Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OTL logs - probable malware


  • This topic is locked This topic is locked
24 replies to this topic

#1 sjie98

sjie98

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 09 July 2012 - 10:05 AM

I tried to follow the prep guide, but was unable to get DDS to run (or gmer). Here are OTL logs, as suggested by boopme in prev topic - www.bleepingcomputer.com/forums/topic459812.html

Thx.


OTL.txt:

OTL logfile created on: 7/9/2012 7:37:39 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Phillip\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.64% Memory free
6.20 Gb Paging File | 4.97 Gb Available in Paging File | 80.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.49 Gb Total Space | 6.34 Gb Free Space | 2.20% Space Free | Partition Type: NTFS
Drive D: | 9.60 Gb Total Space | 1.30 Gb Free Space | 13.56% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Phillip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Phillip\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe (Symantec Corporation)
PRC - C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\WINDOWS\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\System32\PSIService.exe ()
PRC - C:\WINDOWS\System32\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\NCH Software\ExpressZip\ezcm.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SpeedDiskService) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe (Symantec Corporation)
SRV - (DiskDoctorService) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe (Symantec Corporation)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (hasplms) -- C:\WINDOWS\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\System32\PSIService.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120619.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120705.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilDrv11210) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120708.024\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120708.024\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\symtdiv.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\symefa.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\ironx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\ccsetx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\symds.sys (Symantec Corporation)
DRV - (SYMSpeedDisk) -- C:\WINDOWS\System32\drivers\SymSpeedDisk.sys (Symantec Corporation)
DRV - (SymDSMon) -- C:\WINDOWS\System32\drivers\SymDSMon.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (cdrblock) -- C:\WINDOWS\System32\drivers\cdrblock.sys (Canopus Co,. Ltd.)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (aksfridge) -- C:\WINDOWS\System32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Hardlock) -- C:\WINDOWS\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (xcbdaNtsc) ViXS Tuner Card (NTSC) -- C:\WINDOWS\System32\drivers\xcbda.sys (ViXS Systems Inc.)
DRV - (akshhl) -- C:\WINDOWS\System32\drivers\akshhl.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (regi) -- C:\WINDOWS\System32\drivers\regi.sys (InterVideo)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (ASAPIW2k) -- C:\WINDOWS\System32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{11D231C8-2FE5-4B8A-B2F9-B1736520C7A2}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{4C01D2EE-C655-4AE6-9F57-F91462B366F7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\..\SearchScopes,DefaultScope = {D9A5B22F-AC0E-4459-AFAB-7BB5389D51FF}
IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\..\SearchScopes\{11D231C8-2FE5-4B8A-B2F9-B1736520C7A2}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\..\SearchScopes\{4C01D2EE-C655-4AE6-9F57-F91462B366F7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\..\SearchScopes\{64A424EE-424E-4CF7-B06F-EA62A8979B3F}: "URL" = http://search.live.com/results.aspx?FORM=SOLTDF&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\..\SearchScopes\{D9A5B22F-AC0E-4459-AFAB-7BB5389D51FF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_en
IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/08/20 18:37:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Phillip\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 04:04:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/04/17 10:34:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/07/08 15:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/08 13:31:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Phillip\AppData\Roaming\Move Networks [2009/09/05 11:21:27 | 000,000,000 | ---D | M]

[2012/07/08 13:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phillip\AppData\Roaming\Mozilla\Extensions
[2012/07/08 13:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 15:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Phillip\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Norton Identity Protection = C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\
CHR - Extension: Norton Identity Protection = C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\S-1-5-21-2299067627-4250970703-1701403491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36937FF7-1F22-4576-8665-B5965D4D3BCC}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Phillip\Pictures\2009\Amsterdam Sept 2009\20100314_37.JPG
O24 - Desktop BackupWallPaper: C:\Users\Phillip\Pictures\2009\Amsterdam Sept 2009\20100314_37.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/01 07:56:33 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4b348328-34ca-11de-97b9-001e8c5b725d}\Shell - "" = AutoRun
O33 - MountPoints2\{4b348328-34ca-11de-97b9-001e8c5b725d}\Shell\AutoRun\command - "" = K:\WIN\setup.exe
O33 - MountPoints2\{7b2c7b14-cde1-11df-a032-001e8c5b725d}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2c7b14-cde1-11df-a032-001e8c5b725d}\Shell\AutoRun\command - "" = E:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\NORTON~3\Tools\SPEEDD~1\aDSBatch.exe /startup)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/09 07:36:14 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Phillip\Desktop\OTL.exe
[2012/07/08 14:07:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/08 13:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2012/07/08 13:46:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Phillip\Desktop\File3.scr
[2012/07/08 13:31:28 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Roaming\Mozilla
[2012/07/08 13:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/07 09:15:43 | 000,000,000 | ---D | C] -- C:\Users\Phillip\Desktop\Anthem
[2012/07/05 10:46:50 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Local\Macromedia
[2012/07/03 19:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/03 19:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/03 19:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/03 19:16:07 | 004,126,880 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/06/29 16:41:00 | 000,000,000 | ---D | C] -- C:\Users\Phillip\AppData\Roaming\Malwarebytes
[2012/06/29 16:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/25 19:02:50 | 000,000,000 | ---D | C] -- C:\Users\Phillip\Desktop\stuffn
[2012/06/25 15:23:41 | 000,000,000 | ---D | C] -- C:\Users\Phillip\Desktop\Blue Cross
[2012/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\Users\Phillip\Documents\Legal
[2012/06/21 10:17:15 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 10:17:14 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 10:16:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 10:16:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 10:16:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 10:16:24 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 10:16:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 03:03:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 03:03:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 03:03:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 03:03:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 03:03:50 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 03:03:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 03:03:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 21:30:27 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 16:43:15 | 000,000,000 | ---D | C] -- C:\Users\Phillip\Desktop\GV Backup 12-1-2011
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/09 07:35:39 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job
[2012/07/09 07:34:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Phillip\Desktop\OTL.exe
[2012/07/09 07:32:07 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 07:32:07 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 23:20:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/08 23:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/08 16:20:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/08 15:31:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/08 15:31:24 | 3219,615,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/08 14:36:53 | 000,387,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/08 14:35:59 | 220,271,782 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/08 14:29:01 | 000,302,592 | ---- | M] () -- C:\Users\Phillip\Desktop\uikr7h97.exe
[2012/07/08 14:21:14 | 000,001,356 | ---- | M] () -- C:\Users\Phillip\AppData\Local\d3d9caps.dat
[2012/07/08 14:21:07 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/07/08 14:00:30 | 000,302,592 | ---- | M] () -- C:\Users\Phillip\Desktop\zh74hue0.exe
[2012/07/08 13:55:34 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
[2012/07/08 13:46:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Phillip\Desktop\File3.scr
[2012/07/08 13:37:54 | 000,000,000 | ---- | M] () -- C:\Users\Phillip\defogger_reenable
[2012/07/08 13:36:23 | 000,050,477 | ---- | M] () -- C:\Users\Phillip\Desktop\File2.exe
[2012/07/08 13:31:22 | 000,000,872 | ---- | M] () -- C:\Users\Phillip\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/08 13:31:22 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/08 04:51:34 | 000,002,864 | ---- | M] () -- C:\{8A60DBE9-0AEB-40A7-9B87-A5888262DF8D}
[2012/07/03 19:33:01 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/03 19:16:15 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/03 19:16:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/03 19:16:08 | 004,126,880 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/07/02 21:30:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/29 09:01:09 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/29 09:01:09 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/28 10:25:59 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db
[2012/06/21 19:40:22 | 021,916,244 | ---- | M] () -- C:\Users\Phillip\Desktop\Avanquest-UK-HD_tcm8-161650.pdf
[2012/06/20 07:38:28 | 000,160,256 | ---- | M] () -- C:\Users\Phillip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/08 15:31:23 | 3219,615,744 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/08 14:30:18 | 000,302,592 | ---- | C] () -- C:\Users\Phillip\Desktop\uikr7h97.exe
[2012/07/08 14:06:43 | 220,271,782 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/08 14:00:29 | 000,302,592 | ---- | C] () -- C:\Users\Phillip\Desktop\zh74hue0.exe
[2012/07/08 13:55:34 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
[2012/07/08 13:55:33 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression Software.lnk
[2012/07/08 13:37:54 | 000,000,000 | ---- | C] () -- C:\Users\Phillip\defogger_reenable
[2012/07/08 13:36:22 | 000,050,477 | ---- | C] () -- C:\Users\Phillip\Desktop\File2.exe
[2012/07/08 13:31:22 | 000,000,872 | ---- | C] () -- C:\Users\Phillip\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/08 13:31:22 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/08 13:31:22 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/08 04:51:33 | 000,002,864 | ---- | C] () -- C:\{8A60DBE9-0AEB-40A7-9B87-A5888262DF8D}
[2012/07/03 19:33:00 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/03 18:45:09 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/21 19:40:22 | 021,916,244 | ---- | C] () -- C:\Users\Phillip\Desktop\Avanquest-UK-HD_tcm8-161650.pdf
[2012/06/06 02:12:19 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/02 08:50:35 | 000,000,054 | ---- | C] () -- C:\Windows\Musician.INI
[2012/01/17 14:23:26 | 000,036,712 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2009/07/11 10:38:21 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008/09/02 18:53:09 | 000,160,256 | ---- | C] () -- C:\Users\Phillip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/02 23:43:22 | 000,001,356 | ---- | C] () -- C:\Users\Phillip\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Lock Poker:MID
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9A2B2B2D
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D287FACF

< End of report >


Extras.txt:

OTL Extras logfile created on: 7/9/2012 7:37:39 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Phillip\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.64% Memory free
6.20 Gb Paging File | 4.97 Gb Available in Paging File | 80.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.49 Gb Total Space | 6.34 Gb Free Space | 2.20% Space Free | Partition Type: NTFS
Drive D: | 9.60 Gb Total Space | 1.30 Gb Free Space | 13.56% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Phillip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25CFB485-041F-4A6C-AB18-0DFB181E9C0A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A716578A-AFC4-473C-95CC-2090B50D5B31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0241DA6B-9AA9-41DC-90D6-5BF8E33B9435}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0370FD05-E944-4169-8518-2B2B320011F1}" = protocol=17 | dir=in | app=c:\program files\lock poker\pokerclient.exe |
"{19DCF7CB-3F36-4E7A-98FA-7EB3CBD8CC45}" = protocol=6 | dir=in | app=c:\program files\lock poker\pokerclient.exe |
"{240CE595-C529-4E94-9C87-3EC7C034E422}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{32309D6F-37A6-4894-9184-2A2BB65A1AC7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{52D9830E-4EA8-4923-A9DA-4FBFB957E73D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5AB3C55B-D0C8-4775-9223-6290C56B7A94}" = protocol=17 | dir=in | app=c:\program files\airport\apagent.exe |
"{6C3A142C-A299-4EFC-B00B-053F71B11FB4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6E8CE4C0-7EF4-4BE8-9263-D00418994111}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{758B23C7-E46F-4034-ACEB-0B7E859A413F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{78D63E08-C308-4117-8A5B-CCEF58355418}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{80AD7D9C-6776-4973-B8F9-3BD2870C2B9D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{860BB876-6E2A-49A9-9773-3AB42AE52E9F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94E96DAF-A1F5-4D43-8815-730723B50F3A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B02C3DB2-D305-4A50-ABB1-63D1906EE9AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4E96070-98CC-4232-9D82-D649A946E08B}" = protocol=6 | dir=in | app=c:\program files\airport\apagent.exe |
"{B6781132-8F02-43CD-8C23-D9B646D62F5D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B9508456-48C2-4D8D-8877-03A7987B5FDE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB588A75-248E-4231-884E-ED327DB03632}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C1539B94-2F4E-425E-AD6D-ADD59A591031}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E073820C-F42B-454F-880A-45EB992DE92B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F15D811C-BBF5-4F1A-8406-BFFB34757AE2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FB0C6EC8-FE36-4A5A-9567-AA5AA3F9E10C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{FCA2C5E0-76E9-4CBC-B7D5-94B2BB528843}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{03B1C701-5B73-4a25-BB9B-9F5178349E7B}" = EDIUS 5 Settings
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A8073F2-31C6-413B-BC79-5808352D651A}" = MotionSD STUDIO 1.2E
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14F06853-8A15-4731-BBDC-C9B40A866A63}" = Virtual VCR
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C62BD6D-7937-406C-A8B9-C0B0CB2FFF1D}" = Omron Drivers for HealthVault
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45218C26-F0B3-486C-A097-2027A62CA268}" = Punch! Home Design and Landscape Professional
"{49493B6A-60F9-417E-81A3-AC755D1DE0E0}" = RX-E1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect® Office X3 - Home Edition
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{700ADAF9-FC42-4E00-8BBD-1D1C9BD8E7B2}" = WordPerfect Office X3 - Home Edition Software Bundle
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}" = WordPerfect OfficeReady
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88307995-B9B1-4CE9-AD4A-79247F0C2200}" = AVC-C1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D03A164-B586-4318-AFE6-870A5E2739C1}" = PHOTORECOVERY LE
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4ECF10E-8914-4E29-9E48-8BE2F57558DC}" = ResumeMaker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AD3C2328-EDD2-4B63-9C19-9D53FFACD544}" = HX-E1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8612D29-E441-4F09-B929-4BC84F51B3C6}" = HQX-E1
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9A10E2B-DD40-4C7E-BEBE-8B749A18B373}" = WordPerfect Office X3 - Home Edition, Task Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6BA8EF2-A9F8-45B7-BD59-0A15DA9F7D68}" = Omron Health Management Software
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FA8B6532-78E9-490B-B97D-32379E16810E}" = EDIUS 5(SetupManager)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AviSynth" = AviSynth 2.5
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Color Efex Pro 3.0 Corel Sampler" = Color Efex Pro 3.0 Corel Sampler
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ExpressZip" = Express Zip File Compression Software
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Google Chrome" = Google Chrome
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"Lock Poker" = Lock Poker
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NIS" = Norton Internet Security
"Norton Utilities 15_is1" = Norton Utilities 15
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PhotoStage" = PhotoStage Slideshow Producer
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 7" = TeamViewer 7
"Videora iPad Converter" = Videora iPad Converter 6
"VLC media player" = VLC media player 1.0.3
"WildTangent hp Master Uninstall" = My HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"YouTube Downloader App" = YouTube Downloader App 2.03
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Lock Poker" = Lock Poker
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/8/2012 10:12:51 AM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 33384

Error - 7/8/2012 4:00:47 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 7/8/2012 4:01:15 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 7/8/2012 4:01:15 PM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 7/8/2012 4:02:49 PM | Computer Name = Home-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 7/8/2012 5:03:44 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application zh74hue0.exe, version 1.0.15.15641, time stamp
0x4e21f2b1, faulting module zh74hue0.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x1498, application
start time 0x01cd5d4cc0ff62e9.

Error - 7/8/2012 5:08:08 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/8/2012 5:32:19 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application uikr7h97.exe, version 1.0.15.15641, time stamp
0x4e21f2b1, faulting module uikr7h97.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x2dc, application
start time 0x01cd5d50e68d0517.

Error - 7/8/2012 7:20:25 PM | Computer Name = Home-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 7/9/2012 2:29:09 AM | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ Media Center Events ]
Error - 2/15/2009 12:00:53 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/11/2009 11:18:33 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2009 7:04:37 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/6/2010 7:08:59 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 1/25/2012 10:51:10 AM | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9475
seconds with 1080 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/8/2012 5:37:48 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/8/2012 5:37:48 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/8/2012 5:37:48 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/8/2012 5:37:48 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/8/2012 5:37:48 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/8/2012 5:37:48 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/8/2012 5:37:48 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/8/2012 5:37:48 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/8/2012 5:37:48 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/8/2012 6:33:24 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 14 July 2012 - 10:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459926 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sjie98

sjie98
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 14 July 2012 - 11:52 AM

I tried to run DDS again, and it closed without producing any logs.

I tried to run gmer again, and it scanned for a few minutes before the computer crashed with a blue screen.
No logs were produced.

The OS is Windows Vista, Service Pack 2, 32 bit system.
The computer came with the OS preinstalled, no CDs or DVDs were provided. But there are user-generated recovery disks.

Thanks for your help.


[edited to attach updated OTL log]Attached File  OTL2.Txt   72.74KB   0 downloads

Edited by sjie98, 14 July 2012 - 12:11 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 14 July 2012 - 09:19 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sjie98

sjie98
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 14 July 2012 - 10:19 PM

Security Check ran for a while, with the message "The system cannot find the file specified" appearing down the black box.

But I did get a log:

Results of screen317's Security Check version 0.99.42
x86
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Java™ 6 Update 29
Java™ SE Runtime Environment 6 Update 1
Java version out of Date!
Adobe Flash Player 11.3.300.265
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 14 July 2012 - 10:28 PM

OK very good - Now let me have the combofix report when it is done



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sjie98

sjie98
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 14 July 2012 - 11:13 PM

*pshew*!

The devices on the home network had all been having difficulty maintaining a connection. I wasn't sure if it was the router, one of the wireless devices, or what... The report is for the desktop, wired to the router, which is connected to a cable modem.

I just went into norton to try and see what devices were connected now, and when I clicked on the Network Security Map, Norton says "We need to initialize a network component to complete your request." I wasn't sure whether I could okay that or not.



Here is the Combofix log:


ComboFix 12-07-14.01 - Phillip 07/14/2012 20:32:10.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1308 [GMT -7:00]
Running from: c:\users\Phillip\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\cseDVH.dll
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 03:45 . 2012-07-15 03:45 -------- d-----w- c:\users\Phillip\AppData\Local\temp
2012-07-15 03:45 . 2012-07-15 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 10:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:30 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 00:30 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 00:30 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 00:30 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 00:30 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 00:30 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-05 17:46 . 2012-07-05 17:46 -------- d-----w- c:\users\Phillip\AppData\Local\Macromedia
2012-07-04 02:31 . 2012-07-04 02:31 -------- d-----w- c:\program files\iPod
2012-07-04 02:31 . 2012-07-04 02:32 -------- d-----w- c:\program files\iTunes
2012-07-04 02:16 . 2012-07-12 13:16 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-29 23:41 . 2012-06-29 23:41 -------- d-----w- c:\users\Phillip\AppData\Roaming\Malwarebytes
2012-06-29 23:40 . 2012-06-29 23:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 17:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 17:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 17:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 17:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 17:16 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 17:16 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 17:16 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 17:16 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 17:16 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 13:16 . 2012-04-02 19:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 13:16 . 2011-07-31 16:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 01:14 . 2009-07-11 17:38 900 --sha-w- c:\programdata\KGyGaAvL.sys
2012-05-01 14:03 . 2012-06-14 04:32 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-14 04:31 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 04:31 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 04:31 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-17 17:55 . 2012-04-17 17:23 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-14 22:20 . 2012-07-08 20:31 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-12 249856]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
MotionSD STUDIO - SD Browser auto start -.lnk - c:\program files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2008-9-21 67216]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 08:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-09 01:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-09 01:30 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2004-08-10 02:24 45056 ----a-w- c:\program files\Pinnacle\Studio 9\LaunchList.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-08-23 07:35 13535776 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-08-23 07:35 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 20:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 23:26 406016 ------w- c:\windows\System32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 18:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 17:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 10:56 54936 ------w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 19:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:16]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 07:33]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 07:33]
.
2012-07-14 c:\windows\Tasks\NUSchedule.job
- c:\program files\Norton Utilities 15\nu.exe [2012-01-17 21:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\7wd9xkek.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 20:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-14 20:51:09
ComboFix-quarantined-files.txt 2012-07-15 03:50
.
Pre-Run: 6,303,166,464 bytes free
Post-Run: 6,126,993,408 bytes free
.
- - End Of File - - D94B9B782E0495D7DA018C769F8F1BFE


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 14 July 2012 - 11:25 PM

Greetings

I just went into norton to try and see what devices were connected now, and when I clicked on the Network Security Map, Norton says "We need to initialize a network component to complete your request." I wasn't sure whether I could okay that or not.


I have never heard of this so it is up to you what you want to do but now is the best time to do it as if something goes wrong you are in the right place



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sjie98

sjie98
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 15 July 2012 - 12:00 AM

Here is the TDSS log; aswMBR seems to be taking a little while. Will post that when it's finished.


TDSS:


21:36:42.0985 4360 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:3521:36:43.0890 4360 ============================================================

21:36:43.0890 4360 Current date / time: 2012/07/14 21:36:43.0890

21:36:43.0890 4360 SystemInfo:

21:36:43.0890 4360

21:36:43.0890 4360 OS Version: 6.0.6002 ServicePack: 2.0

21:36:43.0890 4360 Product type: Workstation

21:36:43.0890 4360 ComputerName: HOME-PC

21:36:43.0890 4360 UserName: Phillip

21:36:43.0890 4360 Windows directory: C:\Windows

21:36:43.0890 4360 System windows directory: C:\Windows

21:36:43.0890 4360 Processor architecture: Intel x86

21:36:43.0890 4360 Number of processors: 4

21:36:43.0890 4360 Page size: 0x1000

21:36:43.0890 4360 Boot type: Normal boot

21:36:43.0890 4360 ============================================================

21:36:44.0623 4360 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:36:44.0639 4360 ============================================================

21:36:44.0639 4360 \Device\Harddisk0\DR0:

21:36:44.0639 4360 MBR partitions:

21:36:44.0639 4360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x240FAFDD

21:36:44.0639 4360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x240FB01C, BlocksNum 0x13326A5

21:36:44.0639 4360 ============================================================

21:36:44.0654 4360 C: <-> \Device\Harddisk0\DR0\Partition0

21:36:44.0717 4360 D: <-> \Device\Harddisk0\DR0\Partition1

21:36:44.0717 4360 ============================================================

21:36:44.0717 4360 Initialize success

21:36:44.0717 4360 ============================================================

21:36:52.0985 0768 ============================================================

21:36:52.0985 0768 Scan started

21:36:52.0985 0768 Mode: Manual;

21:36:52.0985 0768 ============================================================

21:36:54.0186 0768 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

21:36:54.0186 0768 ACPI - ok

21:36:54.0280 0768 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:36:54.0280 0768 AdobeFlashPlayerUpdateSvc - ok

21:36:54.0373 0768 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

21:36:54.0389 0768 adp94xx - ok

21:36:54.0436 0768 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

21:36:54.0451 0768 adpahci - ok

21:36:54.0482 0768 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

21:36:54.0498 0768 adpu160m - ok

21:36:54.0529 0768 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

21:36:54.0545 0768 adpu320 - ok

21:36:54.0576 0768 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

21:36:54.0576 0768 AeLookupSvc - ok

21:36:54.0623 0768 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

21:36:54.0623 0768 AFD - ok

21:36:54.0670 0768 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

21:36:54.0670 0768 agp440 - ok

21:36:54.0701 0768 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

21:36:54.0701 0768 aic78xx - ok

21:36:54.0763 0768 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\Windows\system32\DRIVERS\aksfridge.sys

21:36:54.0779 0768 aksfridge - ok

21:36:54.0826 0768 akshasp (1a27f5555448cc2d29d281b11f39177e) C:\Windows\system32\DRIVERS\akshasp.sys

21:36:54.0841 0768 akshasp - ok

21:36:54.0904 0768 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\Windows\system32\DRIVERS\akshhl.sys

21:36:54.0904 0768 akshhl - ok

21:36:54.0935 0768 aksusb (b4ad9f5d78f27e0c6994e0cb05c60e21) C:\Windows\system32\DRIVERS\aksusb.sys

21:36:54.0935 0768 aksusb - ok

21:36:54.0950 0768 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

21:36:54.0950 0768 ALG - ok

21:36:54.0982 0768 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

21:36:54.0982 0768 aliide - ok

21:36:55.0013 0768 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

21:36:55.0013 0768 amdagp - ok

21:36:55.0028 0768 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

21:36:55.0028 0768 amdide - ok

21:36:55.0044 0768 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

21:36:55.0044 0768 AmdK7 - ok

21:36:55.0060 0768 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

21:36:55.0060 0768 AmdK8 - ok

21:36:55.0091 0768 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

21:36:55.0091 0768 Appinfo - ok

21:36:55.0184 0768 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:36:55.0184 0768 Apple Mobile Device - ok

21:36:55.0216 0768 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

21:36:55.0216 0768 arc - ok

21:36:55.0247 0768 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

21:36:55.0262 0768 arcsas - ok

21:36:55.0309 0768 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\Windows\system32\drivers\ASAPIW2k.sys

21:36:55.0309 0768 ASAPIW2k - ok

21:36:55.0372 0768 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:36:55.0372 0768 aspnet_state - ok

21:36:55.0403 0768 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

21:36:55.0403 0768 AsyncMac - ok

21:36:55.0418 0768 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

21:36:55.0418 0768 atapi - ok

21:36:55.0481 0768 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

21:36:55.0496 0768 AudioEndpointBuilder - ok

21:36:55.0512 0768 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

21:36:55.0512 0768 Audiosrv - ok

21:36:55.0559 0768 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

21:36:55.0574 0768 Beep - ok

21:36:55.0699 0768 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

21:36:55.0808 0768 BFE - ok

21:36:55.0871 0768 bgsvcgen (82fb6a01d1205eb770e80c4cf8d9bd18) C:\WINDOWS\System32\bgsvcgen.exe

21:36:55.0871 0768 bgsvcgen - ok

21:36:56.0027 0768 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx86.sys

21:36:56.0042 0768 BHDrvx86 - ok

21:36:56.0152 0768 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll

21:36:56.0167 0768 BITS - ok

21:36:56.0245 0768 blbdrive - ok

21:36:56.0339 0768 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

21:36:56.0354 0768 Bonjour Service - ok

21:36:56.0432 0768 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

21:36:56.0432 0768 bowser - ok

21:36:56.0464 0768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

21:36:56.0479 0768 BrFiltLo - ok

21:36:56.0495 0768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

21:36:56.0495 0768 BrFiltUp - ok

21:36:56.0510 0768 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

21:36:56.0526 0768 Browser - ok

21:36:56.0588 0768 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

21:36:56.0588 0768 Brserid - ok

21:36:56.0604 0768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

21:36:56.0620 0768 BrSerWdm - ok

21:36:56.0635 0768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

21:36:56.0635 0768 BrUsbMdm - ok

21:36:56.0635 0768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

21:36:56.0635 0768 BrUsbSer - ok

21:36:56.0698 0768 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

21:36:56.0698 0768 BTHMODEM - ok

21:36:56.0776 0768 catchme - ok

21:36:56.0822 0768 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys

21:36:56.0822 0768 ccSet_NIS - ok

21:36:56.0869 0768 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

21:36:56.0869 0768 cdfs - ok

21:36:56.0900 0768 cdrblock (15e3e2920adac7450e0c7ae5f23a5f53) C:\Windows\system32\DRIVERS\cdrblock.sys

21:36:56.0900 0768 cdrblock - ok

21:36:56.0932 0768 cdrbsdrv (248349293ca42ee5db61dc1fd85a2f49) C:\Windows\system32\drivers\cdrbsdrv.sys

21:36:56.0932 0768 cdrbsdrv - ok

21:36:56.0963 0768 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

21:36:56.0963 0768 cdrom - ok

21:36:56.0994 0768 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

21:36:56.0994 0768 CertPropSvc - ok

21:36:57.0041 0768 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

21:36:57.0041 0768 circlass - ok

21:36:57.0088 0768 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

21:36:57.0150 0768 CLFS - ok

21:36:57.0244 0768 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:36:57.0259 0768 clr_optimization_v2.0.50727_32 - ok

21:36:57.0306 0768 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:36:57.0322 0768 clr_optimization_v4.0.30319_32 - ok

21:36:57.0400 0768 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

21:36:57.0400 0768 cmdide - ok

21:36:57.0415 0768 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

21:36:57.0415 0768 Compbatt - ok

21:36:57.0431 0768 COMSysApp - ok

21:36:57.0493 0768 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

21:36:57.0509 0768 crcdisk - ok

21:36:57.0509 0768 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

21:36:57.0524 0768 Crusoe - ok

21:36:57.0571 0768 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll

21:36:57.0571 0768 CryptSvc - ok

21:36:57.0649 0768 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

21:36:57.0649 0768 DcomLaunch - ok

21:36:57.0727 0768 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

21:36:57.0727 0768 DfsC - ok

21:36:57.0930 0768 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

21:36:58.0008 0768 DFSR - ok

21:36:58.0226 0768 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

21:36:58.0242 0768 Dhcp - ok

21:36:58.0320 0768 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

21:36:58.0320 0768 disk - ok

21:36:58.0523 0768 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

21:36:58.0538 0768 DiskDoctorService - ok

21:36:58.0570 0768 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

21:36:58.0585 0768 Dnscache - ok

21:36:58.0616 0768 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

21:36:58.0632 0768 dot3svc - ok

21:36:58.0663 0768 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

21:36:58.0663 0768 DPS - ok

21:36:58.0710 0768 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

21:36:58.0710 0768 drmkaud - ok

21:36:58.0788 0768 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

21:36:58.0804 0768 DXGKrnl - ok

21:36:58.0835 0768 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

21:36:58.0835 0768 E1G60 - ok

21:36:58.0866 0768 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

21:36:58.0882 0768 EapHost - ok

21:36:58.0928 0768 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

21:36:58.0944 0768 Ecache - ok

21:36:59.0022 0768 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

21:36:59.0038 0768 eeCtrl - ok

21:36:59.0116 0768 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

21:36:59.0116 0768 ehRecvr - ok

21:36:59.0178 0768 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

21:36:59.0194 0768 ehSched - ok

21:36:59.0209 0768 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

21:36:59.0209 0768 ehstart - ok

21:36:59.0256 0768 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

21:36:59.0272 0768 elxstor - ok

21:36:59.0334 0768 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

21:36:59.0350 0768 EMDMgmt - ok

21:36:59.0443 0768 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

21:36:59.0459 0768 EraserUtilRebootDrv - ok

21:36:59.0506 0768 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

21:36:59.0521 0768 EventSystem - ok

21:36:59.0584 0768 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

21:36:59.0584 0768 exfat - ok

21:36:59.0615 0768 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

21:36:59.0630 0768 fastfat - ok

21:36:59.0662 0768 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

21:36:59.0662 0768 fdc - ok

21:36:59.0693 0768 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

21:36:59.0693 0768 fdPHost - ok

21:36:59.0708 0768 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

21:36:59.0708 0768 FDResPub - ok

21:36:59.0755 0768 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

21:36:59.0755 0768 FileInfo - ok

21:36:59.0786 0768 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

21:36:59.0786 0768 Filetrace - ok

21:36:59.0802 0768 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

21:36:59.0802 0768 flpydisk - ok

21:36:59.0833 0768 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

21:36:59.0849 0768 FltMgr - ok

21:36:59.0927 0768 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

21:36:59.0942 0768 FontCache - ok

21:37:00.0020 0768 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

21:37:00.0020 0768 FontCache3.0.0.0 - ok

21:37:00.0052 0768 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

21:37:00.0067 0768 Fs_Rec - ok

21:37:00.0098 0768 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

21:37:00.0098 0768 gagp30kx - ok

21:37:00.0176 0768 GameConsoleService (44d07e5a444692e9b6a5cdd7401b4402) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

21:37:00.0192 0768 GameConsoleService - ok

21:37:00.0223 0768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:37:00.0223 0768 GEARAspiWDM - ok

21:37:00.0239 0768 getPlusHelper - ok

21:37:00.0301 0768 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

21:37:00.0317 0768 gpsvc - ok

21:37:00.0364 0768 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

21:37:00.0364 0768 gupdate - ok

21:37:00.0379 0768 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

21:37:00.0379 0768 gupdatem - ok

21:37:00.0442 0768 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

21:37:00.0442 0768 gusvc - ok

21:37:00.0520 0768 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\Windows\system32\drivers\hardlock.sys

21:37:00.0535 0768 Hardlock - ok

21:37:00.0535 0768 hasplms - ok

21:37:00.0582 0768 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

21:37:00.0598 0768 HdAudAddService - ok

21:37:00.0660 0768 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:37:00.0660 0768 HDAudBus - ok

21:37:00.0691 0768 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

21:37:00.0691 0768 HidBth - ok

21:37:00.0722 0768 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

21:37:00.0722 0768 HidIr - ok

21:37:00.0754 0768 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

21:37:00.0754 0768 hidserv - ok

21:37:00.0769 0768 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

21:37:00.0769 0768 HidUsb - ok

21:37:00.0800 0768 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

21:37:00.0800 0768 hkmsvc - ok

21:37:00.0988 0768 HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

21:37:00.0988 0768 HP Health Check Service - ok

21:37:01.0066 0768 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

21:37:01.0066 0768 HpCISSs - ok

21:37:01.0222 0768 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys

21:37:01.0253 0768 HSF_DP - ok

21:37:01.0268 0768 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

21:37:01.0284 0768 HSXHWBS2 - ok

21:37:01.0346 0768 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

21:37:01.0346 0768 HTTP - ok

21:37:01.0362 0768 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

21:37:01.0378 0768 i2omp - ok

21:37:01.0393 0768 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

21:37:01.0393 0768 i8042prt - ok

21:37:01.0424 0768 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

21:37:01.0440 0768 iaStorV - ok

21:37:01.0596 0768 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:37:01.0674 0768 idsvc - ok

21:37:01.0846 0768 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120713.001\IDSvix86.sys

21:37:01.0846 0768 IDSVix86 - ok

21:37:02.0002 0768 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

21:37:02.0002 0768 iirsp - ok

21:37:02.0064 0768 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

21:37:02.0064 0768 IKEEXT - ok

21:37:02.0329 0768 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys

21:37:02.0392 0768 IntcAzAudAddService - ok

21:37:02.0532 0768 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

21:37:02.0548 0768 intelide - ok

21:37:02.0563 0768 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

21:37:02.0563 0768 intelppm - ok

21:37:02.0594 0768 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

21:37:02.0594 0768 IPBusEnum - ok

21:37:02.0626 0768 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:37:02.0626 0768 IpFilterDriver - ok

21:37:02.0657 0768 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

21:37:02.0672 0768 iphlpsvc - ok

21:37:02.0672 0768 IpInIp - ok

21:37:02.0704 0768 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

21:37:02.0704 0768 IPMIDRV - ok

21:37:02.0735 0768 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

21:37:02.0735 0768 IPNAT - ok

21:37:02.0844 0768 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe

21:37:02.0860 0768 iPod Service - ok

21:37:02.0922 0768 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

21:37:02.0922 0768 IRENUM - ok

21:37:02.0984 0768 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

21:37:02.0984 0768 isapnp - ok

21:37:03.0031 0768 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

21:37:03.0031 0768 iScsiPrt - ok

21:37:03.0094 0768 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

21:37:03.0094 0768 iteatapi - ok

21:37:03.0125 0768 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

21:37:03.0125 0768 iteraid - ok

21:37:03.0172 0768 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

21:37:03.0187 0768 IviRegMgr - ok

21:37:03.0203 0768 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:37:03.0218 0768 kbdclass - ok

21:37:03.0234 0768 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

21:37:03.0234 0768 kbdhid - ok

21:37:03.0265 0768 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

21:37:03.0265 0768 KeyIso - ok

21:37:03.0343 0768 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys

21:37:03.0343 0768 KSecDD - ok

21:37:03.0406 0768 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

21:37:03.0406 0768 KtmRm - ok

21:37:03.0452 0768 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

21:37:03.0452 0768 LanmanServer - ok

21:37:03.0499 0768 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

21:37:03.0515 0768 LanmanWorkstation - ok

21:37:03.0577 0768 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

21:37:03.0577 0768 LightScribeService - ok

21:37:03.0640 0768 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

21:37:03.0640 0768 lltdio - ok

21:37:03.0671 0768 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

21:37:03.0686 0768 lltdsvc - ok

21:37:03.0718 0768 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

21:37:03.0733 0768 lmhosts - ok

21:37:03.0764 0768 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

21:37:03.0764 0768 LSI_FC - ok

21:37:03.0780 0768 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

21:37:03.0780 0768 LSI_SAS - ok

21:37:03.0796 0768 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

21:37:03.0796 0768 LSI_SCSI - ok

21:37:03.0827 0768 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

21:37:03.0827 0768 luafv - ok

21:37:03.0858 0768 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

21:37:03.0874 0768 Mcx2Svc - ok

21:37:04.0030 0768 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

21:37:04.0030 0768 MDM - ok

21:37:04.0076 0768 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

21:37:04.0076 0768 mdmxsdk - ok

21:37:04.0108 0768 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

21:37:04.0108 0768 megasas - ok

21:37:04.0139 0768 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

21:37:04.0139 0768 MMCSS - ok

21:37:04.0154 0768 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

21:37:04.0154 0768 Modem - ok

21:37:04.0186 0768 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

21:37:04.0186 0768 monitor - ok

21:37:04.0217 0768 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

21:37:04.0217 0768 mouclass - ok

21:37:04.0248 0768 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

21:37:04.0248 0768 mouhid - ok

21:37:04.0279 0768 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

21:37:04.0279 0768 MountMgr - ok

21:37:04.0342 0768 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

21:37:04.0342 0768 MozillaMaintenance - ok

21:37:04.0404 0768 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

21:37:04.0404 0768 mpio - ok

21:37:04.0482 0768 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

21:37:04.0482 0768 mpsdrv - ok

21:37:04.0529 0768 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

21:37:04.0544 0768 MpsSvc - ok

21:37:04.0560 0768 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

21:37:04.0560 0768 Mraid35x - ok

21:37:04.0591 0768 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

21:37:04.0591 0768 MRxDAV - ok

21:37:04.0638 0768 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:37:04.0638 0768 mrxsmb - ok

21:37:04.0669 0768 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:37:04.0685 0768 mrxsmb10 - ok

21:37:04.0685 0768 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:37:04.0700 0768 mrxsmb20 - ok

21:37:04.0700 0768 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

21:37:04.0700 0768 msahci - ok

21:37:04.0716 0768 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

21:37:04.0732 0768 msdsm - ok

21:37:04.0763 0768 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

21:37:04.0763 0768 MSDTC - ok

21:37:04.0778 0768 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

21:37:04.0778 0768 Msfs - ok

21:37:04.0810 0768 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

21:37:04.0810 0768 msisadrv - ok

21:37:04.0872 0768 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

21:37:04.0872 0768 MSiSCSI - ok

21:37:04.0872 0768 msiserver - ok

21:37:04.0981 0768 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

21:37:04.0981 0768 MSKSSRV - ok

21:37:05.0012 0768 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

21:37:05.0012 0768 MSPCLOCK - ok

21:37:05.0028 0768 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

21:37:05.0028 0768 MSPQM - ok

21:37:05.0059 0768 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

21:37:05.0075 0768 MsRPC - ok

21:37:05.0122 0768 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

21:37:05.0122 0768 mssmbios - ok

21:37:05.0137 0768 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

21:37:05.0137 0768 MSTEE - ok

21:37:05.0153 0768 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

21:37:05.0153 0768 Mup - ok

21:37:05.0200 0768 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

21:37:05.0200 0768 napagent - ok

21:37:05.0246 0768 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

21:37:05.0246 0768 NativeWifiP - ok

21:37:05.0402 0768 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120714.017\NAVENG.SYS

21:37:05.0402 0768 NAVENG - ok

21:37:05.0543 0768 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120714.017\NAVEX15.SYS

21:37:05.0574 0768 NAVEX15 - ok

21:37:05.0746 0768 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

21:37:05.0761 0768 NDIS - ok

21:37:05.0792 0768 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

21:37:05.0792 0768 NdisTapi - ok

21:37:05.0824 0768 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

21:37:05.0824 0768 Ndisuio - ok

21:37:05.0855 0768 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:37:05.0855 0768 NdisWan - ok

21:37:05.0870 0768 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

21:37:05.0886 0768 NDProxy - ok

21:37:05.0948 0768 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

21:37:05.0948 0768 NetBIOS - ok

21:37:06.0011 0768 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

21:37:06.0026 0768 netbt - ok

21:37:06.0089 0768 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

21:37:06.0089 0768 Netlogon - ok

21:37:06.0136 0768 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

21:37:06.0136 0768 Netman - ok

21:37:06.0182 0768 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

21:37:06.0182 0768 netprofm - ok

21:37:06.0245 0768 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:37:06.0245 0768 NetTcpPortSharing - ok

21:37:06.0260 0768 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

21:37:06.0276 0768 nfrd960 - ok

21:37:06.0354 0768 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

21:37:06.0354 0768 NIS - ok

21:37:06.0385 0768 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

21:37:06.0401 0768 NlaSvc - ok

21:37:06.0432 0768 nosGetPlusHelper (eb900c136e660a8deb657be134c3bcd9) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll

21:37:06.0448 0768 nosGetPlusHelper - ok

21:37:06.0479 0768 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

21:37:06.0479 0768 Npfs - ok

21:37:06.0510 0768 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

21:37:06.0526 0768 nsi - ok

21:37:06.0541 0768 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

21:37:06.0541 0768 nsiproxy - ok

21:37:06.0635 0768 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

21:37:06.0666 0768 Ntfs - ok

21:37:06.0697 0768 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

21:37:06.0713 0768 ntrigdigi - ok

21:37:06.0728 0768 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

21:37:06.0728 0768 Null - ok

21:37:06.0822 0768 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys

21:37:06.0869 0768 NVENETFD - ok

21:37:07.0352 0768 nvlddmkm (57d3a8241b13a34ded58db36331223ee) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:37:07.0508 0768 nvlddmkm - ok

21:37:07.0649 0768 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

21:37:07.0649 0768 nvraid - ok

21:37:07.0664 0768 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

21:37:07.0664 0768 nvstor - ok

21:37:07.0696 0768 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys

21:37:07.0696 0768 nvstor32 - ok

21:37:07.0727 0768 nvsvc (d22508cdf91873069b425b758e1daebe) C:\Windows\system32\nvvsvc.exe

21:37:07.0742 0768 nvsvc - ok

21:37:07.0758 0768 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

21:37:07.0758 0768 nv_agp - ok

21:37:07.0774 0768 NwlnkFlt - ok

21:37:07.0774 0768 NwlnkFwd - ok

21:37:07.0867 0768 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:37:07.0867 0768 odserv - ok

21:37:07.0914 0768 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

21:37:07.0914 0768 ohci1394 - ok

21:37:08.0039 0768 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:37:08.0054 0768 ose - ok

21:37:08.0132 0768 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

21:37:08.0195 0768 p2pimsvc - ok

21:37:08.0210 0768 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

21:37:08.0226 0768 p2psvc - ok

21:37:08.0257 0768 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

21:37:08.0257 0768 Parport - ok

21:37:08.0288 0768 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

21:37:08.0288 0768 partmgr - ok

21:37:08.0304 0768 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

21:37:08.0304 0768 Parvdm - ok

21:37:08.0320 0768 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

21:37:08.0335 0768 PcaSvc - ok

21:37:08.0366 0768 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

21:37:08.0382 0768 pci - ok

21:37:08.0398 0768 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

21:37:08.0398 0768 pciide - ok

21:37:08.0413 0768 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

21:37:08.0429 0768 pcmcia - ok

21:37:08.0507 0768 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

21:37:08.0522 0768 PEAUTH - ok

21:37:08.0663 0768 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

21:37:08.0694 0768 pla - ok

21:37:08.0819 0768 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

21:37:08.0819 0768 PlugPlay - ok

21:37:08.0897 0768 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

21:37:08.0912 0768 PNRPAutoReg - ok

21:37:08.0928 0768 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

21:37:08.0944 0768 PNRPsvc - ok

21:37:09.0053 0768 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

21:37:09.0068 0768 PolicyAgent - ok

21:37:09.0131 0768 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

21:37:09.0131 0768 PptpMiniport - ok

21:37:09.0162 0768 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

21:37:09.0162 0768 Processor - ok

21:37:09.0178 0768 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

21:37:09.0193 0768 ProfSvc - ok

21:37:09.0271 0768 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

21:37:09.0271 0768 ProtectedStorage - ok

21:37:09.0318 0768 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe

21:37:09.0334 0768 ProtexisLicensing - ok

21:37:09.0365 0768 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys

21:37:09.0365 0768 Ps2 - ok

21:37:09.0412 0768 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

21:37:09.0412 0768 PSched - ok

21:37:09.0474 0768 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

21:37:09.0490 0768 PSI_SVC_2 - ok

21:37:09.0583 0768 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

21:37:09.0614 0768 ql2300 - ok

21:37:09.0630 0768 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

21:37:09.0630 0768 ql40xx - ok

21:37:09.0677 0768 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

21:37:09.0692 0768 QWAVE - ok

21:37:09.0708 0768 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

21:37:09.0708 0768 QWAVEdrv - ok

21:37:09.0739 0768 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

21:37:09.0739 0768 RasAcd - ok

21:37:09.0770 0768 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

21:37:09.0786 0768 RasAuto - ok

21:37:09.0817 0768 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:37:09.0817 0768 Rasl2tp - ok

21:37:09.0848 0768 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

21:37:09.0864 0768 RasMan - ok

21:37:09.0880 0768 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

21:37:09.0895 0768 RasPppoe - ok

21:37:09.0911 0768 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

21:37:09.0911 0768 RasSstp - ok

21:37:09.0942 0768 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

21:37:09.0958 0768 rdbss - ok

21:37:10.0036 0768 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:37:10.0036 0768 RDPCDD - ok

21:37:10.0082 0768 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

21:37:10.0145 0768 rdpdr - ok

21:37:10.0160 0768 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

21:37:10.0160 0768 RDPENCDD - ok

21:37:10.0207 0768 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys

21:37:10.0238 0768 RDPWD - ok

21:37:10.0270 0768 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

21:37:10.0270 0768 regi - ok

21:37:10.0301 0768 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

21:37:10.0316 0768 RemoteAccess - ok

21:37:10.0332 0768 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

21:37:10.0348 0768 RemoteRegistry - ok

21:37:10.0379 0768 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

21:37:10.0379 0768 RpcLocator - ok

21:37:10.0441 0768 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll

21:37:10.0457 0768 RpcSs - ok

21:37:10.0472 0768 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

21:37:10.0472 0768 rspndr - ok

21:37:10.0504 0768 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

21:37:10.0504 0768 SamSs - ok

21:37:10.0550 0768 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

21:37:10.0550 0768 sbp2port - ok

21:37:10.0582 0768 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

21:37:10.0597 0768 SCardSvr - ok

21:37:10.0675 0768 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

21:37:10.0691 0768 Schedule - ok

21:37:10.0706 0768 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

21:37:10.0722 0768 SCPolicySvc - ok

21:37:10.0753 0768 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

21:37:10.0769 0768 SDRSVC - ok

21:37:10.0769 0768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:37:10.0784 0768 secdrv - ok

21:37:10.0800 0768 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

21:37:10.0800 0768 seclogon - ok

21:37:10.0816 0768 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

21:37:10.0831 0768 SENS - ok

21:37:10.0847 0768 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

21:37:10.0847 0768 Serenum - ok

21:37:10.0862 0768 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

21:37:10.0862 0768 Serial - ok

21:37:10.0909 0768 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

21:37:10.0909 0768 sermouse - ok

21:37:10.0940 0768 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

21:37:10.0956 0768 SessionEnv - ok

21:37:10.0972 0768 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

21:37:10.0972 0768 sffdisk - ok

21:37:11.0050 0768 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

21:37:11.0050 0768 sffp_mmc - ok

21:37:11.0065 0768 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

21:37:11.0065 0768 sffp_sd - ok

21:37:11.0081 0768 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

21:37:11.0081 0768 sfloppy - ok

21:37:11.0112 0768 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

21:37:11.0174 0768 SharedAccess - ok

21:37:11.0206 0768 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

21:37:11.0221 0768 ShellHWDetection - ok

21:37:11.0237 0768 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

21:37:11.0237 0768 sisagp - ok

21:37:11.0252 0768 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

21:37:11.0252 0768 SiSRaid2 - ok

21:37:11.0268 0768 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

21:37:11.0268 0768 SiSRaid4 - ok

21:37:11.0596 0768 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

21:37:11.0642 0768 slsvc - ok

21:37:11.0767 0768 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

21:37:11.0783 0768 SLUINotify - ok

21:37:11.0830 0768 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

21:37:11.0830 0768 Smb - ok

21:37:11.0861 0768 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

21:37:11.0876 0768 SNMPTRAP - ok

21:37:11.0986 0768 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

21:37:12.0001 0768 SpeedDiskService - ok

21:37:12.0110 0768 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

21:37:12.0110 0768 spldr - ok

21:37:12.0142 0768 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

21:37:12.0157 0768 Spooler - ok

21:37:12.0282 0768 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NIS\1307010.005\SRTSP.SYS

21:37:12.0298 0768 SRTSP - ok

21:37:12.0313 0768 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS

21:37:12.0313 0768 SRTSPX - ok

21:37:12.0360 0768 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

21:37:12.0376 0768 srv - ok

21:37:12.0407 0768 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

21:37:12.0407 0768 srv2 - ok

21:37:12.0422 0768 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

21:37:12.0422 0768 srvnet - ok

21:37:12.0594 0768 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

21:37:12.0656 0768 SSDPSRV - ok

21:37:12.0703 0768 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

21:37:12.0703 0768 SstpSvc - ok

21:37:12.0766 0768 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

21:37:12.0797 0768 stisvc - ok

21:37:12.0828 0768 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

21:37:12.0828 0768 swenum - ok

21:37:12.0859 0768 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

21:37:12.0875 0768 swprv - ok

21:37:12.0906 0768 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

21:37:12.0906 0768 Symc8xx - ok

21:37:12.0968 0768 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1307010.005\SYMDS.SYS

21:37:12.0984 0768 SymDS - ok

21:37:13.0046 0768 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\Windows\system32\drivers\SymDSMon.sys

21:37:13.0046 0768 SymDSMon - ok

21:37:13.0156 0768 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS

21:37:13.0156 0768 SymEFA - ok

21:37:13.0202 0768 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS

21:37:13.0202 0768 SymEvent - ok

21:37:13.0249 0768 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys

21:37:13.0249 0768 SymIM - ok

21:37:13.0249 0768 SymIMMP - ok

21:37:13.0343 0768 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1307010.005\Ironx86.SYS

21:37:13.0343 0768 SymIRON - ok

21:37:13.0436 0768 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\Windows\system32\drivers\SymSpeedDisk.sys

21:37:13.0452 0768 SYMSpeedDisk - ok

21:37:13.0483 0768 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NIS\1307010.005\SYMTDIV.SYS

21:37:13.0499 0768 SYMTDIv - ok

21:37:13.0514 0768 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

21:37:13.0514 0768 Sym_hi - ok

21:37:13.0546 0768 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

21:37:13.0546 0768 Sym_u3 - ok

21:37:13.0592 0768 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

21:37:13.0624 0768 SysMain - ok

21:37:13.0655 0768 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

21:37:13.0670 0768 TabletInputService - ok

21:37:13.0702 0768 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

21:37:13.0717 0768 TapiSrv - ok

21:37:13.0748 0768 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

21:37:13.0764 0768 TBS - ok

21:37:13.0842 0768 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

21:37:13.0858 0768 Tcpip - ok

21:37:13.0889 0768 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

21:37:13.0889 0768 Tcpip6 - ok

21:37:13.0920 0768 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

21:37:13.0920 0768 tcpipreg - ok

21:37:13.0951 0768 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

21:37:13.0951 0768 TDPIPE - ok

21:37:13.0982 0768 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

21:37:13.0982 0768 TDTCP - ok

21:37:14.0060 0768 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

21:37:14.0060 0768 tdx - ok

21:37:14.0294 0768 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

21:37:14.0341 0768 TeamViewer7 - ok

21:37:14.0528 0768 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

21:37:14.0528 0768 TermDD - ok

21:37:14.0575 0768 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

21:37:14.0591 0768 TermService - ok

21:37:14.0622 0768 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

21:37:14.0638 0768 Themes - ok

21:37:14.0669 0768 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

21:37:14.0669 0768 THREADORDER - ok

21:37:14.0684 0768 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

21:37:14.0684 0768 TrkWks - ok

21:37:14.0731 0768 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

21:37:14.0731 0768 TrustedInstaller - ok

21:37:14.0762 0768 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:37:14.0762 0768 tssecsrv - ok

21:37:14.0809 0768 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

21:37:14.0809 0768 tunmp - ok

21:37:14.0840 0768 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

21:37:14.0840 0768 tunnel - ok

21:37:14.0872 0768 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

21:37:14.0872 0768 uagp35 - ok

21:37:14.0903 0768 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

21:37:14.0918 0768 udfs - ok

21:37:14.0950 0768 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

21:37:14.0950 0768 UI0Detect - ok

21:37:14.0965 0768 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

21:37:14.0965 0768 uliagpkx - ok

21:37:14.0996 0768 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

21:37:15.0012 0768 uliahci - ok

21:37:15.0028 0768 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

21:37:15.0059 0768 UlSata - ok

21:37:15.0106 0768 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

21:37:15.0106 0768 ulsata2 - ok

21:37:15.0137 0768 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

21:37:15.0137 0768 umbus - ok

21:37:15.0168 0768 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

21:37:15.0184 0768 upnphost - ok

21:37:15.0262 0768 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

21:37:15.0262 0768 USBAAPL - ok

21:37:15.0293 0768 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

21:37:15.0293 0768 usbccgp - ok

21:37:15.0324 0768 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys

21:37:15.0324 0768 usbcir - ok

21:37:15.0355 0768 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

21:37:15.0355 0768 usbehci - ok

21:37:15.0386 0768 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

21:37:15.0402 0768 usbhub - ok

21:37:15.0418 0768 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

21:37:15.0418 0768 usbohci - ok

21:37:15.0433 0768 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

21:37:15.0449 0768 usbprint - ok

21:37:15.0464 0768 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

21:37:15.0464 0768 usbscan - ok

21:37:15.0480 0768 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:37:15.0480 0768 USBSTOR - ok

21:37:15.0511 0768 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

21:37:15.0511 0768 usbuhci - ok

21:37:15.0542 0768 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

21:37:15.0542 0768 UxSms - ok

21:37:15.0589 0768 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

21:37:15.0605 0768 vds - ok

21:37:15.0605 0768 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

21:37:15.0605 0768 vga - ok

21:37:15.0636 0768 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

21:37:15.0636 0768 VgaSave - ok

21:37:15.0652 0768 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

21:37:15.0652 0768 viaagp - ok

21:37:15.0652 0768 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

21:37:15.0667 0768 ViaC7 - ok

21:37:15.0667 0768 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

21:37:15.0667 0768 viaide - ok

21:37:15.0698 0768 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

21:37:15.0698 0768 volmgr - ok

21:37:15.0730 0768 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

21:37:15.0730 0768 volmgrx - ok

21:37:15.0776 0768 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

21:37:15.0776 0768 volsnap - ok

21:37:15.0808 0768 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

21:37:15.0808 0768 vsmraid - ok

21:37:15.0886 0768 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

21:37:15.0917 0768 VSS - ok

21:37:16.0104 0768 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

21:37:16.0104 0768 W32Time - ok

21:37:16.0182 0768 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

21:37:16.0182 0768 WacomPen - ok

21:37:16.0213 0768 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:37:16.0229 0768 Wanarp - ok

21:37:16.0229 0768 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:37:16.0229 0768 Wanarpv6 - ok

21:37:16.0322 0768 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

21:37:16.0322 0768 wcncsvc - ok

21:37:16.0369 0768 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

21:37:16.0369 0768 WcsPlugInService - ok

21:37:16.0385 0768 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

21:37:16.0385 0768 Wd - ok

21:37:16.0447 0768 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

21:37:16.0463 0768 Wdf01000 - ok

21:37:16.0478 0768 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

21:37:16.0494 0768 WdiServiceHost - ok

21:37:16.0494 0768 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

21:37:16.0510 0768 WdiSystemHost - ok

21:37:16.0525 0768 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

21:37:16.0541 0768 WebClient - ok

21:37:16.0588 0768 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

21:37:16.0603 0768 Wecsvc - ok

21:37:16.0619 0768 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

21:37:16.0634 0768 wercplsupport - ok

21:37:16.0666 0768 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

21:37:16.0666 0768 WerSvc - ok

21:37:16.0728 0768 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

21:37:16.0744 0768 winachsf - ok

21:37:16.0822 0768 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

21:37:16.0837 0768 WinDefend - ok

21:37:16.0837 0768 WinHttpAutoProxySvc - ok

21:37:16.0900 0768 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

21:37:16.0900 0768 Winmgmt - ok

21:37:17.0009 0768 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

21:37:17.0040 0768 WinRM - ok

21:37:17.0180 0768 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

21:37:17.0243 0768 Wlansvc - ok

21:37:17.0414 0768 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:37:17.0461 0768 wlidsvc - ok

21:37:17.0602 0768 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

21:37:17.0617 0768 WmiAcpi - ok

21:37:17.0680 0768 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

21:37:17.0695 0768 wmiApSrv - ok

21:37:17.0804 0768 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

21:37:17.0820 0768 WMPNetworkSvc - ok

21:37:17.0851 0768 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

21:37:17.0867 0768 WPCSvc - ok

21:37:17.0882 0768 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

21:37:17.0882 0768 WPDBusEnum - ok

21:37:17.0929 0768 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

21:37:17.0929 0768 WpdUsb - ok

21:37:18.0054 0768 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

21:37:18.0116 0768 WPFFontCache_v0400 - ok

21:37:18.0179 0768 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

21:37:18.0179 0768 ws2ifsl - ok

21:37:18.0210 0768 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

21:37:18.0210 0768 wscsvc - ok

21:37:18.0226 0768 WSearch - ok

21:37:18.0397 0768 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

21:37:18.0428 0768 wuauserv - ok

21:37:18.0600 0768 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:37:18.0600 0768 WUDFRd - ok

21:37:18.0631 0768 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

21:37:18.0647 0768 wudfsvc - ok

21:37:18.0678 0768 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

21:37:18.0678 0768 XAudio - ok

21:37:18.0740 0768 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe

21:37:18.0756 0768 XAudioService - ok

21:37:18.0803 0768 xcbdaNtsc (da57c74aaeabd6f97f404151069be42e) C:\Windows\system32\DRIVERS\xcbda.sys

21:37:18.0803 0768 xcbdaNtsc - ok

21:37:18.0834 0768 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0

21:37:19.0068 0768 \Device\Harddisk0\DR0 - ok

21:37:19.0068 0768 Boot (0x1200) (5199d79499a07305a0484b2e1f2eb6ea) \Device\Harddisk0\DR0\Partition0

21:37:19.0068 0768 \Device\Harddisk0\DR0\Partition0 - ok

21:37:19.0115 0768 Boot (0x1200) (ee3f9c901a574a5f78dbaa02b1364951) \Device\Harddisk0\DR0\Partition1

21:37:19.0115 0768 \Device\Harddisk0\DR0\Partition1 - ok

21:37:19.0115 0768 ============================================================

21:37:19.0115 0768 Scan finished

21:37:19.0115 0768 ============================================================

21:37:19.0146 2572 Detected object count: 0

21:37:19.0146 2572 Actual detected object count: 0



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 15 July 2012 - 12:16 AM

Greetings


that one looks good so let me have the aswMBR report when it is ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sjie98

sjie98
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 15 July 2012 - 12:41 AM

I think aswMBR is stuck. The last entry on the black screen reads as follows:

22:00:54.372 Scanning: C:\Users\Phillip\AppData\LocalLlow\Sun\Java\jre1.6.0_17\lzma.dll

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 15 July 2012 - 12:43 AM

give it till the top of the hour and then report back to me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sjie98

sjie98
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 15 July 2012 - 01:06 AM

Yup -- still stuck.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 15 July 2012 - 01:10 AM

Greetings

OK go ahead and stop it

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sjie98

sjie98
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 15 July 2012 - 02:36 AM

Combofix initially just stalled and quit without creating a log. I ran it again, and it kept giving me "Error opening file for writing" messages.
I clicked Retry several times, which worked except for the following file: C:\32788R22FWJFW\pev.3xe. At that point, I chose "Ignore to skip this file," and Combofix eventually generated this log:

ComboFix 12-07-14.01 - Phillip 07/14/2012 23:46:05.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1502 [GMT -7:00]
Running from: c:\users\Phillip\Desktop\ComboFix.exe
Command switches used :: c:\users\Phillip\Desktop\CFscript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 07:02 . 2012-07-15 07:02 -------- d-----w- c:\users\Phillip\AppData\Local\temp
2012-07-15 07:02 . 2012-07-15 07:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 04:32 . 2012-03-29 06:28 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-07-15 04:32 . 2012-07-15 04:32 -------- d-----w- c:\windows\LastGood
2012-07-11 10:12 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:30 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 00:30 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 00:30 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 00:30 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 00:30 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 00:30 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-05 17:46 . 2012-07-05 17:46 -------- d-----w- c:\users\Phillip\AppData\Local\Macromedia
2012-07-04 02:31 . 2012-07-04 02:31 -------- d-----w- c:\program files\iPod
2012-07-04 02:31 . 2012-07-04 02:32 -------- d-----w- c:\program files\iTunes
2012-07-04 02:16 . 2012-07-12 13:16 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-29 23:41 . 2012-06-29 23:41 -------- d-----w- c:\users\Phillip\AppData\Roaming\Malwarebytes
2012-06-29 23:40 . 2012-06-29 23:40 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 17:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 17:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 17:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 17:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 17:16 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 17:16 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 17:16 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 17:16 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 17:16 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 13:16 . 2012-04-02 19:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 13:16 . 2011-07-31 16:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 01:14 . 2009-07-11 17:38 900 --sha-w- c:\programdata\KGyGaAvL.sys
2012-05-01 14:03 . 2012-06-14 04:32 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-14 04:31 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 04:31 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 04:31 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-17 17:55 . 2012-04-17 17:23 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-14 22:20 . 2012-07-08 20:31 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
MotionSD STUDIO - SD Browser auto start -.lnk - c:\program files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2008-9-21 67216]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 08:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-09 01:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-09 01:30 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2004-08-10 02:24 45056 ----a-w- c:\program files\Pinnacle\Studio 9\LaunchList.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-08-23 07:35 13535776 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-08-23 07:35 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 20:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 23:26 406016 ------w- c:\windows\System32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 18:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 17:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 10:56 54936 ------w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 19:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94685012
*NewlyCreated* - ASWMBR
*NewlyCreated* - SYMIM
*Deregistered* - 94685012
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:16]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 07:33]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 07:33]
.
2012-07-15 c:\windows\Tasks\NUSchedule.job
- c:\program files\Norton Utilities 15\nu.exe [2012-01-17 21:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\7wd9xkek.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 00:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0x1600C700
[-2048] 0x0000FFFF
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2299067627-4250970703-1701403491-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-2299067627-4250970703-1701403491-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-15 00:05:32
ComboFix-quarantined-files.txt 2012-07-15 07:05
ComboFix2.txt 2012-07-15 03:51
.
Pre-Run: 7,116,689,408 bytes free
Post-Run: 7,145,725,952 bytes free
.
- - End Of File - - 2CE88715A83DDC78B7925C33090942D7




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users