Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.zeroaccess


  • This topic is locked This topic is locked
32 replies to this topic

#1 nashvegas12

nashvegas12

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:19 PM

Posted 03 August 2012 - 09:37 AM

Hello and thanks in advance to any/all who can help!

I am on a Windows 7 machine and run Norton 360 Premier edition and Windows Defender. I am a functionally literate computer user and am basically illiterate when it comes to the processes, functioning and inner system working of my machine. I do follow instructions well and know just enough to be to help someone to help me figure out if my machine is still running trojan.zeroaccess.

Details:

On 7/31/2012 I received a notification from Norton that trojan.zeroaccess had been detected and quarantined with no further action necessary. Just to be safe, I ran a full system scan which detected nothing. My computer seemed to functioning normally and I was not concerned.

On 8/02/2012 at around 1:30-2:00 pm, I noticed that my internet connection was extremely slow and at times seemed to drop completely. I ran basic speed and connection tests and confirmed that my connection was dropping and when connected was running between 35-287 kbit/s. Our usual speed is 1.70 mbit/s. Called cable company to see if there were any outages or maintenance in our area. They said no but refreshed the signal to our router. The connection problems continued so I re-set the router. Connection problems continued through out the day.

On 8/2/2012 at around 7:30 pm, I received another notification from Norton that trojan.zeroaccess had been detected and quarantined with no further action necessary. At this point I became concerned that my connection problems were possible due to a backdoor being opened and the trojan running on my system. Ran a full system scan with Norton, then windows defender. Nada.

Then I checked my Norton log files (see below)and became very concerned that my firewall was being flooded. The following actions were and are still completing multiple times per second: IP address has disappeared from adapter teredo tunneling pseudo interface..., Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface, IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected, Default Block SSDP\" blocked (192.168.1.1, Port (2869) ). Inbound TCP connection. ",Detected,No Action, stealthed (OWNER-PC (192.168.1.2), Port (5355) ). Inbound UDP packet, Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet.

I do realize that teredo tunneling pseudo interface has something to do with IPv4 vs IPv6 and in and of it's self is not an attack or virus. However, I have never seen anything remotely like it in my log history and it appeared exactly at the time that I began experiencing connection problems.

Here is what I have already done:

I ran defogger to disable CD Emulation drivers

Then I ran Security Check and here is the log:
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360 Premier Edition
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (14.0.)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome Plugins...
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Symantec Norton Online Backup NOBuAgent.exe
Symantec Norton Online Backup NOBuClient.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

Then I ran DDS and here are the logs:

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 7:08:54 on 2012-08-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.4622 [GMT -5:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\agent_x64.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Owner\Desktop\tdsskiller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLSPRO~1.LNK - C:\Program Files (x86)\MLSPropertyMessenger\MLSPropertyMessenger.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C269D93A-139D-41E6-8BC5-DF2B7F6D5253} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C269D93A-139D-41E6-8BC5-DF2B7F6D5253}\2375942554431373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C269D93A-139D-41E6-8BC5-DF2B7F6D5253}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C269D93A-139D-41E6-8BC5-DF2B7F6D5253}\D416E64616C61697241697D225F6F6D637D234F687 : DhcpNameServer = 68.111.16.30 68.111.16.25
TCP: Interfaces\{F209B616-3E57-4C18-97F0-71CD8E559F76} : DhcpNameServer = 4.2.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ps4ii1jb.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPdfac.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120802.001\IDSviA64.sys [2012-8-2 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-15 98208]
R2 Agent;Agent;C:\Windows\agent_x64.exe [2012-7-3 102912]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe [2012-5-25 138232]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-5-1 4710040]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-16 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-16 2656280]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-15 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-15 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-19 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-03 07:38:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A9F7689-6A4A-4797-873D-5B9897A305FB}\offreg.dll
2012-08-03 07:38:16 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A9F7689-6A4A-4797-873D-5B9897A305FB}\mpengine.dll
2012-08-02 21:18:54 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2012-07-30 16:50:48 -------- d-----w- C:\Users\Owner\AppData\Local\Thunderbird
2012-07-30 14:58:33 -------- d-----w- C:\Users\Owner\AppData\Local\{A2537C99-08C9-461F-869F-4DD14F3F4F3A}
2012-07-30 14:58:22 -------- d-----w- C:\Users\Owner\AppData\Local\{3FD60C82-E808-4FB7-8EF9-C3E135E8ED32}
2012-07-29 16:08:06 -------- d-----w- C:\Users\Owner\AppData\Local\{E3CD2BB1-13F4-4819-A0F3-A18D14BADF26}
2012-07-29 16:07:55 -------- d-----w- C:\Users\Owner\AppData\Local\{B58C49DE-1EED-4880-B4C7-4ACE24DE55B4}
2012-07-29 01:59:15 -------- d-----w- C:\Users\Owner\AppData\Local\{A6379687-920E-4B48-8945-4A1FE7E1080D}
2012-07-29 01:59:03 -------- d-----w- C:\Users\Owner\AppData\Local\{8FD895E0-F841-44ED-9F77-685CA2E3E501}
2012-07-28 13:58:36 -------- d-----w- C:\Users\Owner\AppData\Local\{A640A036-5D89-45E2-8D62-68E4B4CCB817}
2012-07-28 13:58:21 -------- d-----w- C:\Users\Owner\AppData\Local\{44259CDA-EAD0-449F-8448-0FC18A2A3392}
2012-07-27 19:22:28 -------- d-----w- C:\Users\Owner\AppData\Local\{EBAB78DF-FF44-444D-A4C3-399122FD1437}
2012-07-27 19:22:16 -------- d-----w- C:\Users\Owner\AppData\Local\{01ED163A-6474-472A-8579-CD241F6B9CD4}
2012-07-27 07:22:03 -------- d-----w- C:\Users\Owner\AppData\Local\{175A3C13-AA2C-4EA6-A5E9-61B9BD02C0E7}
2012-07-27 07:21:50 -------- d-----w- C:\Users\Owner\AppData\Local\{E3159025-DCCB-43AC-AE9F-ED8202D5B35F}
2012-07-26 16:41:40 -------- d-----w- C:\Users\Owner\AppData\Local\{FFE432C6-2546-4E55-8619-DF7F5186EB16}
2012-07-26 16:41:26 -------- d-----w- C:\Users\Owner\AppData\Local\{862170DB-4A52-4F74-B829-DD2AB0215D3C}
2012-07-26 04:41:12 -------- d-----w- C:\Users\Owner\AppData\Local\{AB2C664A-264D-478C-A00D-772AE1ABDF3A}
2012-07-26 04:41:01 -------- d-----w- C:\Users\Owner\AppData\Local\{FA7A1DBA-2AC9-4CEF-B5A8-052A784C9930}
2012-07-25 16:40:35 -------- d-----w- C:\Users\Owner\AppData\Local\{8F8D40A3-46F7-4FF9-A11F-2AEB9BFF0773}
2012-07-25 16:40:24 -------- d-----w- C:\Users\Owner\AppData\Local\{F2AD83EB-F0E1-4E18-A369-B5DDB59CCA90}
2012-07-25 04:39:57 -------- d-----w- C:\Users\Owner\AppData\Local\{4BC2C197-597A-4CFE-8BCB-BDD689CD96F9}
2012-07-25 04:39:35 -------- d-----w- C:\Users\Owner\AppData\Local\{573D92FF-F136-4095-A878-26651B033CC3}
2012-07-24 16:21:15 -------- d-----w- C:\Users\Owner\AppData\Local\{7C23EE4F-27CB-44DF-B462-1A99600BDA3E}
2012-07-24 16:20:51 -------- d-----w- C:\Users\Owner\AppData\Local\{E9332934-0296-4E6E-A86D-384D532C982B}
2012-07-23 06:07:56 -------- d-----w- C:\Users\Owner\AppData\Local\{44A112D8-99B6-4E65-9EC4-E96AEC935796}
2012-07-23 06:07:42 -------- d-----w- C:\Users\Owner\AppData\Local\{4E3F48B7-D711-47EE-9F58-57B83CE221D8}
2012-07-22 16:36:42 -------- d-----w- C:\Users\Owner\AppData\Local\{94B48BA0-ACFC-450B-8625-676BE97723B9}
2012-07-22 16:36:14 -------- d-----w- C:\Users\Owner\AppData\Local\{70A3C60B-C424-4E08-8860-D54C4AC0EF1A}
2012-07-21 15:29:37 -------- d-----w- C:\Users\Owner\AppData\Local\{37EB7313-2DF0-4990-9BC4-045055F71727}
2012-07-21 15:29:23 -------- d-----w- C:\Users\Owner\AppData\Local\{86647C72-C5DE-4C09-B766-AEFC96421BD5}
2012-07-20 17:23:06 -------- d-----w- C:\Users\Owner\AppData\Local\{7E1E7F19-BF1C-48D4-865B-6AAED392657C}
2012-07-20 17:22:54 -------- d-----w- C:\Users\Owner\AppData\Local\{3520E81F-7FD8-4CD4-8DFD-E0D1193C58E8}
2012-07-20 05:34:00 -------- d-----w- C:\Users\Owner\AppData\Local\DDMSettings
2012-07-20 05:25:51 -------- d-----w- C:\Program Files (x86)\AC3Filter
2012-07-20 04:40:26 -------- d-----w- C:\Users\Owner\AppData\Local\{7D1E6A28-40D9-48C4-BCE1-B1A12BA8D028}
2012-07-20 04:40:03 -------- d-----w- C:\Users\Owner\AppData\Local\{B18FB780-40D2-4606-8ADA-7A33BE4CEF72}
2012-07-19 16:39:38 -------- d-----w- C:\Users\Owner\AppData\Local\{F83837D9-448B-4545-A8DA-F31B9935BDB2}
2012-07-19 16:39:27 -------- d-----w- C:\Users\Owner\AppData\Local\{9F1CF7E7-0B55-4A3E-BD15-314CB7CA1AC8}
2012-07-18 16:42:22 -------- d-----w- C:\Users\Owner\AppData\Local\{86B742D1-07D4-44A3-A540-0B70B6D46AB4}
2012-07-18 16:42:09 -------- d-----w- C:\Users\Owner\AppData\Local\{D35F6771-1EE4-4E00-8BFB-02447830AB81}
2012-07-17 17:47:58 -------- d-----w- C:\Users\Owner\AppData\Local\{5418939E-2F4B-49BC-A4CC-3717360D0DD7}
2012-07-17 17:47:45 -------- d-----w- C:\Users\Owner\AppData\Local\{1FC09D3A-2571-44F3-B31F-7699E4F38CAD}
2012-07-16 17:17:04 -------- d-----w- C:\Users\Owner\AppData\Local\{2C7612DF-DB60-405A-BF7D-EF58D245A384}
2012-07-16 17:16:52 -------- d-----w- C:\Users\Owner\AppData\Local\{861457C4-61E3-48A2-82E2-BB5F0E5CFBA8}
2012-07-13 00:35:16 -------- d-----w- C:\Users\Owner\AppData\Local\{FC6385D3-B76B-484A-BA9B-87CE9FA413FD}
2012-07-13 00:34:38 -------- d-----w- C:\Users\Owner\AppData\Local\{67658502-E469-41C9-AB38-510115075F24}
2012-07-12 11:31:05 -------- d-----w- C:\Users\Owner\AppData\Local\{2FD5DB95-4D32-4B26-A530-BFC2AEC7CA24}
2012-07-12 11:30:54 -------- d-----w- C:\Users\Owner\AppData\Local\{1069E2D6-6BC1-4EBF-91F4-1F2AFFEA32E1}
2012-07-11 15:36:07 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 02:25:59 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-10 02:51:18 -------- d-----w- C:\Users\Owner\AppData\Local\{CDF4ED61-22DF-4B01-9189-225F06E4695C}
2012-07-10 02:51:06 -------- d-----w- C:\Users\Owner\AppData\Local\{A59770FD-54E4-4125-B9E2-5360D8651A5B}
2012-07-07 17:03:14 -------- d-----w- C:\Users\Owner\AppData\Local\{76ECC84C-4693-47A8-B2D0-9DB9789E5503}
2012-07-07 17:03:03 -------- d-----w- C:\Users\Owner\AppData\Local\{DF152E47-534D-4BF4-BDB7-67535E5E52A8}
2012-07-07 04:03:02 -------- d-----w- C:\Users\Owner\AppData\Local\{424A01CE-6D3D-404B-B413-4E2DE21C01F6}
2012-07-07 04:02:51 -------- d-----w- C:\Users\Owner\AppData\Local\{7200DBAA-D6E1-4FDD-B81E-22C47876EE24}
2012-07-06 16:02:37 -------- d-----w- C:\Users\Owner\AppData\Local\{2325FB62-ED11-4393-9C17-6E0C01FEFE2F}
2012-07-06 16:02:26 -------- d-----w- C:\Users\Owner\AppData\Local\{0038F97D-FF0B-4A41-9461-69282BD286DC}
2012-07-06 04:02:13 -------- d-----w- C:\Users\Owner\AppData\Local\{8D685441-2463-4CCE-8C62-ED07E51B3DFC}
2012-07-06 04:02:01 -------- d-----w- C:\Users\Owner\AppData\Local\{41469218-FBFB-4B7A-B5B0-8EB3FE621E92}
2012-07-05 16:01:45 -------- d-----w- C:\Users\Owner\AppData\Local\{092F53FD-4D49-481D-837E-459750EC0876}
2012-07-05 16:01:30 -------- d-----w- C:\Users\Owner\AppData\Local\{65EA7FFB-2D7E-4DF4-88A8-18FD72A0845F}
2012-07-04 21:56:51 -------- d-----w- C:\Users\Owner\AppData\Local\{7E9E1718-15EE-43B2-A3F4-27A814C889E3}
2012-07-04 21:56:35 -------- d-----w- C:\Users\Owner\AppData\Local\{3D1C1C36-DA79-4048-BE4B-FF531A1A33D5}
.
==================== Find3M ====================
.
2012-08-03 02:52:55 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 02:52:55 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-28 12:09:04 52320 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2012-05-28 12:09:04 2168416 ----a-w- C:\Windows\System32\coin91.dll
2012-05-25 14:12:57 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 7:09:22.12 ===============

Attach.txt
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/12/2011 8:51:00 AM
System Uptime: 8/3/2012 12:03:41 AM (7 hours ago)
.
Motherboard: Dell Inc. | | 0YH79Y
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 600.377 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Renesas Electronics USB 3.0 Root Hub
Device ID: NUSB3\ROOT_HUB30\5&201E6131&2
Manufacturer: Renesas Electronics
Name: Renesas Electronics USB 3.0 Root Hub
PNP Device ID: NUSB3\ROOT_HUB30\5&201E6131&2
Service: nusb3hub
.
Class GUID:
Description: Intel® Centrino® Wireless-N + WiMAX 6150
Device ID: USB\VID_8087&PID_07D9\6&35403779&1&6
Manufacturer:
Name: Intel® Centrino® Wireless-N + WiMAX 6150
PNP Device ID: USB\VID_8087&PID_07D9\6&35403779&1&6
Service:
.
==== System Restore Points ===================
.
RP192: 7/30/2012 1:14:37 PM - Windows Live Essentials
RP193: 7/30/2012 1:15:01 PM - WLSetup
RP194: 7/31/2012 11:05:19 AM - Windows Update
RP195: 8/2/2012 7:25:56 PM - Windows Update
.
==== Installed Programs ======================
.
ABBYY PDF Transformer 2.0
AC3Filter 2.5b
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader X (10.1.3) MUI
Advanced Audio FX Engine
Amazon Kindle
Amazon MP3 Downloader 1.0.15
Amazon Unbox Video
Avery Template
Best Buy pc app
Canon Easy-PhotoPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
Cisco WebEx Meetings
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Driver Download Manager
Dell Getting Started Guide
Dell Product Registration
Dell Webcam Central
DivX Setup
Dropbox
Easy CD-DA Extractor 16
Google Chrome
Google Talk (remove only)
Google Update Helper
H&R Block Louisiana 2011
H&R Block Premium + Efile + State 2011
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Wireless Display
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 31
join.me
mediAvatar PDF to PowerPoint Converter
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Neat
Neat Core Files
NEC Electronics USB 3.0 Host Controller Driver
Norton 360 Premier Edition
Norton Online Backup
Quicken 2012
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Serif PagePlus X6
Skype Click to Call
Skype™ 5.10
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/2/2012 8:56:21 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
8/2/2012 7:34:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
8/2/2012 3:00:55 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.7. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
8/2/2012 1:47:06 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HG_HUNTER_XPS that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C269D93A-139D-41E6-8BC5-DF2B7F6D5253}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

Will post Norton Log in a post below as it is too long for this post.

Many, Many thanks in advance to anyone who can help me determine if a trojan is running on my system and if so, how to remove it!

BC AdBot (Login to Remove)

 


#2 nashvegas12

nashvegas12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:19 PM

Posted 03 August 2012 - 10:47 AM

Here is the Norton Log:

Category: Scan Results
Date & Time,Risk,Activity,Status,Scan Time (d:h:m:s),Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped

Files,Total Security Risks Detected,Total Security Risks Resolved,Total Security Risks Requiring Attention,Tracking Cookies,Tracking Cookies Resolved
2012-08-02 17:21:04,Info,Quick Scan results,Completed,0:00:03:23,"14,497","3,568",789,"7,002","3,129",9,"1,349",0,0,0,0,,
2012-08-02 9:11:43,Info,Quick Scan results,Completed,0:00:03:38,"13,928","3,598",789,"6,410","3,122",9,"1,378",0,0,0,0,,
2012-08-01 23:39:41,Info,Quick Scan results,Completed,0:00:02:59,"13,977","3,593",789,"6,525","3,061",9,"1,373",91,0,0,0,,
2012-08-01 14:13:44,Info,Quick Scan results,Completed,0:00:03:14,"15,715","3,627",789,"8,415","2,875",9,"1,407",0,0,0,0,,
2012-08-01 11:08:37,Info,Quick Scan results,Completed,0:00:03:52,"14,133","3,563",789,"6,897","2,875",9,"1,349",0,0,0,0,,
2012-07-31 12:36:51,Info,Quick Scan results,Completed,0:00:02:52,"13,889","3,548",789,"6,738","2,805",9,"1,335",86,0,0,0,,

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
2012-08-02 19:40:42,High,0.5311225334621753.exe (Trojan.Zeroaccess) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\users\owner\0.5311225334621753.exe
2012-07-31 0:42:30,High,n (Trojan.Zeroaccess) detected by Auto-Protect,Blocked,Resolved - No Action Required,
2012-07-14 22:06:47,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012-06-13 18:12:04,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012-02-14 11:23:26,Low,ucek+dyt.exe.part (Adware.Clkpotato!gen3) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\owner\appdata\local\temp\ucek+dyt.exe.part

Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
2012-08-02 19:40:42,High,0.5311225334621753.exe (Trojan.Zeroaccess) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\users\owner\0.5311225334621753.exe
2012-02-14 11:23:26,Low,ucek+dyt.exe.part (Adware.Clkpotato!gen3) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\owner\appdata\local\temp\ucek+dyt.exe.part

Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Category,Gateway IP Address,Subnet Identifier,Gateway Physical Address
2012-08-02 19:36:19,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::144a:1e1c:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 19:36:19,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:144a:1e1c:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 19:36:19,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::c60:1e1c:3f57:fefd%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 19:36:19,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:c60:1e1c:3f57:fefd).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 19:36:19,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
2012-08-02 19:36:19,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0,
2012-08-02 19:36:18,Info,Connected to a shared network. (E0 46 9A 84 02 EE),Shared,No Action Required,,,,E0 46 9A 84 02 EE
2012-08-02 19:36:14,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::c60:1e1c:3f57:fefd%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 19:36:14,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:c60:1e1c:3f57:fefd).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 19:36:14,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::8bc:34fa:9d3e:5b85%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 19:36:14,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:8bc:34fa:9d3e:5b85).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 19:35:56,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::8bc:34fa:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 19:35:56,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:8bc:34fa:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 19:35:56,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::4f:34fa:3f57:fefd%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 19:35:56,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:4f:34fa:3f57:fefd).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 19:35:04,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::4f:34fa:3f57:fefd%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 19:35:04,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:4f:34fa:3f57:fefd).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 19:34:35,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: fe80::3879:2f02:a7c8:99dc%11).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 19:34:35,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: 192.168.1.2).",Detected,No Action Required,Firewall

- Network and Connections,,,
2012-08-02 19:34:21,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,Firewall - Network and

Connections,,,
2012-08-02 19:34:21,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,Firewall -

Network and Connections,,,
2012-08-02 15:42:14,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::fb:1a83:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:42:14,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:fb:1a83:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:42:14,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::1899:2523:9d3e:5b85%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:42:14,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:1899:2523:9d3e:5b85).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:39:40,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::1899:2523:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:39:40,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:1899:2523:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:39:40,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::3039:2523:3f57:fefd%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:39:40,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:3039:2523:3f57:fefd).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:39:09,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
2012-08-02 15:39:09,Info,Connected to a shared network. (E0 46 9A 84 02 EE),Shared,No Action Required,,,,E0 46 9A 84 02 EE
2012-08-02 15:39:08,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::3039:2523:3f57:fefd%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:39:08,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:3039:2523:3f57:fefd).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:39:02,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: fe80::3879:2f02:a7c8:99dc%11).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:39:02,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: 192.168.1.2).",Detected,No Action Required,Firewall

- Network and Connections,,,
2012-08-02 15:35:06,Info,IP address has disappeared from adapter Intel® Centrino® Wireless-N 1030 and is no longer being protected (IP address: fe80::3879:2f02:a7c8:99dc%11).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:35:06,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:4d9:343b:9cf4:a2d3).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:35:06,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::4d9:343b:9cf4:a2d3%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:35:06,Info,IP address has disappeared from adapter Intel® Centrino® Wireless-N 1030 and is no longer being protected (IP address: 192.168.1.90).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:25:45,Info,Connected to a shared network. (B0 E7 54 04 E1 89),Shared,No Action Required,,,,B0 E7 54 04 E1 89
2012-08-02 15:25:44,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:4d9:343b:9cf4:a2d3).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:25:44,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::4d9:343b:9cf4:a2d3%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:25:44,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: 192.168.1.90).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:25:44,Info,IP address has disappeared from adapter Intel® Centrino® Wireless-N 1030 and is no longer being protected (IP address: 192.168.1.2).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:24:29,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::20f6:172c:9d3e:5b85%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:24:29,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:20f6:172c:9d3e:5b85).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:10:31,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::20f6:172c:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:10:31,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:20f6:172c:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:10:31,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::1c92:172c:3f57:fefd%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:10:31,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:1c92:172c:3f57:fefd).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:10:26,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::1c92:172c:3f57:fefd%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:10:26,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:1c92:172c:3f57:fefd).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:10:00,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::108c:3d37:9d3e:5b85%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:10:00,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:108c:3d37:9d3e:5b85).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:04:33,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::108c:3d37:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:04:33,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:108c:3d37:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:04:33,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::1cf5:3d37:3f57:fefd%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:04:33,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:1cf5:3d37:3f57:fefd).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:04:07,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::1cf5:3d37:3f57:fefd%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:04:07,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:1cf5:3d37:3f57:fefd).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:04:06,Info,Connected to a shared network. (E0 46 9A 84 02 EE),Shared,No Action Required,,,,E0 46 9A 84 02 EE
2012-08-02 15:04:01,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: fe80::3879:2f02:a7c8:99dc%11).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:04:01,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: 192.168.1.2).",Detected,No Action Required,Firewall

- Network and Connections,,,
2012-08-02 15:02:18,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::457:2811:9d3e:5b85%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:02:18,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:457:2811:9d3e:5b85).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 15:02:12,Info,IP address has disappeared from adapter Intel® Centrino® Wireless-N 1030 and is no longer being protected (IP address: fe80::3879:2f02:a7c8:99dc%11).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 15:02:12,Info,IP address has disappeared from adapter Intel® Centrino® Wireless-N 1030 and is no longer being protected (IP address: 192.168.1.7).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:46:12,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::457:2811:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:46:12,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:457:2811:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 14:46:12,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::1069:2811:3f57:fef8%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:46:12,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:1069:2811:3f57:fef8).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 14:44:47,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
2012-08-02 14:44:47,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0,
2012-08-02 14:44:47,Info,Connected to a shared network. (E0 46 9A 84 02 EE),Shared,No Action Required,,,,E0 46 9A 84 02 EE
2012-08-02 14:43:45,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::1069:2811:3f57:fef8%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:43:45,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:1069:2811:3f57:fef8).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 14:43:26,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: fe80::3879:2f02:a7c8:99dc%11).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:43:26,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: 192.168.1.7).",Detected,No Action Required,Firewall

- Network and Connections,,,
2012-08-02 14:43:00,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,Firewall - Network and

Connections,,,
2012-08-02 14:43:00,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,Firewall -

Network and Connections,,,
2012-08-02 14:37:06,Info,Connected to a shared network. (E0 46 9A 84 02 EE),Shared,No Action Required,,,,E0 46 9A 84 02 EE
2012-08-02 14:37:01,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::3cd1:370e:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:37:01,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:3cd1:370e:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 14:37:01,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:1084:bfa:9cf4:a2d3).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 14:37:01,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::1084:bfa:9cf4:a2d3%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:37:01,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: 192.168.1.7).",Detected,No Action Required,Firewall

- Network and Connections,,,
2012-08-02 14:37:01,Info,IP address has disappeared from adapter Intel® Centrino® Wireless-N 1030 and is no longer being protected (IP address: 192.168.1.90).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:10:41,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:1084:bfa:9cf4:a2d3).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 14:10:41,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::1084:bfa:9cf4:a2d3%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:10:41,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:6a:4ea:9cf4:a2d3).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 14:10:41,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::6a:4ea:9cf4:a2d3%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:04:12,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
2012-08-02 14:04:12,Info,Connected to a shared network. (B0 E7 54 04 E1 89),Shared,No Action Required,,,,B0 E7 54 04 E1 89
2012-08-02 14:04:08,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:6a:4ea:9cf4:a2d3).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:04:08,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: 192.168.1.90).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:04:08,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::6a:4ea:9cf4:a2d3%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:04:08,Info,IP address has disappeared from adapter Intel® Centrino® Wireless-N 1030 and is no longer being protected (IP address: 192.168.1.7).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:02:07,Info,Connected to a shared network. (192.168.1.1),Shared,No Action Required,,192.168.1.1,,
2012-08-02 14:02:01,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: fe80::3879:2f02:a7c8:99dc%11).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:02:01,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: 192.168.1.7).",Detected,No Action Required,Firewall

- Network and Connections,,,
2012-08-02 14:01:49,Info,IP address has disappeared from adapter Intel® Centrino® Wireless-N 1030 and is no longer being protected (IP address: fe80::3879:2f02:a7c8:99dc%11).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:01:49,Info,IP address has disappeared from adapter Intel® Centrino® Wireless-N 1030 and is no longer being protected (IP address: 192.168.1.7).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:00:42,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::3cd1:370e:9d3e:5b85%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 14:00:42,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:3cd1:370e:9d3e:5b85).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 13:59:37,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::3cd1:370e:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 13:59:37,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:3cd1:370e:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 13:59:23,Info,Connected to a shared network. (E0 46 9A 84 02 EE),Shared,No Action Required,,,,E0 46 9A 84 02 EE
2012-08-02 13:58:34,Info,Connected to a protected network. (192.168.1.1),Protected,No Action Required,,192.168.1.1,,
2012-08-02 13:56:51,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0,
2012-08-02 13:56:51,Info,Connected to a shared network. (E0 46 9A 84 02 EE),Shared,No Action Required,,,,E0 46 9A 84 02 EE
2012-08-02 13:56:49,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::3cd1:370e:9d3e:5b85%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 13:56:49,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:3cd1:370e:9d3e:5b85).,Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 13:55:50,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::3cd1:370e:9d3e:5b85%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 13:55:50,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::9d38:953c:3cd1:370e:9d3e:5b85).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 13:55:25,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: fe80::3879:2f02:a7c8:99dc%11).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 13:55:25,Info,"Protecting your connection to a newly detected network on adapter \"Intel® Centrino® Wireless-N 1030\" (IP address: 192.168.1.7).",Detected,No Action Required,Firewall

- Network and Connections,,,
2012-08-02 13:55:00,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: ::1).",Detected,No Action Required,Firewall - Network and

Connections,,,
2012-08-02 13:55:00,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,Firewall -

Network and Connections,,,
2012-08-02 13:54:18,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::5ef5:79fd:20ca:2ac1:3f57:fef8).",Detected,No

Action Required,Firewall - Network and Connections,,,
2012-08-02 13:54:18,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::20ca:2ac1:3f57:fef8%26).",Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 13:46:12,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::3cd1:370e:9d3e:5b85%26).,Detected,No Action

Required,Firewall - Network and Connections,,,
2012-08-02 13:46:12,Info,IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::9d38:953c:3cd1:370e:9d3e:5b85).,Detected,No

Action Required,Firewall - Network and Connections,,,

#3 nashvegas12

nashvegas12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:19 PM

Posted 03 August 2012 - 10:49 AM

Norton Log Part II:


Category: Firewall - Activities
Date & Time,Risk,Activity,Status,Recommended Action,Category,Program Name,Program Path,Default Action,Action Taken,Local Computer,Traffic Description
2012-08-02 19:42:36,Info,"An instance of \"C:\Program Files\Microsoft IntelliPoint\ipoint.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:38:50,Info,"An instance of \"C:\Program Files (x86)\Mozilla Firefox\firefox.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:37:05,Info,"An instance of \"C:\Windows\HelpPane.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:36:21,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:36:15,Info,"Firewall setting \"AlertThreadEnable\" changed.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:36:09,Info,"An instance of \"C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall

- Activities,,,,,,
2012-08-02 19:36:04,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.1, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:35:28,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.1, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:35:24,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:35:22,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.1, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:35:19,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.1, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:35:03,Info,"An instance of \"C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall

- Activities,,,,,,
2012-08-02 19:35:02,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:35:00,Info,"Rule \"Default Block SSDP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:35:00,Info,"An instance of \"C:\Program Files\Windows Media Player\wmpnetwk.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:52,Info,Firewall rules were automatically created for Services and Controller app.,Protected,No Action Required,,Services and Controller app,C:\Windows\System32\services.exe,No

Action Required,Automatically create rules,"0.0.0.0, 49167","Inbound TCP, Port 49167"
2012-08-02 19:34:52,Info,"An instance of \"C:\Windows\System32\services.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:52,Info,"Rule \"Default Block Microsoft Windows 2000 SMB\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:47,Info,"An instance of \"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 19:34:45,Info,"An instance of \"C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:44,Info,"An instance of \"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:44,Info,"An instance of \"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 19:34:42,Info,"An instance of \"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 19:34:36,Info,"An instance of \"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 19:34:35,Info,"Rule \"Default Block LLMNR\" stealthed (OWNER-PC (192.168.1.2), Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:35,Info,"Rule \"Default Block LLMNR\" stealthed (OWNER-PC (192.168.1.2), Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:34,Info,"Rule \"Default Block LLMNR\" stealthed (OWNER-PC (192.168.1.2), Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:34,Info,"Rule \"Default Block LLMNR\" stealthed (OWNER-PC (192.168.1.2), Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:34,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:34,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:33,Info,Firewall rules were automatically created for Local Security Authority Process.,Protected,No Action Required,,Local Security Authority Process,C:\Windows

\System32\lsass.exe,No Action Required,Automatically create rules,"::0, 49156","Inbound TCP, Port 49156"
2012-08-02 19:34:33,Info,"An instance of \"C:\Windows\System32\lsass.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:33,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action

Required,Automatically create rules,"0.0.0.0, 49155","Inbound TCP, Port 49155"
2012-08-02 19:34:33,Info,"An instance of \"C:\Windows\System32\spoolsv.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:32,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:26,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:26,Info,"Rule \"Default Block Web Services on Devices\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:25,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:24,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:24,Info,"An instance of \"C:\Windows\System32\wininit.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:24,Info,"Rule \"Default Block EPMAP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:24,Info,"Rule \"Default Block EPMAP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:24,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:16,Info,Firewall configuration updated: 184 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:34:16,Info,Firewall has been enabled. ,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:33:48,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:26:37,Info,Firewall rules were automatically created for Windows Update.,Protected,No Action Required,,Windows Update,C:\Windows\System32\wuauclt.exe,No Action Required,Automatically

create rules,"OWNER-PC (192.168.1.2), 56544","Outbound TCP, www-http"
2012-08-02 19:26:37,Info,"An instance of \"C:\Windows\System32\wuauclt.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 19:02:21,Info,"An instance of \"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 18:58:21,Info,"An instance of \"C:\Program Files (x86)\Mozilla Firefox\firefox.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 17:28:16,Info,Firewall configuration updated: 182 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 16:19:21,Info,"An instance of \"C:\Windows\System32\wermgr.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 16:18:54,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action

Required,Automatically create rules,"0.0.0.0, 52947","Inbound TCP, Port 52947"
2012-08-02 16:18:54,Info,"An instance of \"C:\Windows\System32\spoolsv.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 16:18:37,Info,Firewall rules were automatically created for Diagnostics Troubleshooting Wizard.,Protected,No Action Required,,Diagnostics Troubleshooting Wizard,C:\Windows

\System32\msdt.exe,No Action Required,Automatically create rules,"OWNER-PC (192.168.1.2), 52942","Outbound TCP, www-http"
2012-08-02 16:18:17,Info,"An instance of \"C:\Windows\System32\msdt.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 16:18:14,Info,Firewall rules were automatically created for Diagnostics Troubleshooting Wizard.,Protected,No Action Required,,Diagnostics Troubleshooting Wizard,C:\Windows

\System32\msdt.exe,No Action Required,Automatically create rules,"OWNER-PC (192.168.1.2), 52934","Outbound TCP, https"
2012-08-02 16:18:14,Info,"An instance of \"C:\Windows\System32\msdt.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:01,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:01,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:01,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.1, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:01,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.1, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:39:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.2, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:38:57,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:25:39,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:26,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:26,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:26,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:26,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:26,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:26,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:25,Info,"Rule \"Default Block UPnP Discovery\" stealthed (169.254.197.79, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:04:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:58,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:58,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.2, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.2, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 15:03:57,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:51:27,Info,"An instance of \"C:\Program Files\Microsoft IntelliPoint\ipoint.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:49:33,Info,"An instance of \"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:49:21,Info,"An instance of \"C:\Program Files (x86)\Skype\Phone\Skype.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:48:43,Info,"An instance of \"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:46:03,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:45:37,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:48,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:44,Info,"Firewall setting \"AlertThreadEnable\" changed.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:38,Info,"An instance of \"C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall

- Activities,,,,,,
2012-08-02 14:44:28,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:28,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:28,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:26,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:26,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:26,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:26,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:23,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:23,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:23,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:21,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:21,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:21,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:21,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:07,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.4, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:07,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:07,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:07,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:44:07,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.4, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.4, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:53,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:53,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:53,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:53,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:51,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:48,Info,"Rule \"Default Block Web Services Discovery\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:48,Info,"Rule \"Default Block Web Services Discovery\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:48,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:48,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:48,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:48,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:48,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:47,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:47,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:47,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:47,Info,"An instance of \"C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall

- Activities,,,,,,
2012-08-02 14:43:47,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.4, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:46,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.4, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:43,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:41,Info,"Rule \"Default Block Web Services Discovery\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:41,Info,"Rule \"Default Block Web Services Discovery\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:41,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:40,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.4, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:40,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.4, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:39,Info,"Rule \"Default Block SSDP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:39,Info,"An instance of \"C:\Program Files\Windows Media Player\wmpnetwk.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:38,Info,"An instance of \"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:36,Info,"An instance of \"C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:35,Info,Firewall rules were automatically created for Services and Controller app.,Protected,No Action Required,,Services and Controller app,C:\Windows\System32\services.exe,No

Action Required,Automatically create rules,"0.0.0.0, 49161","Inbound TCP, Port 49161"
2012-08-02 14:43:35,Info,"An instance of \"C:\Windows\System32\services.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:31,Info,"Rule \"Default Block Microsoft Windows 2000 SMB\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:31,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:30,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:30,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:28,Info,"Rule \"Default Block Web Services Discovery\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:28,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:27,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:27,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:27,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:27,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:27,Info,"An instance of \"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:27,Info,"An instance of \"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:26,Info,"Rule \"Default Block Web Services Discovery\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:26,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:26,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:26,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:26,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.4, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:25,Info,"Rule \"Default Block Web Services Discovery\" stealthed (OWNER-PC (192.168.1.7), Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:25,Info,"Rule \"Default Block Web Services Discovery\" stealthed (OWNER-PC (192.168.1.7), Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:25,Info,"An instance of \"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:43:25,Info,"Rule \"Default Block LLMNR\" stealthed (OWNER-PC (192.168.1.7), Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:25,Info,"Rule \"Default Block LLMNR\" stealthed (OWNER-PC (192.168.1.7), Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:25,Info,"Rule \"Default Block LLMNR\" stealthed (OWNER-PC (192.168.1.7), Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:25,Info,"Rule \"Default Block LLMNR\" stealthed (OWNER-PC (192.168.1.7), Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:25,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:24,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:22,Info,"An instance of \"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:12,Info,Firewall rules were automatically created for Local Security Authority Process.,Protected,No Action Required,,Local Security Authority Process,C:\Windows

\System32\lsass.exe,No Action Required,Automatically create rules,"::0, 49156","Inbound TCP, Port 49156"
2012-08-02 14:43:12,Info,"An instance of \"C:\Windows\System32\lsass.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:11,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action

Required,Automatically create rules,"0.0.0.0, 49155","Inbound TCP, Port 49155"
2012-08-02 14:43:11,Info,"An instance of \"C:\Windows\System32\spoolsv.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:11,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:05,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:05,Info,"Rule \"Default Block Web Services on Devices\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:04,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:02,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:02,Info,"An instance of \"C:\Windows\System32\wininit.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:02,Info,"Rule \"Default Block EPMAP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:02,Info,"Rule \"Default Block EPMAP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:43:02,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:42:54,Info,Firewall configuration updated: 188 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:42:54,Info,Firewall has been enabled. ,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:42:25,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:41:15,Info,"An instance of \"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:39:41,Info,"An instance of \"C:\Program Files (x86)\Mozilla Firefox\firefox.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:37:00,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.4, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:56,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:56,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:56,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:56,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:56,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:56,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:56,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:36:45,Info,"An instance of \"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:26:48,Info,"An instance of \"C:\Program Files (x86)\Skype\Phone\Skype.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:05:07,Info,"An instance of \"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:04:49,Info,"An instance of \"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:04:15,Info,"An instance of \"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 14:04:06,Info,"An instance of \"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:04:05,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:01,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:02:00,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:59,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:58,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:57,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.7, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.7, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:01:56,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.7, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 14:00:55,Info,"An instance of \"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:24,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:24,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:24,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:24,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:24,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:24,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:23,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:23,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:23,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:23,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:23,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:23,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:58:23,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:54,Info,User logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:48,Info,"Firewall setting \"AlertThreadEnable\" changed.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:47,Info,"An instance of \"C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall

- Activities,,,,,,
2012-08-02 13:56:35,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:35,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:34,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:34,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:34,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:34,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:34,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:34,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:34,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:34,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:33,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:33,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:33,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:33,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:33,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:33,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:33,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:33,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:32,Info,"Rule \"Default Block UPnP Discovery\" stealthed (192.168.1.9, Port ssdp(1900) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:31,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.2, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:30,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.2, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:22,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:22,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:21,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:21,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:20,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.2, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:18,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.3, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:18,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.3, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:17,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.3, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:17,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.3, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:16,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:16,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:16,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:14,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.9, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:14,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.9, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:12,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:12,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:12,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:09,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:09,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:09,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:09,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:08,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:07,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.9, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:06,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.9, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:06,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.2, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:05,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:05,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:05,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:05,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:03,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.9, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:56:03,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.9, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.3, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:58,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.3, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:57,Info,"An instance of \"C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall

- Activities,,,,,,
2012-08-02 13:55:57,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:57,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:56,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:56,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:54,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.2, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:52,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:52,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:52,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:52,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:51,Info,"Rule \"Default Block SSDP\" blocked (192.168.1.2, Port (2869) ). Inbound TCP connection. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:47,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:45,Info,"Rule \"Default Block SSDP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:45,Info,"An instance of \"C:\Program Files\Windows Media Player\wmpnetwk.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:45,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:45,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:43,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:43,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:43,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:43,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:42,Info,Firewall rules were automatically created for Services and Controller app.,Protected,No Action Required,,Services and Controller app,C:\Windows\System32\services.exe,No

Action Required,Automatically create rules,"::0, 49162","Inbound TCP, Port 49162"
2012-08-02 13:55:42,Info,"An instance of \"C:\Windows\System32\services.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:40,Info,"Rule \"Default Block Microsoft Windows 2000 SMB\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:40,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:40,Info,"An instance of \"C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:36,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:36,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:36,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:35,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:35,Info,"Rule \"Default Block Web Services Discovery\" stealthed (192.168.1.3, Port (3702) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:33,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:33,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:33,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:33,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:32,Info,"An instance of \"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 13:55:31,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:31,Info,"Rule \"Default Block LLMNR\" stealthed (192.168.1.9, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:31,Info,"Rule \"Default Block LLMNR\" stealthed (fe80::d9a5:a8c5:f553:c54f, Port (5355) ). Inbound UDP packet. ",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:29,Info,"An instance of \"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 13:55:29,Info,"An instance of \"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:29,Info,"An instance of \"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 13:55:27,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:24,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:19,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:19,Info,"An instance of \"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE\" is preparing to access the Internet.",Detected,No Action Required,Firewall -

Activities,,,,,,
2012-08-02 13:55:18,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action

Required,Automatically create rules,"::0, 49156","Inbound TCP, Port 49156"
2012-08-02 13:55:18,Info,"An instance of \"C:\Windows\System32\spoolsv.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:16,Info,Firewall rules were automatically created for Local Security Authority Process.,Protected,No Action Required,,Local Security Authority Process,C:\Windows

\System32\lsass.exe,No Action Required,Automatically create rules,"0.0.0.0, 49155","Inbound TCP, Port 49155"
2012-08-02 13:55:16,Info,"An instance of \"C:\Windows\System32\lsass.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:11,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:11,Info,"Rule \"Default Block Web Services on Devices\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:10,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:07,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:07,Info,"An instance of \"C:\Windows\System32\wininit.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:07,Info,"Rule \"Default Block EPMAP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:07,Info,"Rule \"Default Block EPMAP\" blocked communication.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:55:07,Info,"An instance of \"C:\Windows\System32\svchost.exe\" is preparing to access the Internet.",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:54:55,Info,Firewall configuration updated: 183 rules.,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:54:55,Info,Firewall has been enabled. ,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:54:04,Info,No user is logged in. ,Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:45:41,Info,"Rule \"Default Block Windows File Sharing\" blocked communication. Process name is \"System\".",Detected,No Action Required,Firewall - Activities,,,,,,
2012-08-02 13:44:30,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61513","Outbound TCP, Port 5222"
2012-08-02 13:44:29,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61512","Outbound TCP, Port 5222"
2012-08-02 13:43:55,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61487","Outbound TCP, Port 5222"
2012-08-02 13:43:52,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61483","Outbound TCP, Port 5222"
2012-08-02 13:43:44,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61479","Outbound TCP, www-http"
2012-08-02 13:43:44,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61477","Outbound TCP, Port 5222"
2012-08-02 13:43:39,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61471","Outbound TCP, https"
2012-08-02 13:43:31,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61467","Outbound TCP, Port 5222"
2012-08-02 13:42:51,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61433","Outbound TCP, https"
2012-08-02 13:42:51,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61432","Outbound TCP, Port 5222"
2012-08-02 13:42:48,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61428","Outbound TCP, https"
2012-08-02 13:42:44,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61422","Outbound TCP, Port 5222"
2012-08-02 13:42:24,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61400","Outbound TCP, https"
2012-08-02 13:42:22,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61398","Outbound TCP, Port 5222"
2012-08-02 13:42:20,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61393","Outbound TCP, https"
2012-08-02 13:42:14,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61389","Outbound TCP, Port 5222"
2012-08-02 13:42:09,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61369","Outbound TCP, https"
2012-08-02 13:42:04,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61367","Outbound TCP, Port 5222"
2012-08-02 13:41:41,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61342","Outbound TCP, https"
2012-08-02 13:41:38,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61340","Outbound TCP, Port 5222"
2012-08-02 13:41:30,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61329","Outbound TCP, https"
2012-08-02 13:41:21,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61326","Outbound TCP, Port 5222"
2012-08-02 13:41:07,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61315","Outbound TCP, https"
2012-08-02 13:40:52,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61309","Outbound TCP, Port 5222"
2012-08-02 13:39:55,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61259","Outbound TCP, www-http"
2012-08-02 13:39:46,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61255","Outbound TCP, Port 5222"
2012-08-02 13:39:24,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61232","Outbound TCP, https"
2012-08-02 13:39:21,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61230","Outbound TCP, Port 5222"
2012-08-02 13:39:12,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61222","Outbound TCP, https"
2012-08-02 13:39:10,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61217","Outbound TCP, Port 5222"
2012-08-02 13:39:05,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61210","Outbound TCP, https"
2012-08-02 13:38:55,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61206","Outbound TCP, Port 5222"
2012-08-02 13:37:52,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61164","Outbound TCP, https"
2012-08-02 13:37:51,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61163","Outbound TCP, Port 5222"
2012-08-02 13:37:40,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61153","Outbound TCP, https"
2012-08-02 13:37:28,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61148","Outbound TCP, Port 5222"
2012-08-02 13:37:02,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61131","Outbound TCP, Port 5222"
2012-08-02 13:37:01,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61129","Outbound TCP, Port 5222"
2012-08-02 13:36:41,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61115","Outbound TCP, Port 5222"
2012-08-02 13:36:40,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61113","Outbound TCP, Port 5222"
2012-08-02 13:35:28,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61070","Outbound TCP, https"
2012-08-02 13:35:25,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61067","Outbound TCP, Port 5222"
2012-08-02 13:35:20,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61060","Outbound TCP, https"
2012-08-02 13:35:14,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61057","Outbound TCP, Port 5222"
2012-08-02 13:35:05,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61049","Outbound TCP, https"
2012-08-02 13:34:59,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61046","Outbound TCP, Port 5222"
2012-08-02 13:34:35,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61029","Outbound TCP, Port 5222"
2012-08-02 13:34:33,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61027","Outbound TCP, Port 5222"
2012-08-02 13:34:07,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61007","Outbound TCP, Port 5222"
2012-08-02 13:34:05,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 61005","Outbound TCP, Port 5222"
2012-08-02 13:33:04,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60974","Outbound TCP, Port 5222"
2012-08-02 13:33:03,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60973","Outbound TCP, Port 5222"
2012-08-02 13:32:46,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60959","Outbound TCP, Port 5222"
2012-08-02 13:32:44,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60958","Outbound TCP, Port 5222"
2012-08-02 13:32:27,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60936","Outbound TCP, https"
2012-08-02 13:32:25,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60934","Outbound TCP, Port 5222"
2012-08-02 13:31:47,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60902","Outbound TCP, https"
2012-08-02 13:31:41,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60899","Outbound TCP, Port 5222"
2012-08-02 13:31:26,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60881","Outbound TCP, https"
2012-08-02 13:31:24,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60880","Outbound TCP, https"
2012-08-02 13:30:53,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60863","Outbound TCP, https"
2012-08-02 13:30:46,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60857","Outbound TCP, Port 5222"
2012-08-02 13:29:27,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60815","Outbound TCP, www-http"
2012-08-02 13:29:25,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60812","Outbound TCP, Port 5222"
2012-08-02 13:28:37,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60778","Outbound TCP, https"
2012-08-02 13:28:35,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60775","Outbound TCP, Port 5222"
2012-08-02 13:27:24,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60727","Outbound TCP, Port 5222"
2012-08-02 13:27:23,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60726","Outbound TCP, Port 5222"
2012-08-02 13:26:51,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60703","Outbound TCP, Port 5222"
2012-08-02 13:26:50,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60702","Outbound TCP, Port 5222"
2012-08-02 13:26:33,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60691","Outbound TCP, www-http"
2012-08-02 13:26:31,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60688","Outbound TCP, Port 5222"
2012-08-02 13:21:10,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60511","Outbound TCP, www-http"
2012-08-02 13:21:10,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60510","Outbound TCP, Port 5222"
2012-08-02 13:20:28,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60483","Outbound TCP, https"
2012-08-02 13:20:27,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60482","Outbound TCP, Port 5222"
2012-08-02 13:20:14,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60472","Outbound TCP, Port 5222"
2012-08-02 13:20:12,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60470","Outbound TCP, Port 5222"
2012-08-02 13:18:22,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60402","Outbound TCP, Port 5222"
2012-08-02 13:18:17,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60399","Outbound TCP, Port 5222"
2012-08-02 13:18:04,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60388","Outbound TCP, https"
2012-08-02 13:18:02,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60385","Outbound TCP, Port 5222"
2012-08-02 13:15:51,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60271","Outbound TCP, www-http"
2012-08-02 13:15:42,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60268","Outbound TCP, Port 5222"
2012-08-02 13:15:18,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60250","Outbound TCP, Port 5222"
2012-08-02 13:15:17,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60248","Outbound TCP, Port 5222"
2012-08-02 13:14:16,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60194","Outbound TCP, https"
2012-08-02 13:14:15,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60192","Outbound TCP, Port 5222"
2012-08-02 13:14:02,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action

Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60177","Outbound TCP, Port 8611"
2012-08-02 13:13:50,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60161","Outbound TCP, Port 5222"
2012-08-02 13:13:49,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60158","Outbound TCP, Port 5222"
2012-08-02 13:12:21,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60114","Outbound TCP, Port 5222"
2012-08-02 13:12:20,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60111","Outbound TCP, Port 5222"
2012-08-02 13:11:06,Info,Firewall rules were automatically created for Spooler SubSystem App.,Protected,No Action Required,,Spooler SubSystem App,C:\Windows\System32\spoolsv.exe,No Action

Required,Automatically create rules,"OWNER-PC (192.168.1.7), 63583","Outbound UDP, Port 8611"
2012-08-02 13:09:11,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60043","Outbound TCP, www-http"
2012-08-02 13:09:10,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60042","Outbound TCP, Port 5222"
2012-08-02 13:08:59,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60025","Outbound TCP, Port 5222"
2012-08-02 13:08:52,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 60022","Outbound TCP, Port 5222"
2012-08-02 13:06:40,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59958","Outbound TCP, https"
2012-08-02 13:06:37,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59954","Outbound TCP, Port 5222"
2012-08-02 13:03:51,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59846","Outbound TCP, www-http"
2012-08-02 13:03:42,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59842","Outbound TCP, Port 5222"
2012-08-02 13:00:50,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59762","Outbound TCP, https"
2012-08-02 13:00:49,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59761","Outbound TCP, Port 5222"
2012-08-02 13:00:27,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59751","Outbound TCP, https"
2012-08-02 13:00:23,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59747","Outbound TCP, Port 5222"
2012-08-02 12:59:30,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59725","Outbound TCP, https"
2012-08-02 12:59:27,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59723","Outbound TCP, Port 5222"
2012-08-02 12:58:05,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59684","Outbound TCP, Port 5222"
2012-08-02 12:58:04,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59682","Outbound TCP, Port 5222"
2012-08-02 12:56:59,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59650","Outbound TCP, https"
2012-08-02 12:56:51,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59648","Outbound TCP, Port 5222"
2012-08-02 12:56:28,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59628","Outbound TCP, https"
2012-08-02 12:56:18,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59619","Outbound TCP, Port 5222"
2012-08-02 12:56:01,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59603","Outbound TCP, Port 5222"
2012-08-02 12:55:59,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59601","Outbound TCP, Port 5222"
2012-08-02 12:55:39,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59576","Outbound TCP, https"
2012-08-02 12:55:29,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59572","Outbound TCP, Port 5222"
2012-08-02 12:53:50,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59526","Outbound TCP, www-http"
2012-08-02 12:53:44,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59523","Outbound TCP, Port 5222"
2012-08-02 12:52:12,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59475","Outbound TCP, https"
2012-08-02 12:52:04,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59472","Outbound TCP, Port 5222"
2012-08-02 12:49:09,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59383","Outbound TCP, www-http"
2012-08-02 12:49:08,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59381","Outbound TCP, Port 5222"
2012-08-02 12:46:54,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59336","Outbound TCP, https"
2012-08-02 12:46:50,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59334","Outbound TCP, Port 5222"
2012-08-02 12:46:21,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59320","Outbound TCP, Port 5222"
2012-08-02 12:46:19,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59319","Outbound TCP, Port 5222"
2012-08-02 12:46:16,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59315","Outbound TCP, https"
2012-08-02 12:46:11,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59314","Outbound TCP, Port 5222"
2012-08-02 12:45:22,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59291","Outbound TCP, https"
2012-08-02 12:45:19,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59290","Outbound TCP, Port 5222"
2012-08-02 12:44:59,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59273","Outbound TCP, https"
2012-08-02 12:44:44,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59268","Outbound TCP, Port 5222"
2012-08-02 12:43:03,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59226","Outbound TCP, https"
2012-08-02 12:43:03,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59216","Outbound TCP, Port 5222"
2012-08-02 12:41:48,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59129","Outbound TCP, https"
2012-08-02 12:41:18,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59122","Outbound TCP, Port 5222"
2012-08-02 12:39:16,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59080","Outbound TCP, Port 5222"
2012-08-02 12:39:11,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59078","Outbound TCP, Port 5222"
2012-08-02 12:38:47,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59070","Outbound TCP, Port 5222"
2012-08-02 12:38:41,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59068","Outbound TCP, Port 5222"
2012-08-02 12:38:17,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59052","Outbound TCP, Port 5222"
2012-08-02 12:38:15,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59050","Outbound TCP, Port 5222"
2012-08-02 12:37:34,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59035","Outbound TCP, https"
2012-08-02 12:37:33,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59034","Outbound TCP, Port 5222"
2012-08-02 12:37:13,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59022","Outbound TCP, Port 5222"
2012-08-02 12:37:11,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59021","Outbound TCP, Port 5222"
2012-08-02 12:36:28,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 59005","Outbound TCP, www-http"
2012-08-02 12:36:16,Info,Firewall rules were automatically created for Google Chrome.,Protected,No Action Required,,Google Chrome,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,No

Action Required,Automatically create rules,"OWNER-PC (192.168.1.7), 58995","Outbound TCP, Port 5222"

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:19 PM

Posted 04 August 2012 - 12:11 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 nashvegas12

nashvegas12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:19 PM

Posted 05 August 2012 - 11:05 AM

Thank you so much for your help and reply. I downloaded FRST64 and attempted to run it according to direction.

I am not able to enter System Recovery. When I attempt to enter System Recovery from Advanced boot options through a restart and F8, I am able to highlight and select the Repair Your Computer menu item. However when I select it and press enter, it boots my computer normally.

My computer is a Dell off the shelf from Best Buy, so I do not have a windows installation disc. I did make both a full system image and a recovery disc as soon as I purchased the machine. I attempted to boot with both of those and access the System Recovery Options. Both methods failed as I am receiving the following error message:

File:\Windows\System32\winload.exe

the selected entry can not be loaded because the application is missing or corrupt.

I am a bit stumped now b/c I'm not able to access or load the systems recovery option menu from any source...

I ran FRST64 and completed the search in Safe Mode with command prompt in case that log could be of use.
Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by Owner at 05-08-2012 01:37:32
Running from C:\Users\Owner\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-08-05 00:49 - 2012-08-05 00:49 - 00000244 ____A C:\Users\Owner\Desktop\defogger_enable.log
2012-08-04 22:20 - 2012-08-04 14:36 - 00892822 ____A (Farbar) C:\Users\Owner\Desktop\frst.exe
2012-08-04 22:17 - 2012-08-05 00:32 - 00000000 ___SD C:\ComboFix
2012-08-04 16:15 - 2012-08-04 16:15 - 00266288 ____A C:\Windows\Minidump\080412-23836-01.dmp
2012-08-04 16:14 - 2012-08-04 16:14 - 746521805 ____A C:\Windows\MEMORY.DMP
2012-08-04 14:58 - 2012-08-04 14:58 - 00037005 ____A C:\Users\Owner\Desktop\FRST (2).txt
2012-08-04 14:36 - 2012-08-04 14:36 - 00892822 ____A (Farbar) C:\Users\Owner\Downloads\FRST(1).exe
2012-08-04 13:02 - 2012-08-04 13:02 - 00000000 ____D C:\Users\Owner\DoctorWeb
2012-08-04 12:29 - 2012-08-04 12:54 - 90865408 ____A C:\Users\Owner\Downloads\xh33vyeu.exe
2012-08-04 12:10 - 2012-08-04 12:10 - 00693139 ____A (Farbar) C:\Users\Owner\Downloads\FSS.exe
2012-08-04 11:53 - 2012-08-04 11:53 - 00693139 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2012-08-04 11:31 - 2012-08-05 01:37 - 00000000 ____D C:\FRST
2012-08-04 11:30 - 2012-08-04 11:30 - 01439619 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2012-08-04 11:29 - 2012-08-04 11:29 - 00892822 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2012-08-03 23:52 - 2012-08-03 23:54 - 08455616 ____A (Intel® Corporation) C:\Users\Owner\Downloads\Wireless_14.3.1_Ds64.exe
2012-08-03 22:25 - 2012-08-04 12:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NetStat Agent
2012-08-03 22:25 - 2012-08-03 22:25 - 00001132 ____A C:\Users\Owner\Desktop\NetStat Agent.lnk
2012-08-03 22:25 - 2012-08-03 22:25 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashRpt
2012-08-03 22:25 - 2012-08-03 22:25 - 00000000 ____D C:\Program Files (x86)\Flexbyte Software
2012-08-03 22:21 - 2012-08-03 22:21 - 03175099 ____A (Flexbyte Software ) C:\Users\Owner\Desktop\netagent-setup.exe
2012-08-03 21:54 - 2012-08-03 21:54 - 00013327 ____A C:\Users\Owner\Desktop\netstatremain.txt
2012-08-03 20:06 - 2012-08-03 20:06 - 00010886 ____A C:\Users\Owner\Desktop\netstatoa.txt
2012-08-03 19:32 - 2012-08-03 19:32 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2012-08-03 17:41 - 2012-08-03 17:41 - 00026958 ____A C:\Windows\RPSETUP.EXE.LOG
2012-08-03 17:41 - 2012-08-03 17:41 - 00026958 ____A C:\RPSetup.exe.log
2012-08-03 14:10 - 2012-08-03 14:10 - 00009415 ____A C:\Users\Owner\Desktop\Attach2.txt
2012-08-03 14:09 - 2012-08-03 14:09 - 00031812 ____A C:\Users\Owner\Desktop\DDS2.txt
2012-08-03 13:24 - 2012-08-03 13:24 - 00023268 ____A C:\ComboFix.txt
2012-08-03 12:38 - 2012-08-03 12:38 - 00024568 ____A C:\Users\Owner\Desktop\combofix.txt
2012-08-03 12:08 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-03 12:07 - 2012-08-04 22:17 - 00000000 ____D C:\Windows\erdnt
2012-08-03 11:36 - 2012-08-03 11:36 - 02841104 ____A (Symantec Corporation) C:\Users\Owner\Desktop\NPE (1).exe
2012-08-03 07:14 - 2012-08-03 07:14 - 00008738 ____A C:\Users\Owner\Desktop\Attach.txt
2012-08-03 07:11 - 2012-08-03 07:11 - 00031214 ____A C:\Users\Owner\Desktop\DDS.txt
2012-08-03 07:05 - 2012-08-03 07:05 - 00001091 ____A C:\Users\Owner\Desktop\checkup.txt
2012-08-03 07:00 - 2012-08-03 14:00 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-08-03 06:58 - 2012-08-03 06:58 - 00050477 ____A C:\Users\Owner\Desktop\Defogger.exe
2012-08-03 06:33 - 2012-08-03 06:36 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-08-02 19:33 - 2012-08-02 19:33 - 00001184 ____A C:\Users\Public\Desktop\Install Microsoft Mouse and Keyboard Center.lnk
2012-07-31 19:05 - 2012-07-31 19:06 - 00000000 ____D C:\Users\Owner\Desktop\Heitzman Relocation Expenses Final
2012-07-31 17:49 - 2012-08-01 22:25 - 00082944 __ASH C:\Users\Owner\Desktop\Thumbs.db
2012-07-30 18:38 - 2012-07-30 18:38 - 00000489 ____A C:\Users\Owner\Documents\sigfile.html
2012-07-30 11:50 - 2012-07-30 11:50 - 00002092 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-07-30 11:50 - 2012-07-30 11:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Thunderbird
2012-07-30 11:50 - 2012-07-30 11:50 - 00000000 ____D C:\Users\Owner\AppData\Local\Thunderbird
2012-07-30 11:50 - 2012-07-30 11:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-07-30 11:46 - 2012-07-30 11:49 - 18650072 ____A (Mozilla) C:\Users\Owner\Downloads\Thunderbird Setup 14.0.exe
2012-07-30 11:25 - 2012-07-30 11:26 - 00018432 __ASH C:\Users\Owner\Thumbs.db
2012-07-30 09:58 - 2012-07-30 09:58 - 00000000 ____D C:\Users\Owner\AppData\Local\{A2537C99-08C9-461F-869F-4DD14F3F4F3A}
2012-07-30 09:58 - 2012-07-30 09:58 - 00000000 ____D C:\Users\Owner\AppData\Local\{3FD60C82-E808-4FB7-8EF9-C3E135E8ED32}
2012-07-30 00:00 - 2012-07-30 00:01 - 22617148 ____A C:\Users\Owner\Downloads\vlc-2.0.3-win32.exe
2012-07-29 23:59 - 2012-07-29 23:59 - 00000000 ____D C:\Users\All Users\Real
2012-07-29 23:58 - 2012-07-29 23:57 - 00760128 ____A (RealNetworks, Inc.) C:\Users\Owner\Downloads\RealPlayer.exe
2012-07-29 15:37 - 2012-08-01 01:05 - 00000000 ____D C:\Users\Owner\Desktop\Lillian House 1st Floor
2012-07-29 15:35 - 2012-08-02 11:53 - 00128512 __ASH C:\Users\Owner\Downloads\Thumbs.db
2012-07-29 11:08 - 2012-07-29 11:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{E3CD2BB1-13F4-4819-A0F3-A18D14BADF26}
2012-07-29 11:07 - 2012-07-29 11:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{B58C49DE-1EED-4880-B4C7-4ACE24DE55B4}
2012-07-28 20:59 - 2012-07-28 20:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{A6379687-920E-4B48-8945-4A1FE7E1080D}
2012-07-28 20:59 - 2012-07-28 20:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{8FD895E0-F841-44ED-9F77-685CA2E3E501}
2012-07-28 08:58 - 2012-07-28 08:58 - 00000000 ____D C:\Users\Owner\AppData\Local\{A640A036-5D89-45E2-8D62-68E4B4CCB817}
2012-07-28 08:58 - 2012-07-28 08:58 - 00000000 ____D C:\Users\Owner\AppData\Local\{44259CDA-EAD0-449F-8448-0FC18A2A3392}
2012-07-27 14:22 - 2012-07-27 14:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{EBAB78DF-FF44-444D-A4C3-399122FD1437}
2012-07-27 14:22 - 2012-07-27 14:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{01ED163A-6474-472A-8579-CD241F6B9CD4}
2012-07-27 02:22 - 2012-07-27 02:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{175A3C13-AA2C-4EA6-A5E9-61B9BD02C0E7}
2012-07-27 02:21 - 2012-07-27 02:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{E3159025-DCCB-43AC-AE9F-ED8202D5B35F}
2012-07-26 11:41 - 2012-07-26 11:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{FFE432C6-2546-4E55-8619-DF7F5186EB16}
2012-07-26 11:41 - 2012-07-26 11:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{862170DB-4A52-4F74-B829-DD2AB0215D3C}
2012-07-25 23:41 - 2012-07-25 23:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{FA7A1DBA-2AC9-4CEF-B5A8-052A784C9930}
2012-07-25 23:41 - 2012-07-25 23:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{AB2C664A-264D-478C-A00D-772AE1ABDF3A}
2012-07-25 11:40 - 2012-07-25 11:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{F2AD83EB-F0E1-4E18-A369-B5DDB59CCA90}
2012-07-25 11:40 - 2012-07-25 11:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{8F8D40A3-46F7-4FF9-A11F-2AEB9BFF0773}
2012-07-24 23:39 - 2012-07-24 23:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{4BC2C197-597A-4CFE-8BCB-BDD689CD96F9}
2012-07-24 23:39 - 2012-07-24 23:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{573D92FF-F136-4095-A878-26651B033CC3}
2012-07-24 11:21 - 2012-07-24 11:21 - 00000000 ____D C:\Users\Owner\AppData\Local\{7C23EE4F-27CB-44DF-B462-1A99600BDA3E}
2012-07-24 11:20 - 2012-07-24 11:21 - 00000000 ____D C:\Users\Owner\AppData\Local\{E9332934-0296-4E6E-A86D-384D532C982B}
2012-07-23 01:07 - 2012-07-23 01:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{44A112D8-99B6-4E65-9EC4-E96AEC935796}
2012-07-23 01:07 - 2012-07-23 01:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{4E3F48B7-D711-47EE-9F58-57B83CE221D8}
2012-07-22 11:36 - 2012-07-22 11:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{94B48BA0-ACFC-450B-8625-676BE97723B9}
2012-07-22 11:36 - 2012-07-22 11:36 - 00000000 ____D C:\Users\Owner\AppData\Local\{70A3C60B-C424-4E08-8860-D54C4AC0EF1A}
2012-07-21 20:46 - 2012-07-21 20:47 - 00006656 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-21 10:29 - 2012-07-21 10:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{86647C72-C5DE-4C09-B766-AEFC96421BD5}
2012-07-21 10:29 - 2012-07-21 10:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{37EB7313-2DF0-4990-9BC4-045055F71727}
2012-07-20 12:23 - 2012-07-20 12:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{7E1E7F19-BF1C-48D4-865B-6AAED392657C}
2012-07-20 12:22 - 2012-07-20 12:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{3520E81F-7FD8-4CD4-8DFD-E0D1193C58E8}
2012-07-20 00:34 - 2012-07-20 00:34 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings
2012-07-20 00:29 - 2012-07-20 00:29 - 00002122 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-07-20 00:29 - 2012-07-20 00:29 - 00001617 ____A C:\Users\Owner\Desktop\DivX Movies.lnk
2012-07-20 00:29 - 2012-07-20 00:29 - 00001118 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-07-20 00:27 - 2012-07-20 00:27 - 00933256 ____A (DivX, LLC) C:\Users\Owner\Downloads\DivXInstaller.exe
2012-07-20 00:25 - 2012-07-20 00:25 - 01716869 ____A (Alexander Vigovsky ) C:\Users\Owner\Downloads\ac3filter_2_5b_lite.exe
2012-07-20 00:23 - 2012-07-20 00:23 - 04563950 ____A (Alexander Vigovsky ) C:\Users\Owner\Downloads\ac3filter_2_5b.exe
2012-07-19 23:40 - 2012-07-19 23:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{B18FB780-40D2-4606-8ADA-7A33BE4CEF72}
2012-07-19 23:40 - 2012-07-19 23:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{7D1E6A28-40D9-48C4-BCE1-B1A12BA8D028}
2012-07-19 11:39 - 2012-07-19 11:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{F83837D9-448B-4545-A8DA-F31B9935BDB2}
2012-07-19 11:39 - 2012-07-19 11:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{9F1CF7E7-0B55-4A3E-BD15-314CB7CA1AC8}
2012-07-18 11:42 - 2012-07-18 11:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{D35F6771-1EE4-4E00-8BFB-02447830AB81}
2012-07-18 11:42 - 2012-07-18 11:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{86B742D1-07D4-44A3-A540-0B70B6D46AB4}
2012-07-17 12:47 - 2012-07-17 12:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{5418939E-2F4B-49BC-A4CC-3717360D0DD7}
2012-07-17 12:47 - 2012-07-17 12:47 - 00000000 ____D C:\Users\Owner\AppData\Local\{1FC09D3A-2571-44F3-B31F-7699E4F38CAD}
2012-07-16 12:17 - 2012-07-16 12:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{2C7612DF-DB60-405A-BF7D-EF58D245A384}
2012-07-16 12:16 - 2012-07-16 12:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{861457C4-61E3-48A2-82E2-BB5F0E5CFBA8}
2012-07-15 15:31 - 2012-08-05 00:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-12 19:35 - 2012-07-12 19:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{FC6385D3-B76B-484A-BA9B-87CE9FA413FD}
2012-07-12 19:34 - 2012-07-12 19:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{67658502-E469-41C9-AB38-510115075F24}
2012-07-12 06:31 - 2012-07-12 06:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{2FD5DB95-4D32-4B26-A530-BFC2AEC7CA24}
2012-07-12 06:30 - 2012-07-12 06:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{1069E2D6-6BC1-4EBF-91F4-1F2AFFEA32E1}
2012-07-11 10:36 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 10:35 - 2012-07-11 10:36 - 00265318 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 10:32 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 10:32 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 10:32 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 10:32 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 10:32 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 10:32 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 10:32 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 10:32 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 10:32 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 10:32 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 10:32 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 10:32 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 10:32 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 10:32 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 10:32 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 10:32 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 10:32 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 10:32 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 10:32 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 10:32 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 10:32 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 10:32 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 10:32 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 10:32 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 10:32 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 10:32 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 10:32 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 10:32 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 21:25 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 21:25 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 21:25 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 21:25 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 21:25 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 21:25 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 21:25 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 21:25 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 21:25 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 21:25 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 21:25 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 21:25 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 21:25 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 21:25 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 21:25 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 21:25 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 21:25 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 21:25 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 21:25 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-09 21:51 - 2012-07-09 21:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{CDF4ED61-22DF-4B01-9189-225F06E4695C}
2012-07-09 21:51 - 2012-07-09 21:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{A59770FD-54E4-4125-B9E2-5360D8651A5B}
2012-07-07 12:03 - 2012-07-07 12:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{DF152E47-534D-4BF4-BDB7-67535E5E52A8}
2012-07-07 12:03 - 2012-07-07 12:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{76ECC84C-4693-47A8-B2D0-9DB9789E5503}
2012-07-06 23:03 - 2012-07-06 23:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{424A01CE-6D3D-404B-B413-4E2DE21C01F6}
2012-07-06 23:02 - 2012-07-06 23:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{7200DBAA-D6E1-4FDD-B81E-22C47876EE24}
2012-07-06 15:34 - 2012-08-03 18:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Amazon
2012-07-06 15:34 - 2012-07-06 15:34 - 00000000 ____D C:\Users\Owner\Documents\Amazon MP3
2012-07-06 11:02 - 2012-07-06 11:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{2325FB62-ED11-4393-9C17-6E0C01FEFE2F}
2012-07-06 11:02 - 2012-07-06 11:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{0038F97D-FF0B-4A41-9461-69282BD286DC}


============ 3 Months Modified Files ========================

2012-08-05 01:02 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-05 01:02 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-05 00:59 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-05 00:58 - 2009-07-14 00:10 - 01232789 ____A C:\Windows\WindowsUpdate.log
2012-08-05 00:55 - 2012-04-02 20:04 - 00024515 ____A C:\Windows\setupact.log
2012-08-05 00:55 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-05 00:49 - 2012-08-05 00:49 - 00000244 ____A C:\Users\Owner\Desktop\defogger_enable.log
2012-08-05 00:49 - 2012-07-15 15:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-04 16:15 - 2012-08-04 16:15 - 00266288 ____A C:\Windows\Minidump\080412-23836-01.dmp
2012-08-04 16:14 - 2012-08-04 16:14 - 746521805 ____A C:\Windows\MEMORY.DMP
2012-08-04 16:12 - 2009-07-14 00:08 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-04 14:58 - 2012-08-04 14:58 - 00037005 ____A C:\Users\Owner\Desktop\FRST (2).txt
2012-08-04 14:40 - 2012-04-19 15:27 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-04 14:40 - 2012-04-02 20:20 - 00610990 ____A C:\Windows\PFRO.log
2012-08-04 14:36 - 2012-08-04 22:20 - 00892822 ____A (Farbar) C:\Users\Owner\Desktop\frst.exe
2012-08-04 14:36 - 2012-08-04 14:36 - 00892822 ____A (Farbar) C:\Users\Owner\Downloads\FRST(1).exe
2012-08-04 12:54 - 2012-08-04 12:29 - 90865408 ____A C:\Users\Owner\Downloads\xh33vyeu.exe
2012-08-04 12:10 - 2012-08-04 12:10 - 00693139 ____A (Farbar) C:\Users\Owner\Downloads\FSS.exe
2012-08-04 11:53 - 2012-08-04 11:53 - 00693139 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe
2012-08-04 11:30 - 2012-08-04 11:30 - 01439619 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2012-08-04 11:29 - 2012-08-04 11:29 - 00892822 ____A (Farbar) C:\Users\Owner\Downloads\FRST.exe
2012-08-03 23:55 - 2012-04-02 20:04 - 00034978 ____A C:\Windows\DPINST.LOG
2012-08-03 23:54 - 2012-08-03 23:52 - 08455616 ____A (Intel® Corporation) C:\Users\Owner\Downloads\Wireless_14.3.1_Ds64.exe
2012-08-03 23:50 - 2012-04-01 01:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 23:50 - 2011-09-18 23:38 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-03 22:25 - 2012-08-03 22:25 - 00001132 ____A C:\Users\Owner\Desktop\NetStat Agent.lnk
2012-08-03 22:21 - 2012-08-03 22:21 - 03175099 ____A (Flexbyte Software ) C:\Users\Owner\Desktop\netagent-setup.exe
2012-08-03 21:54 - 2012-08-03 21:54 - 00013327 ____A C:\Users\Owner\Desktop\netstatremain.txt
2012-08-03 20:06 - 2012-08-03 20:06 - 00010886 ____A C:\Users\Owner\Desktop\netstatoa.txt
2012-08-03 19:32 - 2012-08-03 19:32 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2012-08-03 19:22 - 2012-04-02 20:20 - 04999064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-03 17:43 - 2012-04-02 21:56 - 00134912 ____A C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-03 17:41 - 2012-08-03 17:41 - 00026958 ____A C:\Windows\RPSETUP.EXE.LOG
2012-08-03 17:41 - 2012-08-03 17:41 - 00026958 ____A C:\RPSetup.exe.log
2012-08-03 14:10 - 2012-08-03 14:10 - 00009415 ____A C:\Users\Owner\Desktop\Attach2.txt
2012-08-03 14:09 - 2012-08-03 14:09 - 00031812 ____A C:\Users\Owner\Desktop\DDS2.txt
2012-08-03 14:00 - 2012-08-03 07:00 - 00000472 ____A C:\Users\Owner\Desktop\defogger_disable.log
2012-08-03 13:24 - 2012-08-03 13:24 - 00023268 ____A C:\ComboFix.txt
2012-08-03 13:09 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-08-03 12:38 - 2012-08-03 12:38 - 00024568 ____A C:\Users\Owner\Desktop\combofix.txt
2012-08-03 11:36 - 2012-08-03 11:36 - 02841104 ____A (Symantec Corporation) C:\Users\Owner\Desktop\NPE (1).exe
2012-08-03 07:14 - 2012-08-03 07:14 - 00008738 ____A C:\Users\Owner\Desktop\Attach.txt
2012-08-03 07:11 - 2012-08-03 07:11 - 00031214 ____A C:\Users\Owner\Desktop\DDS.txt
2012-08-03 07:05 - 2012-08-03 07:05 - 00001091 ____A C:\Users\Owner\Desktop\checkup.txt
2012-08-03 06:58 - 2012-08-03 06:58 - 00050477 ____A C:\Users\Owner\Desktop\Defogger.exe
2012-08-03 06:36 - 2012-08-03 06:33 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2012-08-02 19:33 - 2012-08-02 19:33 - 00001184 ____A C:\Users\Public\Desktop\Install Microsoft Mouse and Keyboard Center.lnk
2012-08-02 11:53 - 2012-07-29 15:35 - 00128512 __ASH C:\Users\Owner\Downloads\Thumbs.db
2012-08-01 22:25 - 2012-07-31 17:49 - 00082944 __ASH C:\Users\Owner\Desktop\Thumbs.db
2012-07-30 18:38 - 2012-07-30 18:38 - 00000489 ____A C:\Users\Owner\Documents\sigfile.html
2012-07-30 11:50 - 2012-07-30 11:50 - 00002092 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-07-30 11:49 - 2012-07-30 11:46 - 18650072 ____A (Mozilla) C:\Users\Owner\Downloads\Thunderbird Setup 14.0.exe
2012-07-30 11:26 - 2012-07-30 11:25 - 00018432 __ASH C:\Users\Owner\Thumbs.db
2012-07-30 00:01 - 2012-07-30 00:00 - 22617148 ____A C:\Users\Owner\Downloads\vlc-2.0.3-win32.exe
2012-07-29 23:57 - 2012-07-29 23:58 - 00760128 ____A (RealNetworks, Inc.) C:\Users\Owner\Downloads\RealPlayer.exe
2012-07-29 15:43 - 2012-04-19 15:27 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-07-21 20:47 - 2012-07-21 20:46 - 00006656 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-20 00:29 - 2012-07-20 00:29 - 00002122 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-07-20 00:29 - 2012-07-20 00:29 - 00001617 ____A C:\Users\Owner\Desktop\DivX Movies.lnk
2012-07-20 00:29 - 2012-07-20 00:29 - 00001118 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-07-20 00:27 - 2012-07-20 00:27 - 00933256 ____A (DivX, LLC) C:\Users\Owner\Downloads\DivXInstaller.exe
2012-07-20 00:25 - 2012-07-20 00:25 - 01716869 ____A (Alexander Vigovsky ) C:\Users\Owner\Downloads\ac3filter_2_5b_lite.exe
2012-07-20 00:23 - 2012-07-20 00:23 - 04563950 ____A (Alexander Vigovsky ) C:\Users\Owner\Downloads\ac3filter_2_5b.exe
2012-07-11 10:36 - 2012-07-11 10:35 - 00265318 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 10:33 - 2011-09-12 10:45 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-05 19:52 - 2012-07-05 19:52 - 00012532 ____A C:\Users\Owner\Downloads\HG External Contact List.xlsx
2012-07-03 15:22 - 2012-07-03 15:16 - 00001173 ____A C:\Windows\NeatUninstall.LOG
2012-07-03 00:56 - 2012-07-03 00:56 - 00276782 ____A C:\Users\Owner\Documents\Publication2.ppp
2012-07-02 19:34 - 2012-07-02 17:48 - 00148830 ____A C:\Windows\System32\sdtn
2012-07-02 18:26 - 2012-07-02 18:25 - 102891848 ____A C:\Users\Owner\Desktop\Neat_v5.0.26.85_UPDATE.sfx.exe
2012-07-02 11:46 - 2012-07-02 11:46 - 00157696 ____A C:\Users\Owner\Downloads\TravelExpenseVouchers.ppt
2012-07-01 16:49 - 2012-07-01 16:49 - 04212224 ____A C:\Users\Owner\Downloads\U_0090_01_P.msi
2012-06-26 19:04 - 2012-06-26 19:04 - 00650752 ____A C:\Users\Owner\Downloads\MicrosoftFixit50229.msi
2012-06-25 16:04 - 2012-06-25 16:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-21 13:47 - 2012-06-21 13:47 - 10658936 ____A (Poikosoft) C:\Users\Owner\Downloads\easy_cdda_extractor_setup.exe
2012-06-20 01:03 - 2012-06-20 01:03 - 00024576 ____A C:\{BDDD3514-076E-4377-8B2F-EEE9B0509D97}
2012-06-20 01:03 - 2012-06-20 01:03 - 00002464 ____A C:\{DBE88219-8A86-4A9F-8FB6-6914BBA65A58}
2012-06-19 23:29 - 2012-06-19 23:29 - 00001055 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-19 23:21 - 2012-06-19 23:20 - 16577248 ____A (Mozilla) C:\Users\Owner\Downloads\Firefox Setup 13.0.1.exe
2012-06-18 12:09 - 2012-06-18 12:09 - 00686080 ____A C:\Users\Owner\Downloads\SDP_SE_CE_6162012.xls
2012-06-15 17:04 - 2012-06-15 17:04 - 00933256 ____A (DivX, LLC) C:\Users\Owner\Downloads\DivXWebPlayerInstaller.exe
2012-06-14 13:47 - 2012-06-14 12:48 - 12155541 ____A C:\Users\Owner\Downloads\mvc-pdf-to-powerpoint-converter.exe
2012-06-14 13:46 - 2012-06-14 13:46 - 00002122 ____A C:\Users\Public\Desktop\Serif PagePlus X6.lnk
2012-06-14 13:37 - 2012-06-14 12:48 - 1192227808 ____A (Serif (Europe) Ltd., support@serif.co.uk) C:\Users\Owner\Downloads\ESDPK-PPX6-PagePlusX6-US.exe
2012-06-13 18:03 - 2012-06-13 18:02 - 08785560 ____A (Symantec Corporation) C:\Users\Owner\Downloads\NortonOnlineBackup (1).exe
2012-06-11 22:08 - 2012-07-11 10:36 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 00:43 - 2012-07-10 21:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-10 21:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 16:45 - 2012-06-06 16:45 - 00044372 ____A C:\Users\Owner\Downloads\BOA From March.csv
2012-06-06 01:06 - 2012-07-10 21:25 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-10 21:25 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-10 21:25 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-10 21:25 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-10 21:25 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-10 21:25 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 15:33 - 2012-06-04 15:33 - 00001800 ____A C:\Users\Public\Desktop\Quicken Home & Business 2012.lnk
2012-06-04 15:33 - 2012-06-04 15:33 - 00000126 ____A C:\Windows\QUICKEN.INI
2012-06-02 17:19 - 2012-06-24 14:38 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-24 14:38 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-24 14:38 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-24 14:38 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-24 14:38 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-24 14:38 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-24 14:38 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-24 14:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-24 14:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:49 - 2012-07-11 10:32 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 07:17 - 2012-07-11 10:32 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 07:12 - 2012-07-11 10:32 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 07:05 - 2012-07-11 10:32 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 07:05 - 2012-07-11 10:32 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 07:04 - 2012-07-11 10:32 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 07:04 - 2012-07-11 10:32 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 07:03 - 2012-07-11 10:32 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 07:01 - 2012-07-11 10:32 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 07:00 - 2012-07-11 10:32 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 06:59 - 2012-07-11 10:32 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 06:57 - 2012-07-11 10:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 06:57 - 2012-07-11 10:32 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 06:54 - 2012-07-11 10:32 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 04:07 - 2012-07-11 10:32 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 03:43 - 2012-07-11 10:32 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 03:33 - 2012-07-11 10:32 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 03:26 - 2012-07-11 10:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 03:25 - 2012-07-11 10:32 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 03:25 - 2012-07-11 10:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 03:23 - 2012-07-11 10:32 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 03:21 - 2012-07-11 10:32 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 03:20 - 2012-07-11 10:32 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 03:19 - 2012-07-11 10:32 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 03:19 - 2012-07-11 10:32 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 03:17 - 2012-07-11 10:32 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 03:16 - 2012-07-11 10:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 03:14 - 2012-07-11 10:32 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 00:50 - 2012-07-10 21:25 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-10 21:25 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-10 21:25 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-10 21:25 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-10 21:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-10 21:25 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-10 21:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-10 21:25 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-10 21:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 12:25 - 2011-09-12 09:50 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-28 07:09 - 2012-05-28 07:09 - 02168416 ____A (Microsoft Corporation) C:\Windows\System32\coin91.dll
2012-05-28 07:09 - 2012-05-28 07:09 - 00052320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys
2012-05-25 09:12 - 2012-04-02 22:34 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-05-25 09:12 - 2012-04-02 22:34 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-05-23 22:17 - 2012-05-23 22:17 - 00025088 ____A C:\Users\Owner\Downloads\CONFIDENTIAL HEGR Employee Database.xlsx
2012-05-23 10:32 - 2012-05-23 10:32 - 00012279 ____A C:\Users\Owner\Downloads\Bonus Grid 2011.08.22.xlsx
2012-05-23 10:05 - 2012-05-23 10:05 - 00016873 ____A C:\Users\Owner\Downloads\HEGR Employee Database.xlsx
2012-05-23 10:00 - 2012-05-23 09:59 - 39031090 ____A C:\Users\Owner\Downloads\Doc 1- Jessica.zip
2012-05-21 01:18 - 2012-05-21 01:18 - 00037252 ____A C:\Users\Owner\Documents\Fw_ Fwd_ Lillian Street, Tenant call.eml
2012-05-15 14:02 - 2012-05-15 14:02 - 01606064 ____A C:\Users\Owner\Downloads\googletalk-setup.exe
2012-05-14 20:10 - 2012-05-14 20:10 - 00082894 ____A C:\Users\Owner\Downloads\Golden Flower Self Adhesive Wall Clings 350-0202 Tree Wall Decals.htm

ZeroAccess:
C:\Users\Owner\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}
C:\Users\Owner\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@
C:\Users\Owner\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L
C:\Users\Owner\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 31%
Total physical RAM: 8086.17 MB
Available physical RAM: 5523.41 MB
Total Pagefile: 16170.53 MB
Available Pagefile: 13653.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:618.37 GB) NTFS
3 Drive e: (Lexar) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 7650 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 14 GB 102 MB
Partition 3 Primary 683 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 683 GB Healthy Boot

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7648 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lexar FAT32 Removable 7648 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-28 12:15

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by Owner at 2012-08-05 01:38:32
Running from C:\Users\Owner\Desktop

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-08-03 12:16] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:19 PM

Posted 05 August 2012 - 11:08 AM

ok,

let's try this

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 nashvegas12

nashvegas12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:19 PM

Posted 05 August 2012 - 12:28 PM

Here is the combofix log report:

ComboFix 12-08-05.02 - Owner 08/05/2012 12:15:05.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5961 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120805014903.109999
c:\programdata\boost_interprocess\20120805014903.109999\Nobu64AgentService
c:\programdata\boost_interprocess\20120805014903.109999\Nobu64TrayIcon
c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 17:18 . 2012-08-05 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 07:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A9F7689-6A4A-4797-873D-5B9897A305FB}\mpengine.dll
2012-08-02 21:18 . 2012-08-02 21:18 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2012-07-30 16:50 . 2012-07-30 16:50 -------- d-----w- c:\users\Owner\AppData\Roaming\Thunderbird
2012-07-30 16:50 . 2012-07-30 16:50 -------- d-----w- c:\users\Owner\AppData\Local\Thunderbird
2012-07-30 16:50 . 2012-07-30 16:50 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-07-20 05:34 . 2012-07-20 05:34 -------- d-----w- c:\users\Owner\AppData\Local\DDMSettings
2012-07-11 15:36 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:25 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-06 20:34 . 2012-08-03 23:12 -------- d-----w- c:\users\Owner\AppData\Roaming\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 04:50 . 2012-04-01 06:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 04:50 . 2011-09-19 04:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 15:33 . 2011-09-12 15:45 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-02 22:19 . 2012-06-24 19:38 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 19:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 19:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 19:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 19:38 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 19:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 19:38 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-24 19:38 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-24 19:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2011-09-12 14:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 12:09 . 2012-05-28 12:09 52320 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-05-28 12:09 . 2012-05-28 12:09 2168416 ----a-w- c:\windows\system32\coin91.dll
2012-05-25 14:12 . 2012-04-03 03:34 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MLSPropertyMessenger.lnk - c:\program files (x86)\MLSPropertyMessenger\MLSPropertyMessenger.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-04-03 96376]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120803.002\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 Agent;Agent;c:\windows\agent_x64.exe [2011-08-24 102912]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-12 8616448]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 04:50]
.
2012-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ps4ii1jb.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run - c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:79,3b,de,f3,25,72,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 12:20:25
ComboFix-quarantined-files.txt 2012-08-05 17:20
ComboFix2.txt 2012-08-03 18:24
.
Pre-Run: 657,239,306,240 bytes free
Post-Run: 656,909,488,128 bytes free
.
- - End Of File - - EF778EAC73CDDC2C834E25020EBB9871

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:19 PM

Posted 05 August 2012 - 12:44 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
C:\Users\Owner\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 nashvegas12

nashvegas12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:19 PM

Posted 05 August 2012 - 03:47 PM

Thanks again for your continued help! Here are the logs requested:

ComboFix 12-08-05.02 - Owner 08/05/2012 13:44:11.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6589 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120805132739.109999
c:\programdata\boost_interprocess\20120805132739.109999\Nobu64AgentService
c:\programdata\boost_interprocess\20120805132739.109999\Nobu64TrayIcon
c:\users\Owner\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}
c:\users\Owner\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 18:47 . 2012-08-05 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 07:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A9F7689-6A4A-4797-873D-5B9897A305FB}\mpengine.dll
2012-08-02 21:18 . 2012-08-02 21:18 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2012-07-30 16:50 . 2012-07-30 16:50 -------- d-----w- c:\users\Owner\AppData\Roaming\Thunderbird
2012-07-30 16:50 . 2012-07-30 16:50 -------- d-----w- c:\users\Owner\AppData\Local\Thunderbird
2012-07-30 16:50 . 2012-07-30 16:50 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-07-20 05:34 . 2012-07-20 05:34 -------- d-----w- c:\users\Owner\AppData\Local\DDMSettings
2012-07-11 15:36 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:25 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-06 20:34 . 2012-08-03 23:12 -------- d-----w- c:\users\Owner\AppData\Roaming\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 04:50 . 2012-04-01 06:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 04:50 . 2011-09-19 04:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 15:33 . 2011-09-12 15:45 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-02 22:19 . 2012-06-24 19:38 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 19:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 19:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 19:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 19:38 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 19:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 19:38 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-24 19:38 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-24 19:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2011-09-12 14:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 12:09 . 2012-05-28 12:09 52320 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-05-28 12:09 . 2012-05-28 12:09 2168416 ----a-w- c:\windows\system32\coin91.dll
2012-05-25 14:12 . 2012-04-03 03:34 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_17.18.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-08-05 18:29 31646 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-09-12 15:15 . 2012-08-05 06:51 19160 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1374961249-3941484669-1508635706-1000_UserData.bin
+ 2011-09-12 15:15 . 2012-08-05 18:29 19160 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1374961249-3941484669-1508635706-1000_UserData.bin
- 2012-08-05 06:49 . 2012-08-05 06:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 18:02 . 2012-08-05 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-05 06:49 . 2012-08-05 06:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-05 18:02 . 2012-08-05 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-08-05 15:46 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-05 18:32 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-05 18:32 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-05 15:46 106756 c:\windows\system32\perfc009.dat
- 2012-08-02 18:54 . 2012-08-05 05:31 676944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-08-02 18:54 . 2012-08-05 18:00 676944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-05 05:51 453840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-05 18:00 453840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-12 15:08 . 2012-08-05 18:00 20206964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1374961249-3941484669-1508635706-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MLSPropertyMessenger.lnk - c:\program files (x86)\MLSPropertyMessenger\MLSPropertyMessenger.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-12 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-04-03 96376]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120803.002\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 Agent;Agent;c:\windows\agent_x64.exe [2011-08-24 102912]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-12 8616448]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 04:50]
.
2012-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ps4ii1jb.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:79,3b,de,f3,25,72,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 13:49:23
ComboFix-quarantined-files.txt 2012-08-05 18:49
ComboFix2.txt 2012-08-05 17:20
ComboFix3.txt 2012-08-03 18:24
.
Pre-Run: 657,273,454,592 bytes free
Post-Run: 657,180,438,528 bytes free
.
- - End Of File - - 7775106F534F1CCD1127DDCA167B13B1


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

8/5/2012 2:04:53 PM
mbam-log-2012-08-05 (14-04-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199571
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Scan

C:\Users\Owner\Downloads\ac3filter_2_5b.exe Win32/OpenCandy application
C:\Users\Owner\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:19 PM

Posted 05 August 2012 - 04:21 PM

If you no longer need these installer files, then right click and delete them:

C:\Users\Owner\Downloads\ac3filter_2_5b.exe Win32/OpenCandy application
C:\Users\Owner\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application

they are not necessarily bad, they just come bundled with adware

please run the following:

  • Please download MiniToolBox and save it to your desktop and run it.Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 nashvegas12

nashvegas12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:19 PM

Posted 05 August 2012 - 04:43 PM

Mini Tool Box Log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 05-08-2012 at 16:33:48
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #3
Physical Address. . . . . . . . . : BC-77-37-C8-21-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : BC-77-37-C8-21-30
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : BC-77-37-C8-21-30
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
Physical Address. . . . . . . . . : BC-77-37-C8-21-2F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:62c1:a47a:e472:3879:2f02:a7c8:99dc(Preferred)
Temporary IPv6 Address. . . . . . : 2002:62c1:a47a:e472:6505:918f:44cc:882(Preferred)
Link-local IPv6 Address . . . . . : fe80::3879:2f02:a7c8:99dc%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 05, 2012 1:28:13 PM
Lease Expires . . . . . . . . . . : Monday, August 06, 2012 2:14:05 PM
Default Gateway . . . . . . . . . : fe80::e246:9aff:fe84:2ee%11
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 230455095
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8B-60-58-14-FE-B5-B4-06-F9
DNS Servers . . . . . . . . . . . : fe80::e246:9aff:fe84:2ee%11
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : globalsuite.net
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 14-FE-B5-B4-06-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1cd5:3e08:9d3e:5b85(Preferred)
Link-local IPv6 Address . . . . . : fe80::1cd5:3e08:9d3e:5b85%26(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C269D93A-139D-41E6-8BC5-DF2B7F6D5253}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fe80::e246:9aff:fe84:2ee

Name: google.com
Addresses: 2001:4860:800a::8b
74.125.134.139
74.125.134.138
74.125.134.102
74.125.134.101
74.125.134.113
74.125.134.100


Pinging google.com [74.125.137.139] with 32 bytes of data:
Reply from 74.125.137.139: bytes=32 time=20ms TTL=48
Reply from 74.125.137.139: bytes=32 time=22ms TTL=48

Ping statistics for 74.125.137.139:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 22ms, Average = 21ms
Server: UnKnown
Address: fe80::e246:9aff:fe84:2ee

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=312ms TTL=50
Reply from 98.139.183.24: bytes=32 time=540ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 312ms, Maximum = 540ms, Average = 426ms
Server: UnKnown
Address: fe80::e246:9aff:fe84:2ee

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
25...bc 77 37 c8 21 33 ......Bluetooth Device (Personal Area Network) #3
21...bc 77 37 c8 21 30 ......Microsoft Virtual WiFi Miniport Adapter #2
20...bc 77 37 c8 21 30 ......Microsoft Virtual WiFi Miniport Adapter
11...bc 77 37 c8 21 2f ......Intel® Centrino® Wireless-N 1030
10...14 fe b5 b4 06 f9 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 4121 ::/0 fe80::e246:9aff:fe84:2ee
1 306 ::1/128 On-link
26 58 2001::/32 On-link
26 306 2001:0:4137:9e76:1cd5:3e08:9d3e:5b85/128
On-link
11 33 2002:62c1:a47a:e472::/64 On-link
11 281 2002:62c1:a47a:e472:3879:2f02:a7c8:99dc/128
On-link
11 281 2002:62c1:a47a:e472:6505:918f:44cc:882/128
On-link
11 281 fe80::/64 On-link
26 306 fe80::/64 On-link
26 306 fe80::1cd5:3e08:9d3e:5b85/128
On-link
11 281 fe80::3879:2f02:a7c8:99dc/128
On-link
1 306 ff00::/8 On-link
26 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/03/2012 05:59:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: setCED9.tmp, version: 9.1.0.429, time stamp: 0x3fb01c5d
Faulting module name: setCED9.tmp, version: 9.1.0.429, time stamp: 0x3fb01c5d
Exception code: 0xc0000005
Fault offset: 0x0000814b
Faulting process id: 0x197c
Faulting application start time: 0xsetCED9.tmp0
Faulting application path: setCED9.tmp1
Faulting module path: setCED9.tmp2
Report Id: setCED9.tmp3

Error: (08/03/2012 05:44:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: setE9E7.tmp, version: 9.1.0.429, time stamp: 0x3fb01c5d
Faulting module name: setE9E7.tmp, version: 9.1.0.429, time stamp: 0x3fb01c5d
Exception code: 0xc0000005
Fault offset: 0x0000814b
Faulting process id: 0x131c
Faulting application start time: 0xsetE9E7.tmp0
Faulting application path: setE9E7.tmp1
Faulting module path: setE9E7.tmp2
Report Id: setE9E7.tmp3

Error: (08/03/2012 04:06:31 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (08/02/2012 08:56:24 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{cadd0953-97e4-11e0-a3f8-806e6f6e6963} - 0000000000000068,0x0053c008,0000000000240B20,0,000000000023E020,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (07/27/2012 10:31:12 AM) (Source: Application Hang) (User: )
Description: The program DivX Plus Player.exe version 10.3.3.10 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1218

Start Time: 01cd6c0cbc4d41d7

Termination Time: 8

Application Path: C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe

Report Id: 13808180-d800-11e1-a0ad-bc7737c82133

Error: (07/26/2012 04:15:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: DivX Plus Player.exe, version: 10.3.3.10, time stamp: 0x4fc81d6c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2e2e2eff
Faulting process id: 0x122c
Faulting application start time: 0xDivX Plus Player.exe0
Faulting application path: DivX Plus Player.exe1
Faulting module path: DivX Plus Player.exe2
Report Id: DivX Plus Player.exe3

Error: (07/23/2012 10:18:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: DivX Plus Player.exe, version: 10.3.3.10, time stamp: 0x4fc81d6c
Faulting module name: DPXDownloadManagerPlugin.dll, version: 10.3.3.10, time stamp: 0x4fc81d9e
Exception code: 0xc0000005
Fault offset: 0x0000a0a7
Faulting process id: 0x558
Faulting application start time: 0xDivX Plus Player.exe0
Faulting application path: DivX Plus Player.exe1
Faulting module path: DivX Plus Player.exe2
Report Id: DivX Plus Player.exe3

Error: (07/23/2012 10:17:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: DivX Plus Player.exe, version: 10.3.3.10, time stamp: 0x4fc81d6c
Faulting module name: DPXDownloadManagerPlugin.dll, version: 10.3.3.10, time stamp: 0x4fc81d9e
Exception code: 0xc0000005
Fault offset: 0x0000a0a7
Faulting process id: 0x169c
Faulting application start time: 0xDivX Plus Player.exe0
Faulting application path: DivX Plus Player.exe1
Faulting module path: DivX Plus Player.exe2
Report Id: DivX Plus Player.exe3

Error: (07/23/2012 10:16:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: DivX Plus Player.exe, version: 10.3.3.10, time stamp: 0x4fc81d6c
Faulting module name: QtCore4.dll, version: 4.5.0.0, time stamp: 0x49a6280b
Exception code: 0xc0000005
Fault offset: 0x000e1b16
Faulting process id: 0x1770
Faulting application start time: 0xDivX Plus Player.exe0
Faulting application path: DivX Plus Player.exe1
Faulting module path: DivX Plus Player.exe2
Report Id: DivX Plus Player.exe3

Error: (07/23/2012 10:13:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: DivX Plus Player.exe, version: 10.3.3.10, time stamp: 0x4fc81d6c
Faulting module name: QtCore4.dll, version: 4.5.0.0, time stamp: 0x49a6280b
Exception code: 0xc0000005
Fault offset: 0x000e1b16
Faulting process id: 0x514
Faulting application start time: 0xDivX Plus Player.exe0
Faulting application path: DivX Plus Player.exe1
Faulting module path: DivX Plus Player.exe2
Report Id: DivX Plus Player.exe3


System errors:
=============
Error: (08/05/2012 01:47:59 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/05/2012 01:47:34 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/05/2012 01:47:34 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/05/2012 01:46:07 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/05/2012 01:27:57 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:26:57 PM on ?8/?5/?2012 was unexpected.

Error: (08/05/2012 01:02:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
BHDrvx64
ccSet_N360
DfsC
discache
eeCtrl
IDSVia64
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
SRTSPX
SymIRON
SymNetS
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl

Error: (08/05/2012 01:02:11 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (08/05/2012 01:02:11 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (08/05/2012 01:02:11 PM) (Source: Service Control Manager) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (08/05/2012 01:02:11 PM) (Source: Service Control Manager) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/03/2012 05:59:37 PM) (Source: Application Error)(User: )
Description: setCED9.tmp9.1.0.4293fb01c5dsetCED9.tmp9.1.0.4293fb01c5dc00000050000814b197c01cd71cba7923b67C:\Users\Owner\AppData\Local\Temp\setCED9.tmpC:\Users\Owner\AppData\Local\Temp\setCED9.tmpe585a3f9-ddbe-11e1-8bca-bc7737c82133

Error: (08/03/2012 05:44:30 PM) (Source: Application Error)(User: )
Description: setE9E7.tmp9.1.0.4293fb01c5dsetE9E7.tmp9.1.0.4293fb01c5dc00000050000814b131c01cd71c988d6dbb0C:\Users\Owner\AppData\Local\Temp\setE9E7.tmpC:\Users\Owner\AppData\Local\Temp\setE9E7.tmpc9179844-ddbc-11e1-8bca-bc7737c82133

Error: (08/03/2012 04:06:31 PM) (Source: Windows Backup)(User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)

Error: (08/02/2012 08:56:24 AM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{cadd0953-97e4-11e0-a3f8-806e6f6e6963} - 0000000000000068,0x0053c008,0000000000240B20,0,000000000023E020,4096,[0])0x80070079, The semaphore timeout period has expired.


Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (07/27/2012 10:31:12 AM) (Source: Application Hang)(User: )
Description: DivX Plus Player.exe10.3.3.10121801cd6c0cbc4d41d78C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe13808180-d800-11e1-a0ad-bc7737c82133

Error: (07/26/2012 04:15:13 PM) (Source: Application Error)(User: )
Description: DivX Plus Player.exe10.3.3.104fc81d6cunknown0.0.0.000000000c00000052e2e2eff122c01cd6b6e955cdd90C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exeunknownfc8aa58f-d766-11e1-a0ad-bc7737c82133

Error: (07/23/2012 10:18:03 PM) (Source: Application Error)(User: )
Description: DivX Plus Player.exe10.3.3.104fc81d6cDPXDownloadManagerPlugin.dll10.3.3.104fc81d9ec00000050000a0a755801cd694ac03e8f53C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exeC:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll2d905d25-d53e-11e1-8a7a-bc7737c82133

Error: (07/23/2012 10:17:53 PM) (Source: Application Error)(User: )
Description: DivX Plus Player.exe10.3.3.104fc81d6cDPXDownloadManagerPlugin.dll10.3.3.104fc81d9ec00000050000a0a7169c01cd694aded38786C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exeC:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll275fa5e1-d53e-11e1-8a7a-bc7737c82133

Error: (07/23/2012 10:16:35 PM) (Source: Application Error)(User: )
Description: DivX Plus Player.exe10.3.3.104fc81d6cQtCore4.dll4.5.0.049a6280bc0000005000e1b16177001cd694aa76ccdbeC:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exeC:\Program Files (x86)\Common Files\DivX Shared\Qt4.5\QtCore4.dllf8d7a695-d53d-11e1-8a7a-bc7737c82133

Error: (07/23/2012 10:13:15 PM) (Source: Application Error)(User: )
Description: DivX Plus Player.exe10.3.3.104fc81d6cQtCore4.dll4.5.0.049a6280bc0000005000e1b1651401cd694425cc30a3C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exeC:\Program Files (x86)\Common Files\DivX Shared\Qt4.5\QtCore4.dll81f6f792-d53d-11e1-8a7a-bc7737c82133


=========================== Installed Programs ============================

Adobe AIR (Version: 3.2.0.2070)
Adobe Download Assistant (Version: 1.0.5)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
Advanced Audio FX Engine (Version: 1.12.05)
Amazon Kindle
Avery Template (Version: 2.0.0.0)
Best Buy pc app (Version: 3.1.0.0)
Canon Easy-PhotoPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon Utilities Solution Menu
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Product Registration (Version: 1.0.6)
Dell Support Center (Version: 3.1.5907.39)
Dell Touchpad (Version: 7.1209.101.204)
Dell Webcam Central (Version: 2.00.35)
DivX Setup (Version: 2.6.1.9)
Dropbox (Version: 1.4.7)
ESET Online Scanner v3
Google Talk (remove only)
H&R Block Louisiana 2011 (Version: 1.11.2901)
H&R Block Premium + Efile + State 2011 (Version: 11.07.6901)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2342)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.1000)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.27.0)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 31 (Version: 6.0.310)
join.me (Version: 1.5.2.214)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mozilla Thunderbird 14.0 (x86 en-US) (Version: 14.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyFax® Print-to-Fax Assistant (Version: 2.3.0)
Neat (Version: 5.0.26.85)
Neat ADF Scanner 2008 Driver (Version: 2.0.0.61)
Neat ADF Scanner Driver (Version: 2.0.2.1)
Neat Core Files (Version: 5.0.26.85)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.17.0)
NetStat Agent 3.4 (Version: 3.4)
Norton 360 Premier Edition (Version: 6.2.1.5)
Norton Online Backup (Version: 2.2.1.35)
Quicken 2012 (Version: 21.1.7.18)
Quickset64 (Version: 11.0.15)
Realtek High Definition Audio Driver (Version: 6.0.1.6312)
Send To Neat (Version: 1.0.0.0)
Serif PagePlus X6 (Version: 16.0.1.25)
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.10 (Version: 5.10.116)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Devices: ================================

Name: Symantec Eraser Control driver
Description: Symantec Eraser Control driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: eeCtrl

Name: ACPI Sleep Button
Description: ACPI Sleep Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Turbo Boost UI Monitor driver
Description: Turbo Boost UI Monitor driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TurboB

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio

Name: Intel® Core™ i5-2410M CPU @ 2.30GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr

Name: Renesas Electronics USB 3.0 Root Hub
Description: Renesas Electronics USB 3.0 Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Renesas Electronics
Service: nusb3hub
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: NAVENG
Description: NAVENG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NAVENG

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi

Name: Microsoft Hardware USB Mouse
Description: Microsoft Hardware USB Mouse
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: HidUsb

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: Direct Application Launch Button
Description: Direct Application Launch Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: NEC Electronics USB 3.0 Host Controller
Description: NEC Electronics USB 3.0 Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: NEC Electronics
Service: nusb3xhc

Name: NAVEX15
Description: NAVEX15
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NAVEX15

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Symantec SMR Utility Service 2.5.0
Description: Symantec SMR Utility Service 2.5.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SMR250

Name: Lexar JumpDrive USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI

Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Microsoft USB Dual Receiver Wireless Keyboard (IntelliType Pro)
Description: Microsoft USB Dual Receiver Wireless Keyboard (IntelliType Pro)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kbdhid

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vwififlt

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Microsoft Hardware USB Wireless Mouse
Description: Microsoft Hardware USB Wireless Mouse
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: HidUsb

Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot

Name: Symantec Real Time Storage Protection (PEL) x64
Description: Symantec Real Time Storage Protection (PEL) x64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SRTSPX

Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor

Name: Microsoft Mouse and Keyboard Detection Driver (USB)
Description: Microsoft Mouse and Keyboard Detection Driver (USB)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbccgp

Name: Dell Touchpad
Description: Dell Touchpad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Alps Electric
Service: i8042prt

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr

Name: Intel® Centrino® Wireless-N 1030
Description: Intel® Centrino® Wireless-N 1030
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: WDKMD
Description: WDKMD
Class Guid: {034f6fb2-1bcc-41c9-9fd2-dbb357de0838}
Manufacturer: (Standard system devices)
Service: wdkmd

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB

Name: Microsoft Bluetooth Enumerator
Description: Microsoft Bluetooth Enumerator
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthEnum

Name: EraserUtilRebootDrv
Description: EraserUtilRebootDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: EraserUtilRebootDrv

Name: Intel® Core™ i5-2410M CPU @ 2.30GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: BVRPMPR5a64 NDIS Protocol Driver
Description: BVRPMPR5a64 NDIS Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BVRPMPR5a64

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: 2nd generation Intel® Core™ processor family DRAM Controller - 0104
Description: 2nd generation Intel® Core™ processor family DRAM Controller - 0104
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Intel® 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Description: Intel® 6 Series/C200 Series Chipset Family SMBus Controller - 1C22
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Microsoft USB Dual Receiver Wireless Mouse (IntelliPoint)
Description: Microsoft USB Dual Receiver Wireless Mouse (IntelliPoint)
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid

Name: Microsoft ISATAP Adapter #6
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: Norton 360 Settings Manager
Description: Norton 360 Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_N360

Name: Winsock IFS Driver
Description: Winsock IFS Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ws2ifsl

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Microsoft ISATAP Adapter #7
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: HL-DT-ST DVD+-RW GT32N
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: Symantec Data Store
Description: Symantec Data Store
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymDS

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Bluetooth Device (Personal Area Network) #3
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan

Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp

Name: Intel® HD Graphics Family
Description: Intel® HD Graphics Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® Core™ i5-2410M CPU @ 2.30GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft Hardware USB Keyboard
Description: Microsoft Hardware USB Keyboard
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: HidUsb

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fvevol

Name: Intel® Display Audio
Description: Intel® Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® Centrino® Wireless-N + WiMAX 6150
Description: Intel® Centrino® Wireless-N + WiMAX 6150
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Canon MP620 ser Network
Description: Canon MP620 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam

Name: Lexar
Description: JumpDrive
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Lexar
Service: WUDFRd

Name: WDC WD7500BPKT-75PK4T0
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Intel® Mobile Express Chipset SATA AHCI Controller
Description: Intel® Mobile Express Chipset SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: iaStor

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci

Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CNG

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON

Name: Microsoft USB Wireless Mouse (IntelliPoint)
Description: Microsoft USB Wireless Mouse (IntelliPoint)
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus

Name: Bluetooth Device (RFCOMM Protocol TDI) #3
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM

Name: Microsoft ACPI-Compliant Embedded Controller
Description: Microsoft ACPI-Compliant Embedded Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Symantec Network Security WFP Driver
Description: Symantec Network Security WFP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymNetS

Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hwpolicy

Name: HID Non-User Input Data Filter (KB 911895)
Description: HID Non-User Input Data Filter (KB 911895)
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Intel® Core™ i5-2410M CPU @ 2.30GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: Compbatt

Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: IDSVia64
Description: IDSVia64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IDSVia64

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Intel® Management Engine Interface
Description: Intel® Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl

Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx

Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecPkg

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPREFMP

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP

Name: Intel® HM67 Express Chipset Family LPC Interface Controller - 1C4B
Description: Intel® HM67 Express Chipset Family LPC Interface Controller - 1C4B
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 8086.17 MB
Available physical RAM: 5374.45 MB
Total Pagefile: 16170.53 MB
Available Pagefile: 13629.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.75 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:611.76 GB) NTFS
2 Drive d: (malware bytes) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
3 Drive e: (Lexar) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner


**** End of log ****


Running FSS now, will post log shortly

#12 nashvegas12

nashvegas12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:19 PM

Posted 05 August 2012 - 04:49 PM

Farbar Service Scanner Version: 04-08-2012 01
Ran by Owner (administrator) on 05-08-2012 at 16:47:43
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:19 PM

Posted 05 August 2012 - 05:32 PM

please do the following:

Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 nashvegas12

nashvegas12
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:19 PM

Posted 05 August 2012 - 05:38 PM

Thank you again for your help and time today! You also asked how the computer is performing now. I am still experiencing connection problems and slowness. Dropping connection and getting error events in Norton log about connection. Every few minutes the cursor blinks and hourglass pops up for just a second or two. Also, I am still not able to use the recovery console via F8 boot or recovery disk or system image due to getting error about winload.exe missing or corrupt. Would those things be related to zeroaccess lurking somewhere?

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:19 PM

Posted 05 August 2012 - 06:04 PM

not necessarily

please run the following:

For 64bit systems please download Listparts64
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users