Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.2 & Trojan.Zeroaccess.B


  • This topic is locked This topic is locked
19 replies to this topic

#1 AL16

AL16

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 27 June 2012 - 01:30 AM

For the last 4 days, I've had a Norton popup appear about 8-10 minutes telling me that it has protected me from a security risk. "800000cb.@ (Trojan.Gen.2) detected by Auto-Protect" and "80000000.@ (Trojan.Zeroaccess.B) detected by Auto-Protect". Looking at further details regarding the files, they were both found in C:\windows\installer\{7faaafa-cf14-2f74-3593-878a94dc601b}\u\ file. I haven't had any trouble that I know of before this weekend with malware. I've been very careful to always run a weekly scan of my computer.

I have Norton Security Suite Version 6.2.1.5 which is up-to-date on the definitions. I ran a full scan of my system with Norton which did not find anything. I've also run Malwarebytes Anti-Malware which found Trojan.Small in a similar location to the Trojan.Gen.2 and Trojan.Zeroaccess.B files. I had Malwarebytes remove the Trojan.small file.

I am currently running Microsoft Vista Home Basic SP2 32-bit version. Please let me know if there's anything else I can provide.

The DDS file is below:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Anne at 20:46:23 on 2012-06-26
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.1318 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\DllHost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\SMART Technologies\Education Software\Aware.exe
C:\Program Files\SMART Technologies\Education Software\Marker.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig/dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5081205
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\6.2.1.5\coIEPlg.dll
BHO: SMART Notebook Download Utility: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\education software\win32\NotebookPlugin.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\6.2.1.5\coIEPlg.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SMART Board Service] "c:\program files\smart technologies\education software\SMARTBoardService.exe"
mRun: [SMART Board Tools] "c:\program files\smart technologies\education software\SMARTBoardTools.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [WD Quick View] c:\program files\western digital\wd smartware\WDDMStatus.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\anne\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{2B2D2B84-A390-4F90-843A-D095F2447892} : DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-6-25 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-6-25 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-19 821920]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-6-25 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20120626.001\IDSvix86.sys [2012-6-26 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-6-25 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys [2012-6-25 345208]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-4 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2010-1-11 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-24 654408]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\6.2.1.5\ccsvchst.exe [2012-6-25 138232]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-12-15 265624]
R2 WDFMEService;WDFME;c:\program files\western digital\wd smartware\WDFME.exe [2011-12-15 1591176]
R2 WDRulesService;WDRules;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-12-15 1091992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-25 106656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-4 111616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-24 22344]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2011-7-13 11632]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2011-7-13 14704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-17 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-4 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-17 136176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-25 23:26:38 345208 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys
2012-06-25 23:26:38 318584 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys
2012-06-25 23:26:37 905336 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symefa.sys
2012-06-25 23:26:37 340088 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symds.sys
2012-06-25 23:26:37 32888 ----a-w- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys
2012-06-25 23:26:36 574072 ----a-w- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys
2012-06-25 23:26:36 149624 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ironx86.sys
2012-06-25 23:26:36 132744 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys
2012-06-25 23:25:05 -------- d-----w- c:\windows\system32\drivers\n360\0602010.005
2012-06-25 23:17:26 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-25 23:17:26 -------- d-----w- c:\program files\Symantec
2012-06-25 23:17:26 -------- d-----w- c:\program files\common files\Symantec Shared
2012-06-25 23:14:16 -------- d-----w- c:\windows\system32\drivers\N360
2012-06-25 23:14:08 -------- d-----w- c:\program files\Norton Security Suite
2012-06-25 23:12:26 -------- d-----w- c:\program files\NortonInstaller
2012-06-25 22:55:50 -------- d-----w- c:\users\anne\appdata\roaming\Tific
2012-06-25 22:55:47 -------- d-----w- c:\users\anne\appdata\local\Symantec
2012-06-25 01:14:03 -------- d-----w- c:\users\anne\appdata\roaming\Malwarebytes
2012-06-25 01:13:43 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 01:13:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 01:13:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-25 00:36:39 -------- d-----w- c:\users\anne\appdata\local\NPE
2012-06-25 00:28:15 -------- d-----w- c:\users\anne\appdata\roaming\FixZeroAccess
2012-06-25 00:27:58 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-06-22 23:37:09 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-22 13:32:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 05:46:07 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 05:44:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 05:42:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 05:42:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-13 15:15:51 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 15:15:51 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 15:15:51 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 15:15:12 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:15:11 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 23:32:23 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-06-12 23:26:46 -------- d-----w- c:\program files\common files\XCPCSync.OEM
2012-05-31 22:58:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-31 22:58:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-31 22:58:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-31 22:58:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-31 22:58:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-31 22:58:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-31 22:58:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-06-22 23:37:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 23:37:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 20:48:18.66 ===============

Attached Files


Edited by AL16, 27 June 2012 - 01:33 AM.


BC AdBot (Login to Remove)

 


#2 AL16

AL16
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 27 June 2012 - 01:35 AM

For some reason the smiley face keeps showing up even though I turned the emoticons off. The letter B is supposed to show up there. No idea why I can't get it to change even though I tried editing it. My apologies.

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 27 June 2012 - 08:31 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 AL16

AL16
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 27 June 2012 - 09:15 AM

ST,

Any idea of the time length for each scan? I won't be able to get started until later this evening at the earliest. I'd like to get all of them done ASAP, but don't want to be stuck with scans running into the early morning hrs. Appreciate the help!

#5 AL16

AL16
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 27 June 2012 - 02:41 PM

Norton keeps blocking my download of Farbar. Any suggestions on how to avoid that?

#6 AL16

AL16
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 27 June 2012 - 05:44 PM

Just got Farbar to run and am running OTL right now.

#7 AL16

AL16
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 27 June 2012 - 06:34 PM

1. No questions for you at this time. Appreciate all the help. I work during the day so my scans will likely come around this time of day if future scans are needed.

2.TDSSKiller Log:
14:27:35.0380 2204 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
14:27:36.0088 2204 ============================================================
14:27:36.0088 2204 Current date / time: 2012/06/27 14:27:36.0088
14:27:36.0088 2204 SystemInfo:
14:27:36.0088 2204
14:27:36.0089 2204 OS Version: 6.0.6002 ServicePack: 2.0
14:27:36.0089 2204 Product type: Workstation
14:27:36.0089 2204 ComputerName: ANNE-PC
14:27:36.0089 2204 UserName: Anne
14:27:36.0089 2204 Windows directory: C:\Windows
14:27:36.0089 2204 System windows directory: C:\Windows
14:27:36.0089 2204 Processor architecture: Intel x86
14:27:36.0089 2204 Number of processors: 2
14:27:36.0089 2204 Page size: 0x1000
14:27:36.0089 2204 Boot type: Normal boot
14:27:36.0089 2204 ============================================================
14:27:36.0805 2204 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:27:36.0968 2204 ============================================================
14:27:36.0968 2204 \Device\Harddisk0\DR0:
14:27:36.0969 2204 MBR partitions:
14:27:36.0969 2204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
14:27:36.0969 2204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1B929168
14:27:37.0210 2204 ============================================================
14:27:37.0291 2204 C: <-> \Device\Harddisk0\DR0\Partition1
14:27:37.0367 2204 D: <-> \Device\Harddisk0\DR0\Partition0
14:27:37.0367 2204 ============================================================
14:27:37.0367 2204 Initialize success
14:27:37.0367 2204 ============================================================
14:28:15.0405 5020 ============================================================
14:28:15.0405 5020 Scan started
14:28:15.0405 5020 Mode: Manual; SigCheck; TDLFS;
14:28:15.0405 5020 ============================================================
14:28:16.0185 5020 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:28:16.0375 5020 ACPI - ok
14:28:16.0479 5020 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:28:16.0493 5020 AdobeARMservice - ok
14:28:16.0568 5020 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:28:16.0587 5020 AdobeFlashPlayerUpdateSvc - ok
14:28:16.0684 5020 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:28:16.0832 5020 adp94xx - ok
14:28:16.0893 5020 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:28:16.0926 5020 adpahci - ok
14:28:16.0937 5020 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:28:16.0960 5020 adpu160m - ok
14:28:16.0987 5020 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:28:17.0011 5020 adpu320 - ok
14:28:17.0044 5020 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:28:17.0180 5020 AeLookupSvc - ok
14:28:17.0220 5020 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
14:28:17.0273 5020 AESTFilters - ok
14:28:17.0342 5020 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:28:17.0404 5020 AFD - ok
14:28:17.0453 5020 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:28:17.0469 5020 agp440 - ok
14:28:17.0489 5020 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:28:17.0507 5020 aic78xx - ok
14:28:17.0538 5020 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:28:17.0707 5020 ALG - ok
14:28:17.0738 5020 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:28:17.0756 5020 aliide - ok
14:28:17.0800 5020 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:28:17.0817 5020 amdagp - ok
14:28:17.0822 5020 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:28:17.0839 5020 amdide - ok
14:28:17.0851 5020 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:28:17.0889 5020 AmdK7 - ok
14:28:17.0897 5020 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:28:17.0934 5020 AmdK8 - ok
14:28:17.0977 5020 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:28:18.0016 5020 ApfiltrService - ok
14:28:18.0066 5020 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:28:18.0122 5020 Appinfo - ok
14:28:18.0203 5020 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:28:18.0219 5020 Apple Mobile Device - ok
14:28:18.0240 5020 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:28:18.0261 5020 arc - ok
14:28:18.0295 5020 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:28:18.0316 5020 arcsas - ok
14:28:18.0337 5020 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:28:18.0387 5020 AsyncMac - ok
14:28:18.0408 5020 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:28:18.0429 5020 atapi - ok
14:28:18.0491 5020 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:28:18.0544 5020 AudioEndpointBuilder - ok
14:28:18.0550 5020 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:28:18.0576 5020 Audiosrv - ok
14:28:18.0632 5020 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys
14:28:18.0644 5020 BCM42RLY - ok
14:28:18.0782 5020 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:28:18.0846 5020 BCM43XX - ok
14:28:18.0899 5020 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:28:18.0939 5020 Beep - ok
14:28:19.0126 5020 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
14:28:19.0198 5020 BHDrvx86 - ok
14:28:19.0306 5020 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:28:19.0420 5020 BITS - ok
14:28:19.0502 5020 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:28:19.0572 5020 blbdrive - ok
14:28:19.0608 5020 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:28:19.0694 5020 bowser - ok
14:28:19.0719 5020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:28:19.0748 5020 BrFiltLo - ok
14:28:19.0763 5020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:28:19.0805 5020 BrFiltUp - ok
14:28:19.0846 5020 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:28:19.0884 5020 Browser - ok
14:28:19.0913 5020 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:28:20.0076 5020 Brserid - ok
14:28:20.0105 5020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:28:20.0172 5020 BrSerWdm - ok
14:28:20.0201 5020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:28:20.0271 5020 BrUsbMdm - ok
14:28:20.0285 5020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:28:20.0353 5020 BrUsbSer - ok
14:28:20.0374 5020 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:28:20.0441 5020 BTHMODEM - ok
14:28:20.0541 5020 CCALib8 (a9acc4b9730b6d5b0bb2bffdc53f0812) C:\Program Files\Canon\CAL\CALMAIN.exe
14:28:20.0563 5020 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
14:28:20.0563 5020 CCALib8 - detected UnsignedFile.Multi.Generic (1)
14:28:20.0704 5020 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys
14:28:20.0721 5020 ccSet_N360 - ok
14:28:20.0740 5020 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:28:20.0777 5020 cdfs - ok
14:28:20.0835 5020 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:28:20.0864 5020 cdrom - ok
14:28:20.0903 5020 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:28:20.0951 5020 CertPropSvc - ok
14:28:20.0992 5020 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:28:21.0048 5020 circlass - ok
14:28:21.0085 5020 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:28:21.0109 5020 CLFS - ok
14:28:21.0219 5020 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:28:21.0256 5020 clr_optimization_v2.0.50727_32 - ok
14:28:21.0387 5020 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:28:21.0414 5020 clr_optimization_v4.0.30319_32 - ok
14:28:21.0458 5020 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:28:21.0499 5020 CmBatt - ok
14:28:21.0646 5020 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:28:21.0662 5020 cmdide - ok
14:28:21.0703 5020 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:28:21.0723 5020 Compbatt - ok
14:28:21.0729 5020 COMSysApp - ok
14:28:21.0749 5020 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:28:21.0768 5020 crcdisk - ok
14:28:21.0824 5020 Creative Labs Licensing Service (0c629820aad9c90e456b221c94d640ca) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
14:28:21.0843 5020 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:28:21.0843 5020 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:28:21.0874 5020 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\system32\CTsvcCDA.exe
14:28:21.0895 5020 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
14:28:21.0895 5020 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
14:28:21.0933 5020 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:28:21.0983 5020 Crusoe - ok
14:28:22.0020 5020 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
14:28:22.0075 5020 CryptSvc - ok
14:28:22.0138 5020 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:28:22.0195 5020 DcomLaunch - ok
14:28:22.0219 5020 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:28:22.0258 5020 DfsC - ok
14:28:22.0421 5020 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:28:22.0594 5020 DFSR - ok
14:28:22.0977 5020 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:28:23.0030 5020 Dhcp - ok
14:28:23.0096 5020 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:28:23.0116 5020 disk - ok
14:28:23.0159 5020 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:28:23.0216 5020 Dnscache - ok
14:28:23.0334 5020 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:28:23.0386 5020 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
14:28:23.0386 5020 DockLoginService - detected UnsignedFile.Multi.Generic (1)
14:28:23.0433 5020 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:28:23.0478 5020 dot3svc - ok
14:28:23.0518 5020 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:28:23.0556 5020 Dot4 - ok
14:28:23.0580 5020 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:28:23.0635 5020 Dot4Print - ok
14:28:23.0688 5020 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:28:23.0777 5020 dot4usb - ok
14:28:23.0811 5020 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:28:23.0867 5020 DPS - ok
14:28:23.0900 5020 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:28:23.0935 5020 drmkaud - ok
14:28:24.0010 5020 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:28:24.0052 5020 DXGKrnl - ok
14:28:24.0118 5020 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
14:28:24.0203 5020 e1express - ok
14:28:24.0230 5020 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:28:24.0274 5020 E1G60 - ok
14:28:24.0305 5020 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:28:24.0338 5020 EapHost - ok
14:28:24.0387 5020 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:28:24.0406 5020 Ecache - ok
14:28:24.0501 5020 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:28:24.0524 5020 eeCtrl - ok
14:28:24.0582 5020 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:28:24.0640 5020 elxstor - ok
14:28:24.0733 5020 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:28:24.0876 5020 EMDMgmt - ok
14:28:24.0920 5020 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:28:24.0936 5020 EraserUtilRebootDrv - ok
14:28:24.0966 5020 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:28:25.0011 5020 ErrDev - ok
14:28:25.0057 5020 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:28:25.0092 5020 EventSystem - ok
14:28:25.0149 5020 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:28:25.0202 5020 exfat - ok
14:28:25.0235 5020 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:28:25.0292 5020 fastfat - ok
14:28:25.0341 5020 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:28:25.0394 5020 fdc - ok
14:28:25.0426 5020 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:28:25.0461 5020 fdPHost - ok
14:28:25.0480 5020 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:28:25.0544 5020 FDResPub - ok
14:28:25.0565 5020 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:28:25.0585 5020 FileInfo - ok
14:28:25.0591 5020 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:28:25.0759 5020 Filetrace - ok
14:28:25.0995 5020 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:28:26.0042 5020 flpydisk - ok
14:28:26.0068 5020 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:28:26.0088 5020 FltMgr - ok
14:28:26.0192 5020 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:28:26.0326 5020 FontCache - ok
14:28:26.0425 5020 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:28:26.0443 5020 FontCache3.0.0.0 - ok
14:28:26.0482 5020 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:28:26.0562 5020 Fs_Rec - ok
14:28:26.0594 5020 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:28:26.0621 5020 gagp30kx - ok
14:28:26.0655 5020 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:28:26.0675 5020 GEARAspiWDM - ok
14:28:26.0810 5020 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:28:26.0823 5020 GoogleDesktopManager-051210-111108 - ok
14:28:26.0877 5020 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
14:28:26.0889 5020 GoToAssist - ok
14:28:26.0956 5020 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:28:27.0008 5020 gpsvc - ok
14:28:27.0069 5020 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:28:27.0085 5020 gupdate - ok
14:28:27.0089 5020 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:28:27.0102 5020 gupdatem - ok
14:28:27.0157 5020 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:28:27.0193 5020 HdAudAddService - ok
14:28:27.0244 5020 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:28:27.0354 5020 HDAudBus - ok
14:28:27.0419 5020 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:28:27.0493 5020 HidBth - ok
14:28:27.0500 5020 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:28:27.0572 5020 HidIr - ok
14:28:27.0617 5020 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:28:27.0650 5020 hidserv - ok
14:28:27.0670 5020 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:28:27.0747 5020 HidUsb - ok
14:28:27.0771 5020 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:28:27.0815 5020 hkmsvc - ok
14:28:27.0849 5020 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:28:27.0866 5020 HpCISSs - ok
14:28:27.0952 5020 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:28:27.0982 5020 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:28:27.0982 5020 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:28:28.0015 5020 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:28:28.0056 5020 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:28:28.0056 5020 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:28:28.0109 5020 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:28:28.0147 5020 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:28:28.0147 5020 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:28:28.0250 5020 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:28:28.0412 5020 HSF_DPV - ok
14:28:28.0439 5020 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:28:28.0477 5020 HSXHWAZL - ok
14:28:28.0557 5020 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
14:28:28.0637 5020 HTTP - ok
14:28:28.0687 5020 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:28:28.0702 5020 i2omp - ok
14:28:28.0761 5020 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:28:28.0799 5020 i8042prt - ok
14:28:28.0892 5020 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
14:28:28.0915 5020 IAANTMON - ok
14:28:28.0957 5020 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
14:28:28.0976 5020 iaStor - ok
14:28:29.0028 5020 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:28:29.0054 5020 iaStorV - ok
14:28:29.0168 5020 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:28:29.0217 5020 idsvc - ok
14:28:29.0398 5020 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120626.001\IDSvix86.sys
14:28:29.0448 5020 IDSVix86 - ok
14:28:29.0750 5020 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:28:30.0000 5020 igfx - ok
14:28:30.0144 5020 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:28:30.0163 5020 iirsp - ok
14:28:30.0234 5020 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:28:30.0281 5020 IKEEXT - ok
14:28:30.0330 5020 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
14:28:30.0368 5020 IntcHdmiAddService - ok
14:28:30.0386 5020 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
14:28:30.0401 5020 intelide - ok
14:28:30.0425 5020 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:28:30.0462 5020 intelppm - ok
14:28:30.0486 5020 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:28:30.0516 5020 IPBusEnum - ok
14:28:30.0545 5020 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:28:30.0585 5020 IpFilterDriver - ok
14:28:30.0589 5020 IpInIp - ok
14:28:30.0617 5020 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:28:30.0657 5020 IPMIDRV - ok
14:28:30.0682 5020 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:28:30.0747 5020 IPNAT - ok
14:28:30.0889 5020 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
14:28:30.0985 5020 iPod Service - ok
14:28:31.0045 5020 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:28:31.0140 5020 IRENUM - ok
14:28:31.0169 5020 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:28:31.0195 5020 isapnp - ok
14:28:31.0238 5020 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:28:31.0269 5020 iScsiPrt - ok
14:28:31.0277 5020 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:28:31.0302 5020 iteatapi - ok
14:28:31.0310 5020 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:28:31.0335 5020 iteraid - ok
14:28:31.0348 5020 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:28:31.0364 5020 kbdclass - ok
14:28:31.0403 5020 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:28:31.0444 5020 kbdhid - ok
14:28:31.0464 5020 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:28:31.0505 5020 KeyIso - ok
14:28:31.0566 5020 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:28:31.0594 5020 KSecDD - ok
14:28:31.0653 5020 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:28:31.0720 5020 KtmRm - ok
14:28:31.0772 5020 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:28:31.0846 5020 LanmanServer - ok
14:28:31.0876 5020 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:28:31.0937 5020 LanmanWorkstation - ok
14:28:31.0996 5020 LexBceS (aeedacc6fb20fdba95213ad3bb009b7d) C:\Windows\System32\LEXBCES.EXE
14:28:32.0051 5020 LexBceS - ok
14:28:32.0109 5020 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:28:32.0158 5020 lltdio - ok
14:28:32.0194 5020 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:28:32.0239 5020 lltdsvc - ok
14:28:32.0257 5020 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:28:32.0325 5020 lmhosts - ok
14:28:32.0356 5020 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:28:32.0373 5020 LSI_FC - ok
14:28:32.0396 5020 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:28:32.0414 5020 LSI_SAS - ok
14:28:32.0442 5020 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:28:32.0460 5020 LSI_SCSI - ok
14:28:32.0490 5020 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:28:32.0531 5020 luafv - ok
14:28:32.0580 5020 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:28:32.0595 5020 MBAMProtector - ok
14:28:32.0711 5020 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:28:32.0744 5020 MBAMService - ok
14:28:32.0767 5020 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:28:32.0798 5020 mdmxsdk - ok
14:28:32.0843 5020 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:28:32.0859 5020 megasas - ok
14:28:32.0905 5020 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:28:32.0932 5020 MegaSR - ok
14:28:32.0972 5020 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:28:33.0010 5020 MMCSS - ok
14:28:33.0031 5020 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:28:33.0059 5020 Modem - ok
14:28:33.0087 5020 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:28:33.0118 5020 monitor - ok
14:28:33.0136 5020 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:28:33.0153 5020 mouclass - ok
14:28:33.0171 5020 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:28:33.0210 5020 mouhid - ok
14:28:33.0226 5020 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:28:33.0242 5020 MountMgr - ok
14:28:33.0280 5020 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:28:33.0297 5020 mpio - ok
14:28:33.0316 5020 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:28:33.0340 5020 mpsdrv - ok
14:28:33.0360 5020 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:28:33.0376 5020 Mraid35x - ok
14:28:33.0392 5020 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:28:33.0410 5020 MRxDAV - ok
14:28:33.0448 5020 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:28:33.0475 5020 mrxsmb - ok
14:28:33.0506 5020 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:28:33.0536 5020 mrxsmb10 - ok
14:28:33.0554 5020 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:28:33.0584 5020 mrxsmb20 - ok
14:28:33.0613 5020 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
14:28:33.0630 5020 msahci - ok
14:28:33.0642 5020 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:28:33.0660 5020 msdsm - ok
14:28:33.0710 5020 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:28:33.0764 5020 MSDTC - ok
14:28:33.0790 5020 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:28:33.0827 5020 Msfs - ok
14:28:33.0873 5020 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:28:33.0889 5020 msisadrv - ok
14:28:33.0915 5020 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:28:33.0957 5020 MSiSCSI - ok
14:28:33.0962 5020 msiserver - ok
14:28:33.0985 5020 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:28:34.0013 5020 MSKSSRV - ok
14:28:34.0066 5020 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:28:34.0154 5020 MSPCLOCK - ok
14:28:34.0203 5020 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:28:34.0232 5020 MSPQM - ok
14:28:34.0274 5020 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:28:34.0295 5020 MsRPC - ok
14:28:34.0323 5020 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:28:34.0339 5020 mssmbios - ok
14:28:34.0358 5020 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:28:34.0387 5020 MSTEE - ok
14:28:34.0412 5020 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:28:34.0429 5020 Mup - ok
14:28:34.0515 5020 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
14:28:34.0531 5020 N360 - ok
14:28:34.0573 5020 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:28:34.0617 5020 napagent - ok
14:28:34.0652 5020 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:28:34.0691 5020 NativeWifiP - ok
14:28:34.0870 5020 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120627.006\NAVENG.SYS
14:28:34.0887 5020 NAVENG - ok
14:28:35.0065 5020 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120627.006\NAVEX15.SYS
14:28:35.0145 5020 NAVEX15 - ok
14:28:35.0360 5020 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:28:35.0398 5020 NDIS - ok
14:28:35.0414 5020 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:28:35.0492 5020 NdisTapi - ok
14:28:35.0498 5020 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:28:35.0541 5020 Ndisuio - ok
14:28:35.0582 5020 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:28:35.0612 5020 NdisWan - ok
14:28:35.0631 5020 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:28:35.0667 5020 NDProxy - ok
14:28:35.0708 5020 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
14:28:35.0716 5020 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:28:35.0716 5020 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:28:35.0756 5020 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:28:35.0816 5020 NetBIOS - ok
14:28:35.0860 5020 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:28:35.0899 5020 netbt - ok
14:28:35.0924 5020 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:28:35.0939 5020 Netlogon - ok
14:28:35.0982 5020 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:28:36.0016 5020 Netman - ok
14:28:36.0047 5020 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:28:36.0089 5020 netprofm - ok
14:28:36.0134 5020 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:28:36.0150 5020 NetTcpPortSharing - ok
14:28:36.0191 5020 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:28:36.0207 5020 nfrd960 - ok
14:28:36.0247 5020 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:28:36.0287 5020 NlaSvc - ok
14:28:36.0309 5020 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:28:36.0344 5020 Npfs - ok
14:28:36.0362 5020 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:28:36.0401 5020 nsi - ok
14:28:36.0422 5020 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:28:36.0460 5020 nsiproxy - ok
14:28:36.0551 5020 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:28:36.0603 5020 Ntfs - ok
14:28:36.0640 5020 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:28:36.0711 5020 ntrigdigi - ok
14:28:36.0723 5020 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:28:36.0754 5020 Null - ok
14:28:36.0767 5020 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:28:36.0791 5020 nvraid - ok
14:28:36.0801 5020 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:28:36.0822 5020 nvstor - ok
14:28:36.0863 5020 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:28:36.0882 5020 nv_agp - ok
14:28:36.0895 5020 NwlnkFlt - ok
14:28:36.0905 5020 NwlnkFwd - ok
14:28:37.0033 5020 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:28:37.0063 5020 odserv - ok
14:28:37.0126 5020 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
14:28:37.0170 5020 OEM02Dev - ok
14:28:37.0200 5020 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
14:28:37.0214 5020 OEM02Vfx - ok
14:28:37.0252 5020 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:28:37.0277 5020 ohci1394 - ok
14:28:37.0318 5020 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:28:37.0334 5020 ose - ok
14:28:37.0403 5020 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:28:37.0510 5020 p2pimsvc - ok
14:28:37.0520 5020 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:28:37.0580 5020 p2psvc - ok
14:28:37.0633 5020 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:28:37.0734 5020 Parport - ok
14:28:37.0763 5020 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:28:37.0779 5020 partmgr - ok
14:28:37.0796 5020 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:28:37.0854 5020 Parvdm - ok
14:28:37.0884 5020 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:28:37.0931 5020 PcaSvc - ok
14:28:37.0979 5020 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:28:37.0997 5020 pci - ok
14:28:38.0060 5020 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:28:38.0078 5020 pciide - ok
14:28:38.0163 5020 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:28:38.0201 5020 pcmcia - ok
14:28:38.0288 5020 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:28:38.0374 5020 PEAUTH - ok
14:28:38.0941 5020 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:28:39.0097 5020 pla - ok
14:28:39.0260 5020 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:28:39.0289 5020 PlugPlay - ok
14:28:39.0327 5020 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
14:28:39.0364 5020 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:28:39.0364 5020 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:28:39.0448 5020 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:28:39.0481 5020 PNRPAutoReg - ok
14:28:39.0490 5020 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:28:39.0573 5020 PNRPsvc - ok
14:28:39.0647 5020 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:28:39.0682 5020 PolicyAgent - ok
14:28:39.0737 5020 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:28:39.0767 5020 PptpMiniport - ok
14:28:39.0786 5020 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:28:39.0832 5020 Processor - ok
14:28:39.0877 5020 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:28:39.0903 5020 ProfSvc - ok
14:28:39.0923 5020 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:28:39.0939 5020 ProtectedStorage - ok
14:28:39.0978 5020 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:28:40.0017 5020 PSched - ok
14:28:40.0074 5020 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
14:28:40.0090 5020 PxHelp20 - ok
14:28:40.0188 5020 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:28:40.0333 5020 ql2300 - ok
14:28:40.0399 5020 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:28:40.0416 5020 ql40xx - ok
14:28:40.0470 5020 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:28:40.0505 5020 QWAVE - ok
14:28:40.0525 5020 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:28:40.0556 5020 QWAVEdrv - ok
14:28:40.0736 5020 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
14:28:41.0182 5020 R300 - ok
14:28:41.0315 5020 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:28:41.0356 5020 RasAcd - ok
14:28:41.0388 5020 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:28:41.0425 5020 RasAuto - ok
14:28:41.0449 5020 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:28:41.0493 5020 Rasl2tp - ok
14:28:41.0534 5020 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:28:41.0576 5020 RasMan - ok
14:28:41.0602 5020 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:28:41.0635 5020 RasPppoe - ok
14:28:41.0662 5020 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:28:41.0680 5020 RasSstp - ok
14:28:41.0722 5020 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:28:41.0761 5020 rdbss - ok
14:28:41.0785 5020 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:28:41.0839 5020 RDPCDD - ok
14:28:41.0886 5020 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:28:41.0919 5020 rdpdr - ok
14:28:41.0923 5020 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:28:41.0952 5020 RDPENCDD - ok
14:28:41.0998 5020 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
14:28:42.0058 5020 RDPWD - ok
14:28:42.0091 5020 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:28:42.0131 5020 RemoteAccess - ok
14:28:42.0154 5020 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:28:42.0179 5020 RemoteRegistry - ok
14:28:42.0215 5020 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
14:28:42.0265 5020 rimmptsk - ok
14:28:42.0274 5020 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
14:28:42.0305 5020 rimsptsk - ok
14:28:42.0310 5020 RimUsb - ok
14:28:42.0352 5020 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows\system32\DRIVERS\RimSerial.sys
14:28:42.0394 5020 RimVSerPort - ok
14:28:42.0420 5020 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
14:28:42.0443 5020 rismxdp - ok
14:28:42.0466 5020 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
14:28:42.0503 5020 ROOTMODEM - ok
14:28:42.0522 5020 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:28:42.0549 5020 RpcLocator - ok
14:28:42.0612 5020 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:28:42.0643 5020 RpcSs - ok
14:28:42.0664 5020 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:28:42.0693 5020 rspndr - ok
14:28:42.0707 5020 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:28:42.0724 5020 SamSs - ok
14:28:42.0755 5020 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:28:42.0776 5020 sbp2port - ok
14:28:42.0815 5020 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:28:42.0858 5020 SCardSvr - ok
14:28:42.0924 5020 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:28:43.0029 5020 Schedule - ok
14:28:43.0078 5020 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:28:43.0114 5020 SCPolicySvc - ok
14:28:43.0175 5020 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
14:28:43.0215 5020 sdbus - ok
14:28:43.0274 5020 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:28:43.0371 5020 SDRSVC - ok
14:28:43.0389 5020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:28:43.0463 5020 secdrv - ok
14:28:43.0478 5020 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:28:43.0525 5020 seclogon - ok
14:28:43.0541 5020 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:28:43.0574 5020 SENS - ok
14:28:43.0609 5020 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:28:43.0684 5020 Serenum - ok
14:28:43.0717 5020 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:28:43.0778 5020 Serial - ok
14:28:43.0797 5020 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:28:43.0827 5020 sermouse - ok
14:28:43.0862 5020 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:28:43.0892 5020 SessionEnv - ok
14:28:43.0897 5020 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
14:28:43.0921 5020 sffdisk - ok
14:28:43.0939 5020 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:28:43.0979 5020 sffp_mmc - ok
14:28:43.0997 5020 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:28:44.0033 5020 sffp_sd - ok
14:28:44.0049 5020 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:28:44.0098 5020 sfloppy - ok
14:28:44.0142 5020 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:28:44.0232 5020 ShellHWDetection - ok
14:28:44.0253 5020 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:28:44.0270 5020 sisagp - ok
14:28:44.0296 5020 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:28:44.0313 5020 SiSRaid2 - ok
14:28:44.0323 5020 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:28:44.0341 5020 SiSRaid4 - ok
14:28:44.0590 5020 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:28:44.0767 5020 slsvc - ok
14:28:44.0890 5020 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:28:44.0920 5020 SLUINotify - ok
14:28:44.0979 5020 SMARTMouseFilterx86 (63a8bc2ef084ba9f1de28dac078da7b3) C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
14:28:44.0994 5020 SMARTMouseFilterx86 - ok
14:28:45.0019 5020 SMARTVHidMini2000x86 (d1bed532d69788e3ee646fcf20e66561) C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
14:28:45.0034 5020 SMARTVHidMini2000x86 - ok
14:28:45.0054 5020 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:28:45.0094 5020 Smb - ok
14:28:45.0127 5020 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:28:45.0148 5020 SNMPTRAP - ok
14:28:45.0166 5020 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:28:45.0181 5020 spldr - ok
14:28:45.0201 5020 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:28:45.0236 5020 Spooler - ok
14:28:45.0340 5020 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS
14:28:45.0370 5020 SRTSP - ok
14:28:45.0420 5020 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS
14:28:45.0433 5020 SRTSPX - ok
14:28:45.0622 5020 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:28:45.0704 5020 srv - ok
14:28:45.0727 5020 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:28:45.0763 5020 srv2 - ok
14:28:45.0780 5020 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:28:45.0809 5020 srvnet - ok
14:28:45.0838 5020 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:28:45.0890 5020 SSDPSRV - ok
14:28:45.0927 5020 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:28:45.0951 5020 SstpSvc - ok
14:28:46.0049 5020 STacSV (71679f24d0d0b2c6403bb5ac57026e99) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
14:28:46.0083 5020 STacSV - ok
14:28:46.0133 5020 STHDA (68a0d39e357dd7a234b1d4f1e844c615) C:\Windows\system32\drivers\stwrt.sys
14:28:46.0249 5020 STHDA - ok
14:28:46.0318 5020 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
14:28:46.0355 5020 StillCam - ok
14:28:46.0412 5020 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:28:46.0441 5020 stisvc - ok
14:28:46.0527 5020 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:28:46.0541 5020 stllssvr - ok
14:28:46.0590 5020 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:28:46.0606 5020 swenum - ok
14:28:46.0647 5020 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:28:46.0691 5020 swprv - ok
14:28:46.0716 5020 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:28:46.0736 5020 Symc8xx - ok
14:28:46.0838 5020 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602010.005\SYMDS.SYS
14:28:46.0862 5020 SymDS - ok
14:28:46.0966 5020 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602010.005\SYMEFA.SYS
14:28:47.0026 5020 SymEFA - ok
14:28:47.0090 5020 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:28:47.0114 5020 SymEvent - ok
14:28:47.0147 5020 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS
14:28:47.0170 5020 SymIRON - ok
14:28:47.0214 5020 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0602010.005\SYMTDIV.SYS
14:28:47.0247 5020 SYMTDIv - ok
14:28:47.0283 5020 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:28:47.0307 5020 Sym_hi - ok
14:28:47.0316 5020 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:28:47.0343 5020 Sym_u3 - ok
14:28:47.0413 5020 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:28:47.0531 5020 SysMain - ok
14:28:47.0594 5020 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:28:47.0614 5020 TabletInputService - ok
14:28:47.0650 5020 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:28:47.0691 5020 TapiSrv - ok
14:28:47.0715 5020 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:28:47.0748 5020 TBS - ok
14:28:47.0836 5020 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:28:47.0968 5020 Tcpip - ok
14:28:47.0982 5020 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:28:48.0147 5020 Tcpip6 - ok
14:28:48.0176 5020 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:28:48.0222 5020 tcpipreg - ok
14:28:48.0260 5020 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:28:48.0289 5020 TDPIPE - ok
14:28:48.0339 5020 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:28:48.0389 5020 TDTCP - ok
14:28:48.0433 5020 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:28:48.0467 5020 tdx - ok
14:28:48.0492 5020 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:28:48.0509 5020 TermDD - ok
14:28:48.0564 5020 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:28:48.0607 5020 TermService - ok
14:28:48.0665 5020 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:28:48.0689 5020 Themes - ok
14:28:48.0715 5020 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:28:48.0748 5020 THREADORDER - ok
14:28:48.0782 5020 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:28:48.0814 5020 TrkWks - ok
14:28:48.0858 5020 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:28:48.0881 5020 TrustedInstaller - ok
14:28:48.0899 5020 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:28:48.0949 5020 tssecsrv - ok
14:28:48.0976 5020 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:28:49.0005 5020 tunmp - ok
14:28:49.0030 5020 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:28:49.0057 5020 tunnel - ok
14:28:49.0078 5020 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:28:49.0095 5020 uagp35 - ok
14:28:49.0134 5020 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:28:49.0161 5020 udfs - ok
14:28:49.0195 5020 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:28:49.0241 5020 UI0Detect - ok
14:28:49.0269 5020 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:28:49.0286 5020 uliagpkx - ok
14:28:49.0325 5020 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:28:49.0347 5020 uliahci - ok
14:28:49.0360 5020 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:28:49.0376 5020 UlSata - ok
14:28:49.0387 5020 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:28:49.0404 5020 ulsata2 - ok
14:28:49.0424 5020 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:28:49.0491 5020 umbus - ok
14:28:49.0529 5020 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:28:49.0565 5020 upnphost - ok
14:28:49.0598 5020 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
14:28:49.0632 5020 USBAAPL - ok
14:28:49.0660 5020 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:28:49.0700 5020 usbccgp - ok
14:28:49.0738 5020 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:28:49.0798 5020 usbcir - ok
14:28:49.0842 5020 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:28:49.0865 5020 usbehci - ok
14:28:49.0903 5020 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:28:49.0929 5020 usbhub - ok
14:28:49.0954 5020 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:28:50.0001 5020 usbohci - ok
14:28:50.0035 5020 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:28:50.0073 5020 usbprint - ok
14:28:50.0104 5020 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:28:50.0128 5020 usbscan - ok
14:28:50.0138 5020 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:28:50.0172 5020 USBSTOR - ok
14:28:50.0200 5020 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:28:50.0223 5020 usbuhci - ok
14:28:50.0253 5020 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:28:50.0293 5020 UxSms - ok
14:28:50.0347 5020 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:28:50.0391 5020 vds - ok
14:28:50.0431 5020 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:28:50.0467 5020 vga - ok
14:28:50.0488 5020 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:28:50.0518 5020 VgaSave - ok
14:28:50.0531 5020 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:28:50.0548 5020 viaagp - ok
14:28:50.0565 5020 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:28:50.0623 5020 ViaC7 - ok
14:28:50.0629 5020 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:28:50.0645 5020 viaide - ok
14:28:50.0681 5020 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:28:50.0697 5020 volmgr - ok
14:28:50.0739 5020 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:28:50.0765 5020 volmgrx - ok
14:28:50.0793 5020 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:28:50.0820 5020 volsnap - ok
14:28:50.0858 5020 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:28:50.0877 5020 vsmraid - ok
14:28:50.0989 5020 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:28:51.0052 5020 VSS - ok
14:28:51.0108 5020 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:28:51.0138 5020 W32Time - ok
14:28:51.0199 5020 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:28:51.0247 5020 WacomPen - ok
14:28:51.0269 5020 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:28:51.0311 5020 Wanarp - ok
14:28:51.0315 5020 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:28:51.0339 5020 Wanarpv6 - ok
14:28:51.0400 5020 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:28:51.0426 5020 wcncsvc - ok
14:28:51.0464 5020 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:28:51.0488 5020 WcsPlugInService - ok
14:28:51.0494 5020 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:28:51.0512 5020 Wd - ok
14:28:51.0541 5020 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
14:28:51.0581 5020 WDC_SAM - ok
14:28:51.0690 5020 WDDMService (24e26b7c7706aebf679b70575610d5f9) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
14:28:51.0708 5020 WDDMService - ok
14:28:51.0755 5020 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:28:51.0789 5020 Wdf01000 - ok
14:28:51.0927 5020 WDFMEService (6c0c5b01a6a57d9b75839ad0f22dc3f1) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
14:28:52.0019 5020 WDFMEService - ok
14:28:52.0162 5020 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:28:52.0206 5020 WdiServiceHost - ok
14:28:52.0210 5020 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:28:52.0240 5020 WdiSystemHost - ok
14:28:52.0416 5020 WDRulesService (6063d6602b8d60afa3cc10586b79a58a) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
14:28:52.0457 5020 WDRulesService - ok
14:28:52.0498 5020 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:28:52.0523 5020 WebClient - ok
14:28:52.0561 5020 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:28:52.0603 5020 Wecsvc - ok
14:28:52.0627 5020 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:28:52.0657 5020 wercplsupport - ok
14:28:52.0691 5020 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:28:52.0732 5020 WerSvc - ok
14:28:52.0828 5020 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:28:52.0972 5020 winachsf - ok
14:28:52.0994 5020 WinHttpAutoProxySvc - ok
14:28:53.0079 5020 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:28:53.0106 5020 Winmgmt - ok
14:28:53.0203 5020 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:28:53.0293 5020 WinRM - ok
14:28:53.0362 5020 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:28:53.0509 5020 Wlansvc - ok
14:28:53.0515 5020 wltrysvc - ok
14:28:53.0600 5020 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:28:53.0629 5020 WmiAcpi - ok
14:28:53.0713 5020 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:28:53.0746 5020 wmiApSrv - ok
14:28:53.0872 5020 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:28:54.0002 5020 WMPNetworkSvc - ok
14:28:54.0075 5020 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:28:54.0132 5020 WPCSvc - ok
14:28:54.0161 5020 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:28:54.0196 5020 WPDBusEnum - ok
14:28:54.0261 5020 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:28:54.0281 5020 WpdUsb - ok
14:28:54.0440 5020 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:28:54.0557 5020 WPFFontCache_v0400 - ok
14:28:54.0615 5020 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:28:54.0708 5020 ws2ifsl - ok
14:28:54.0714 5020 WSearch - ok
14:28:54.0880 5020 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:28:54.0962 5020 wuauserv - ok
14:28:55.0092 5020 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:28:55.0122 5020 WUDFRd - ok
14:28:55.0154 5020 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:28:55.0201 5020 wudfsvc - ok
14:28:55.0228 5020 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
14:28:55.0255 5020 XAudio - ok
14:28:55.0291 5020 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
14:28:55.0354 5020 XAudioService - ok
14:28:55.0423 5020 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
14:28:55.0524 5020 yukonwlh - ok
14:28:55.0574 5020 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
14:28:55.0994 5020 \Device\Harddisk0\DR0 - ok
14:28:56.0152 5020 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
14:28:56.0154 5020 \Device\Harddisk0\DR0\Partition0 - ok
14:28:56.0170 5020 Boot (0x1200) (f805fa144e726ceaa4cf9a250587b283) \Device\Harddisk0\DR0\Partition1
14:28:56.0172 5020 \Device\Harddisk0\DR0\Partition1 - ok
14:28:56.0173 5020 ============================================================
14:28:56.0173 5020 Scan finished
14:28:56.0173 5020 ============================================================
14:28:56.0188 5108 Detected object count: 9
14:28:56.0188 5108 Actual detected object count: 9
14:29:45.0292 5108 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:45.0292 5108 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:45.0295 5108 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:45.0295 5108 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:45.0295 5108 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:45.0296 5108 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:45.0298 5108 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:45.0298 5108 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:45.0299 5108 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:45.0299 5108 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:45.0305 5108 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:45.0305 5108 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:45.0305 5108 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:45.0305 5108 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:45.0310 5108 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:45.0310 5108 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:29:45.0312 5108 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:29:45.0312 5108 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:31:48.0421 6104 Deinitialize success


3. Farbar Scan Log
Farbar Service Scanner Version: 25-06-2012 01
Ran by Anne (administrator) on 27-06-2012 at 17:36:03
Running from "C:\Users\Anne\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 18:39] - [2012-03-30 07:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 10:15] - [2012-04-23 11:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


4.OTL logfile created on: 6/27/2012 5:43:44 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Anne\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 36.59% Memory free
6.18 Gb Paging File | 4.09 Gb Available in Paging File | 66.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 118.70 Gb Free Space | 53.81% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.91 Gb Free Space | 50.24% Space Free | Partition Type: NTFS

Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 17:39:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\otl.exe
PRC - [2012/06/11 12:58:30 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ccsvchst.exe
PRC - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/12/15 09:25:28 | 003,998,616 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
PRC - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/07/13 21:14:40 | 001,761,136 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2011/06/23 15:28:32 | 009,800,560 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
PRC - [2011/06/23 15:28:28 | 004,860,784 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\Marker.exe
PRC - [2011/06/23 15:28:28 | 001,825,136 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\Aware.exe
PRC - [2010/10/12 09:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 13:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/12/04 20:02:48 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/03/04 00:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/15 18:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008/02/15 18:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/12/21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 03:28:26 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\3b5151bbd0e6de9d28585589bda695cd\MenuSkinning.ni.dll
MOD - [2012/06/15 03:27:55 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\4665c10b713844b5a2e77e5ed50f9cfe\VistaBridgeLibrary.ni.dll
MOD - [2012/06/15 03:27:50 | 002,584,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\b46f17d6b131711060172ef5b72c71df\DellDock.ni.exe
MOD - [2012/06/15 03:27:48 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\8607754d59549e501cd716c679fd03ff\MyDock.Util.ni.dll
MOD - [2012/06/15 03:27:39 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/15 03:25:17 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/15 00:01:05 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/11 19:28:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/11 19:28:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 19:27:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 19:27:44 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/11 18:39:16 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 18:36:34 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 18:33:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/12/15 09:25:24 | 000,070,040 | R--- | M] () -- C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll
MOD - [2011/10/01 17:34:12 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
MOD - [2011/10/01 17:33:58 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/12 21:59:13 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/07/03 08:42:04 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/22 18:37:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/04 20:25:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/04 20:02:48 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/02/15 18:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Anne\AppData\Local\Temp\pxldrpow.sys -- (pxldrpow)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Anne\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/06/25 18:28:11 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120627.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/06/25 18:28:11 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/25 18:28:11 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120627.006\NAVENG.SYS -- (NAVENG)
DRV - [2012/06/25 18:17:26 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/06/25 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/22 15:43:50 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120626.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/06/19 00:03:24 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/29 01:03:28 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 01:03:28 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/23 21:23:48 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
DRV - [2011/11/16 22:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
DRV - [2011/11/04 18:59:36 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)
DRV - [2011/07/13 21:17:14 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2011/07/13 21:16:54 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/03 08:41:54 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 07:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/02/15 18:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\..\SearchScopes,DefaultScope = ComcastSearch
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DMUS
IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5081205
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\..\SearchScopes,DefaultScope = {2D45E04F-35FE-4016-94D2-DD2590A9ABAE}
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\..\SearchScopes\{2D45E04F-35FE-4016-94D2-DD2590A9ABAE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DNUS_en
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DNUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=iHhsOg3ELnFqTBfq9Bwj-U1REVk?q={searchTerms}
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/06/14 17:00:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/06/25 18:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/06/26 19:16:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/06/14 17:00:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2814111827-105996498-531587399-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2814111827-105996498-531587399-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2D2B84-A390-4F90-843A-D095F2447892}: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Anne\Pictures\240590805063009376_g6BTY4Vc_c.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anne\Pictures\240590805063009376_g6BTY4Vc_c.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3df50b68-1fd2-11de-b869-0023ae09986b}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008/01/20 21:32:58 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3df50b6d-1fd2-11de-b869-0023ae09986b}\Shell - "" = AutoRun
O33 - MountPoints2\{3df50b6d-1fd2-11de-b869-0023ae09986b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 17:39:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Anne\Desktop\otl.exe
[2012/06/27 14:26:44 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anne\Desktop\tdsskiller.exe
[2012/06/26 20:58:10 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\gmer
[2012/06/26 20:56:30 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\WinRAR
[2012/06/26 20:56:30 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/26 20:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/26 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/06/26 20:45:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Anne\Desktop\dds.scr
[2012/06/25 18:26:38 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symtdiv.sys
[2012/06/25 18:26:38 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symnets.sys
[2012/06/25 18:26:37 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys
[2012/06/25 18:26:37 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys
[2012/06/25 18:26:37 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys
[2012/06/25 18:26:36 | 000,574,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys
[2012/06/25 18:26:36 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys
[2012/06/25 18:26:36 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys
[2012/06/25 18:25:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0602010.005
[2012/06/25 18:17:26 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/06/25 18:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/06/25 18:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/06/25 18:14:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2012/06/25 18:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2012/06/25 18:14:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2012/06/25 18:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/06/25 17:55:50 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Tific
[2012/06/25 17:55:47 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Symantec
[2012/06/24 20:14:03 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes
[2012/06/24 20:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/24 20:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/24 20:13:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/24 20:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/24 19:36:39 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\NPE
[2012/06/24 19:28:15 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\FixZeroAccess
[2012/06/24 19:27:58 | 000,035,752 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixZeroAccess.sys
[2012/06/22 18:37:09 | 009,815,752 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/06/22 08:32:35 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/06/22 00:46:07 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 00:46:07 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 00:44:41 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 00:44:40 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 00:44:40 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 00:42:43 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 00:42:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 21:07:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 21:07:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 21:07:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 21:07:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 21:07:48 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 21:07:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 21:07:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 10:15:11 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/12 18:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM
[2012/05/31 17:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/31 17:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/01/07 22:30:38 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Anne\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/06/27 17:53:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/27 17:41:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/06/27 17:39:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\otl.exe
[2012/06/27 17:37:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 17:34:47 | 000,340,645 | ---- | M] () -- C:\Users\Anne\Desktop\fss.exe
[2012/06/27 17:31:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 17:31:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 17:31:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 17:31:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 14:26:45 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anne\Desktop\tdsskiller.exe
[2012/06/26 20:52:20 | 000,294,216 | ---- | M] () -- C:\Users\Anne\Desktop\gmer.zip
[2012/06/26 20:45:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Anne\Desktop\dds.scr
[2012/06/26 20:42:54 | 000,000,000 | ---- | M] () -- C:\Users\Anne\defogger_reenable
[2012/06/26 20:41:42 | 000,050,477 | ---- | M] () -- C:\Users\Anne\Desktop\Defogger.exe
[2012/06/26 19:42:14 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/26 19:42:14 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/26 19:17:41 | 000,003,792 | ---- | M] () -- C:\{B705FAD1-866C-4F08-A310-1FA455CDB678}
[2012/06/26 19:15:47 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/26 19:15:28 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 01:35:52 | 000,003,792 | ---- | M] () -- C:\{361B032B-6720-4D70-A1F3-A5E23FFDB652}
[2012/06/25 22:57:16 | 000,003,760 | ---- | M] () -- C:\{98A8B508-33AA-419E-A875-F24243302E16}
[2012/06/25 22:55:40 | 000,003,792 | ---- | M] () -- C:\{41316500-E3C6-42F7-85F1-9D57B34A662D}
[2012/06/25 18:40:53 | 000,002,162 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/06/25 18:40:31 | 002,248,273 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\Cat.DB
[2012/06/25 18:28:14 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\VT20120410.034
[2012/06/25 18:17:26 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/06/25 18:17:26 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/06/25 18:17:26 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/06/25 18:04:20 | 000,000,937 | ---- | M] () -- C:\Users\Anne\Desktop\Norton Installation Files.lnk
[2012/06/24 22:51:13 | 000,035,752 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixZeroAccess.sys
[2012/06/24 20:13:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 17:57:04 | 000,005,972 | ---- | M] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat
[2012/06/22 18:37:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/22 18:37:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/22 18:37:09 | 009,815,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/06/17 23:53:16 | 000,000,600 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\winscp.rnd
[2012/06/17 21:23:52 | 000,186,553 | ---- | M] () -- C:\Windows\hpwins23.dat
[2012/06/14 23:54:37 | 000,388,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/12 18:34:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2012/06/12 18:29:52 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/06/05 22:41:41 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini
[2012/06/02 17:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 17:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 17:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 17:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 17:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/01 18:00:24 | 000,195,013 | ---- | M] () -- C:\Users\Anne\Documents\rent payment confirmation 2.notebook
[2012/05/31 17:58:12 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012/06/27 17:34:47 | 000,340,645 | ---- | C] () -- C:\Users\Anne\Desktop\fss.exe
[2012/06/26 20:52:20 | 000,294,216 | ---- | C] () -- C:\Users\Anne\Desktop\gmer.zip
[2012/06/26 20:42:54 | 000,000,000 | ---- | C] () -- C:\Users\Anne\defogger_reenable
[2012/06/26 20:41:42 | 000,050,477 | ---- | C] () -- C:\Users\Anne\Desktop\Defogger.exe
[2012/06/26 19:17:35 | 000,003,792 | ---- | C] () -- C:\{B705FAD1-866C-4F08-A310-1FA455CDB678}
[2012/06/26 19:16:20 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000001.@
[2012/06/26 01:35:52 | 000,003,792 | ---- | C] () -- C:\{361B032B-6720-4D70-A1F3-A5E23FFDB652}
[2012/06/25 22:57:16 | 000,003,760 | ---- | C] () -- C:\{98A8B508-33AA-419E-A875-F24243302E16}
[2012/06/25 22:55:39 | 000,003,792 | ---- | C] () -- C:\{41316500-E3C6-42F7-85F1-9D57B34A662D}
[2012/06/25 18:38:20 | 002,248,273 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\Cat.DB
[2012/06/25 18:29:41 | 000,008,942 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\VT20120410.034
[2012/06/25 18:26:38 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnetv.cat
[2012/06/25 18:26:38 | 000,001,469 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnetv.inf
[2012/06/25 18:26:37 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symds.cat
[2012/06/25 18:26:37 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnet.cat
[2012/06/25 18:26:37 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symefa.cat
[2012/06/25 18:26:37 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symefa.inf
[2012/06/25 18:26:37 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symds.inf
[2012/06/25 18:26:37 | 000,001,441 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnet.inf
[2012/06/25 18:26:37 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.inf
[2012/06/25 18:26:36 | 000,007,468 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.cat
[2012/06/25 18:26:36 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.cat
[2012/06/25 18:26:36 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\iron.cat
[2012/06/25 18:26:36 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.cat
[2012/06/25 18:26:36 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.inf
[2012/06/25 18:26:36 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.inf
[2012/06/25 18:26:36 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\iron.inf
[2012/06/25 18:25:05 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini
[2012/06/25 18:17:26 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/06/25 18:17:26 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/06/25 18:17:08 | 000,002,162 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/06/25 18:04:17 | 000,000,937 | ---- | C] () -- C:\Users\Anne\Desktop\Norton Installation Files.lnk
[2012/06/24 20:13:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/12 18:34:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2012/05/31 17:58:12 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/11 21:24:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
[2012/01/11 21:24:18 | 000,002,048 | -HS- | C] () -- C:\Users\Anne\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
[2011/06/14 17:04:54 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011/06/14 16:48:52 | 000,186,553 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/05/18 18:16:35 | 000,001,940 | ---- | C] () -- C:\Users\Anne\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/23 23:12:11 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/03/30 20:45:03 | 000,000,600 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\winscp.rnd
[2009/07/24 22:52:53 | 000,005,972 | ---- | C] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat
[2009/02/17 19:55:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/10 20:51:05 | 000,015,360 | ---- | C] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/24 22:51:13 | 000,035,752 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\FixZeroAccess.sys
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/05/01 09:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2012/06/25 18:17:26 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\SYMEVENT.SYS
[2012/03/30 07:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: AFD.SYS >
[2011/04/21 08:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Users\Anne\AppData\Roaming\FixZeroAccess\Archive\afd.sys
[2011/04/21 08:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 08:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 08:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 08:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 21:33:55 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 23:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 08:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2008/12/04 21:27:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/12/04 21:27:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\Anne\AppData\Roaming\FixZeroAccess\Archive\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/12/04 21:27:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETBT.SYS >
[2008/01/20 21:34:49 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Users\Anne\AppData\Roaming\FixZeroAccess\Archive\netbt.sys
[2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: SERVICES.EXE >
[2008/01/20 21:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=8737764F4FD36D6808EE80578409C843 -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: TDX.SYS >
[2009/04/10 23:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Users\Anne\AppData\Roaming\FixZeroAccess\Archive\tdx.sys
[2009/04/10 23:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/10 23:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 21:34:42 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Users\Anne\AppData\Roaming\FixZeroAccess\Archive\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 21:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 21:32:47 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 21:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/15 18:21:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/15 18:21:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/15 18:21:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/15 18:21:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/15 18:21:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/15 18:21:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

< End of report >

Extras Log:
OTL Extras logfile created on: 6/27/2012 5:43:44 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Anne\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 36.59% Memory free
6.18 Gb Paging File | 4.09 Gb Available in Paging File | 66.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 118.70 Gb Free Space | 53.81% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.91 Gb Free Space | 50.24% Space Free | Partition Type: NTFS

Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0E5DD7A3-BE29-430C-970B-C553F4A58C39}" = SMART Common Platform
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}" = SMART Product Drivers
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D4B716A-0ABE-4238-9090-D208E5F57A5E}" = SMART Product Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C3AD9933-EF84-4226-B906-0E0578B14248}" = WD SmartWare
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E176EEDB-3E4A-4D94-93EB-16EFA5C0B778}" = WD Software Upgrader
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED0FF410-41B9-441F-B457-4AC81782E8BF}" = SMART Notebook
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Dock" = Dell Dock
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton Security Suite
"PROR" = Microsoft Office Professional 2007
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"winscp3_is1" = WinSCP 4.2.7
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2814111827-105996498-531587399-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2011 1:36:57 PM | Computer Name = Anne-PC | Source = EventSystem | ID = 4621
Description =

Error - 5/22/2011 11:51:30 AM | Computer Name = Anne-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/22/2011 4:20:43 PM | Computer Name = Anne-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/22/2011 4:51:03 PM | Computer Name = Anne-PC | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.19048, time stamp
0x4d633f27, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x0006743f, process id 0x1130, application
start time 0x01cc18c1d58b57fb.

Error - 5/22/2011 4:52:08 PM | Computer Name = Anne-PC | Source = Perflib | ID = 1010
Description =

Error - 5/22/2011 4:52:12 PM | Computer Name = Anne-PC | Source = Perflib | ID = 1008
Description =

Error - 5/22/2011 4:55:36 PM | Computer Name = Anne-PC | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.19048, time stamp
0x4d633f27, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00066579, process id 0x1330, application
start time 0x01cc18c22d54f22b.

Error - 5/22/2011 8:12:33 PM | Computer Name = Anne-PC | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.19048, time stamp
0x4d633f27, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00066579, process id 0xdf4, application
start time 0x01cc18ddf23f3750.

Error - 5/22/2011 8:37:08 PM | Computer Name = Anne-PC | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.19048, time stamp
0x4d633f27, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x0006743f, process id 0xd28, application
start time 0x01cc18dded800190.

Error - 5/22/2011 11:27:55 PM | Computer Name = Anne-PC | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 5/27/2012 12:25:18 AM | Computer Name = Anne-PC | Source = WLAN-Tray | ID = 0
Description = 23:25:18, Sat, May 26, 12 Error - User "" does not have administrative
privileges on this system

[ OSession Events ]
Error - 2/18/2009 10:38:03 PM | Computer Name = Anne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/3/2009 3:42:16 PM | Computer Name = Anne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/25/2009 2:41:56 PM | Computer Name = Anne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 246
seconds with 240 seconds of active time. This session ended with a crash.

Error - 6/6/2010 7:11:41 PM | Computer Name = Anne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 694
seconds with 600 seconds of active time. This session ended with a crash.

Error - 6/7/2010 9:52:58 PM | Computer Name = Anne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 796
seconds with 720 seconds of active time. This session ended with a crash.

Error - 6/12/2010 8:20:45 PM | Computer Name = Anne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 937
seconds with 480 seconds of active time. This session ended with a crash.

Error - 12/23/2010 10:25:45 PM | Computer Name = Anne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/23/2010 10:26:04 PM | Computer Name = Anne-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/26/2012 3:56:51 PM | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 6/26/2012 3:56:53 PM | Computer Name = Anne-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 6/26/2012 8:15:49 PM | Computer Name = Anne-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 6/26/2012 8:16:30 PM | Computer Name = Anne-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 6/26/2012 8:16:59 PM | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 6/26/2012 8:16:59 PM | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/26/2012 8:16:59 PM | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 6/26/2012 8:16:59 PM | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 6/27/2012 12:08:12 AM | Computer Name = Anne-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 6/27/2012 12:44:27 AM | Computer Name = Anne-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >


5. I'm having no issues with my computer at this time other than having Norton popups telling me that it's blocking Trojan.Gen.2 and Trojan.Zeroaccess.B. ***Edit: I actually am unable to open Windows Firewall. It says it's blocked. I noticed that yesterday before I ran any of these scans.

Edited by AL16, 27 June 2012 - 10:32 PM.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 28 June 2012 - 07:15 AM

Hi AL16!

Any idea of the time length for each scan? I won't be able to get started until later this evening at the earliest. I'd like to get all of them done ASAP, but don't want to be stuck with scans running into the early morning hrs. Appreciate the help!

It can really vary depending on which tools you're running.

But for the most part, the scans shouldn't take more than an hour. The only exception to this might be the Online Scanner, I'll have you run later.

Appreciate all the help. I work during the day so my scans will likely come around this time of day if future scans are needed.

Okay, we are definitely going to have some work to do.

It looks like some damage has been done to the registry, so we will need to address that issue a little bit later.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

----------------------

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Anne\AppData\Local\Temp\pxldrpow.sys -- (pxldrpow)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Anne\AppData\Local\Temp\mbr.sys -- (mbr)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
    IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=iHhsOg3ELnFqTBfq9Bwj-U1REVk?q={searchTerms}
    IE - HKU\S-1-5-21-2814111827-105996498-531587399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe File not found
    O4 - HKLM..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{3df50b68-1fd2-11de-b869-0023ae09986b}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008/01/20 21:32:58 | 000,013,312 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{3df50b6d-1fd2-11de-b869-0023ae09986b}\Shell - "" = AutoRun
    O33 - MountPoints2\{3df50b6d-1fd2-11de-b869-0023ae09986b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    [2012/06/26 19:17:41 | 000,003,792 | ---- | M] () -- C:\{B705FAD1-866C-4F08-A310-1FA455CDB678}
    [2012/06/26 01:35:52 | 000,003,792 | ---- | M] () -- C:\{361B032B-6720-4D70-A1F3-A5E23FFDB652}
    [2012/06/25 22:57:16 | 000,003,760 | ---- | M] () -- C:\{98A8B508-33AA-419E-A875-F24243302E16}
    [2012/06/25 22:55:40 | 000,003,792 | ---- | M] () -- C:\{41316500-E3C6-42F7-85F1-9D57B34A662D}
    [2012/06/26 19:17:35 | 000,003,792 | ---- | C] () -- C:\{B705FAD1-866C-4F08-A310-1FA455CDB678}
    [2012/06/26 19:16:20 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000001.@
    [2012/06/26 01:35:52 | 000,003,792 | ---- | C] () -- C:\{361B032B-6720-4D70-A1F3-A5E23FFDB652}
    [2012/06/25 22:57:16 | 000,003,760 | ---- | C] () -- C:\{98A8B508-33AA-419E-A875-F24243302E16}
    [2012/06/25 22:55:39 | 000,003,792 | ---- | C] () -- C:\{41316500-E3C6-42F7-85F1-9D57B34A662D}
    [2012/01/11 21:24:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
    [2012/01/11 21:24:18 | 000,002,048 | -HS- | C] () -- C:\Users\Anne\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 AL16

AL16
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 28 June 2012 - 07:50 PM

1. Questions for you: Am I okay to enable my anti-virus software that I shut down to run the ComboFix scan? I turned it off for 5 hours, but am going to turn the computer off after I post. Otherwise, everything's going smoothly.

2. OTL log file:

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Error: No service named pxldrpow was found to stop!
Service\Driver key pxldrpow not found.
File C:\Users\Anne\AppData\Local\Temp\pxldrpow.sys not found.
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\Users\Anne\AppData\Local\Temp\mbr.sys not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2814111827-105996498-531587399-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
HKU\S-1-5-21-2814111827-105996498-531587399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Watch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Dell DataSafe Online deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\Windows\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3df50b68-1fd2-11de-b869-0023ae09986b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3df50b68-1fd2-11de-b869-0023ae09986b}\ not found.
File move failed. C:\Windows\System32\setupSNK.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3df50b6d-1fd2-11de-b869-0023ae09986b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3df50b6d-1fd2-11de-b869-0023ae09986b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3df50b6d-1fd2-11de-b869-0023ae09986b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3df50b6d-1fd2-11de-b869-0023ae09986b}\ not found.
File F:\LaunchU3.exe -a not found.
C:\{B705FAD1-866C-4F08-A310-1FA455CDB678} moved successfully.
C:\{361B032B-6720-4D70-A1F3-A5E23FFDB652} moved successfully.
C:\{98A8B508-33AA-419E-A875-F24243302E16} moved successfully.
C:\{41316500-E3C6-42F7-85F1-9D57B34A662D} moved successfully.
File C:\{B705FAD1-866C-4F08-A310-1FA455CDB678} not found.
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000001.@ moved successfully.
File C:\{361B032B-6720-4D70-A1F3-A5E23FFDB652} not found.
File C:\{98A8B508-33AA-419E-A875-F24243302E16} not found.
File C:\{41316500-E3C6-42F7-85F1-9D57B34A662D} not found.
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@ moved successfully.
C:\Users\Anne\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@ moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Anne\Desktop\cmd.bat deleted successfully.
C:\Users\Anne\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Anne\Desktop\cmd.bat deleted successfully.
C:\Users\Anne\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Anne
->Flash cache emptied: 15011 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Anne
->Java cache emptied: 60775419 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 58.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06282012_184837

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\setupSNK.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2008/01/20 21:32:58 | 000,013,312 | ---- | M] (Microsoft Corporation) C:\Windows\System32\setupSNK.exe : MD5=DACAB3AC0A23FE8D56543806821241DE

Registry entries deleted on Reboot...


3. ComboFix Log:

ComboFix 12-06-28.03 - Anne 06/28/2012 19:13:53.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.1489 [GMT -5:00]
Running from: c:\users\Anne\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 00:28 . 2012-06-29 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 23:48 . 2012-06-28 23:48 -------- d-----w- C:\_OTL
2012-06-25 23:17 . 2012-06-25 23:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-06-25 23:17 . 2012-06-25 23:17 -------- d-----w- c:\program files\Symantec
2012-06-25 23:17 . 2012-06-25 23:17 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-25 23:14 . 2012-06-25 23:41 -------- d-----w- c:\windows\system32\drivers\N360
2012-06-25 23:14 . 2012-06-25 23:14 -------- d-----w- c:\program files\Norton Security Suite
2012-06-25 23:12 . 2012-06-25 23:12 -------- d-----w- c:\program files\NortonInstaller
2012-06-25 22:55 . 2012-06-25 22:55 -------- d-----w- c:\users\Anne\AppData\Roaming\Tific
2012-06-25 22:55 . 2012-06-25 22:55 -------- d-----w- c:\users\Anne\AppData\Local\Symantec
2012-06-25 01:14 . 2012-06-25 01:14 -------- d-----w- c:\users\Anne\AppData\Roaming\Malwarebytes
2012-06-25 01:13 . 2012-06-25 01:13 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 01:13 . 2012-06-25 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-25 01:13 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 00:36 . 2012-06-25 01:14 -------- d-----w- c:\users\Anne\AppData\Local\NPE
2012-06-25 00:28 . 2012-06-25 00:28 -------- d-----w- c:\users\Anne\AppData\Roaming\FixZeroAccess
2012-06-25 00:27 . 2012-06-25 03:51 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-06-22 23:37 . 2012-06-22 23:37 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-22 13:32 . 2012-06-22 13:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 05:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 05:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 05:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 05:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 05:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 05:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 05:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 05:42 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 05:42 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 15:15 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 15:15 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 15:15 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 15:15 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:15 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 23:32 . 2011-07-20 20:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-06-12 23:26 . 2012-06-12 23:27 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2012-05-31 22:58 . 2012-05-31 22:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-31 22:58 . 2012-05-31 22:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-31 22:58 . 2012-05-31 22:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-31 22:58 . 2012-05-31 22:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-31 22:58 . 2012-05-31 22:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-31 22:58 . 2012-05-31 22:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-31 22:58 . 2012-05-31 22:58 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-05-31 22:57 . 2012-05-31 22:58 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 23:37 . 2012-03-31 00:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-22 23:37 . 2011-05-14 14:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 08:16 . 2012-05-10 23:38 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 23:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SMART Board Service"="c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe" [2011-07-14 1761136]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2011-06-23 9800560]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 3998616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-4 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-05 01:25 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 03:42]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 03:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 19:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6076)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
c:\program files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
c:\program files\Western Digital\WD SmartWare\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Western Digital\WD SmartWare\WDFME.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-06-28 19:39:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-29 00:38
.
Pre-Run: 136,802,791,424 bytes free
Post-Run: 137,836,052,480 bytes free
.
- - End Of File - - A38EBA08D14BE51CC4646856735E4342


4. The computer seems to be running just fine. I haven't seen any Norton virus popups since ComboFix completed. I had an error message for SMART Technologies (a good software) popup after ComboFix restarted Windows saying something about an error due to a registry deletion. My guess is I'll eventually remove the software and reinstall at a later date.

Thanks again!

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 29 June 2012 - 03:03 AM

Hi AL16!

Am I okay to enable my anti-virus software that I shut down to run the ComboFix scan? I turned it off for 5 hours, but am going to turn the computer off after I post. Otherwise, everything's going smoothly.

Yes, you can go ahead and re-enable your Anti-Virus program. :)

The computer seems to be running just fine. I haven't seen any Norton virus popups since ComboFix completed. I had an error message for SMART Technologies (a good software) popup after ComboFix restarted Windows saying something about an error due to a registry deletion.

This error message should go away after a reboot of the computer.

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. MalwareBytes' Anti-Malware log file.
3. ESET Online Virus Scan log file.
4. SecurityCheck log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 AL16

AL16
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 30 June 2012 - 12:08 AM

ST,

Here are today's answers for you. Appreciate the help once again.

1. No questions from me today. Saw there was a threat detected in the ESET scan though. I should be around most of the weekend so responses from me might be able to come quicker if I'm near the computer when I see you've responded.

2. Malwarebytes Log:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.29.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Anne :: ANNE-PC [administrator]

Protection: Enabled

6/29/2012 12:09:44 PM
mbam-log-2012-06-29 (12-09-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224559
Time elapsed: 22 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


3. ESET log:
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win32/Sirefef.FB.Gen trojan

4. Security Check log:
Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 22
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

5. Everything seems fine with the computer. No popups from Norton since before yesterday's scans so that's nice to see. As I mentioned earlier, there was a threat found in the ESET scan but I haven't noticed anything out of the ordinary. I've only been using the computer to do the scans and then shut it down for the day until I run your new instructions.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 30 June 2012 - 07:09 AM

Hi AL16!

1. No questions from me today. Saw there was a threat detected in the ESET scan though. I should be around most of the weekend so responses from me might be able to come quicker if I'm near the computer when I see you've responded.

Okay.

The threat that ESET detected is currently in Quarantine, and will actually be addressed when we clean-up and remove our tools a bit later.

==========

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win32/Sirefef.FB.Gen trojan

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

-----

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586-s.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 AL16

AL16
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 30 June 2012 - 07:08 PM

Good Saturday/Sunday to you ST!

1. I updated Java.
2. I updated Adobe Reader.
3. The log for the OTL fix is below:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Anne\Desktop\cmd.bat deleted successfully.
C:\Users\Anne\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Anne
->Temp folder emptied: 41236463 bytes
->Temporary Internet Files folder emptied: 570667417 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 451558533 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,014.00 mb


[EMPTYFLASH]

User: All Users

User: Anne
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

4. The log for the OTL Custom Scan is below:
OTL logfile created on: 6/30/2012 6:42:26 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Anne\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 47.36% Memory free
6.17 Gb Paging File | 4.57 Gb Available in Paging File | 74.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 126.64 Gb Free Space | 57.41% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.91 Gb Free Space | 50.24% Space Free | Partition Type: NTFS

Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 17:39:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\otl.exe
PRC - [2012/06/11 12:58:30 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ccsvchst.exe
PRC - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/12/15 09:25:28 | 003,998,616 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
PRC - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/07/13 21:14:40 | 001,761,136 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2011/06/23 15:28:32 | 009,800,560 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
PRC - [2011/06/23 15:28:28 | 004,860,784 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\Marker.exe
PRC - [2011/06/23 15:28:28 | 001,825,136 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\Aware.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 13:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/12/04 20:02:48 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/03/04 00:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/15 18:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008/02/15 18:23:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/12/21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 03:27:39 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/05/11 19:28:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 18:36:34 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 18:33:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/10/01 17:34:12 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
MOD - [2011/10/01 17:33:58 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/12 21:59:13 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/07/03 08:42:04 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/22 18:37:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/04 20:25:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/04 20:02:48 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/02/15 18:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/06/29 13:08:44 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120629.002\navex15.sys -- (NAVEX15)
DRV - [2012/06/29 13:08:43 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120629.002\naveng.sys -- (NAVENG)
DRV - [2012/06/25 18:28:11 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/25 18:17:26 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/06/25 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/22 15:43:50 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120628.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/06/19 00:03:24 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/29 01:03:28 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 01:03:28 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/23 21:23:48 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
DRV - [2011/11/16 22:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
DRV - [2011/11/04 18:59:36 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)
DRV - [2011/07/13 21:17:14 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2011/07/13 21:16:54 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/03 08:41:54 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 07:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/02/15 18:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\..\SearchScopes,DefaultScope = ComcastSearch
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DMUS
IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {2D45E04F-35FE-4016-94D2-DD2590A9ABAE}
IE - HKCU\..\SearchScopes\{2D45E04F-35FE-4016-94D2-DD2590A9ABAE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DNUS_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DNUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/06/14 17:00:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/06/25 18:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/06/30 18:40:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/06/14 17:00:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/06/28 19:30:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2D2B84-A390-4F90-843A-D095F2447892}: DhcpNameServer = 192.168.1.1 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD6FE4DA-BE47-47E4-BA0B-F21C5EAABE39}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Anne\Pictures\240590805063009376_g6BTY4Vc_c.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anne\Pictures\240590805063009376_g6BTY4Vc_c.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 18:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/30 18:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/29 17:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/28 19:38:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/28 19:09:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/28 19:09:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/28 19:09:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/28 19:09:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/28 19:01:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/28 19:00:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/28 19:00:18 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\Anne\Desktop\ComboFix.exe
[2012/06/28 18:48:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/27 17:39:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Anne\Desktop\otl.exe
[2012/06/27 14:26:44 | 002,128,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anne\Desktop\tdsskiller.exe
[2012/06/26 20:58:10 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\gmer
[2012/06/26 20:56:30 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\WinRAR
[2012/06/26 20:56:30 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/26 20:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/26 20:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/06/26 20:45:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Anne\Desktop\dds.scr
[2012/06/25 18:26:38 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symtdiv.sys
[2012/06/25 18:26:38 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symnets.sys
[2012/06/25 18:26:37 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys
[2012/06/25 18:26:37 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys
[2012/06/25 18:26:37 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys
[2012/06/25 18:26:36 | 000,574,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys
[2012/06/25 18:26:36 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys
[2012/06/25 18:26:36 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys
[2012/06/25 18:25:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0602010.005
[2012/06/25 18:17:26 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/06/25 18:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/06/25 18:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/06/25 18:14:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2012/06/25 18:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2012/06/25 18:14:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2012/06/25 18:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/06/25 17:55:50 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Tific
[2012/06/25 17:55:47 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Symantec
[2012/06/24 20:14:03 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes
[2012/06/24 20:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/24 20:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/24 20:13:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/24 20:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/24 19:36:39 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\NPE
[2012/06/24 19:28:15 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\FixZeroAccess
[2012/06/24 19:27:58 | 000,035,752 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixZeroAccess.sys
[2012/06/22 08:32:35 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/06/12 18:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XCPCSync.OEM
[2009/01/07 22:30:38 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Anne\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/06/30 18:56:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 18:37:27 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 18:37:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 18:37:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 18:37:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 18:37:11 | 3208,716,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 18:24:58 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/29 23:54:07 | 000,881,475 | ---- | M] () -- C:\Users\Anne\Desktop\SecurityCheck.exe
[2012/06/29 23:51:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 13:05:06 | 000,340,645 | ---- | M] () -- C:\Users\Anne\Desktop\fss.exe
[2012/06/28 19:30:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/28 19:00:18 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Anne\Desktop\ComboFix.exe
[2012/06/28 18:43:20 | 000,003,760 | ---- | M] () -- C:\{27547BF1-CD5E-4C67-B5ED-D5A55FEF64B2}
[2012/06/27 17:39:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\otl.exe
[2012/06/27 14:26:45 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anne\Desktop\tdsskiller.exe
[2012/06/26 20:52:20 | 000,294,216 | ---- | M] () -- C:\Users\Anne\Desktop\gmer.zip
[2012/06/26 20:45:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Anne\Desktop\dds.scr
[2012/06/26 20:42:54 | 000,000,000 | ---- | M] () -- C:\Users\Anne\defogger_reenable
[2012/06/26 20:41:42 | 000,050,477 | ---- | M] () -- C:\Users\Anne\Desktop\Defogger.exe
[2012/06/26 19:42:14 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/26 19:42:14 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/25 18:40:53 | 000,002,162 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/06/25 18:40:31 | 002,248,273 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\Cat.DB
[2012/06/25 18:28:14 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\VT20120410.034
[2012/06/25 18:17:26 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/06/25 18:17:26 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/06/25 18:17:26 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/06/25 18:04:20 | 000,000,937 | ---- | M] () -- C:\Users\Anne\Desktop\Norton Installation Files.lnk
[2012/06/24 22:51:13 | 000,035,752 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixZeroAccess.sys
[2012/06/24 20:13:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 17:57:04 | 000,005,972 | ---- | M] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat
[2012/06/17 23:53:16 | 000,000,600 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\winscp.rnd
[2012/06/17 21:23:52 | 000,186,553 | ---- | M] () -- C:\Windows\hpwins23.dat
[2012/06/14 23:54:37 | 000,388,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/12 18:34:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2012/06/12 18:29:52 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/06/05 22:41:41 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini
[2012/06/01 18:00:24 | 000,195,013 | ---- | M] () -- C:\Users\Anne\Documents\rent payment confirmation 2.notebook

========== Files Created - No Company Name ==========

[2012/06/30 18:24:57 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/30 18:24:56 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/29 23:53:51 | 000,881,475 | ---- | C] () -- C:\Users\Anne\Desktop\SecurityCheck.exe
[2012/06/28 19:09:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/28 19:09:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/28 19:09:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/28 19:09:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/28 19:09:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/28 18:43:18 | 000,003,760 | ---- | C] () -- C:\{27547BF1-CD5E-4C67-B5ED-D5A55FEF64B2}
[2012/06/27 17:34:47 | 000,340,645 | ---- | C] () -- C:\Users\Anne\Desktop\fss.exe
[2012/06/26 20:52:20 | 000,294,216 | ---- | C] () -- C:\Users\Anne\Desktop\gmer.zip
[2012/06/26 20:42:54 | 000,000,000 | ---- | C] () -- C:\Users\Anne\defogger_reenable
[2012/06/26 20:41:42 | 000,050,477 | ---- | C] () -- C:\Users\Anne\Desktop\Defogger.exe
[2012/06/25 18:38:20 | 002,248,273 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\Cat.DB
[2012/06/25 18:29:41 | 000,008,942 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\VT20120410.034
[2012/06/25 18:26:38 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnetv.cat
[2012/06/25 18:26:38 | 000,001,469 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnetv.inf
[2012/06/25 18:26:37 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symds.cat
[2012/06/25 18:26:37 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnet.cat
[2012/06/25 18:26:37 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symefa.cat
[2012/06/25 18:26:37 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symefa.inf
[2012/06/25 18:26:37 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symds.inf
[2012/06/25 18:26:37 | 000,001,441 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\symnet.inf
[2012/06/25 18:26:37 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.inf
[2012/06/25 18:26:36 | 000,007,468 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.cat
[2012/06/25 18:26:36 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.cat
[2012/06/25 18:26:36 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\iron.cat
[2012/06/25 18:26:36 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.cat
[2012/06/25 18:26:36 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.inf
[2012/06/25 18:26:36 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.inf
[2012/06/25 18:26:36 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\iron.inf
[2012/06/25 18:25:05 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0602010.005\isolate.ini
[2012/06/25 18:17:26 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/06/25 18:17:26 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/06/25 18:17:08 | 000,002,162 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/06/25 18:04:17 | 000,000,937 | ---- | C] () -- C:\Users\Anne\Desktop\Norton Installation Files.lnk
[2012/06/24 20:13:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/12 18:34:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2011/06/14 17:04:54 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011/06/14 16:48:52 | 000,186,553 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/05/18 18:16:35 | 000,001,940 | ---- | C] () -- C:\Users\Anne\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/23 23:12:11 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/03/30 20:45:03 | 000,000,600 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\winscp.rnd
[2009/07/24 22:52:53 | 000,005,972 | ---- | C] () -- C:\Users\Anne\AppData\Local\d3d9caps.dat
[2009/02/17 19:55:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/10 20:51:05 | 000,015,360 | ---- | C] () -- C:\Users\Anne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/03/23 20:40:29 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\CoreFTP
[2012/06/24 19:28:15 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\FixZeroAccess
[2011/04/23 21:33:01 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PCDr
[2011/08/06 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Research In Motion
[2012/06/24 22:38:11 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\SMART Technologies
[2010/09/23 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\SMART Technologies Inc
[2012/06/25 17:55:50 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Tific
[2011/04/23 19:43:16 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\TMP
[2012/06/30 18:34:29 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/15 18:21:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/15 18:21:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/15 18:21:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\*. /rp /s >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-15 08:02:02

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

< End of report >

5. I don't seem to be having any issues with the computer. I'm able to open the Windows Firewall link in the Security folder now and had been unable to do so at the very start of this process a couple days ago. General question about firewalls though, My Norton firewall is enabled, but my Windows firewall is not. Can both be active at the same time? Should the current setup be the one I use? Any info would be appreciated.

Thanks!

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 01 July 2012 - 06:10 AM

Good Morning AL16!

We should be able to wrap things up in the next post or two.

Glad to hear that things are behaving themselves now. :)

In regards to the question about whether or not both Windows Firewall and Norton Firewall can be enabled at the same time; I'd recommend that you don't try and have both running at the same time.

I'm not sure if Windows Firewall will allow you to have it enabled if it detects another Firewall software program being active.


Enable CD Emulation Driver

If you don't have Defogger on your Desktop anymore, please download a new copy DeFogger to your desktop.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


NEXT:


OTL Fix

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2012/06/26 20:58:10 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\gmer
    [2012/06/24 19:28:15 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\FixZeroAccess
    [2012/06/24 19:27:58 | 000,035,752 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixZeroAccess.sys
    [2012/06/22 08:32:35 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/06/28 18:43:20 | 000,003,760 | ---- | M] () -- C:\{27547BF1-CD5E-4C67-B5ED-D5A55FEF64B2}
    [2012/06/26 20:52:20 | 000,294,216 | ---- | M] () -- C:\Users\Anne\Desktop\gmer.zip
    [2012/06/26 20:42:54 | 000,000,000 | ---- | M] () -- C:\Users\Anne\defogger_reenable
    [2012/06/26 20:41:42 | 000,050,477 | ---- | M] () -- C:\Users\Anne\Desktop\Defogger.exe
    [2012/06/28 18:43:18 | 000,003,760 | ---- | C] () -- C:\{27547BF1-CD5E-4C67-B5ED-D5A55FEF64B2}
    [2012/06/27 17:34:47 | 000,340,645 | ---- | C] () -- C:\Users\Anne\Desktop\fss.exe
    [2012/06/24 19:28:15 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\FixZeroAccess
    
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 AL16

AL16
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 01 July 2012 - 11:14 AM

Good Sunday to you ST.

Great to hear we're close. If I'm asking too early and you'll be telling me in a later post, I apologize, but will you please let me know when we're all done what to do with all the software that's been downloaded through this process? Can it be removed at that point? I'm assuming that's one of the last steps. Thank you for the firewall answer.

OTL Fix Scan Log:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
C:\Users\Anne\Desktop\gmer folder moved successfully.
C:\Users\Anne\AppData\Roaming\FixZeroAccess\Archive folder moved successfully.
C:\Users\Anne\AppData\Roaming\FixZeroAccess folder moved successfully.
C:\Windows\System32\drivers\FixZeroAccess.sys moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\System32\%APPDATA% folder moved successfully.
C:\{27547BF1-CD5E-4C67-B5ED-D5A55FEF64B2} moved successfully.
C:\Users\Anne\Desktop\gmer.zip moved successfully.
File C:\Users\Anne\defogger_reenable not found.
C:\Users\Anne\Desktop\Defogger.exe moved successfully.
File C:\{27547BF1-CD5E-4C67-B5ED-D5A55FEF64B2} not found.
C:\Users\Anne\Desktop\fss.exe moved successfully.
Folder C:\Users\Anne\AppData\Roaming\FixZeroAccess\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anne
->Temp folder emptied: 1510484 bytes
->Temporary Internet Files folder emptied: 4488962 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34400907 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb


[EMPTYFLASH]

User: All Users

User: Anne
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Anne
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 07012012_105720

Files\Folders moved on Reboot...
C:\Users\Anne\AppData\Local\Temp\Low\REGE85B.tmp moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5GNJC3WI\topic458492[1].htm moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Windows\temp\etilqs_DlsblvYuwoG3tYusT2sb moved successfully.
C:\Windows\temp\etilqs_KvshsBMPX3AemedHy74g moved successfully.
C:\Windows\temp\etilqs_QIggxS6jWceeWoxBmi9P moved successfully.
C:\Windows\temp\etilqs_RdtzGZuaNH0wM3lxlSlo moved successfully.
C:\Windows\temp\etilqs_U5ePl7EKFlPfEvmPqGRa moved successfully.
C:\Windows\temp\etilqs_uEAkkTMYiaRpcjEcaSdb moved successfully.
File\Folder C:\Windows\temp\etilqs_UFYVBXbihcOoGjZHNrHa not found!
C:\Windows\temp\etilqs_UOH8ZClBSJ78kOewgOwI moved successfully.
C:\Windows\temp\etilqs_z5ROZsalEPqwgNlP0sou moved successfully.

PendingFileRenameOperations files...
File C:\Users\Anne\AppData\Local\Temp\Low\REGE85B.tmp not found!
File C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5GNJC3WI\topic458492[1].htm not found!
File C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\Windows\temp\etilqs_DlsblvYuwoG3tYusT2sb not found!
File C:\Windows\temp\etilqs_KvshsBMPX3AemedHy74g not found!
File C:\Windows\temp\etilqs_QIggxS6jWceeWoxBmi9P not found!
File C:\Windows\temp\etilqs_RdtzGZuaNH0wM3lxlSlo not found!
File C:\Windows\temp\etilqs_U5ePl7EKFlPfEvmPqGRa not found!
File C:\Windows\temp\etilqs_uEAkkTMYiaRpcjEcaSdb not found!
File C:\Windows\temp\etilqs_UFYVBXbihcOoGjZHNrHa not found!
File C:\Windows\temp\etilqs_UOH8ZClBSJ78kOewgOwI not found!
File C:\Windows\temp\etilqs_z5ROZsalEPqwgNlP0sou not found!

Registry entries deleted on Reboot...

2. Regarding my computer: I just had a Windows message pop up stating the following: Dell Wireless WLAN Card Wireless Network Controller stopped working and was closed. A problem caused the application to stop working correctly. Windows will notify you if a solution is available. Funny thing is that wireless still works as I'm using it right now. Is this anything related to what we just did with the Fix scan or is non-related and just happened to pop up after reboot?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users