Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect/bookmark potential rootkit


  • This topic is locked This topic is locked
55 replies to this topic

#1 Berley

Berley

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 20 July 2012 - 10:11 PM

Following up on my previous thread at http://www.bleepingcomputer.com/forums/topic461137.html/page__gopid__2768587#entry2768587

I am having continuing problems with a Google redirect problem.

I have run virus scans with multiple products (Norton, Vipre, AVG, and others). I have run 15+ malware searches (Sophos, Malwarebytes, Hijack This, and others). Nothing has found the source of the problem.

I uninstalled Firefox 13 and reinstalled it without success. In response to my thread above, I uninstalled it again with the extra steps and started with a clean copy of Firefox 14. This seemed to fix it for a few days, but the problem has now come back.

So far, I am only seeing the issue in Google with Firefox 13 and 14. I have not had the problem (yet) in Bing or in IE 7.

To date, I have been unsuccessful in running GMER. It will download and launch just fine. But partway through the scan, it gives me a BSOD. The error message refers to a page fault in an unpaged area related to ugldqpob.sys.

Any help is appreciated! Thanks.



DDS log reads:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_31
Run by Offi ce Depot at 19:55:19 on 2012-07-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.124 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\Pixart\Pac207\Monitor.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\office~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_31.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{CE2A9DAD-668C-4BB2-B7C2-AC62F7892524} : DhcpNameServer = 68.87.69.146 68.87.85.98
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\offi ce depot\appdata\roaming\mozilla\firefox\profiles\6qnt6wjk.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/home.php?ref=home
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7de510f3-cca9-435d-9646-839fddec4a42%7D&mid=e0b20de0fc5147d08eb7d15262b220e7-92dab034a4c69181093209e0a3ee6f4127e3e250&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-09%2023%3A42%3A36&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\itunes\mozilla plugins\npitunes (1).dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\offi ce depot\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\offi ce depot\appdata\roaming\mozilla\firefox\profiles\6qnt6wjk.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120720.001\IDSvix86.sys [2012-7-20 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-20 106656]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2007-12-14 5120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S3 BNYYN;BNYYN;c:\users\office~1\appdata\local\temp\bnyyn.exe --> c:\users\office~1\appdata\local\temp\BNYYN.exe [?]
S3 CHSY;CHSY;c:\users\office~1\appdata\local\temp\chsy.exe --> c:\users\office~1\appdata\local\temp\CHSY.exe [?]
S3 CVV;CVV;c:\users\office~1\appdata\local\temp\cvv.exe --> c:\users\office~1\appdata\local\temp\CVV.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S3 GUXMGJB;GUXMGJB;c:\users\office~1\appdata\local\temp\guxmgjb.exe --> c:\users\office~1\appdata\local\temp\GUXMGJB.exe [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2012-7-13 27192]
.
=============== Created Last 30 ================
.
2012-07-19 06:38:53 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-19 05:44:01 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-19 05:44:00 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-18 03:18:07 -------- d-----w- c:\users\offi ce depot\appdata\local\Mozilla
2012-07-18 02:46:37 -------- d-----w- c:\program files\MozBackup
2012-07-17 04:45:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 04:45:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-17 01:46:16 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys
2012-07-17 01:46:14 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys
2012-07-17 01:46:11 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys
2012-07-17 01:46:08 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys
2012-07-17 01:46:07 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys
2012-07-17 01:46:05 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys
2012-07-17 01:46:03 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys
2012-07-17 01:41:25 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003
2012-07-14 20:03:25 -------- d-----w- c:\program files\Webroot
2012-07-14 19:39:31 -------- d-----w- c:\programdata\Downloaded Installations
2012-07-14 19:39:02 -------- d-----w- c:\program files\GFI Software
2012-07-14 19:10:30 14664 ----a-w- c:\windows\stinger.sys
2012-07-14 19:08:17 -------- d-----w- c:\program files\stinger
2012-07-14 16:30:26 -------- d-----w- c:\users\offi ce depot\appdata\roaming\f-secure
2012-07-14 16:28:45 -------- d-----w- c:\programdata\F-Secure
2012-07-14 15:38:55 -------- d-----w- c:\programdata\RegRun
2012-07-14 15:38:31 2 --shatr- c:\windows\winstart.bat
2012-07-14 15:38:04 -------- d-----w- c:\program files\UnHackMe
2012-07-14 06:32:34 -------- d-----w- c:\programdata\Sophos
2012-07-14 06:22:21 73728 ----a-r- c:\users\offi ce depot\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-14 06:22:20 73728 ----a-r- c:\users\offi ce depot\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-14 06:22:20 73728 ----a-r- c:\users\offi ce depot\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-07-14 06:21:14 -------- d-----w- c:\program files\Sophos
2012-07-14 05:54:00 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2012-07-14 04:35:23 100864 ----a-w- C:\ugldqpob.sys
2012-07-14 03:15:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-14 03:15:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-13 13:40:13 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-07-13 03:33:47 -------- d-----w- c:\users\offi ce depot\appdata\roaming\SUPERAntiSpyware.com
2012-07-13 03:32:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-12 22:05:39 -------- d-----w- c:\users\offi ce depot\appdata\roaming\ESET
2012-07-12 22:05:39 -------- d-----w- c:\users\offi ce depot\appdata\local\ESET
2012-07-12 21:01:30 -------- d-----w- c:\programdata\HitmanPro
2012-07-12 18:40:56 -------- d-----w- C:\sh4ldr
2012-07-12 18:40:56 -------- d-----w- c:\program files\Enigma Software Group
2012-07-12 18:37:34 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-07-12 18:37:03 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-07-12 03:51:02 767960 ----a-w- c:\windows\BDTSupport.dll0731.old
2012-07-12 03:51:00 2267096 ----a-w- c:\windows\PCTBDCore.dll0731.old
2012-07-12 03:51:00 149464 ----a-w- c:\windows\SGDetectionTool.dll0731.old
2012-07-12 03:43:30 -------- d-----w- c:\program files\PC Tools
2012-07-12 03:39:10 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-12 03:39:10 -------- d-----w- c:\program files\common files\PC Tools
2012-07-12 03:38:18 -------- d-----w- c:\programdata\PC Tools
2012-07-12 03:38:17 -------- d-----w- c:\users\offi ce depot\appdata\roaming\TestApp
2012-07-12 03:35:55 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-12 03:34:55 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-12 03:34:55 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-12 03:34:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-12 03:34:18 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 03:34:18 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 03:34:18 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 06:31:00 -------- d--h--w- C:\$AVG
2012-07-10 06:05:50 -------- d-----w- c:\users\offi ce depot\appdata\roaming\AVG2012
2012-07-10 05:58:40 -------- d-----w- c:\programdata\AVG2012
2012-07-10 05:52:22 -------- d-----w- c:\program files\AVG
2012-07-10 05:47:16 -------- d--h--w- c:\programdata\Common Files
2012-07-10 05:47:15 -------- d-----w- c:\programdata\MFAData
2012-07-10 03:03:42 -------- d-----w- c:\users\offi ce depot\appdata\roaming\Malwarebytes
2012-07-10 03:02:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 00:38:21 -------- d-----w- c:\users\offi ce depot\appdata\local\NPE
.
==================== Find3M ====================
.
2012-06-05 01:54:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-15 22:04:50 834048 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 20:03:14.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:17 AM

Posted 21 July 2012 - 03:54 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


NEXT




Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 21 July 2012 - 05:57 PM

Thanks -- I appreciate any help or advice you can give. Logs are as follows (I re-ran Avast after TDSS Killer to make sure I had done it properly -- results were identical):

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 15:19:18
-----------------------------
15:19:18.547 OS Version: Windows 6.0.6002 Service Pack 2
15:19:18.547 Number of processors: 2 586 0xE0C
15:19:18.548 ComputerName: KGLaptop UserName:
15:19:21.202 Initialize success
15:19:42.589 AVAST engine defs: 12072100
15:19:49.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
15:19:49.376 Disk 0 Vendor: FUJITSU_MHW2160BH_PL 891F Size: 152627MB BusType: 3
15:19:49.421 Disk 0 MBR read successfully
15:19:49.424 Disk 0 MBR scan
15:19:49.532 Disk 0 unknown MBR code
15:19:49.536 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144302 MB offset 63
15:19:49.568 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8322 MB offset 295531740
15:19:49.622 Disk 0 scanning sectors +312576705
15:19:49.824 Disk 0 scanning C:\Windows\system32\drivers
15:20:42.202 Service scanning
15:21:27.189 Modules scanning
15:21:56.265 Disk 0 trace - called modules:
15:21:56.391 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll
15:21:56.494 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85262850]
15:21:56.500 3 CLASSPNP.SYS[86dab8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84163230]
15:21:57.703 AVAST engine scan C:\Windows
15:22:10.284 AVAST engine scan C:\Windows\system32
15:29:00.246 AVAST engine scan C:\Windows\system32\drivers
15:29:53.514 AVAST engine scan C:\Users\Offi ce Depot
15:37:55.956 AVAST engine scan C:\ProgramData
15:48:48.944 Scan finished successfully
15:53:05.176 Disk 0 MBR has been saved successfully to "C:\Users\Kimberly\Desktop\MBR.dat"
15:53:05.188 The log file has been saved successfully to "C:\Users\Kimberly\Desktop\aswMBR.txt"



15:10:11.0923 4460 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:10:13.0954 4460 ============================================================
15:10:13.0954 4460 Current date / time: 2012/07/21 15:10:13.0954
15:10:13.0954 4460 SystemInfo:
15:10:13.0954 4460
15:10:13.0954 4460 OS Version: 6.0.6002 ServicePack: 2.0
15:10:13.0954 4460 Product type: Workstation
15:10:13.0954 4460 ComputerName: KGLaptop
15:10:13.0955 4460 UserName: Offi ce Depot
15:10:13.0955 4460 Windows directory: C:\Windows
15:10:13.0955 4460 System windows directory: C:\Windows
15:10:13.0955 4460 Processor architecture: Intel x86
15:10:13.0955 4460 Number of processors: 2
15:10:13.0955 4460 Page size: 0x1000
15:10:13.0955 4460 Boot type: Normal boot
15:10:13.0955 4460 ============================================================
15:10:22.0462 4460 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:10:22.0920 4460 ============================================================
15:10:22.0920 4460 \Device\Harddisk0\DR0:
15:10:22.0973 4460 MBR partitions:
15:10:22.0973 4460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x119D749D
15:10:22.0973 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x119D74DC, BlocksNum 0x10415E5
15:10:22.0973 4460 ============================================================
15:10:23.0168 4460 C: <-> \Device\Harddisk0\DR0\Partition0
15:10:23.0247 4460 D: <-> \Device\Harddisk0\DR0\Partition1
15:10:23.0725 4460 ============================================================
15:10:23.0725 4460 Initialize success
15:10:23.0725 4460 ============================================================
15:10:57.0137 0580 ============================================================
15:10:57.0137 0580 Scan started
15:10:57.0137 0580 Mode: Manual; TDLFS;
15:10:57.0137 0580 ============================================================
15:11:02.0618 0580 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:11:02.0696 0580 ACPI - ok
15:11:03.0194 0580 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:11:03.0371 0580 adp94xx - ok
15:11:05.0229 0580 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:11:05.0281 0580 adpahci - ok
15:11:05.0422 0580 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:11:05.0439 0580 adpu160m - ok
15:11:05.0734 0580 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:11:05.0846 0580 adpu320 - ok
15:11:06.0163 0580 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:11:06.0222 0580 AeLookupSvc - ok
15:11:06.0591 0580 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:11:06.0628 0580 AFD - ok
15:11:06.0693 0580 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:11:06.0748 0580 agp440 - ok
15:11:06.0798 0580 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:11:06.0802 0580 aic78xx - ok
15:11:06.0839 0580 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:11:06.0841 0580 ALG - ok
15:11:06.0860 0580 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:11:06.0863 0580 aliide - ok
15:11:06.0890 0580 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:11:06.0893 0580 amdagp - ok
15:11:06.0915 0580 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:11:06.0918 0580 amdide - ok
15:11:06.0987 0580 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:11:06.0990 0580 AmdK7 - ok
15:11:07.0008 0580 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:11:07.0010 0580 AmdK8 - ok
15:11:07.0069 0580 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:11:07.0099 0580 Appinfo - ok
15:11:07.0233 0580 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:11:07.0252 0580 Apple Mobile Device - ok
15:11:07.0321 0580 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:11:07.0325 0580 arc - ok
15:11:07.0445 0580 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:11:07.0448 0580 arcsas - ok
15:11:07.0532 0580 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:11:07.0535 0580 AsyncMac - ok
15:11:07.0564 0580 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:11:07.0567 0580 atapi - ok
15:11:07.0713 0580 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:11:07.0721 0580 AudioEndpointBuilder - ok
15:11:07.0731 0580 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:11:07.0736 0580 Audiosrv - ok
15:11:07.0939 0580 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:11:07.0984 0580 BCM43XV - ok
15:11:08.0038 0580 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:11:08.0041 0580 Beep - ok
15:11:08.0119 0580 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:11:08.0132 0580 BFE - ok
15:11:08.0378 0580 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
15:11:08.0412 0580 BHDrvx86 - ok
15:11:08.0569 0580 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:11:08.0597 0580 BITS - ok
15:11:08.0639 0580 blbdrive - ok
15:11:08.0745 0580 BNYYN - ok
15:11:08.0867 0580 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:11:08.0920 0580 Bonjour Service - ok
15:11:08.0985 0580 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:11:08.0988 0580 bowser - ok
15:11:09.0057 0580 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:11:09.0060 0580 BrFiltLo - ok
15:11:09.0072 0580 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:11:09.0074 0580 BrFiltUp - ok
15:11:09.0114 0580 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:11:09.0117 0580 Browser - ok
15:11:09.0193 0580 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:11:09.0197 0580 Brserid - ok
15:11:09.0213 0580 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:11:09.0216 0580 BrSerWdm - ok
15:11:09.0239 0580 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:11:09.0242 0580 BrUsbMdm - ok
15:11:09.0270 0580 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:11:09.0273 0580 BrUsbSer - ok
15:11:09.0297 0580 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:11:09.0301 0580 BTHMODEM - ok
15:11:09.0404 0580 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\Windows\system32\drivers\BVRPMPR5.SYS
15:11:09.0407 0580 BVRPMPR5 - ok
15:11:09.0488 0580 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:11:09.0512 0580 cdfs - ok
15:11:09.0546 0580 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:11:09.0549 0580 cdrom - ok
15:11:09.0648 0580 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:11:09.0650 0580 CertPropSvc - ok
15:11:09.0687 0580 CHSY - ok
15:11:09.0736 0580 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:11:09.0739 0580 circlass - ok
15:11:09.0826 0580 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:11:09.0834 0580 CLFS - ok
15:11:09.0938 0580 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:11:09.0980 0580 clr_optimization_v2.0.50727_32 - ok
15:11:10.0059 0580 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:11:10.0062 0580 CmBatt - ok
15:11:10.0079 0580 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:11:10.0083 0580 cmdide - ok
15:11:10.0138 0580 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
15:11:10.0145 0580 CnxtHdAudService - ok
15:11:10.0282 0580 Com4Qlb (a5aaa656403e5e7afa9647ce73dbf944) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
15:11:10.0315 0580 Com4Qlb - ok
15:11:10.0377 0580 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:11:10.0399 0580 Compbatt - ok
15:11:10.0428 0580 COMSysApp - ok
15:11:10.0459 0580 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:11:10.0470 0580 crcdisk - ok
15:11:10.0496 0580 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:11:10.0499 0580 Crusoe - ok
15:11:10.0566 0580 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
15:11:10.0571 0580 CryptSvc - ok
15:11:10.0587 0580 CVV - ok
15:11:10.0747 0580 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:11:10.0762 0580 DcomLaunch - ok
15:11:10.0844 0580 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:11:10.0869 0580 DfsC - ok
15:11:11.0186 0580 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:11:11.0296 0580 DFSR - ok
15:11:11.0893 0580 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:11:11.0898 0580 Dhcp - ok
15:11:12.0010 0580 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:11:12.0012 0580 disk - ok
15:11:12.0063 0580 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:11:12.0067 0580 Dnscache - ok
15:11:12.0122 0580 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:11:12.0130 0580 dot3svc - ok
15:11:12.0195 0580 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:11:12.0201 0580 DPS - ok
15:11:12.0280 0580 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:11:12.0300 0580 drmkaud - ok
15:11:12.0433 0580 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
15:11:12.0461 0580 DXGKrnl - ok
15:11:12.0547 0580 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\Windows\system32\DRIVERS\e100b325.sys
15:11:12.0553 0580 E100B - ok
15:11:12.0608 0580 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:11:12.0612 0580 E1G60 - ok
15:11:12.0685 0580 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
15:11:12.0688 0580 eabfiltr - ok
15:11:12.0770 0580 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:11:12.0772 0580 EapHost - ok
15:11:12.0885 0580 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:11:12.0890 0580 Ecache - ok
15:11:13.0063 0580 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:11:13.0080 0580 eeCtrl - ok
15:11:13.0215 0580 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:11:13.0239 0580 ehRecvr - ok
15:11:13.0405 0580 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:11:13.0434 0580 ehSched - ok
15:11:13.0516 0580 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:11:13.0548 0580 ehstart - ok
15:11:13.0997 0580 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:11:14.0012 0580 elxstor - ok
15:11:14.0232 0580 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:11:14.0247 0580 EMDMgmt - ok
15:11:14.0547 0580 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:11:14.0557 0580 EraserUtilRebootDrv - ok
15:11:14.0642 0580 esgiguard - ok
15:11:14.0768 0580 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:11:14.0775 0580 EventSystem - ok
15:11:14.0838 0580 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:11:14.0858 0580 exfat - ok
15:11:14.0917 0580 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:11:14.0923 0580 fastfat - ok
15:11:15.0001 0580 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:11:15.0004 0580 fdc - ok
15:11:15.0065 0580 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:11:15.0067 0580 fdPHost - ok
15:11:15.0103 0580 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:11:15.0106 0580 FDResPub - ok
15:11:15.0157 0580 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:11:15.0174 0580 FileInfo - ok
15:11:15.0202 0580 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:11:15.0206 0580 Filetrace - ok
15:11:15.0225 0580 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:11:15.0228 0580 flpydisk - ok
15:11:15.0286 0580 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:11:15.0309 0580 FltMgr - ok
15:11:15.0398 0580 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:11:15.0404 0580 FontCache3.0.0.0 - ok
15:11:15.0439 0580 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
15:11:15.0443 0580 Fs_Rec - ok
15:11:15.0477 0580 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:11:15.0480 0580 gagp30kx - ok
15:11:15.0634 0580 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:11:15.0638 0580 GEARAspiWDM - ok
15:11:15.0728 0580 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:11:15.0749 0580 gpsvc - ok
15:11:15.0995 0580 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:11:16.0009 0580 gupdate - ok
15:11:16.0047 0580 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:11:16.0048 0580 gupdatem - ok
15:11:16.0124 0580 GUXMGJB - ok
15:11:16.0186 0580 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
15:11:16.0188 0580 HBtnKey - ok
15:11:16.0324 0580 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:11:16.0394 0580 HDAudBus - ok
15:11:16.0419 0580 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:11:16.0422 0580 HidBth - ok
15:11:16.0433 0580 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:11:16.0450 0580 HidIr - ok
15:11:16.0481 0580 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
15:11:16.0483 0580 hidserv - ok
15:11:16.0514 0580 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:11:16.0517 0580 HidUsb - ok
15:11:16.0564 0580 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:11:16.0568 0580 hkmsvc - ok
15:11:16.0700 0580 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
15:11:16.0725 0580 HP Health Check Service - ok
15:11:16.0894 0580 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:11:16.0896 0580 HpCISSs - ok
15:11:17.0038 0580 hpqwmiex (d50fdad1e57aa60f1973cfc77d905f0e) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:11:17.0043 0580 hpqwmiex - ok
15:11:17.0116 0580 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:11:17.0138 0580 HSFHWAZL - ok
15:11:17.0276 0580 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:11:17.0309 0580 HSF_DPV - ok
15:11:17.0419 0580 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:11:17.0450 0580 HSXHWAZL - ok
15:11:17.0543 0580 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:11:17.0569 0580 HTTP - ok
15:11:17.0639 0580 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:11:17.0642 0580 i2omp - ok
15:11:17.0712 0580 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:11:17.0715 0580 i8042prt - ok
15:11:18.0075 0580 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:11:18.0147 0580 ialm - ok
15:11:18.0326 0580 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:11:18.0333 0580 iaStorV - ok
15:11:18.0498 0580 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:11:18.0521 0580 IDriverT - ok
15:11:18.0741 0580 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:11:18.0781 0580 idsvc - ok
15:11:19.0046 0580 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120720.001\IDSvix86.sys
15:11:19.0067 0580 IDSVix86 - ok
15:11:19.0553 0580 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:11:19.0572 0580 igfx - ok
15:11:19.0693 0580 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:11:19.0696 0580 iirsp - ok
15:11:19.0812 0580 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:11:19.0839 0580 IKEEXT - ok
15:11:19.0889 0580 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:11:19.0910 0580 intelide - ok
15:11:19.0954 0580 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:11:19.0957 0580 intelppm - ok
15:11:20.0112 0580 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
15:11:20.0115 0580 IntuitUpdateService - ok
15:11:20.0156 0580 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:11:20.0161 0580 IPBusEnum - ok
15:11:20.0238 0580 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:11:20.0241 0580 IpFilterDriver - ok
15:11:20.0312 0580 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:11:20.0318 0580 iphlpsvc - ok
15:11:20.0330 0580 IpInIp - ok
15:11:20.0459 0580 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:11:20.0471 0580 IPMIDRV - ok
15:11:20.0548 0580 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:11:20.0551 0580 IPNAT - ok
15:11:20.0782 0580 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
15:11:20.0849 0580 iPod Service - ok
15:11:20.0884 0580 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:11:20.0887 0580 IRENUM - ok
15:11:20.0918 0580 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:11:20.0922 0580 isapnp - ok
15:11:20.0997 0580 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:11:21.0003 0580 iScsiPrt - ok
15:11:21.0061 0580 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:11:21.0063 0580 iteatapi - ok
15:11:21.0086 0580 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:11:21.0089 0580 iteraid - ok
15:11:21.0134 0580 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:11:21.0137 0580 kbdclass - ok
15:11:21.0213 0580 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:11:21.0216 0580 kbdhid - ok
15:11:21.0306 0580 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:21.0309 0580 KeyIso - ok
15:11:21.0405 0580 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
15:11:21.0431 0580 KSecDD - ok
15:11:21.0528 0580 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:11:21.0551 0580 KtmRm - ok
15:11:21.0601 0580 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
15:11:21.0606 0580 LanmanServer - ok
15:11:21.0711 0580 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:11:21.0718 0580 LanmanWorkstation - ok
15:11:21.0870 0580 LightScribeService (8577ca80212a3ee1cf2fd1fc91e1cff6) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:11:21.0875 0580 LightScribeService - ok
15:11:21.0914 0580 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:11:21.0943 0580 lltdio - ok
15:11:22.0003 0580 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:11:22.0010 0580 lltdsvc - ok
15:11:22.0090 0580 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:11:22.0123 0580 lmhosts - ok
15:11:22.0306 0580 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:11:22.0309 0580 LSI_FC - ok
15:11:22.0605 0580 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:11:22.0633 0580 LSI_SAS - ok
15:11:22.0736 0580 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:11:22.0740 0580 LSI_SCSI - ok
15:11:22.0930 0580 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:11:22.0956 0580 luafv - ok
15:11:23.0135 0580 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:11:23.0226 0580 Mcx2Svc - ok
15:11:23.0297 0580 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:11:23.0326 0580 mdmxsdk - ok
15:11:23.0495 0580 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:11:23.0512 0580 megasas - ok
15:11:23.0799 0580 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:11:23.0811 0580 MMCSS - ok
15:11:23.0936 0580 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:11:23.0940 0580 Modem - ok
15:11:24.0118 0580 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:11:24.0120 0580 monitor - ok
15:11:24.0374 0580 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:11:24.0377 0580 mouclass - ok
15:11:24.0426 0580 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:11:24.0429 0580 mouhid - ok
15:11:24.0470 0580 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:11:24.0474 0580 MountMgr - ok
15:11:24.0573 0580 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:11:24.0737 0580 MozillaMaintenance - ok
15:11:24.0791 0580 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:11:24.0795 0580 mpio - ok
15:11:24.0840 0580 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:11:24.0842 0580 mpsdrv - ok
15:11:24.0961 0580 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:11:24.0980 0580 MpsSvc - ok
15:11:25.0009 0580 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:11:25.0011 0580 Mraid35x - ok
15:11:25.0121 0580 MREMP50 - ok
15:11:25.0128 0580 MREMPR5 - ok
15:11:25.0135 0580 MRENDIS5 - ok
15:11:25.0154 0580 MRESP50 - ok
15:11:25.0208 0580 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:11:25.0212 0580 MRxDAV - ok
15:11:25.0260 0580 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:11:25.0265 0580 mrxsmb - ok
15:11:25.0327 0580 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:11:25.0334 0580 mrxsmb10 - ok
15:11:25.0350 0580 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:11:25.0354 0580 mrxsmb20 - ok
15:11:25.0414 0580 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:11:25.0417 0580 msahci - ok
15:11:25.0454 0580 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:11:25.0457 0580 msdsm - ok
15:11:25.0506 0580 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:11:25.0526 0580 MSDTC - ok
15:11:25.0565 0580 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:11:25.0569 0580 Msfs - ok
15:11:25.0624 0580 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:11:25.0626 0580 msisadrv - ok
15:11:25.0707 0580 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:11:25.0713 0580 MSiSCSI - ok
15:11:25.0718 0580 msiserver - ok
15:11:25.0820 0580 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:11:25.0823 0580 MSKSSRV - ok
15:11:25.0842 0580 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:11:25.0845 0580 MSPCLOCK - ok
15:11:25.0897 0580 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:11:25.0900 0580 MSPQM - ok
15:11:25.0957 0580 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:11:25.0963 0580 MsRPC - ok
15:11:25.0976 0580 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:11:25.0979 0580 mssmbios - ok
15:11:25.0999 0580 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:11:26.0001 0580 MSTEE - ok
15:11:26.0060 0580 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:11:26.0063 0580 Mup - ok
15:11:26.0195 0580 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
15:11:26.0199 0580 N360 - ok
15:11:26.0284 0580 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:11:26.0346 0580 napagent - ok
15:11:26.0427 0580 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:11:26.0432 0580 NativeWifiP - ok
15:11:26.0622 0580 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120720.024\NAVENG.SYS
15:11:26.0626 0580 NAVENG - ok
15:11:26.0871 0580 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120720.024\NAVEX15.SYS
15:11:26.0932 0580 NAVEX15 - ok
15:11:27.0130 0580 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
15:11:27.0167 0580 NBService - ok
15:11:27.0513 0580 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:11:27.0543 0580 NDIS - ok
15:11:27.0634 0580 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\Windows\system32\DRIVERS\NetMotCM.sys
15:11:27.0636 0580 ndiscm - ok
15:11:27.0673 0580 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:11:27.0676 0580 NdisTapi - ok
15:11:27.0737 0580 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:11:27.0740 0580 Ndisuio - ok
15:11:27.0772 0580 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:11:27.0776 0580 NdisWan - ok
15:11:27.0848 0580 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:11:27.0852 0580 NDProxy - ok
15:11:27.0917 0580 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:11:27.0921 0580 NetBIOS - ok
15:11:27.0978 0580 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:11:27.0983 0580 netbt - ok
15:11:28.0004 0580 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:28.0007 0580 Netlogon - ok
15:11:28.0074 0580 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:11:28.0129 0580 Netman - ok
15:11:28.0191 0580 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:11:28.0198 0580 netprofm - ok
15:11:28.0326 0580 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:11:28.0331 0580 NetTcpPortSharing - ok
15:11:28.0623 0580 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:11:28.0681 0580 NETw3v32 - ok
15:11:29.0173 0580 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys
15:11:29.0273 0580 NETw4v32 - ok
15:11:35.0468 0580 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
15:11:35.0589 0580 NETw5v32 - ok
15:11:37.0260 0580 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:11:37.0262 0580 nfrd960 - ok
15:11:37.0670 0580 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:11:37.0675 0580 NlaSvc - ok
15:11:38.0176 0580 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
15:11:38.0193 0580 NMIndexingService - ok
15:11:38.0237 0580 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:11:38.0240 0580 Npfs - ok
15:11:38.0316 0580 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:11:38.0319 0580 nsi - ok
15:11:38.0357 0580 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:11:38.0360 0580 nsiproxy - ok
15:11:39.0450 0580 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:11:39.0732 0580 Ntfs - ok
15:11:39.0832 0580 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:11:39.0835 0580 ntrigdigi - ok
15:11:39.0922 0580 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:11:39.0938 0580 Null - ok
15:11:40.0207 0580 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:11:40.0233 0580 nvraid - ok
15:11:40.0453 0580 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:11:40.0477 0580 nvstor - ok
15:11:40.0721 0580 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:11:40.0782 0580 nv_agp - ok
15:11:40.0787 0580 NwlnkFlt - ok
15:11:40.0799 0580 NwlnkFwd - ok
15:11:42.0565 0580 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:11:42.0848 0580 odserv - ok
15:11:43.0222 0580 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:11:43.0304 0580 ohci1394 - ok
15:11:44.0119 0580 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:11:44.0249 0580 ose - ok
15:11:45.0541 0580 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:45.0675 0580 p2pimsvc - ok
15:11:45.0685 0580 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:45.0692 0580 p2psvc - ok
15:11:46.0006 0580 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:11:46.0014 0580 Parport - ok
15:11:46.0046 0580 Partizan - ok
15:11:46.0205 0580 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
15:11:46.0224 0580 partmgr - ok
15:11:46.0263 0580 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:11:46.0284 0580 Parvdm - ok
15:11:46.0452 0580 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:11:46.0489 0580 PcaSvc - ok
15:11:46.0895 0580 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:11:46.0967 0580 pci - ok
15:11:47.0074 0580 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
15:11:47.0085 0580 pciide - ok
15:11:47.0380 0580 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:11:47.0392 0580 pcmcia - ok
15:11:48.0914 0580 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:11:49.0341 0580 PEAUTH - ok
15:11:51.0894 0580 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:11:51.0959 0580 pla - ok
15:11:53.0228 0580 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
15:11:53.0266 0580 PLFlash DeviceIoControl Service - ok
15:11:53.0377 0580 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:11:53.0385 0580 PlugPlay - ok
15:11:54.0209 0580 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:54.0215 0580 PNRPAutoReg - ok
15:11:54.0228 0580 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:54.0235 0580 PNRPsvc - ok
15:11:54.0726 0580 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
15:11:54.0729 0580 Point32 - ok
15:12:00.0459 0580 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:12:00.0994 0580 PolicyAgent - ok
15:12:01.0633 0580 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:12:01.0761 0580 PptpMiniport - ok
15:12:02.0230 0580 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:12:02.0278 0580 Processor - ok
15:12:03.0012 0580 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:12:03.0044 0580 ProfSvc - ok
15:12:03.0178 0580 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:12:03.0201 0580 ProtectedStorage - ok
15:12:04.0321 0580 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:12:04.0403 0580 PSched - ok
15:12:10.0857 0580 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:12:11.0099 0580 ql2300 - ok
15:12:11.0274 0580 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:12:11.0292 0580 ql40xx - ok
15:12:12.0847 0580 QPCapSvc (ba396d1c71934e22679d3f4dac17e7ab) C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
15:12:13.0030 0580 QPCapSvc - ok
15:12:13.0294 0580 QPSched (4b455e8c41cad3219ccf53024dcad604) C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
15:12:13.0377 0580 QPSched - ok
15:12:13.0826 0580 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:12:13.0905 0580 QWAVE - ok
15:12:14.0073 0580 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:12:14.0095 0580 QWAVEdrv - ok
15:12:14.0206 0580 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:12:14.0231 0580 RasAcd - ok
15:12:14.0507 0580 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:12:14.0530 0580 RasAuto - ok
15:12:14.0781 0580 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:12:14.0818 0580 Rasl2tp - ok
15:12:15.0032 0580 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:12:15.0039 0580 RasMan - ok
15:12:15.0112 0580 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:12:15.0115 0580 RasPppoe - ok
15:12:15.0182 0580 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:12:15.0185 0580 RasSstp - ok
15:12:15.0332 0580 rcmirror (2564ddfad0e934123f84c74185a3e137) C:\Windows\system32\DRIVERS\rcmirror.sys
15:12:15.0400 0580 rcmirror - ok
15:12:15.0625 0580 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:12:15.0657 0580 rdbss - ok
15:12:15.0713 0580 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:12:15.0715 0580 RDPCDD - ok
15:12:15.0888 0580 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:12:15.0934 0580 rdpdr - ok
15:12:16.0019 0580 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:12:16.0047 0580 RDPENCDD - ok
15:12:16.0343 0580 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
15:12:16.0384 0580 RDPWD - ok
15:12:16.0541 0580 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:12:16.0590 0580 RemoteAccess - ok
15:12:16.0895 0580 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:12:16.0927 0580 RemoteRegistry - ok
15:12:17.0252 0580 RGBCRHFQDKVY - ok
15:12:17.0440 0580 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:12:17.0484 0580 rimmptsk - ok
15:12:17.0757 0580 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
15:12:17.0815 0580 rimsptsk - ok
15:12:18.0145 0580 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:12:18.0204 0580 rismxdp - ok
15:12:19.0493 0580 RoxMediaDB9 (08fb7d968805001c7adcbb14b0651fa2) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
15:12:19.0633 0580 RoxMediaDB9 - ok
15:12:19.0669 0580 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:12:19.0689 0580 RpcLocator - ok
15:12:21.0531 0580 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:12:21.0537 0580 RpcSs - ok
15:12:22.0019 0580 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:12:22.0023 0580 rspndr - ok
15:12:22.0164 0580 rspSanity (42954897224a218d4345e3d65715590a) C:\Windows\system32\DRIVERS\rspSanity32.sys
15:12:22.0172 0580 rspSanity - ok
15:12:22.0298 0580 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:12:22.0300 0580 SamSs - ok
15:12:22.0564 0580 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:12:22.0596 0580 sbp2port - ok
15:12:22.0681 0580 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:12:22.0686 0580 SCardSvr - ok
15:12:24.0615 0580 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:12:24.0665 0580 Schedule - ok
15:12:24.0916 0580 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:12:24.0917 0580 SCPolicySvc - ok
15:12:25.0049 0580 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:12:25.0053 0580 sdbus - ok
15:12:25.0618 0580 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:12:25.0624 0580 SDRSVC - ok
15:12:25.0650 0580 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:12:25.0652 0580 secdrv - ok
15:12:25.0713 0580 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:12:25.0721 0580 seclogon - ok
15:12:25.0782 0580 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:12:25.0785 0580 SENS - ok
15:12:25.0800 0580 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:12:25.0803 0580 Serenum - ok
15:12:25.0826 0580 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:12:25.0831 0580 Serial - ok
15:12:25.0910 0580 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:12:25.0926 0580 sermouse - ok
15:12:25.0993 0580 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:12:26.0001 0580 SessionEnv - ok
15:12:26.0027 0580 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
15:12:26.0030 0580 sffdisk - ok
15:12:26.0049 0580 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:12:26.0052 0580 sffp_mmc - ok
15:12:26.0076 0580 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:12:26.0079 0580 sffp_sd - ok
15:12:26.0101 0580 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:12:26.0103 0580 sfloppy - ok
15:12:26.0149 0580 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:12:26.0165 0580 SharedAccess - ok
15:12:26.0237 0580 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:12:26.0245 0580 ShellHWDetection - ok
15:12:26.0272 0580 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:12:26.0275 0580 sisagp - ok
15:12:26.0292 0580 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:12:26.0295 0580 SiSRaid2 - ok
15:12:26.0319 0580 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:12:26.0323 0580 SiSRaid4 - ok
15:12:29.0681 0580 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:12:29.0907 0580 slsvc - ok
15:12:30.0266 0580 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:12:30.0297 0580 SLUINotify - ok
15:12:30.0353 0580 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:12:30.0356 0580 Smb - ok
15:12:30.0386 0580 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:12:30.0390 0580 SNMPTRAP - ok
15:12:30.0973 0580 SNP2UVC (279c771ed7d5d6132d7fe08efc781fa4) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:12:31.0047 0580 SNP2UVC - ok
15:12:31.0527 0580 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:12:31.0542 0580 spldr - ok
15:12:31.0599 0580 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:12:31.0604 0580 Spooler - ok
15:12:32.0193 0580 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
15:12:32.0228 0580 SRTSP - ok
15:12:32.0307 0580 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
15:12:32.0310 0580 SRTSPX - ok
15:12:32.0388 0580 SRUEYJC - ok
15:12:32.0722 0580 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:12:32.0779 0580 srv - ok
15:12:33.0169 0580 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:12:33.0205 0580 srv2 - ok
15:12:33.0260 0580 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:12:33.0264 0580 srvnet - ok
15:12:33.0330 0580 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:12:33.0335 0580 SSDPSRV - ok
15:12:33.0436 0580 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:12:33.0441 0580 SstpSvc - ok
15:12:33.0564 0580 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:12:33.0627 0580 stisvc - ok
15:12:33.0778 0580 stllssvr (a9a23c8af361f7a93fd632e91a8c346f) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:12:33.0795 0580 stllssvr - ok
15:12:33.0843 0580 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:12:33.0846 0580 swenum - ok
15:12:34.0176 0580 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:12:34.0186 0580 swprv - ok
15:12:34.0235 0580 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:12:34.0238 0580 Symc8xx - ok
15:12:34.0634 0580 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
15:12:34.0655 0580 SymDS - ok
15:12:35.0657 0580 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
15:12:35.0727 0580 SymEFA - ok
15:12:35.0836 0580 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:12:35.0840 0580 SymEvent - ok
15:12:35.0975 0580 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
15:12:35.0984 0580 SymIRON - ok
15:12:36.0058 0580 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS
15:12:36.0073 0580 SYMTDIv - ok
15:12:36.0105 0580 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:12:36.0129 0580 Sym_hi - ok
15:12:36.0161 0580 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:12:36.0163 0580 Sym_u3 - ok
15:12:36.0232 0580 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
15:12:36.0238 0580 SynTP - ok
15:12:36.0802 0580 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:12:36.0837 0580 SysMain - ok
15:12:36.0897 0580 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:12:36.0915 0580 TabletInputService - ok
15:12:37.0341 0580 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:12:37.0366 0580 TapiSrv - ok
15:12:37.0496 0580 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:12:37.0524 0580 TBS - ok
15:12:38.0183 0580 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
15:12:38.0244 0580 Tcpip - ok
15:12:38.0258 0580 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
15:12:38.0265 0580 Tcpip6 - ok
15:12:38.0306 0580 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:12:38.0372 0580 tcpipreg - ok
15:12:38.0396 0580 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:12:38.0398 0580 TDPIPE - ok
15:12:38.0425 0580 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:12:38.0428 0580 TDTCP - ok
15:12:38.0478 0580 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:12:38.0483 0580 tdx - ok
15:12:38.0600 0580 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:12:38.0603 0580 TermDD - ok
15:12:38.0722 0580 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:12:38.0748 0580 TermService - ok
15:12:38.0836 0580 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:12:38.0839 0580 Themes - ok
15:12:38.0924 0580 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:12:38.0940 0580 THREADORDER - ok
15:12:39.0045 0580 TPIBP - ok
15:12:39.0137 0580 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:12:39.0200 0580 TrkWks - ok
15:12:39.0258 0580 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:12:39.0274 0580 TrustedInstaller - ok
15:12:39.0308 0580 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:12:39.0311 0580 tssecsrv - ok
15:12:39.0341 0580 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:12:39.0343 0580 tunmp - ok
15:12:39.0439 0580 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:12:39.0461 0580 tunnel - ok
15:12:39.0502 0580 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:12:39.0505 0580 uagp35 - ok
15:12:39.0578 0580 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:12:39.0584 0580 udfs - ok
15:12:39.0622 0580 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:12:39.0627 0580 UI0Detect - ok
15:12:39.0710 0580 UIUSys - ok
15:12:39.0733 0580 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:12:39.0736 0580 uliagpkx - ok
15:12:39.0776 0580 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:12:39.0783 0580 uliahci - ok
15:12:39.0811 0580 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:12:39.0815 0580 UlSata - ok
15:12:39.0842 0580 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:12:39.0846 0580 ulsata2 - ok
15:12:39.0898 0580 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:12:39.0901 0580 umbus - ok
15:12:40.0165 0580 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:12:40.0179 0580 upnphost - ok
15:12:40.0237 0580 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
15:12:40.0239 0580 USBAAPL - ok
15:12:40.0371 0580 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:12:40.0388 0580 usbaudio - ok
15:12:40.0603 0580 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:12:40.0607 0580 usbccgp - ok
15:12:40.0661 0580 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:12:40.0665 0580 usbcir - ok
15:12:40.0801 0580 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:12:40.0808 0580 usbehci - ok
15:12:40.0912 0580 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:12:40.0924 0580 usbhub - ok
15:12:40.0946 0580 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:12:40.0948 0580 usbohci - ok
15:12:40.0992 0580 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:12:40.0994 0580 usbprint - ok
15:12:41.0027 0580 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:12:41.0030 0580 usbscan - ok
15:12:41.0102 0580 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:12:41.0105 0580 USBSTOR - ok
15:12:41.0143 0580 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:12:41.0147 0580 usbuhci - ok
15:12:41.0293 0580 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:12:41.0308 0580 usbvideo - ok
15:12:41.0352 0580 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:12:41.0356 0580 UxSms - ok
15:12:41.0467 0580 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:12:41.0498 0580 vds - ok
15:12:41.0540 0580 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:12:41.0542 0580 vga - ok
15:12:41.0573 0580 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:12:41.0576 0580 VgaSave - ok
15:12:41.0595 0580 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:12:41.0598 0580 viaagp - ok
15:12:41.0623 0580 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:12:41.0625 0580 ViaC7 - ok
15:12:41.0636 0580 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:12:41.0639 0580 viaide - ok
15:12:41.0762 0580 VIW - ok
15:12:41.0913 0580 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:12:41.0929 0580 volmgr - ok
15:12:42.0284 0580 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:12:42.0312 0580 volmgrx - ok
15:12:42.0610 0580 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:12:42.0616 0580 volsnap - ok
15:12:42.0704 0580 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:12:42.0708 0580 vsmraid - ok
15:12:43.0790 0580 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:12:43.0854 0580 VSS - ok
15:12:43.0985 0580 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:12:44.0003 0580 W32Time - ok
15:12:44.0070 0580 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:12:44.0073 0580 WacomPen - ok
15:12:44.0127 0580 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:44.0129 0580 Wanarp - ok
15:12:44.0134 0580 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:44.0136 0580 Wanarpv6 - ok
15:12:44.0358 0580 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:12:44.0425 0580 wcncsvc - ok
15:12:44.0458 0580 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:12:44.0484 0580 WcsPlugInService - ok
15:12:44.0507 0580 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:12:44.0510 0580 Wd - ok
15:12:44.0620 0580 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:12:44.0632 0580 Wdf01000 - ok
15:12:44.0754 0580 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:12:44.0768 0580 WdiServiceHost - ok
15:12:44.0773 0580 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:12:44.0776 0580 WdiSystemHost - ok
15:12:44.0956 0580 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:12:44.0982 0580 WebClient - ok
15:12:45.0229 0580 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
15:12:45.0298 0580 Wecsvc - ok
15:12:45.0412 0580 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:12:45.0429 0580 wercplsupport - ok
15:12:45.0599 0580 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:12:45.0604 0580 WerSvc - ok
15:12:45.0942 0580 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:12:45.0985 0580 winachsf - ok
15:12:46.0473 0580 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:12:46.0524 0580 WinDefend - ok
15:12:46.0532 0580 WinHttpAutoProxySvc - ok
15:12:46.0661 0580 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:12:46.0682 0580 Winmgmt - ok
15:12:47.0227 0580 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
15:12:47.0261 0580 WinRM - ok
15:12:47.0339 0580 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
15:12:47.0342 0580 winusb - ok
15:12:47.0665 0580 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:12:47.0679 0580 Wlansvc - ok
15:12:47.0725 0580 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:12:47.0727 0580 WmiAcpi - ok
15:12:47.0948 0580 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:12:47.0965 0580 wmiApSrv - ok
15:12:48.0679 0580 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:12:48.0728 0580 WMPNetworkSvc - ok
15:12:48.0772 0580 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:12:48.0779 0580 WPCSvc - ok
15:12:48.0817 0580 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
15:12:48.0833 0580 WPDBusEnum - ok
15:12:48.0962 0580 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:12:48.0992 0580 WpdUsb - ok
15:12:49.0037 0580 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:12:49.0040 0580 ws2ifsl - ok
15:12:49.0074 0580 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
15:12:49.0078 0580 wscsvc - ok
15:12:49.0082 0580 WSearch - ok
15:12:50.0145 0580 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:12:50.0209 0580 wuauserv - ok
15:12:50.0857 0580 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:12:50.0875 0580 WUDFRd - ok
15:12:51.0064 0580 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:12:51.0068 0580 wudfsvc - ok
15:12:51.0123 0580 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
15:12:51.0128 0580 XAudio - ok
15:12:51.0216 0580 XAudioService (cda0bc78672b50c43649ff34e1fd0ff8) C:\Windows\system32\DRIVERS\xaudio.exe
15:12:51.0250 0580 XAudioService - ok
15:12:51.0401 0580 YMGZALP - ok
15:12:51.0408 0580 YXV - ok
15:12:51.0440 0580 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
15:12:52.0298 0580 \Device\Harddisk0\DR0 - ok
15:12:52.0311 0580 Boot (0x1200) (716ce770b82920b2512ea1144ccd75c1) \Device\Harddisk0\DR0\Partition0
15:12:52.0340 0580 \Device\Harddisk0\DR0\Partition0 - ok
15:12:52.0382 0580 Boot (0x1200) (68747b882e784c2b11cc0f525e92c000) \Device\Harddisk0\DR0\Partition1
15:12:52.0417 0580 \Device\Harddisk0\DR0\Partition1 - ok
15:12:52.0420 0580 ============================================================
15:12:52.0421 0580 Scan finished
15:12:52.0421 0580 ============================================================
15:12:52.0437 5720 Detected object count: 0
15:12:52.0437 5720 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   554bytes   0 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:17 AM

Posted 21 July 2012 - 06:07 PM

Please do the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 21 July 2012 - 09:02 PM

ComboFix log reads as follows:

ComboFix 12-07-21.01 - Offi ce Depot 07/21/2012 17:33:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.286 [GMT -7:00]
Running from: c:\users\Kimberly\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 00:47 . 2012-07-22 00:47 -------- d-----w- c:\users\Kim\AppData\Local\temp
2012-07-22 00:47 . 2012-07-22 00:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 06:38 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-19 05:44 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-19 05:44 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-18 03:18 . 2012-07-18 03:18 -------- d-----w- c:\users\Offi ce Depot\AppData\Local\Mozilla
2012-07-18 03:17 . 2012-07-18 03:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-18 02:46 . 2012-07-18 02:46 -------- d-----w- c:\program files\MozBackup
2012-07-17 04:45 . 2012-07-17 04:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-17 04:45 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 01:41 . 2012-07-17 03:33 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003
2012-07-14 20:03 . 2012-07-14 20:03 -------- d-----w- c:\program files\Webroot
2012-07-14 19:39 . 2012-07-14 19:39 -------- d-----w- c:\programdata\Downloaded Installations
2012-07-14 19:39 . 2012-07-14 19:39 -------- d-----w- c:\program files\GFI Software
2012-07-14 19:10 . 2012-07-14 19:10 14664 ----a-w- c:\windows\stinger.sys
2012-07-14 19:08 . 2012-07-14 19:30 -------- d-----w- c:\program files\stinger
2012-07-14 16:30 . 2012-07-14 16:30 -------- d-----w- c:\users\Offi ce Depot\AppData\Roaming\f-secure
2012-07-14 16:28 . 2012-07-14 16:28 -------- d-----w- c:\programdata\F-Secure
2012-07-14 15:38 . 2012-07-14 16:20 -------- d-----w- c:\programdata\RegRun
2012-07-14 15:38 . 2012-07-14 15:38 2 --shatr- c:\windows\winstart.bat
2012-07-14 15:38 . 2012-07-14 16:21 -------- d-----w- c:\program files\UnHackMe
2012-07-14 06:32 . 2012-07-14 06:32 -------- d-----w- c:\programdata\Sophos
2012-07-14 06:22 . 2012-07-14 06:22 73728 ----a-r- c:\users\Offi ce Depot\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-14 06:22 . 2012-07-14 06:22 73728 ----a-r- c:\users\Offi ce Depot\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-14 06:22 . 2012-07-14 06:22 73728 ----a-r- c:\users\Offi ce Depot\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-07-14 06:21 . 2012-07-14 06:21 -------- d-----w- c:\program files\Sophos
2012-07-14 05:54 . 2011-05-04 18:36 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2012-07-14 04:35 . 2012-07-14 04:35 100864 ----a-w- C:\ugldqpob.sys
2012-07-14 03:15 . 2012-07-14 18:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-14 03:15 . 2012-07-14 18:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-13 13:40 . 2012-07-14 01:52 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-07-13 03:33 . 2012-07-13 03:33 -------- d-----w- c:\users\Offi ce Depot\AppData\Roaming\SUPERAntiSpyware.com
2012-07-13 03:32 . 2012-07-13 03:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-12 22:05 . 2012-07-12 22:05 -------- d-----w- c:\users\Offi ce Depot\AppData\Local\ESET
2012-07-12 21:01 . 2012-07-12 21:16 -------- d-----w- c:\programdata\HitmanPro
2012-07-12 18:40 . 2012-07-13 00:59 -------- d-----w- C:\sh4ldr
2012-07-12 18:40 . 2012-07-12 18:40 -------- d-----w- c:\program files\Enigma Software Group
2012-07-12 18:37 . 2012-07-13 00:56 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-07-12 18:37 . 2012-07-12 18:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-12 03:51 . 2012-06-14 19:31 767960 ----a-w- c:\windows\BDTSupport.dll0731.old
2012-07-12 03:51 . 2012-06-14 19:31 2267096 ----a-w- c:\windows\PCTBDCore.dll0731.old
2012-07-12 03:51 . 2012-06-14 19:31 149464 ----a-w- c:\windows\SGDetectionTool.dll0731.old
2012-07-12 03:43 . 2012-07-12 03:43 -------- d-----w- c:\program files\PC Tools
2012-07-12 03:39 . 2012-07-13 02:16 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-12 03:39 . 2012-05-11 18:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-12 03:38 . 2012-07-15 06:02 -------- d-----w- c:\programdata\PC Tools
2012-07-12 03:38 . 2012-07-12 03:38 -------- d-----w- c:\users\Offi ce Depot\AppData\Roaming\TestApp
2012-07-12 03:35 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 03:34 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-12 03:34 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-12 03:34 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-12 03:34 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 03:34 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 03:34 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 06:31 . 2012-07-12 01:57 -------- d-----w- C:\$AVG
2012-07-10 06:05 . 2012-07-10 06:05 -------- d-----w- c:\users\Offi ce Depot\AppData\Roaming\AVG2012
2012-07-10 05:58 . 2012-07-12 02:57 -------- d-----w- c:\programdata\AVG2012
2012-07-10 05:52 . 2012-07-10 05:52 -------- d-----w- c:\program files\AVG
2012-07-10 05:47 . 2012-07-10 05:47 -------- d--h--w- c:\programdata\Common Files
2012-07-10 05:47 . 2012-07-12 02:08 -------- d-----w- c:\programdata\MFAData
2012-07-10 03:03 . 2012-07-10 03:03 -------- d-----w- c:\users\Offi ce Depot\AppData\Roaming\Malwarebytes
2012-07-10 03:02 . 2012-07-10 03:02 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 00:38 . 2012-07-09 01:11 -------- d-----w- c:\users\Offi ce Depot\AppData\Local\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 01:54 . 2012-06-05 01:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 22:19 . 2012-06-09 01:01 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-09 01:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:03 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-09 01:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-09 01:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-09 01:01 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-09 01:02 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-15 22:04 . 2012-06-15 01:48 834048 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 14:03 . 2012-06-15 01:37 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 00:17 . 2012-07-18 03:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-04-08 1647912]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"PAC207_Monitor"="c:\windows\Pixart\Pac207\Monitor.exe" [2007-12-10 323584]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-05 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Offi ce Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 70371188
*Deregistered* - 70371188
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 23:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 20:05]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 20:05]
.
2012-07-06 c:\windows\Tasks\HPCeeScheduleForOffi ce Depot.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-19 21:23]
.
2012-07-22 c:\windows\Tasks\User_Feed_Synchronization-{C3BE97EF-787A-48D2-8F4C-D9CFF673B600}.job
- c:\windows\system32\msfeedssync.exe [2008-09-04 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Offi ce Depot\AppData\Roaming\Mozilla\Firefox\Profiles\6qnt6wjk.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/home.php?ref=home
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7de510f3-cca9-435d-9646-839fddec4a42%7D&mid=e0b20de0fc5147d08eb7d15262b220e7-92dab034a4c69181093209e0a3ee6f4127e3e250&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-09%2023%3A42%3A36&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 17:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-21 17:55:09
ComboFix-quarantined-files.txt 2012-07-22 00:54
.
Pre-Run: 65,637,367,808 bytes free
Post-Run: 65,739,665,408 bytes free
.
- - End Of File - - E11154B083921E61C51E06AA224A10BD

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:17 AM

Posted 21 July 2012 - 09:13 PM

please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 21 July 2012 - 10:12 PM

OTL log is as follows:

OTL logfile created on: 7/21/2012 7:24:39 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Kimberly\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.31 Mb Total Physical Memory | 368.57 Mb Available Physical Memory | 36.37% Memory free
2.52 Gb Paging File | 1.58 Gb Available in Paging File | 62.78% Paging File free
Paging file location(s): c:\pagefile.sys 1600 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.92 Gb Total Space | 61.28 Gb Free Space | 43.48% Space Free | Partition Type: NTFS
Drive D: | 8.13 Gb Total Space | 1.22 Gb Free Space | 15.00% Space Free | Partition Type: NTFS

Computer Name: KGLaptop | User Name: Offi ce Depot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 19:21:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kimberly\Downloads\OTL.exe
PRC - [2012/06/04 18:54:12 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/08 09:56:30 | 001,647,912 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
PRC - [2008/01/22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac207\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/12/19 19:28:32 | 000,345,384 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/12/19 19:28:20 | 000,251,288 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/12/19 19:28:20 | 000,120,208 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/12/19 19:28:20 | 000,038,184 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/12/19 19:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 16:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\YXV.exe -- (YXV)
SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\YMGZALP.exe -- (YMGZALP)
SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\VIW.exe -- (VIW)
SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\TPIBP.exe -- (TPIBP)
SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\SRUEYJC.exe -- (SRUEYJC)
SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\RGBCRHFQDKVY.exe -- (RGBCRHFQDKVY)
SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\GUXMGJB.exe -- (GUXMGJB)
SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\CVV.exe -- (CVV)
SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\CHSY.exe -- (CHSY)
SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\BNYYN.exe -- (BNYYN)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/18 17:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 11:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120720.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/31 18:47:02 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 18:47:02 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 18:30:28 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120720.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 18:30:27 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120720.024\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/03 08:51:52 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/05/04 11:36:32 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2011/04/20 18:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2009/04/10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/06/10 14:04:28 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/14 13:48:16 | 000,005,120 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2007/10/31 18:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/23 14:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/07 14:15:14 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/16 02:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 21:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 19:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2004/02/09 13:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {9748A70E-2C34-4E6D-B368-81C214721410}
IE - HKLM\..\SearchScopes\{61FBACB3-E8CE-4F01-8815-2BC6B991FA77}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
IE - HKLM\..\SearchScopes\{9748A70E-2C34-4E6D-B368-81C214721410}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKLM\..\SearchScopes\{B03AA86A-D1DF-4705-89C1-8BF7BD02F118}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\SearchScopes\{61FBACB3-E8CE-4F01-8815-2BC6B991FA77}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D7AECDC0-D80D-4360-B445-06ECA3F21252}&mid=e0b20de0fc5147d08eb7d15262b220e7-92dab034a4c69181093209e0a3ee6f4127e3e250&lang=en&ds=AVG&pr=pr&d=2012-07-09 23:42:36&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\SearchScopes\{9748A70E-2C34-4E6D-B368-81C214721410}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NSS&chn=retail&geo=US&ver=4
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\SearchScopes\{B03AA86A-D1DF-4705-89C1-8BF7BD02F118}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/home.php?ref=home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:3.0.31.0
FF - prefs.js..extensions.enabledItems: ga-IE@dictionaries.addons.mozilla.org:4.5.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B7de510f3-cca9-435d-9646-839fddec4a42%7D&mid=e0b20de0fc5147d08eb7d15262b220e7-92dab034a4c69181093209e0a3ee6f4127e3e250&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-09%2023%3A42%3A36&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Offi ce Depot\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 09:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/07/21 18:01:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/04 18:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/04 18:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 20:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2012/07/17 20:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Offi ce Depot\AppData\Roaming\mozilla\Extensions
[2012/07/17 20:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Offi ce Depot\AppData\Roaming\mozilla\Firefox\Profiles\6qnt6wjk.default\extensions
[2012/07/17 20:25:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Offi ce Depot\AppData\Roaming\mozilla\Firefox\Profiles\6qnt6wjk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/17 20:25:44 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Users\Offi ce Depot\AppData\Roaming\mozilla\Firefox\Profiles\6qnt6wjk.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012/07/17 20:25:43 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Offi ce Depot\AppData\Roaming\mozilla\Firefox\Profiles\6qnt6wjk.default\extensions\2020Player@2020Technologies.com
[2012/07/17 20:25:44 | 000,000,000 | ---D | M] (Litreoir GaelSpell do Mhozilla) -- C:\Users\Offi ce Depot\AppData\Roaming\mozilla\Firefox\Profiles\6qnt6wjk.default\extensions\ga-IE@dictionaries.addons.mozilla.org
[2012/07/17 20:25:44 | 000,000,000 | ---D | M] (Yiddish spell checker (YIVO)) -- C:\Users\Offi ce Depot\AppData\Roaming\mozilla\Firefox\Profiles\6qnt6wjk.default\extensions\yi@dictionaries.addons.mozilla.org
[2012/02/25 21:58:14 | 000,002,468 | ---- | M] () -- C:\Users\Offi ce Depot\AppData\Roaming\Mozilla\Firefox\Profiles\6qnt6wjk.default\searchplugins\safesearch.xml
[2012/07/17 20:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/22 20:51:10 | 000,049,303 | ---- | M] () (No name found) -- C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
[2008/01/18 22:49:14 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\MKMQLQAWAP@MKMQLQAWAP.ORG.XPI
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\Pixart\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D397078-D39D-4699-93C7-15D8C45D702E}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE2A9DAD-668C-4BB2-B7C2-AC62F7892524}: DhcpNameServer = 68.87.69.146 68.87.85.98
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Vacation Pictures\North Coast\Ireland 016.jpg
O24 - Desktop BackupWallPaper: C:\Vacation Pictures\North Coast\Ireland 016.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/04 17:31:48 | 000,000,154 | ---- | M] () - C:\AUTOEXEC.BAR -- [ NTFS ]
O32 - AutoRun File - [2007/04/19 12:20:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/09/27 19:31:46 | 000,000,150 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 18:00:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/21 17:52:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/21 17:28:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/21 17:28:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/21 17:28:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/21 17:28:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/21 17:26:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/21 17:24:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/17 20:18:07 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Roaming\Mozilla
[2012/07/17 20:18:07 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Local\Mozilla
[2012/07/17 20:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/17 20:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/07/17 19:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012/07/17 19:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012/07/16 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/16 21:45:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/16 21:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/14 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012/07/14 12:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/07/14 12:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\GFI Software
[2012/07/14 12:10:30 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/14 12:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/07/14 09:45:57 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\Desktop\RootkitRevealer
[2012/07/14 09:30:26 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Roaming\f-secure
[2012/07/14 09:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/07/14 08:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/07/14 08:38:26 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\Documents\RegRun2
[2012/07/14 08:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/07/13 23:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/07/13 23:21:58 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/13 23:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/07/13 22:54:00 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspSanity32.sys
[2012/07/13 21:35:23 | 000,100,864 | ---- | C] (GMER) -- C:\ugldqpob.sys
[2012/07/13 20:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/13 20:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/13 06:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/07/13 06:40:13 | 000,000,000 | ---D | C] -- C:\Users\Kimberly\Documents\Anti-Malware
[2012/07/12 20:33:47 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/12 20:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/12 15:05:39 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Roaming\ESET
[2012/07/12 15:05:39 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Local\ESET
[2012/07/12 14:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/12 11:40:56 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/12 11:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/12 11:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/07/12 05:30:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/11 20:51:00 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0731.old
[2012/07/11 20:51:00 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0731.old
[2012/07/11 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/07/11 20:39:10 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/07/11 20:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/07/11 20:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/11 20:38:17 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Roaming\TestApp
[2012/07/09 23:31:00 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/09 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Roaming\AVG2012
[2012/07/09 22:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/09 22:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/09 22:47:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/09 22:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/09 20:03:42 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Roaming\Malwarebytes
[2012/07/09 20:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/08 17:38:21 | 000,000,000 | ---D | C] -- C:\Users\Offi ce Depot\AppData\Local\NPE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/21 19:40:21 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C3BE97EF-787A-48D2-8F4C-D9CFF673B600}.job
[2012/07/21 19:01:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/21 18:54:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 18:02:28 | 000,000,254 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/07/21 18:00:57 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 18:00:48 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 18:00:48 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 18:00:39 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/21 15:54:32 | 000,000,554 | ---- | M] () -- C:\Users\Kimberly\Desktop\MBR.zip
[2012/07/21 15:53:05 | 000,000,512 | ---- | M] () -- C:\Users\Kimberly\Desktop\MBR.dat
[2012/07/20 20:05:24 | 000,006,089 | ---- | M] () -- C:\Users\Kimberly\Desktop\Attach.zip
[2012/07/20 18:50:32 | 219,703,454 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/20 18:25:54 | 000,000,000 | ---- | M] () -- C:\Users\Offi ce Depot\defogger_reenable
[2012/07/20 09:26:04 | 000,000,938 | ---- | M] () -- C:\Users\Offi ce Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/19 18:57:04 | 000,431,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/18 23:39:49 | 002,441,024 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502020.003\Cat.DB
[2012/07/17 20:17:57 | 000,000,870 | ---- | M] () -- C:\Users\Offi ce Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/17 20:17:54 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/17 19:48:05 | 018,565,890 | ---- | M] () -- C:\Users\Kimberly\Documents\Firefox 13.0.1 (en-US) - 2012-07-17.pcv
[2012/07/17 19:46:45 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012/07/16 21:45:27 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 20:34:57 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/07/14 12:51:05 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/14 12:51:05 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/14 12:10:30 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/14 11:43:53 | 1331,146,376 | ---- | M] () -- C:\Windows\System32\BZZPGK
[2012/07/14 08:38:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/14 08:38:31 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2012/07/14 08:38:31 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/07/13 23:21:59 | 000,002,054 | ---- | M] () -- C:\Users\Kimberly\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/13 23:04:20 | 000,005,042 | ---- | M] () -- C:\Users\Offi ce Depot\AppData\Local\Temp17.html
[2012/07/13 23:01:53 | 000,001,293 | ---- | M] () -- C:\Users\Offi ce Depot\AppData\Local\Temp1.html
[2012/07/13 21:35:23 | 000,100,864 | ---- | M] (GMER) -- C:\ugldqpob.sys
[2012/07/13 19:28:31 | 000,330,518 | ---- | M] () -- C:\Users\Offi ce Depot\AppData\Local\census.cache
[2012/07/13 19:27:58 | 000,239,736 | ---- | M] () -- C:\Users\Offi ce Depot\AppData\Local\ars.cache
[2012/07/13 19:09:35 | 000,000,036 | ---- | M] () -- C:\Users\Offi ce Depot\AppData\Local\housecall.guid.cache
[2012/07/12 14:52:56 | 002,316,199 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/11 19:06:58 | 000,122,376 | ---- | M] () -- C:\Users\Kimberly\Documents\bookmarks.html
[2012/07/11 18:25:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502020.003\isolate.ini
[2012/07/09 23:24:59 | 000,000,680 | ---- | M] () -- C:\Users\Offi ce Depot\AppData\Local\d3d9caps.dat
[2012/07/06 07:24:32 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOffi ce Depot.job
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 17:28:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/21 17:28:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/21 17:28:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/21 17:28:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/21 17:28:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/21 15:54:32 | 000,000,554 | ---- | C] () -- C:\Users\Kimberly\Desktop\MBR.zip
[2012/07/21 15:53:05 | 000,000,512 | ---- | C] () -- C:\Users\Kimberly\Desktop\MBR.dat
[2012/07/20 20:05:24 | 000,006,089 | ---- | C] () -- C:\Users\Kimberly\Desktop\Attach.zip
[2012/07/20 18:25:54 | 000,000,000 | ---- | C] () -- C:\Users\Offi ce Depot\defogger_reenable
[2012/07/17 20:17:54 | 000,000,870 | ---- | C] () -- C:\Users\Offi ce Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/17 20:17:53 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/17 20:17:53 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/17 19:47:46 | 018,565,890 | ---- | C] () -- C:\Users\Kimberly\Documents\Firefox 13.0.1 (en-US) - 2012-07-17.pcv
[2012/07/17 19:46:42 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012/07/16 21:45:27 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/14 11:02:12 | 1331,146,376 | ---- | C] () -- C:\Windows\System32\BZZPGK
[2012/07/14 09:56:55 | 1063,313,408 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/14 08:38:31 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/07/13 23:21:59 | 000,002,054 | ---- | C] () -- C:\Users\Kimberly\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/13 23:04:20 | 000,005,042 | ---- | C] () -- C:\Users\Offi ce Depot\AppData\Local\Temp17.html
[2012/07/13 22:54:26 | 000,001,293 | ---- | C] () -- C:\Users\Offi ce Depot\AppData\Local\Temp1.html
[2012/07/13 21:17:30 | 219,703,454 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/13 19:28:31 | 000,330,518 | ---- | C] () -- C:\Users\Offi ce Depot\AppData\Local\census.cache
[2012/07/13 19:27:58 | 000,239,736 | ---- | C] () -- C:\Users\Offi ce Depot\AppData\Local\ars.cache
[2012/07/13 19:09:35 | 000,000,036 | ---- | C] () -- C:\Users\Offi ce Depot\AppData\Local\housecall.guid.cache
[2012/07/11 20:51:02 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0731.old
[2012/07/11 20:39:29 | 002,316,199 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/11 19:06:55 | 000,122,376 | ---- | C] () -- C:\Users\Kimberly\Documents\bookmarks.html
[2011/05/18 18:02:14 | 000,001,940 | ---- | C] () -- C:\Users\Offi ce Depot\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/02/15 21:45:15 | 000,177,238 | ---- | C] () -- C:\Users\Offi ce Depot\Introduction to Internet-based Financial Investigations ANC G11EHE35 Feb 2011.pdf
[2010/12/13 21:39:19 | 000,600,538 | ---- | C] () -- C:\Users\Offi ce Depot\3485_FireplaceRebateForm.pdf
[2008/06/13 17:51:24 | 000,000,600 | ---- | C] () -- C:\Users\Offi ce Depot\PUTTY.RND
[2007/10/14 12:32:38 | 000,035,840 | ---- | C] () -- C:\Users\Offi ce Depot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 16:13:48 | 000,000,680 | ---- | C] () -- C:\Users\Offi ce Depot\AppData\Local\d3d9caps.dat
[2007/08/08 08:26:39 | 000,000,000 | ---- | C] () -- C:\Users\Offi ce Depot\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/04/18 18:56:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/04/18 18:56:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2008/05/29 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\MSNInstaller
[2008/05/29 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\muvee Technologies
[2008/05/29 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\PlayFirst
[2008/05/29 19:38:20 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Template
[2008/05/29 19:38:20 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\WildTangent
[2012/07/09 23:05:50 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\AVG2012
[2012/07/12 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\ESET
[2012/07/14 09:30:26 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\f-secure
[2010/05/31 15:17:13 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\Facebook
[2011/03/06 10:52:59 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\Jaran Nilsen
[2009/06/14 10:40:28 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\Memorex
[2007/09/16 06:49:10 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\MSNInstaller
[2008/05/03 14:32:17 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\muvee Technologies
[2012/05/25 18:20:06 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\OpswatLogs
[2007/09/24 05:47:57 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\PlayFirst
[2012/05/25 18:17:56 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\QuickScan
[2007/08/08 08:26:40 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\Template
[2012/07/11 20:38:17 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\TestApp
[2011/03/05 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\Tific
[2007/08/14 11:29:51 | 000,000,000 | ---D | M] -- C:\Users\Offi ce Depot\AppData\Roaming\WildTangent
[2012/07/21 17:59:14 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/21 19:40:21 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C3BE97EF-787A-48D2-8F4C-D9CFF673B600}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2004/10/10 12:40:48 | 016,706,160 | ---- | M] (Netopsystems AG) -- C:\AdbeRdr60_enu_full.exe
[2004/10/05 09:45:38 | 004,322,816 | ---- | M] () -- C:\epson10001.exe
[2004/10/05 09:45:00 | 001,775,104 | ---- | M] () -- C:\epson10002.exe
[2004/10/04 22:02:02 | 039,005,370 | ---- | M] () -- C:\NISP2004.exe
[2004/10/10 12:39:22 | 006,811,656 | ---- | M] (Adobe Systems, Inc. ) -- C:\psa201se_us.exe

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[1995/07/11 09:50:00 | 000,204,288 | ---- | M] (Microsoft Corporation) MD5=40978DF82DAAFAD93117A0D81FAE5C5F -- C:\Old DOS Drive\WINDOWS\EXPLORER.EXE
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/08/26 20:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/08/26 19:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 00:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/01/19 00:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 02:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 02:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 02:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006/11/02 02:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 00:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHW2160BH PL ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 141.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 151312250880
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1247C505
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



Extras log reads as follows:

OTL Extras logfile created on: 7/21/2012 7:24:39 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Kimberly\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.31 Mb Total Physical Memory | 368.57 Mb Available Physical Memory | 36.37% Memory free
2.52 Gb Paging File | 1.58 Gb Available in Paging File | 62.78% Paging File free
Paging file location(s): c:\pagefile.sys 1600 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.92 Gb Total Space | 61.28 Gb Free Space | 43.48% Space Free | Partition Type: NTFS
Drive D: | 8.13 Gb Total Space | 1.22 Gb Free Space | 15.00% Space Free | Partition Type: NTFS

Computer Name: KGLaptop | User Name: Offi ce Depot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1679439931-1325832678-2400834029-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DCF99D0-E576-4477-BDC8-96C7D999E189}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66965CE4-2BA5-41F4-94DE-D1C55D4518AB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{87C3AB2E-C3EC-4EFA-9FEA-1EDCBE5C4837}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8DC7DAAC-C01E-4DFE-B408-1326F8B8AD44}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{91387057-28F5-4D3A-A529-9956393CBD97}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{99AED9E3-7CD3-4A1E-A0AE-46983CFC78D7}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{9FD2B28E-D399-48BD-BE95-27DCFA83271F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B1E1846B-6491-45C6-B48D-F3735F2D0ED0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BBAB55BA-A82F-46BD-A479-0A69B3672C14}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C418CA89-2021-4E05-8198-D608D47FCE4D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB8BFE60-271F-49AD-AABA-EFDCEC17D7CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1786BAFC-578D-443E-9CFC-CC28FE9E5610}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{1CB5E2B2-223D-4192-BDDA-189A900AEFBA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1E76D665-BF8E-43B1-8017-3DDB47E06063}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{382CF5D5-0CA8-4F06-A05A-A9488F41206A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3DB012EE-6E52-4CC3-BC1C-1EDE18C342D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{411D0265-523C-4C23-93B2-A686144EE2E7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{47D191A1-570E-4EFF-B07F-F76986A93000}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5AA088B7-9D70-496B-80B2-D37233BC8250}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BE4639C-3E4F-4882-91F1-923A8D76967A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{81FD7D73-EC3A-4ADA-B141-B0383E285FEB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{83763B22-43F7-4C24-B3AA-EC948D4D93E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{84E83ADF-958D-4CD5-8269-075069945A44}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F681EF6-DD11-4FD2-BDC9-ECDC5C695A3B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{996EBD35-5809-4CDD-AC96-9EA2610271C5}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A07CD5B6-9B9D-40AB-9555-43055215DAA3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A3E61AF1-A002-4E7E-B4BE-F96F7D7A1906}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A618E181-A524-4E62-8E77-D364DE34850C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A6D2A9AF-709D-49F4-A166-266D7F660970}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB3FECE0-925D-40D5-8B35-6B6083B2384E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C0DC3360-617F-45C0-8385-70F9B1C6AB8F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C4F427ED-54B8-4434-B0F7-EACE5091A372}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D557D09B-AA28-4BD8-B38C-FCBEA15DA5A8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DEB11A5F-7BA1-4A2F-ADA4-A8C8234B0E58}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}" = CIF USB Camera
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1ACA994D-3EF6-45E8-9206-19B599BEE31B}" = HP RC Mirror Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111088727}" = Chicken Invaders 2 - Christmas Edition
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88B743CB-F3E0-4456-AD08-40EE991EC28E}" = Microsoft Expression Studio 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D9B5CB4C-ACA5-483F-900F-5A5B5F511033}" = Nero BackItUp 2 Essentials
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FAC20C98-35F4-49E9-B4E3-6A4FB2E9686C}" = LightScribe Template Labeler
"{FCCC555E-166C-426A-A98C-39C80AE7C081}" = HP User Guides 0082
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Chicken Invaders_is1" = Chicken Invaders v1.30
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS Word Word Count & Frequency Statistics Software_is1" = MS Word Word Count & Frequency Statistics Software
"MSNINST" = MSN
"N360" = Norton Security Suite
"PROSet" = Intel® Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"RealPlayer 6.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"WildTangent hplaptop Master Uninstall" = My HP Games
"XWeb" = Microsoft Expression Web 2
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1679439931-1325832678-2400834029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"iTunes Agent 1.3.4" = iTunes Agent 1.3.4
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2012 9:07:14 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16801

Error - 7/21/2012 9:07:15 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2012 9:07:15 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17831

Error - 7/21/2012 9:07:15 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17831

Error - 7/21/2012 9:07:16 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2012 9:07:16 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18860

Error - 7/21/2012 9:07:16 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18860

Error - 7/21/2012 9:07:17 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2012 9:07:17 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19874

Error - 7/21/2012 9:07:17 PM | Computer Name = KGLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19874

[ OSession Events ]
Error - 1/20/2008 8:21:06 AM | Computer Name = KGLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 856367
seconds with 420 seconds of active time. This session ended with a crash.

Error - 2/13/2008 10:54:47 AM | Computer Name = KGLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41662
seconds with 1920 seconds of active time. This session ended with a crash.

Error - 5/23/2008 12:49:18 PM | Computer Name = KGLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52805
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/15/2008 9:49:27 PM | Computer Name = KGLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2624
seconds with 420 seconds of active time. This session ended with a crash.

Error - 9/6/2008 2:22:23 PM | Computer Name = KGLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1084. This session
lasted 2475 seconds with 1740 seconds of active time. This session ended with a
crash.

Error - 12/31/2009 3:09:46 PM | Computer Name = KGLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8110
seconds with 3780 seconds of active time. This session ended with a crash.

Error - 1/3/2010 1:31:59 AM | Computer Name = KGLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 31783 seconds with 120 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 7/21/2012 10:01:06 PM | Computer Name = KGLaptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 7/21/2012 10:01:07 PM | Computer Name = KGLaptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 7/21/2012 10:01:24 PM | Computer Name = KGLaptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 7/21/2012 10:01:25 PM | Computer Name = KGLaptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 7/21/2012 10:01:26 PM | Computer Name = KGLaptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 7/21/2012 10:01:27 PM | Computer Name = KGLaptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 7/21/2012 10:01:28 PM | Computer Name = KGLaptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 7/21/2012 10:01:29 PM | Computer Name = KGLaptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 7/21/2012 10:01:29 PM | Computer Name = KGLaptop | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 7/21/2012 10:01:30 PM | Computer Name = KGLaptop | Source = PlugPlayManager | ID = 12
Description = The device 'MATbleepA DVD-RAM UJ-851S ATA Device' (IDE\CdRomMATbleepA_DVD-RAM_UJ-851S________________1.50____\5&61dfa57&0&0.0.0)
disappeared from the system without first being prepared for removal.


< End of report >

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:17 AM

Posted 22 July 2012 - 10:21 AM

Please run the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\YXV.exe -- (YXV)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\YMGZALP.exe -- (YMGZALP)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\VIW.exe -- (VIW)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\TPIBP.exe -- (TPIBP)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\SRUEYJC.exe -- (SRUEYJC)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\RGBCRHFQDKVY.exe -- (RGBCRHFQDKVY)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\GUXMGJB.exe -- (GUXMGJB)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\CVV.exe -- (CVV)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\CHSY.exe -- (CHSY)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\BNYYN.exe -- (BNYYN)
    [2012/03/22 20:51:10 | 000,049,303 | ---- | M] () (No name found) -- C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
    [2008/01/18 22:49:14 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\MKMQLQAWAP@MKMQLQAWAP.ORG.XPI
    O3 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    [2012/07/14 11:43:53 | 1331,146,376 | ---- | M] () -- C:\Windows\System32\BZZPGK
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 22 July 2012 - 06:18 PM

I think we're getting somewhere! OTL log is:

All processes killed
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\YXV.exe -- (YXV)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\YMGZALP.exe -- (YMGZALP)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\VIW.exe -- (VIW)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\TPIBP.exe -- (TPIBP)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\SRUEYJC.exe -- (SRUEYJC)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\RGBCRHFQDKVY.exe -- (RGBCRHFQDKVY)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\GUXMGJB.exe -- (GUXMGJB)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\CVV.exe -- (CVV)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\CHSY.exe -- (CHSY)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\BNYYN.exe -- (BNYYN)> in the current context!
Error: Unable to interpret <[2012/03/22 20:51:10 | 000,049,303 | ---- | M] () (No name found) -- C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI> in the current context!
Error: Unable to interpret <[2008/01/18 22:49:14 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\MKMQLQAWAP@MKMQLQAWAP.ORG.XPI> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)> in the current context!
Error: Unable to interpret <[2012/07/14 11:43:53 | 1331,146,376 | ---- | M] () -- C:\Windows\System32\BZZPGK> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kimberly\Downloads\cmd.bat deleted successfully.
C:\Users\Kimberly\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33304 bytes
->Java cache emptied: 512160 bytes
->FireFox cache emptied: 66796366 bytes
->Flash cache emptied: 10615 bytes

User: Kimberly
->Temp folder emptied: 0 bytes

User: Offi ce Depot
->Temp folder emptied: 33348 bytes
->Temporary Internet Files folder emptied: 28692652 bytes
->Java cache emptied: 23720271 bytes
->FireFox cache emptied: 187204490 bytes
->Flash cache emptied: 316933 bytes

User: Office Depot
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1639168 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 295.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07222012_100321

Files\Folders moved on Reboot...
C:\Users\Offi ce Depot\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Offi ce Depot\AppData\Local\Temp\ehmsas.txt not found!

Registry entries deleted on Reboot...

ESETSCAN results:

C:\ProgramData\Downloaded Installations\{2AA218C6-7766-49C7-8C8D-0263DFA72DD5}\{3B2908FD-8908-4B9E-9D88-E77CAA13411D}\SBVIPRE_FW_EN.msi Win32/KeyLogger.UltimateKeylogger.AD application
C:\Users\All Users\Downloaded Installations\{2AA218C6-7766-49C7-8C8D-0263DFA72DD5}\{3B2908FD-8908-4B9E-9D88-E77CAA13411D}\SBVIPRE_FW_EN.msi Win32/KeyLogger.UltimateKeylogger.AD application
C:\Users\Kimberly\Documents\Firefox 13.0.1 (en-US) - 2012-07-17.pcv JS/Redirector.NCA trojan
C:\Users\Offi ce Depot\AppData\Roaming\Mozilla\Firefox\Profiles\6qnt6wjk.default\extensions\mkmqlqawap@mkmqlqawap.org.xpi JS/Redirector.NCA trojan

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:17 AM

Posted 22 July 2012 - 06:28 PM

Hi,

the OTL fix didn't work properly, make sure you start the copying with the colon in front of the word :OTL

we have a few more items to add to the fix so please do the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\YXV.exe -- (YXV)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\YMGZALP.exe -- (YMGZALP)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\VIW.exe -- (VIW)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\TPIBP.exe -- (TPIBP)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\SRUEYJC.exe -- (SRUEYJC)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\RGBCRHFQDKVY.exe -- (RGBCRHFQDKVY)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\GUXMGJB.exe -- (GUXMGJB)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\CVV.exe -- (CVV)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\CHSY.exe -- (CHSY)
    SRV - File not found [On_Demand | Stopped] -- C:\Users\OFFICE~1\AppData\Local\Temp\BNYYN.exe -- (BNYYN)
    [2012/03/22 20:51:10 | 000,049,303 | ---- | M] () (No name found) -- C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI
    [2008/01/18 22:49:14 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\MKMQLQAWAP@MKMQLQAWAP.ORG.XPI
    O3 - HKU\S-1-5-21-1679439931-1325832678-2400834029-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    [2012/07/14 11:43:53 | 1331,146,376 | ---- | M] () -- C:\Windows\System32\BZZPGK
    
    :Files
    ipconfig /flushdns /c
    C:\ProgramData\Downloaded Installations\{2AA218C6-7766-49C7-8C8D-0263DFA72DD5}\{3B2908FD-8908-4B9E-9D88-E77CAA13411D}\SBVIPRE_FW_EN.msi 
    C:\Users\All Users\Downloaded Installations\{2AA218C6-7766-49C7-8C8D-0263DFA72DD5}\{3B2908FD-8908-4B9E-9D88-E77CAA13411D}\SBVIPRE_FW_EN.msi 
    C:\Users\Kimberly\Documents\Firefox 13.0.1 (en-US) - 2012-07-17.pcv 
    C:\Users\Offi ce Depot\AppData\Roaming\Mozilla\Firefox\Profiles\6qnt6wjk.default\extensions\mkmqlqawap@mkmqlqawap.org.xpi 
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 22 July 2012 - 07:56 PM

Ah. I see the issue. Re-done with log as follows:

All processes killed
========== OTL ==========
Service YXV stopped successfully!
Service YXV deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\YXV.exe not found.
Service YMGZALP stopped successfully!
Service YMGZALP deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\YMGZALP.exe not found.
Service VIW stopped successfully!
Service VIW deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\VIW.exe not found.
Service TPIBP stopped successfully!
Service TPIBP deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\TPIBP.exe not found.
Service SRUEYJC stopped successfully!
Service SRUEYJC deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\SRUEYJC.exe not found.
Service RGBCRHFQDKVY stopped successfully!
Service RGBCRHFQDKVY deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\RGBCRHFQDKVY.exe not found.
Service GUXMGJB stopped successfully!
Service GUXMGJB deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\GUXMGJB.exe not found.
Service CVV stopped successfully!
Service CVV deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\CVV.exe not found.
Service CHSY stopped successfully!
Service CHSY deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\CHSY.exe not found.
Service BNYYN stopped successfully!
Service BNYYN deleted successfully!
File C:\Users\OFFICE~1\AppData\Local\Temp\BNYYN.exe not found.
C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI moved successfully.
C:\USERS\OFFI CE DEPOT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6QNT6WJK.DEFAULT\EXTENSIONS\MKMQLQAWAP@MKMQLQAWAP.ORG.XPI moved successfully.
Registry value HKEY_USERS\S-1-5-21-1679439931-1325832678-2400834029-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Launcher deleted successfully.
C:\Windows\SMINST\Launcher.exe moved successfully.
C:\Windows\System32\BZZPGK moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kimberly\Downloads\cmd.bat deleted successfully.
C:\Users\Kimberly\Downloads\cmd.txt deleted successfully.
C:\ProgramData\Downloaded Installations\{2AA218C6-7766-49C7-8C8D-0263DFA72DD5}\{3B2908FD-8908-4B9E-9D88-E77CAA13411D}\SBVIPRE_FW_EN.msi moved successfully.
File\Folder C:\Users\All Users\Downloaded Installations\{2AA218C6-7766-49C7-8C8D-0263DFA72DD5}\{3B2908FD-8908-4B9E-9D88-E77CAA13411D}\SBVIPRE_FW_EN.msi not found.
C:\Users\Kimberly\Documents\Firefox 13.0.1 (en-US) - 2012-07-17.pcv moved successfully.
File\Folder C:\Users\Offi ce Depot\AppData\Roaming\Mozilla\Firefox\Profiles\6qnt6wjk.default\extensions\mkmqlqawap@mkmqlqawap.org.xpi not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kimberly
->Temp folder emptied: 0 bytes

User: Offi ce Depot
->Temp folder emptied: 32588 bytes
->Temporary Internet Files folder emptied: 108610 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67662429 bytes
->Flash cache emptied: 566 bytes

User: Office Depot
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07222012_164152

Files\Folders moved on Reboot...
C:\Users\Offi ce Depot\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Offi ce Depot\AppData\Local\Temp\ehmsas.txt not found!

Registry entries deleted on Reboot...

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:17 AM

Posted 22 July 2012 - 09:13 PM

please do the following:


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT



Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 22 July 2012 - 09:47 PM

Thanks -- will do!

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:17 AM

Posted 23 July 2012 - 09:55 AM

are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 23 July 2012 - 08:25 PM

So far, so good. Nothing has popped up yet. I'll keep you posted. (Last time, it took a few days for the problem to reappear.)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users