 5080 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:30:52.0854 5080 uliagpkx - ok
10:30:52.0885 5080 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:30:52.0885 5080 umbus - ok
10:30:52.0901 5080 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:30:52.0901 5080 UmPass - ok
10:30:52.0917 5080 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:30:52.0917 5080 UmRdpService - ok
10:30:52.0979 5080 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
10:30:52.0995 5080 UMVPFSrv - ok
10:30:52.0995 5080 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:30:53.0010 5080 upnphost - ok
10:30:53.0041 5080 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:30:53.0057 5080 usbaudio - ok
10:30:53.0088 5080 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:30:53.0088 5080 usbccgp - ok
10:30:53.0104 5080 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:30:53.0104 5080 usbcir - ok
10:30:53.0135 5080 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:30:53.0135 5080 usbehci - ok
10:30:53.0151 5080 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:30:53.0151 5080 usbhub - ok
10:30:53.0182 5080 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:30:53.0182 5080 usbohci - ok
10:30:53.0197 5080 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:30:53.0197 5080 usbprint - ok
10:30:53.0229 5080 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:30:53.0244 5080 USBSTOR - ok
10:30:53.0260 5080 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:30:53.0260 5080 usbuhci - ok
10:30:53.0275 5080 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:30:53.0275 5080 UxSms - ok
10:30:53.0275 5080 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:30:53.0275 5080 VaultSvc - ok
10:30:53.0291 5080 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:30:53.0291 5080 vdrvroot - ok
10:30:53.0322 5080 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:30:53.0322 5080 vds - ok
10:30:53.0338 5080 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:30:53.0338 5080 vga - ok
10:30:53.0353 5080 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:30:53.0353 5080 VgaSave - ok
10:30:53.0353 5080 VGPU - ok
10:30:53.0369 5080 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:30:53.0369 5080 vhdmp - ok
10:30:53.0400 5080 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:30:53.0400 5080 viaide - ok
10:30:53.0431 5080 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:30:53.0431 5080 vmbus - ok
10:30:53.0447 5080 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:30:53.0447 5080 VMBusHID - ok
10:30:53.0463 5080 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:30:53.0463 5080 volmgr - ok
10:30:53.0494 5080 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:30:53.0509 5080 volmgrx - ok
10:30:53.0509 5080 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:30:53.0509 5080 volsnap - ok
10:30:53.0541 5080 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
10:30:53.0541 5080 vpcbus - ok
10:30:53.0556 5080 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
10:30:53.0556 5080 vpcnfltr - ok
10:30:53.0572 5080 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
10:30:53.0572 5080 vpcusb - ok
10:30:53.0619 5080 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
10:30:53.0619 5080 vpcvmm - ok
10:30:53.0634 5080 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:30:53.0650 5080 vsmraid - ok
10:30:53.0712 5080 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:30:53.0728 5080 VSS - ok
10:30:53.0743 5080 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:30:53.0743 5080 vwifibus - ok
10:30:53.0759 5080 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:30:53.0759 5080 vwififlt - ok
10:30:53.0806 5080 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:30:53.0806 5080 W32Time - ok
10:30:53.0821 5080 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:30:53.0821 5080 WacomPen - ok
10:30:53.0837 5080 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:30:53.0837 5080 WANARP - ok
10:30:53.0837 5080 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:30:53.0837 5080 Wanarpv6 - ok
10:30:53.0884 5080 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:30:53.0915 5080 wbengine - ok
10:30:53.0915 5080 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:30:53.0931 5080 WbioSrvc - ok
10:30:53.0946 5080 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:30:53.0962 5080 wcncsvc - ok
10:30:53.0977 5080 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:30:53.0993 5080 WcsPlugInService - ok
10:30:53.0993 5080 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:30:54.0009 5080 Wd - ok
10:30:54.0024 5080 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:30:54.0024 5080 Wdf01000 - ok
10:30:54.0040 5080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:30:54.0040 5080 WdiServiceHost - ok
10:30:54.0040 5080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:30:54.0040 5080 WdiSystemHost - ok
10:30:54.0071 5080 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:30:54.0071 5080 WebClient - ok
10:30:54.0087 5080 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:30:54.0102 5080 Wecsvc - ok
10:30:54.0118 5080 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:30:54.0118 5080 wercplsupport - ok
10:30:54.0133 5080 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:30:54.0149 5080 WerSvc - ok
10:30:54.0149 5080 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:30:54.0149 5080 WfpLwf - ok
10:30:54.0165 5080 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:30:54.0165 5080 WIMMount - ok
10:30:54.0180 5080 WinDefend - ok
10:30:54.0180 5080 WinHttpAutoProxySvc - ok
10:30:54.0211 5080 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:30:54.0227 5080 Winmgmt - ok
10:30:54.0258 5080 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:30:54.0289 5080 WinRM - ok
10:30:54.0321 5080 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:30:54.0321 5080 WinUsb - ok
10:30:54.0336 5080 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:30:54.0352 5080 Wlansvc - ok
10:30:54.0430 5080 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:30:54.0477 5080 wlidsvc - ok
10:30:54.0508 5080 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
10:30:54.0508 5080 WmBEnum - ok
10:30:54.0555 5080 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
10:30:54.0555 5080 WmFilter - ok
10:30:54.0586 5080 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:30:54.0586 5080 WmiAcpi - ok
10:30:54.0617 5080 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:30:54.0617 5080 wmiApSrv - ok
10:30:54.0633 5080 WMPNetworkSvc - ok
10:30:54.0648 5080 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
10:30:54.0648 5080 WmVirHid - ok
10:30:54.0664 5080 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
10:30:54.0664 5080 WmXlCore - ok
10:30:54.0679 5080 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:30:54.0695 5080 WPCSvc - ok
10:30:54.0711 5080 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:30:54.0726 5080 WPDBusEnum - ok
10:30:54.0742 5080 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:30:54.0742 5080 ws2ifsl - ok
10:30:54.0757 5080 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:30:54.0757 5080 wscsvc - ok
10:30:54.0757 5080 WSearch - ok
10:30:54.0835 5080 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:30:54.0867 5080 wuauserv - ok
10:30:54.0882 5080 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:30:54.0882 5080 WudfPf - ok
10:30:54.0913 5080 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:30:54.0929 5080 WUDFRd - ok
10:30:54.0960 5080 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:30:54.0960 5080 wudfsvc - ok
10:30:54.0976 5080 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:30:54.0976 5080 WwanSvc - ok
10:30:55.0007 5080 ================ Scan global ===============================
10:30:55.0023 5080 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:30:55.0054 5080 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:30:55.0054 5080 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:30:55.0085 5080 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:30:55.0101 5080 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:30:55.0101 5080 [Global] - ok
10:30:55.0101 5080 ================ Scan MBR ==================================
10:30:55.0116 5080 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:30:55.0288 5080 \Device\Harddisk0\DR0 - ok
10:30:55.0303 5080 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:30:55.0413 5080 \Device\Harddisk1\DR1 - ok
10:30:55.0413 5080 ================ Scan VBR ==================================
10:30:55.0413 5080 [ 5D384F77760321254750FC2C4C8A6DCC ] \Device\Harddisk0\DR0\Partition1
10:30:55.0413 5080 \Device\Harddisk0\DR0\Partition1 - ok
10:30:55.0428 5080 [ 99415F5760BA0DE1B8704563849E14E3 ] \Device\Harddisk0\DR0\Partition2
10:30:55.0428 5080 \Device\Harddisk0\DR0\Partition2 - ok
10:30:55.0428 5080 [ 5EC63F6A5CFE18F5D2F68B86DDF36E8F ] \Device\Harddisk1\DR1\Partition1
10:30:55.0428 5080 \Device\Harddisk1\DR1\Partition1 - ok
10:30:55.0444 5080 [ B2AF9A15CDA29767EB8832FA0993B59F ] \Device\Harddisk1\DR1\Partition2
10:30:55.0444 5080 \Device\Harddisk1\DR1\Partition2 - ok
10:30:55.0459 5080 [ FC3835258A5941DC12E200FDB8CD0666 ] \Device\Harddisk1\DR1\Partition3
10:30:55.0459 5080 \Device\Harddisk1\DR1\Partition3 - ok
10:30:55.0475 5080 [ F50714AB3F1B6266CE73C3F74A91E4A9 ] \Device\Harddisk1\DR1\Partition4
10:30:55.0491 5080 \Device\Harddisk1\DR1\Partition4 - ok
10:30:55.0491 5080 ============================================================
10:30:55.0491 5080 Scan finished
10:30:55.0491 5080 ============================================================
10:30:55.0491 4564 Detected object count: 0
10:30:55.0491 4564 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 AM

Posted 10 September 2012 - 01:15 PM

Hello KWK

go ahead and save the .dat report for now - in which browsers do you have the problem

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 KWK

KWK
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 10 September 2012 - 03:12 PM

As stated previously, the problem occurs using Internet Explore or SlimBrowser with Google. SlimBrowser piggybacks off Internet Exlporer from what I understand and is my preferred browser. The issues do not occur using either browser with Bing. I do not use Bing.

Also I found and included the MBR text log I did not notice previously. The OTL log is below it.

While typing this out I notice there is some lag which has not happened before.



HERE IS THE PREVIOUS MBR LOG:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-10 10:43:27
-----------------------------
10:43:27.480 OS Version: Windows x64 6.1.7601 Service Pack 1
10:43:27.480 Number of processors: 2 586 0x4303
10:43:27.480 ComputerName: KEN UserName: Ken
10:43:29.320 Initialize success
10:45:43.773 AVAST engine defs: 12091000
10:47:19.853 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:47:19.853 Disk 0 Vendor: WDC_WD1600JB-00FUA0 15.05R15 Size: 152627MB BusType: 3
10:47:19.869 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000081
10:47:19.869 Disk 1 Vendor: ST310005 CC34 Size: 953869MB BusType: 3
10:47:19.884 Disk 1 MBR read successfully
10:47:19.884 Disk 1 MBR scan
10:47:19.884 Disk 1 Windows 7 default MBR code
10:47:19.884 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
10:47:19.916 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 300002 MB offset 204796620
10:47:19.931 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 300002 MB offset 819202545
10:47:19.947 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 253863 MB offset 1433608470
10:47:19.978 Disk 1 scanning C:\Windows\system32\drivers
10:47:31.397 Service scanning
10:47:49.446 Modules scanning
10:47:49.446 Disk 1 trace - called modules:
10:47:49.478 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys storport.sys hal.dll nvstor.sys
10:47:49.478 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800425f060]
10:47:49.478 3 CLASSPNP.SYS[fffff88001fce43f] -> nt!IofCallDriver -> [0xfffffa800425e040]
10:47:49.493 5 PCTCore64.sys[fffff8800136e720] -> nt!IofCallDriver -> [0xfffffa80040fbe40]
10:47:49.493 7 ACPI.sys[fffff88000fa47a1] -> nt!IofCallDriver -> \Device\00000081[0xfffffa80040ee720]
10:47:51.568 AVAST engine scan C:\Windows
10:47:53.955 AVAST engine scan C:\Windows\system32
10:51:05.180 AVAST engine scan C:\Windows\system32\drivers
10:51:28.970 AVAST engine scan C:\Users\Ken
10:58:04.762 Disk 1 MBR has been saved successfully to "C:\Users\Ken\Desktop\MBR.dat"
10:58:04.777 The log file has been saved successfully to "C:\Users\Ken\Desktop\aswMBR.txt"




HERE IS THE OTL LOG:
OTL logfile created on: 9/10/2012 12:48:34 PM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Ken\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.09% Memory free
7.99 Gb Paging File | 5.98 Gb Available in Paging File | 74.86% Paging File free
Paging file location(s): c:\pagefile.sys 4094 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.65 Gb Total Space | 23.58 Gb Free Space | 24.15% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 112.12 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
Drive E: | 292.97 Gb Total Space | 210.41 Gb Free Space | 71.82% Space Free | Partition Type: NTFS
Drive F: | 247.91 Gb Total Space | 247.81 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive H: | 29.29 Gb Total Space | 2.79 Gb Free Space | 9.52% Space Free | Partition Type: NTFS
Drive I: | 119.75 Gb Total Space | 6.81 Gb Free Space | 5.69% Space Free | Partition Type: NTFS

Computer Name: KEN | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ken\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files (x86)\SlimBrowser\SBRender.exe (FlashPeak Inc.)
PRC - D:\Program Files (x86)\SlimBrowser\sbframe.exe (FlashPeak Inc.)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - D:\Program Files (x86)\SlimBrowser\EasyHook32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- D:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SmcService) -- D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe (Symantec Corporation)
SRV - (SepMasterService) -- D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Symantec Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PCTSD) -- C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools)
DRV:64bit: - (PCTBD) -- C:\Windows\SysNative\drivers\PCTBD64.sys (PC Tools)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SysPlant) -- C:\Windows\SysNative\drivers\SysPlant.sys (Symantec Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SYMNETS) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\symnets.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (IDSVia64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120907.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120910.002\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120910.002\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BashDefs\20120823.013\BHDrvx64.sys (Symantec Corporation)
DRV - (SyDvCtrl) -- D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2012/09/10 09:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/09/06 12:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/08/16 14:41:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 08:34:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/15 14:06:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/05/26 10:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2011/05/26 10:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/30 12:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\j2un338c.default\extensions
[2011/03/21 11:35:46 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\j2un338c.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2012/08/30 12:44:31 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\j2un338c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

O1 HOSTS File: ([2012/09/09 17:38:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001..\Run: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\..Trusted Domains: ebay.com ([cgi] https in Trusted sites)
O15 - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\..Trusted Domains: google.ca ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3411051719-2696836766-2334767640-1001\..Trusted Domains: google.com ([www] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.178.142.10 216.104.96.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12BA6F7A-A847-44B9-BCF9-B876713E5016}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAC2D832-B320-476E-B190-B722EC8A4836}: DhcpNameServer = 64.178.142.10 216.104.96.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAC2D832-B320-476E-B190-B722EC8A4836}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SEP: DllName - (D:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/07 09:34:37 | 000,000,000 | ---D | M] - E:\Auto Patcher -- [ NTFS ]
O32 - AutoRun File - [2010/08/07 09:34:50 | 000,000,000 | ---D | M] - E:\Autos -- [ NTFS ]
O32 - AutoRun File - [2008/01/21 07:48:30 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/10 12:46:31 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2012/09/10 10:41:40 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ken\Desktop\aswMBR.exe
[2012/09/10 10:13:14 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{5425FB86-69DB-4867-AE34-950960B82514}
[2012/09/09 17:57:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/09 15:57:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/09 15:57:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/09 15:57:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/09 15:57:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/09 15:57:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/09 15:50:16 | 004,747,716 | R--- | C] (Swearware) -- C:\Users\Ken\Desktop\ComboFix.exe
[2012/09/09 15:16:15 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{C4166115-4AD9-4582-B74D-65CAD27304AD}
[2012/09/08 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{157BD973-D478-44EB-A562-2833B3B11E44}
[2012/09/08 16:05:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ken\Desktop\dds.com
[2012/09/08 11:11:26 | 000,751,391 | ---- | C] (Farbar) -- C:\Users\Ken\Desktop\MiniToolBox.exe
[2012/09/08 11:08:32 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Ken\Desktop\FSS.exe
[2012/09/08 10:18:08 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ken\Desktop\tdsskiller.exe
[2012/09/08 09:17:54 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{EC2DEF44-DD32-4FFE-8069-1DE8FBAF712E}
[2012/09/07 10:38:32 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{2698C9F7-5EDD-4BD0-AA66-9850AAF2E1D4}
[2012/09/06 22:37:58 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{0AC88F68-09AD-425C-A97C-2E5153B6ED77}
[2012/09/06 12:15:00 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/09/06 12:14:59 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/09/06 12:14:58 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/09/06 12:14:58 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/09/06 12:14:20 | 000,341,200 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/09/06 12:14:20 | 000,145,464 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/09/06 12:14:13 | 000,014,808 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/09/06 12:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/09/06 12:14:11 | 000,092,928 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/09/06 12:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/09/06 12:06:43 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/09/06 12:06:43 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/09/06 12:06:41 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/09/06 12:06:39 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/09/06 12:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/09/06 12:06:12 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\TestApp
[2012/09/06 12:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/09/06 10:35:57 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{93CEFC69-0EBC-41E9-9958-DDA8D90816FC}
[2012/09/05 21:57:00 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Firestorm
[2012/09/05 21:56:58 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Firestorm
[2012/09/05 21:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2012/09/05 11:21:45 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{7763DD5D-5473-4112-9DE1-A2153F9C372B}
[2012/09/04 09:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser
[2012/09/04 09:33:50 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{502CE67D-3FFC-444E-8588-5EBE04359BC1}
[2012/09/03 10:07:26 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{AACB4724-0E87-4B2B-92FC-217B5735D8A5}
[2012/09/02 10:17:22 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{F6C38F19-B152-4CC8-ADD1-C766D7B6641A}
[2012/09/02 10:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/02 10:16:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/02 10:16:24 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/02 10:16:24 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/02 10:16:24 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/02 10:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/09/01 08:49:07 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{D7746AA1-5C80-481C-83EE-B894B9F07FF6}
[2012/08/31 11:48:12 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/08/31 11:48:12 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/08/31 11:48:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/31 11:48:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/31 11:48:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/31 11:48:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/31 11:48:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/31 11:48:12 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/31 11:48:12 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/31 11:48:12 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/08/31 11:48:12 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/08/31 11:48:12 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/08/31 11:48:12 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/08/31 11:48:12 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/08/31 11:48:12 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/08/31 11:48:12 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/08/31 11:48:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/31 11:48:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/31 11:48:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/31 11:48:12 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/08/31 11:48:12 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/08/31 11:48:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/08/31 11:48:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/31 11:48:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/31 11:48:12 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/08/31 11:48:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/08/31 11:48:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/08/31 11:48:12 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/08/31 11:48:12 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/08/31 11:48:12 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/08/31 11:48:12 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/08/31 11:48:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/08/31 11:48:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/08/31 11:48:12 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/08/31 11:48:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/31 11:48:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/08/31 11:48:12 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/08/31 11:48:12 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/08/31 11:48:12 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/08/31 11:48:12 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/08/31 11:48:12 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/08/31 11:48:12 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/08/31 11:48:12 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/08/31 11:48:12 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/08/31 11:48:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/31 11:48:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/08/31 11:48:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/08/31 11:48:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/08/31 11:48:12 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/08/31 11:48:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/08/31 11:48:12 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/08/31 11:48:12 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/08/31 11:48:12 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/08/31 11:48:12 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/08/31 11:48:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/08/31 11:48:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/08/31 11:48:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/08/31 11:48:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/31 11:48:12 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/08/31 11:48:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/08/31 11:48:12 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/08/31 11:48:12 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/08/31 11:48:12 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/08/31 11:48:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/08/31 11:48:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/08/31 11:48:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/08/31 11:48:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/08/31 11:48:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/08/31 11:48:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/08/31 11:48:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/08/31 11:48:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/08/31 11:48:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/08/31 09:51:42 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{8F802791-33BD-430A-840B-4272CA641D41}
[2012/08/30 12:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012/08/30 12:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox
[2012/08/30 12:22:30 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Waterfox Limited
[2012/08/30 09:10:47 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{D980A6BE-96DD-4173-8671-C0F0AA77EFD9}
[2012/08/29 10:20:07 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{D8D6F5E7-1553-45F8-AB6D-C8E40E7857BA}
[2012/08/28 10:45:15 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{AA431FAE-EF02-4D39-9D72-EC6F6F20CFC7}
[2012/08/27 01:23:04 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{E1464DD6-8CAC-4F6A-A3A7-6124AAF9CF6A}
[2012/08/26 11:36:03 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{3595060A-E6D3-4967-9C9E-288B69525C01}
[2012/08/25 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{43FF6E50-E58B-45E6-9E38-93210048C0D5}
[2012/08/24 10:12:13 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{5BEE5C72-ED30-4A4E-A10A-AF2587B1EDFB}
[2012/08/23 09:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/23 09:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/08/23 09:48:10 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{A2CE3934-458B-4B04-98C5-3E728F1BF0B2}
[2012/08/22 09:01:57 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{75B84A99-352D-41C2-94FC-3489FB1237BE}
[2012/08/21 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{1BFA26E5-37E7-4E99-8F27-06679D54ACE9}
[2012/08/21 11:08:34 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\SlimBrowser
[2012/08/21 08:36:39 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{B04439A0-6DEB-4532-81A3-602C979F1C04}
[2012/08/20 08:51:47 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{5D019037-3C80-40FD-A3D0-55592B81AF2C}
[2012/08/19 08:59:11 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{D19D099E-E46E-4C1C-8C65-FC1BDAAE0FCC}
[2012/08/18 09:31:02 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{A7AA4950-79C8-464F-BC31-F8A75BF71A3A}
[2012/08/18 09:30:20 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{CD775477-8328-4D40-8E45-8FC09F09431A}
[2012/08/17 12:14:21 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{C46518DC-DB47-420F-A1DF-79255C04C379}
[2012/08/17 12:13:41 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{AC308159-BD87-4C7F-8212-077C6673E08C}
[2012/08/17 00:13:01 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{B595D54B-2B7E-453A-B56F-EBDE1D9AD7F0}
[2012/08/17 00:12:26 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{FBF6D3B2-522A-4174-B2EE-6CBC22134C4C}
[2012/08/16 14:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/16 14:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/16 09:39:22 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{DCFC006D-4D2A-4281-A814-B37C3376AA08}
[2012/08/16 09:38:47 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{5029C47E-FADF-45E3-BE10-674BB96B1477}
[2012/08/16 09:05:23 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/16 09:05:20 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/16 09:05:20 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/16 09:05:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/16 09:05:18 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/16 09:05:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/16 09:05:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/16 09:04:44 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 21:13:03 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{EAB81862-0866-48E8-91C4-6264B0D46592}
[2012/08/15 21:12:28 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{17A1C8D3-25E5-42ED-BAAF-6ECDBFF054BF}
[2012/08/15 08:32:25 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{C41D06D7-5752-4FEC-9A1A-54AA6AA02C10}
[2012/08/15 08:31:46 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{240310CE-5C5A-4454-A0EF-AC77B1CED686}
[2012/08/13 09:00:25 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{8FFA6489-50A3-41B0-92CC-6D8263627C46}
[2012/08/13 08:59:50 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{3C7094E3-01DD-4638-8636-9EE741CB24FA}
[2012/08/12 09:29:35 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{3819A05E-BC15-421B-A1BF-60BB3B286307}
[2012/08/12 09:28:58 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{383477A3-E0E4-4078-B56D-C0F8EF1DB09F}
[2012/08/12 08:50:39 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\{BE14FD5A-79A7-48B9-A2BD-D4DB219137D0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/10 12:46:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2012/09/10 12:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/10 12:16:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/10 10:58:04 | 000,000,512 | ---- | M] () -- C:\Users\Ken\Desktop\MBR.dat
[2012/09/10 10:56:28 | 000,002,915 | ---- | M] () -- C:\Users\Ken\Desktop\My Bleeping Computer Report.rtf
[2012/09/10 10:41:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ken\Desktop\aswMBR.exe
[2012/09/10 10:26:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/09/10 10:23:54 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ken\Desktop\tdsskiller.exe
[2012/09/10 09:43:17 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/10 09:43:17 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/10 09:42:28 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/10 09:42:28 | 000,661,908 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/10 09:42:28 | 000,121,826 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/10 09:38:28 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/10 09:37:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/10 09:37:34 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/10 00:51:44 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000007-00001102-00000004-20061102}.rfx
[2012/09/10 00:51:44 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000007-00001102-00000004-20061102}.rfx
[2012/09/10 00:51:44 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000002-00000000-00000007-00001102-00000004-20061102}.rfx
[2012/09/10 00:51:44 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000004-20061102}.rfx
[2012/09/10 00:51:44 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000007-00001102-00000004-20061102}.rfx
[2012/09/09 17:38:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/09 15:50:34 | 004,747,716 | R--- | M] (Swearware) -- C:\Users\Ken\Desktop\ComboFix.exe
[2012/09/09 15:41:59 | 000,854,156 | ---- | M] () -- C:\Users\Ken\Desktop\SecurityCheck.exe
[2012/09/08 16:06:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ken\Desktop\dds.com
[2012/09/08 16:04:28 | 000,000,000 | ---- | M] () -- C:\Users\Ken\defogger_reenable
[2012/09/08 16:02:48 | 000,050,477 | ---- | M] () -- C:\Users\Ken\Desktop\Defogger.exe
[2012/09/08 11:11:30 | 000,751,391 | ---- | M] (Farbar) -- C:\Users\Ken\Desktop\MiniToolBox.exe
[2012/09/08 11:08:35 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Ken\Desktop\FSS.exe
[2012/09/06 12:28:35 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/06 12:14:13 | 000,002,245 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012/09/06 12:06:55 | 002,170,913 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/09/05 21:56:54 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2012/09/04 09:39:41 | 000,000,722 | ---- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk
[2012/09/04 09:39:40 | 000,000,722 | ---- | M] () -- C:\Users\Public\Desktop\FlashPeak SlimBrowser.lnk
[2012/09/02 10:16:19 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/09/02 10:16:19 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/02 10:16:19 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/02 10:16:19 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/02 10:16:19 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/02 10:16:19 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/01 23:28:33 | 000,007,668 | ---- | M] () -- C:\Users\Ken\AppData\Local\Resmon.ResmonCfg
[2012/08/31 11:48:12 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/08/31 11:48:12 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/08/31 11:48:12 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/31 11:48:12 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/31 11:48:12 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/31 11:48:12 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/31 11:48:12 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/31 11:48:12 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/31 11:48:12 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/31 11:48:12 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/08/31 11:48:12 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/08/31 11:48:12 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/08/31 11:48:12 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/08/31 11:48:12 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/08/31 11:48:12 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/08/31 11:48:12 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/08/31 11:48:12 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/31 11:48:12 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/31 11:48:12 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/31 11:48:12 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/08/31 11:48:12 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/08/31 11:48:12 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/08/31 11:48:12 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/31 11:48:12 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/31 11:48:12 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/08/31 11:48:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/08/31 11:48:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/08/31 11:48:12 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/08/31 11:48:12 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/08/31 11:48:12 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/08/31 11:48:12 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/08/31 11:48:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/08/31 11:48:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/08/31 11:48:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/08/31 11:48:12 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/31 11:48:12 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/08/31 11:48:12 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/08/31 11:48:12 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/08/31 11:48:12 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/08/31 11:48:12 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/08/31 11:48:12 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/08/31 11:48:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/08/31 11:48:12 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/08/31 11:48:12 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/08/31 11:48:12 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/31 11:48:12 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/08/31 11:48:12 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/08/31 11:48:12 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/08/31 11:48:12 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/08/31 11:48:12 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/08/31 11:48:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/08/31 11:48:12 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/08/31 11:48:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/08/31 11:48:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/08/31 11:48:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/08/31 11:48:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/08/31 11:48:12 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/08/31 11:48:12 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/31 11:48:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/31 11:48:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/31 11:48:12 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/08/31 11:48:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/08/31 11:48:12 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/08/31 11:48:12 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/08/31 11:48:12 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/08/31 11:48:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/08/31 11:48:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/08/31 11:48:12 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/08/31 11:48:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/08/31 11:48:12 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/08/31 11:48:12 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/08/31 11:48:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/08/31 11:48:12 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/08/31 11:48:12 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/08/31 11:05:05 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/31 11:05:05 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/30 12:25:03 | 000,001,648 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2012/08/30 12:25:02 | 000,001,648 | ---- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Waterfox.lnk
[2012/08/29 10:42:26 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\FlashPeak SlimBoat.lnk
[2012/08/29 10:42:26 | 000,000,801 | ---- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBoat.lnk
[2012/08/23 09:53:16 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/18 14:44:36 | 000,000,891 | ---- | M] () -- C:\Users\Ken\.recently-used.xbel
[2012/08/16 14:41:26 | 000,000,897 | ---- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/16 14:41:14 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/16 09:12:02 | 004,909,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 08:34:22 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/10 10:58:04 | 000,000,512 | ---- | C] () -- C:\Users\Ken\Desktop\MBR.dat
[2012/09/09 18:00:25 | 000,002,915 | ---- | C] () -- C:\Users\Ken\Desktop\My Bleeping Computer Report.rtf
[2012/09/09 15:57:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/09 15:57:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/09 15:57:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/09 15:57:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/09 15:57:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/08 16:04:28 | 000,000,000 | ---- | C] () -- C:\Users\Ken\defogger_reenable
[2012/09/08 16:02:46 | 000,050,477 | ---- | C] () -- C:\Users\Ken\Desktop\Defogger.exe
[2012/09/08 11:03:22 | 000,854,156 | ---- | C] () -- C:\Users\Ken\Desktop\SecurityCheck.exe
[2012/09/06 12:14:59 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/09/06 12:14:59 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/09/06 12:14:59 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/09/06 12:14:59 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/09/06 12:14:59 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/09/06 12:14:13 | 000,002,245 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012/09/06 12:06:45 | 002,170,913 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/09/05 21:56:54 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2012/08/31 11:48:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/31 11:48:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/30 12:25:02 | 000,001,648 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2012/08/30 12:25:02 | 000,001,648 | ---- | C] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Waterfox.lnk
[2012/08/25 19:25:10 | 000,000,722 | ---- | C] () -- C:\Users\Public\Desktop\FlashPeak SlimBrowser.lnk
[2012/08/25 19:25:10 | 000,000,722 | ---- | C] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk
[2012/08/18 14:44:36 | 000,000,891 | ---- | C] () -- C:\Users\Ken\.recently-used.xbel
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/12 15:49:40 | 000,000,000 | ---- | C] () -- C:\Users\Ken\AppData\Local\{F69EFE64-E761-448D-90D9-01BE9C12486A}
[2011/12/04 11:37:52 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011/11/24 00:35:26 | 000,000,132 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/09/21 22:23:37 | 000,775,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/09 21:23:32 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/09/09 21:23:30 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/07/20 00:57:14 | 000,000,066 | ---- | C] () -- C:\Users\Ken\AppData\Local\slurlproxy.csv
[2011/07/11 11:16:30 | 000,000,000 | ---- | C] () -- C:\Users\Ken\AppData\Local\{37B01BE8-9111-47DA-973C-BB44D1315694}
[2011/06/22 13:48:02 | 000,000,000 | ---- | C] () -- C:\Users\Ken\ipconfig
[2011/05/02 13:02:51 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/02 13:02:51 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/20 09:04:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/20 21:14:04 | 000,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/02/22 11:13:45 | 000,000,000 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\.googlewebacchosts
[2010/12/09 16:09:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/09 16:09:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/09 13:47:15 | 000,306,688 | ---- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2010/11/09 13:47:15 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2010/08/06 12:12:24 | 000,007,668 | ---- | C] () -- C:\Users\Ken\AppData\Local\Resmon.ResmonCfg

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:182F0EEA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

Edited by KWK, 10 September 2012 - 03:12 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 AM

Posted 10 September 2012 - 03:17 PM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 KWK

KWK
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 10 September 2012 - 03:53 PM

I have uses MS Fix it and resetting IE as you describe previously, which did not fix the problem. This also results in the security warning I previously described.

After running MS FixIt it as per your rquest and Deleting Personal Settings, restarting IE results in a window opening called Windows Internet Explorer 9. It recommends "Use recommended security and compatible settings." I have clicked ok on this previously, but now just close it. This always appearing after using Fixit and deleting personal settings. This is not a normal windows update. After closing it it takes me to http://windows.microsoft.com/en-us/internet-explorer/products/ie-9/welcome which I ignore. Closing and reopening IE results in the same window opening.

I have also tried InPrivate Browsing. The problem still exists.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 AM

Posted 10 September 2012 - 04:22 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 KWK

KWK
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 10 September 2012 - 04:47 PM

The problem continues. The security warning appears and the only way to use Google search is to click yes to continue.
It seems to be a loop cycle. Clicking yes seems to enable the problem and clicking no makes Google not functional.


HERE IS THE OTL REPORT:
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ken\Desktop\cmd.bat deleted successfully.
C:\Users\Ken\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Ken
->Java cache emptied: 3101651 bytes

User: Public

User: TEMP

User: UpdatusUser

User: UpdatusUser.KEN

User: UpdatusUser.Ken-PC

Total Java Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Ken
->Flash cache emptied: 57455 bytes

User: Public

User: TEMP
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 56502 bytes

User: UpdatusUser.KEN
->Flash cache emptied: 56475 bytes

User: UpdatusUser.Ken-PC
->Flash cache emptied: 56502 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.61.3 log created on 09102012_143924

#13 KWK

KWK
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 10 September 2012 - 04:57 PM

Something else has happened since using Fix it and resetting IE and I thought I should mention it since it does not seem to be fixing.
When I open Windows Live Mail it asks for a password for each of my email address and clicking ok does not allow authorization. This happened a few times before and usually restarting the PC fixes it or it is a problem with the ISP. It does not normally ask for passwords.

I called the ISP. It is problem with their email service.

Edited by KWK, 10 September 2012 - 07:12 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 AM

Posted 10 September 2012 - 09:30 PM

I would like you to try and uninstall ie 9 and reinstall


you can see how to do it here - http://windows.microsoft.com/en-US/windows7/how-do-i-install-or-uninstall-internet-explorer-9


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 KWK

KWK
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 11 September 2012 - 11:33 AM

I have previously tried uninstalled IE9, but the problem persisted in IE8. I reinstalled IE9 and the problem still persisted. Several days later I thought to uninstall IE9 and IE8 to see if the problem was there in IE7. I can no longer uninstall IE. The option is no longer in the uninstall list.
About IE shows I am running "version 9.0.8112.16421" and below that shows "update version 9.0.9 (KB2722913)". I don't know if that pop up window I previous got was for this update. I don't recall anything about it saying it was an update.

Should I install IE 9 again to see if it shows in the unstall list?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users