Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirection


  • This topic is locked This topic is locked
34 replies to this topic

#1 Samut

Samut

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 06 October 2012 - 11:00 AM

I have been seeing sporadic redirection from Google since about April. I have been trying various AV/anti-malware apps off and on since then. I'm running 64 bit Vista.

Here is my DDS log. I also have an Attach log but the directions and what I'm seeing in threads differ as to whether this is to be attached, pasted in, or neither unless it's requested.

Thank you for any assistance.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Shawn at 21:43:55 on 2012-10-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1512 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login_verify2?&.src=ym&rl=1
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [osCheck] "C:\Program Files (x86)\Norton 360\osCheck.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Shawn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ONLINE~1.LNK - C:\Windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
LSP: C:\Windows\system32\wpclsp.dll
Trusted Zone: nih.gov\mail
Trusted Zone: skillport.com\perotsystems
Trusted Zone: yahoo.com\login
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mail.hjf.org/iNotes6W.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{75697F6B-F900-4CD0-887C-8C05C717E254} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO-X64: NCO 2.0 IE BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
mRun-x64: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [osCheck] "C:\Program Files (x86)\Norton 360\osCheck.exe"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\qrfgkfrx.default\
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Shawn\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Shawn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20120927.001\IDSvia64.sys [2012-9-29 383096]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2011/01/13 23:58:20];C:\Program Files (x86)\HP\QuickPlay\000.fcl [2011-1-14 146928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE [2008-2-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 Symantec Core LC;Symantec Core LC;C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-7-5 1245064]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS --> C:\Windows\system32\Drivers\SYMNDISV.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-8-1 401920]
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 hcw85bda;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-9-10 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-9-10 218608]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-30 114144]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw4v64.sys --> C:\Windows\system32\DRIVERS\NETw4v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-11 89920]
S4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-3-17 92008]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-10-02 12:50:44 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4DCCACA-C4B9-40B0-8158-D56917AEA718}\mpengine.dll
2012-09-24 13:01:03 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-14 03:17:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-09-14 02:00:39 66552 ----a-w- C:\Windows\System32\drivers\mozy.sys
.
==================== Find3M ====================
.
2012-08-12 17:19:00 12562920 ----a-w- C:\ProgramData\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
2012-07-09 01:55:40 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-09 01:55:39 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:44:54.76 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 06 October 2012 - 06:52 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Samut

Samut
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 07 October 2012 - 06:10 PM

I'm here - when you have directions, I'm ready.

Thanks.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 07 October 2012 - 06:18 PM

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Samut

Samut
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 07 October 2012 - 08:28 PM

*************************************************************************************************************

20:44:47.0246 6064 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:44:49.0250 6064 ============================================================
20:44:49.0250 6064 Current date / time: 2012/10/07 20:44:49.0250
20:44:49.0250 6064 SystemInfo:
20:44:49.0250 6064
20:44:49.0250 6064 OS Version: 6.0.6002 ServicePack: 2.0
20:44:49.0250 6064 Product type: Workstation
20:44:49.0251 6064 ComputerName: DV9830
20:44:49.0251 6064 UserName: Shawn
20:44:49.0251 6064 Windows directory: C:\Windows
20:44:49.0251 6064 System windows directory: C:\Windows
20:44:49.0251 6064 Running under WOW64
20:44:49.0251 6064 Processor architecture: Intel x64
20:44:49.0251 6064 Number of processors: 2
20:44:49.0251 6064 Page size: 0x1000
20:44:49.0251 6064 Boot type: Normal boot
20:44:49.0251 6064 ============================================================
20:44:51.0372 6064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:44:51.0378 6064 ============================================================
20:44:51.0378 6064 \Device\Harddisk0\DR0:
20:44:51.0379 6064 MBR partitions:
20:44:51.0379 6064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23A1609B
20:44:51.0379 6064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23A160DA, BlocksNum 0x1A175E7
20:44:51.0379 6064 ============================================================
20:44:51.0461 6064 C: <-> \Device\Harddisk0\DR0\Partition1
20:44:51.0557 6064 D: <-> \Device\Harddisk0\DR0\Partition2
20:44:51.0557 6064 ============================================================
20:44:51.0557 6064 Initialize success
20:44:51.0557 6064 ============================================================
21:20:23.0256 5528 ============================================================
21:20:23.0256 5528 Scan started
21:20:23.0256 5528 Mode: Manual;
21:20:23.0256 5528 ============================================================
21:20:26.0105 5528 ================ Scan system memory ========================
21:20:26.0105 5528 System memory - ok
21:20:26.0106 5528 ================ Scan services =============================
21:20:26.0344 5528 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:20:26.0349 5528 ACPI - ok
21:20:26.0441 5528 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
21:20:26.0498 5528 adfs - ok
21:20:26.0593 5528 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:20:26.0647 5528 adp94xx - ok
21:20:26.0688 5528 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:20:26.0749 5528 adpahci - ok
21:20:26.0789 5528 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:20:26.0893 5528 adpu160m - ok
21:20:26.0974 5528 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:20:27.0153 5528 adpu320 - ok
21:20:27.0198 5528 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:20:27.0231 5528 AeLookupSvc - ok
21:20:27.0330 5528 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
21:20:27.0575 5528 AFD - ok
21:20:27.0824 5528 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:20:27.0884 5528 agp440 - ok
21:20:27.0936 5528 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:20:28.0024 5528 aic78xx - ok
21:20:28.0098 5528 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
21:20:28.0108 5528 ALG - ok
21:20:28.0199 5528 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
21:20:28.0257 5528 aliide - ok
21:20:28.0390 5528 [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
21:20:28.0451 5528 Amazon Download Agent - ok
21:20:28.0492 5528 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
21:20:28.0526 5528 amdide - ok
21:20:28.0561 5528 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:20:28.0572 5528 AmdK8 - ok
21:20:28.0655 5528 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
21:20:28.0656 5528 Appinfo - ok
21:20:28.0822 5528 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:20:28.0847 5528 Apple Mobile Device - ok
21:20:29.0219 5528 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
21:20:29.0281 5528 arc - ok
21:20:29.0323 5528 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:20:29.0356 5528 arcsas - ok
21:20:29.0899 5528 aspnet_state - ok
21:20:29.0936 5528 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:20:29.0970 5528 AsyncMac - ok
21:20:30.0020 5528 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
21:20:30.0021 5528 atapi - ok
21:20:30.0230 5528 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:20:30.0293 5528 AudioEndpointBuilder - ok
21:20:30.0311 5528 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:20:30.0315 5528 AudioSrv - ok
21:20:30.0534 5528 [ AE9560C298D847AEF346BDD5FAD3B0E3 ] Automatic LiveUpdate Scheduler C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
21:20:30.0581 5528 Automatic LiveUpdate Scheduler - ok
21:20:30.0695 5528 [ A2160C5D70F3517FC7356B689ABD6FCD ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys
21:20:30.0880 5528 BCM43XV - ok
21:20:31.0198 5528 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
21:20:31.0323 5528 BFE - ok
21:20:31.0995 5528 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
21:20:32.0489 5528 BITS - ok
21:20:32.0622 5528 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:20:32.0742 5528 blbdrive - ok
21:20:33.0645 5528 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:20:34.0645 5528 Bonjour Service - ok
21:20:34.0714 5528 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:20:34.0820 5528 bowser - ok
21:20:34.0969 5528 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:20:34.0990 5528 BrFiltLo - ok
21:20:35.0144 5528 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:20:35.0180 5528 BrFiltUp - ok
21:20:35.0504 5528 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
21:20:35.0630 5528 Browser - ok
21:20:35.0726 5528 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
21:20:35.0838 5528 Brserid - ok
21:20:35.0874 5528 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:20:35.0910 5528 BrSerWdm - ok
21:20:36.0073 5528 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:20:36.0097 5528 BrUsbMdm - ok
21:20:36.0175 5528 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:20:36.0207 5528 BrUsbSer - ok
21:20:36.0358 5528 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:20:36.0510 5528 BTHMODEM - ok
21:20:36.0923 5528 [ 2F237AAB91497AAA03AF48EAE68758FC ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:20:36.0924 5528 ccEvtMgr - ok
21:20:36.0948 5528 [ 2F237AAB91497AAA03AF48EAE68758FC ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:20:36.0949 5528 ccSetMgr - ok
21:20:37.0026 5528 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:20:37.0054 5528 cdfs - ok
21:20:37.0286 5528 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:20:37.0326 5528 cdrom - ok
21:20:37.0448 5528 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
21:20:37.0450 5528 CertPropSvc - ok
21:20:37.0693 5528 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:20:37.0814 5528 circlass - ok
21:20:38.0055 5528 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
21:20:38.0074 5528 CLFS - ok
21:20:38.0277 5528 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:38.0441 5528 clr_optimization_v2.0.50727_32 - ok
21:20:38.0781 5528 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:20:38.0918 5528 clr_optimization_v2.0.50727_64 - ok
21:20:39.0479 5528 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:20:39.0801 5528 clr_optimization_v4.0.30319_32 - ok
21:20:40.0057 5528 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:20:40.0214 5528 clr_optimization_v4.0.30319_64 - ok
21:20:40.0429 5528 [ 2F237AAB91497AAA03AF48EAE68758FC ] CLTNetCnService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:20:40.0430 5528 CLTNetCnService - ok
21:20:40.0609 5528 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:20:40.0643 5528 CmBatt - ok
21:20:40.0676 5528 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:20:40.0687 5528 cmdide - ok
21:20:40.0914 5528 [ 4AC0614DE43F8787EC1556560C752AF8 ] COH_Mon C:\Windows\system32\Drivers\COH_Mon.sys
21:20:41.0109 5528 COH_Mon - ok
21:20:41.0608 5528 [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
21:20:41.0767 5528 Com4Qlb - ok
21:20:42.0125 5528 [ 41CC83C49CED7EBC4D6C5ADFB4EAFF00 ] comHost C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
21:20:42.0276 5528 comHost - ok
21:20:42.0382 5528 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:20:42.0429 5528 Compbatt - ok
21:20:42.0436 5528 COMSysApp - ok
21:20:42.0472 5528 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:20:42.0496 5528 crcdisk - ok
21:20:42.0714 5528 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:20:42.0820 5528 CryptSvc - ok
21:20:42.0989 5528 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
21:20:43.0114 5528 ctxusbm - ok
21:20:43.0541 5528 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:20:43.0750 5528 DcomLaunch - ok
21:20:43.0829 5528 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:20:43.0904 5528 DfsC - ok
21:20:45.0509 5528 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
21:20:48.0418 5528 DFSR - ok
21:20:48.0823 5528 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:20:48.0948 5528 Dhcp - ok
21:20:49.0019 5528 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
21:20:49.0137 5528 disk - ok
21:20:49.0356 5528 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:20:49.0437 5528 Dnscache - ok
21:20:49.0685 5528 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
21:20:49.0774 5528 dot3svc - ok
21:20:49.0981 5528 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
21:20:49.0987 5528 DPS - ok
21:20:50.0193 5528 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:20:50.0278 5528 drmkaud - ok
21:20:50.0620 5528 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:20:50.0739 5528 DXGKrnl - ok
21:20:50.0851 5528 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
21:20:50.0934 5528 E1G60 - ok
21:20:51.0013 5528 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
21:20:51.0038 5528 EapHost - ok
21:20:51.0189 5528 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
21:20:51.0220 5528 Ecache - ok
21:20:51.0739 5528 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:20:52.0207 5528 eeCtrl - ok
21:20:52.0654 5528 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:20:52.0721 5528 ehRecvr - ok
21:20:53.0090 5528 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
21:20:53.0224 5528 ehSched - ok
21:20:53.0393 5528 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
21:20:53.0423 5528 ehstart - ok
21:20:53.0729 5528 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:20:53.0973 5528 elxstor - ok
21:20:54.0321 5528 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:20:54.0437 5528 EMDMgmt - ok
21:20:54.0697 5528 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:20:55.0021 5528 EraserUtilRebootDrv - ok
21:20:55.0064 5528 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:20:55.0073 5528 ErrDev - ok
21:20:55.0247 5528 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
21:20:55.0301 5528 EventSystem - ok
21:20:55.0466 5528 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
21:20:55.0559 5528 exfat - ok
21:20:55.0777 5528 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:20:55.0873 5528 fastfat - ok
21:20:55.0943 5528 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:20:55.0976 5528 fdc - ok
21:20:56.0043 5528 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
21:20:56.0070 5528 fdPHost - ok
21:20:56.0097 5528 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
21:20:56.0111 5528 FDResPub - ok
21:20:56.0259 5528 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:20:56.0280 5528 FileInfo - ok
21:20:56.0362 5528 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:20:56.0391 5528 Filetrace - ok
21:20:56.0808 5528 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:20:57.0086 5528 FLEXnet Licensing Service - ok
21:20:57.0143 5528 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:20:57.0173 5528 flpydisk - ok
21:20:57.0252 5528 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:20:57.0257 5528 FltMgr - ok
21:20:57.0475 5528 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
21:20:57.0572 5528 FontCache - ok
21:20:57.0870 5528 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:20:58.0068 5528 FontCache3.0.0.0 - ok
21:20:58.0175 5528 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:20:58.0325 5528 fssfltr - ok
21:20:58.0608 5528 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:20:58.0906 5528 fsssvc - ok
21:20:58.0999 5528 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:20:59.0027 5528 Fs_Rec - ok
21:20:59.0115 5528 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:20:59.0225 5528 gagp30kx - ok
21:20:59.0373 5528 [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
21:20:59.0471 5528 GameConsoleService - ok
21:20:59.0519 5528 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:20:59.0581 5528 GEARAspiWDM - ok
21:20:59.0743 5528 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
21:20:59.0753 5528 gpsvc - ok
21:20:59.0914 5528 [ 1103D2096037FECDDF254DBD7ED16A85 ] hcw85bda C:\Windows\system32\drivers\HCW85BDA.sys
21:21:00.0247 5528 hcw85bda - ok
21:21:00.0325 5528 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:21:00.0364 5528 HdAudAddService - ok
21:21:00.0495 5528 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:21:00.0554 5528 HDAudBus - ok
21:21:00.0615 5528 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:21:00.0625 5528 HidBth - ok
21:21:00.0688 5528 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:21:00.0721 5528 HidIr - ok
21:21:00.0805 5528 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
21:21:00.0828 5528 hidserv - ok
21:21:00.0891 5528 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:21:00.0901 5528 HidUsb - ok
21:21:00.0959 5528 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
21:21:00.0981 5528 hkmsvc - ok
21:21:01.0217 5528 [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
21:21:01.0246 5528 HP Health Check Service - ok
21:21:01.0335 5528 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:21:01.0417 5528 HpCISSs - ok
21:21:01.0488 5528 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:21:01.0524 5528 HpqKbFiltr - ok
21:21:01.0580 5528 [ E53D53D66D61794AF8160741946D0B43 ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:21:01.0590 5528 HpqRemHid - ok
21:21:01.0688 5528 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:21:01.0730 5528 hpqwmiex - ok
21:21:02.0085 5528 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:21:02.0170 5528 HSFHWAZL - ok
21:21:02.0302 5528 [ E6CD7F641916484B0141D191A390D866 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:21:02.0675 5528 HSF_DPV - ok
21:21:02.0802 5528 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:21:02.0971 5528 HTTP - ok
21:21:03.0027 5528 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:21:03.0102 5528 i2omp - ok
21:21:03.0187 5528 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:21:03.0224 5528 i8042prt - ok
21:21:03.0481 5528 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:21:03.0579 5528 IAANTMON - ok
21:21:03.0691 5528 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:21:03.0694 5528 iaStor - ok
21:21:03.0738 5528 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:21:03.0900 5528 iaStorV - ok
21:21:04.0025 5528 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:21:04.0070 5528 IDriverT - ok
21:21:04.0321 5528 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:21:04.0661 5528 idsvc - ok
21:21:05.0154 5528 [ A31E293169BEB4381027EB7CA7EA2174 ] IDSvia64 C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20121004.001\IDSvia64.sys
21:21:05.0218 5528 IDSvia64 - ok
21:21:05.0311 5528 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:21:05.0363 5528 iirsp - ok
21:21:05.0615 5528 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
21:21:05.0697 5528 IKEEXT - ok
21:21:05.0848 5528 [ 296A2C63C4115A6E368F4C1C54E6D904 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:21:05.0917 5528 IntcAzAudAddService - ok
21:21:05.0995 5528 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
21:21:05.0996 5528 intelide - ok
21:21:06.0022 5528 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:21:06.0024 5528 intelppm - ok
21:21:06.0068 5528 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:21:06.0081 5528 IPBusEnum - ok
21:21:06.0125 5528 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:21:06.0137 5528 IpFilterDriver - ok
21:21:06.0175 5528 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:21:06.0180 5528 iphlpsvc - ok
21:21:06.0187 5528 IpInIp - ok
21:21:06.0232 5528 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:21:06.0244 5528 IPMIDRV - ok
21:21:06.0304 5528 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:21:06.0333 5528 IPNAT - ok
21:21:06.0689 5528 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:21:06.0740 5528 iPod Service - ok
21:21:06.0774 5528 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:21:06.0804 5528 IRENUM - ok
21:21:06.0915 5528 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:21:06.0963 5528 isapnp - ok
21:21:07.0116 5528 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:21:07.0121 5528 iScsiPrt - ok
21:21:07.0177 5528 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:21:07.0213 5528 iteatapi - ok
21:21:07.0265 5528 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:21:07.0304 5528 iteraid - ok
21:21:07.0345 5528 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:21:07.0379 5528 kbdclass - ok
21:21:07.0425 5528 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:21:07.0474 5528 kbdhid - ok
21:21:07.0525 5528 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
21:21:07.0527 5528 KeyIso - ok
21:21:07.0588 5528 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:21:07.0597 5528 KSecDD - ok
21:21:07.0620 5528 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:21:07.0649 5528 ksthunk - ok
21:21:07.0985 5528 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
21:21:07.0997 5528 KtmRm - ok
21:21:08.0071 5528 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:21:08.0076 5528 LanmanServer - ok
21:21:08.0158 5528 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:21:08.0193 5528 LanmanWorkstation - ok
21:21:08.0407 5528 [ 4D25A79A9F67A7E2D8D5382E75FCB124 ] LBTServ C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
21:21:08.0469 5528 LBTServ - ok
21:21:08.0735 5528 [ AA3D903C5A7538803F2400A8391F1881 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:21:08.0776 5528 LHidFilt - ok
21:21:08.0880 5528 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:21:08.0900 5528 LightScribeService - ok
21:21:09.0046 5528 [ 942D99AF4174ACFAF5352967FA309D01 ] LiveTurbineMessageService C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe
21:21:09.0210 5528 LiveTurbineMessageService - ok
21:21:09.0307 5528 [ E7C634A993DA8DD935F8D781893CF6CE ] LiveTurbineNetworkService C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe
21:21:09.0396 5528 LiveTurbineNetworkService - ok
21:21:09.0783 5528 [ 36375738DC0B3CD1F764268008E74FDF ] LiveUpdate C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
21:21:09.0806 5528 LiveUpdate - ok
21:21:09.0850 5528 [ 2F237AAB91497AAA03AF48EAE68758FC ] LiveUpdate Notice C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:21:09.0852 5528 LiveUpdate Notice - ok
21:21:10.0067 5528 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:21:10.0104 5528 lltdio - ok
21:21:10.0228 5528 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:21:10.0244 5528 lltdsvc - ok
21:21:10.0534 5528 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:21:10.0536 5528 lmhosts - ok
21:21:10.0577 5528 [ 90B4B2B0B5F05ABB9FB365405A7B825B ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:21:10.0633 5528 LMouFilt - ok
21:21:10.0689 5528 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:21:10.0829 5528 LSI_FC - ok
21:21:10.0856 5528 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:21:10.0871 5528 LSI_SAS - ok
21:21:10.0931 5528 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:21:10.0990 5528 LSI_SCSI - ok
21:21:11.0024 5528 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
21:21:11.0026 5528 luafv - ok
21:21:11.0100 5528 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:21:11.0129 5528 Mcx2Svc - ok
21:21:11.0175 5528 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
21:21:11.0291 5528 megasas - ok
21:21:11.0399 5528 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:21:11.0471 5528 MegaSR - ok
21:21:11.0516 5528 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
21:21:11.0558 5528 MMCSS - ok
21:21:11.0613 5528 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
21:21:11.0653 5528 Modem - ok
21:21:11.0778 5528 [ 8985460FD448348F7AC748460D0A1CF4 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
21:21:11.0788 5528 MODEMCSA - ok
21:21:11.0969 5528 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:21:11.0971 5528 monitor - ok
21:21:12.0061 5528 [ 290750346F5937B02F62594B8EB03215 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
21:21:12.0358 5528 MotoHelper - ok
21:21:12.0438 5528 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:21:12.0500 5528 mouclass - ok
21:21:12.0531 5528 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:21:12.0540 5528 mouhid - ok
21:21:12.0580 5528 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:21:12.0595 5528 MountMgr - ok
21:21:12.0671 5528 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:21:12.0725 5528 MozillaMaintenance - ok
21:21:12.0802 5528 [ 4559F45671297FE955B3B6DE1BDF26CE ] mozybackup C:\Program Files\MozyHome\mozybackup.exe
21:21:12.0816 5528 mozybackup - ok
21:21:12.0873 5528 [ 792E9D1D6160DF481DEA44D8171B8E25 ] mozyFilter C:\Windows\system32\DRIVERS\mozy.sys
21:21:12.0894 5528 mozyFilter - ok
21:21:12.0961 5528 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
21:21:13.0016 5528 mpio - ok
21:21:13.0048 5528 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:21:13.0059 5528 mpsdrv - ok
21:21:13.0139 5528 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
21:21:13.0149 5528 MpsSvc - ok
21:21:13.0183 5528 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:21:13.0231 5528 Mraid35x - ok
21:21:13.0282 5528 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:21:13.0284 5528 MRxDAV - ok
21:21:13.0358 5528 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:13.0361 5528 mrxsmb - ok
21:21:13.0427 5528 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:13.0431 5528 mrxsmb10 - ok
21:21:13.0464 5528 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:13.0467 5528 mrxsmb20 - ok
21:21:13.0498 5528 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
21:21:13.0500 5528 msahci - ok
21:21:13.0550 5528 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:21:13.0605 5528 msdsm - ok
21:21:13.0630 5528 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
21:21:13.0641 5528 MSDTC - ok
21:21:13.0656 5528 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:21:13.0658 5528 Msfs - ok
21:21:13.0691 5528 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:21:13.0692 5528 msisadrv - ok
21:21:13.0758 5528 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:21:13.0780 5528 MSiSCSI - ok
21:21:13.0783 5528 msiserver - ok
21:21:13.0859 5528 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:21:13.0869 5528 MSKSSRV - ok
21:21:13.0948 5528 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:13.0958 5528 MSPCLOCK - ok
21:21:13.0995 5528 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:21:14.0004 5528 MSPQM - ok
21:21:14.0068 5528 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:21:14.0074 5528 MsRPC - ok
21:21:14.0120 5528 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:21:14.0126 5528 mssmbios - ok
21:21:14.0155 5528 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:21:14.0163 5528 MSTEE - ok
21:21:14.0207 5528 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
21:21:14.0213 5528 Mup - ok
21:21:14.0295 5528 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
21:21:14.0302 5528 napagent - ok
21:21:14.0330 5528 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:21:14.0343 5528 NativeWifiP - ok
21:21:14.0449 5528 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121006.007\ENG64.SYS
21:21:14.0450 5528 NAVENG - ok
21:21:14.0856 5528 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121006.007\EX64.SYS
21:21:14.0910 5528 NAVEX15 - ok
21:21:14.0972 5528 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:21:14.0984 5528 NDIS - ok
21:21:15.0012 5528 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:15.0037 5528 NdisTapi - ok
21:21:15.0065 5528 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:15.0114 5528 Ndisuio - ok
21:21:15.0176 5528 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:15.0192 5528 NdisWan - ok
21:21:15.0257 5528 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:21:15.0288 5528 NDProxy - ok
21:21:15.0328 5528 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:21:15.0331 5528 NetBIOS - ok
21:21:15.0539 5528 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:21:15.0581 5528 netbt - ok
21:21:15.0636 5528 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
21:21:15.0638 5528 Netlogon - ok
21:21:15.0829 5528 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
21:21:15.0987 5528 Netman - ok
21:21:16.0071 5528 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
21:21:16.0098 5528 netprofm - ok
21:21:16.0183 5528 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:21:16.0240 5528 NetTcpPortSharing - ok
21:21:16.0758 5528 [ 520D367B45B12A75022B0070FFF2B937 ] NETw4v64 C:\Windows\system32\DRIVERS\NETw4v64.sys
21:21:16.0877 5528 NETw4v64 - ok
21:21:17.0023 5528 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
21:21:17.0098 5528 NETw5v64 - ok
21:21:17.0132 5528 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:21:17.0143 5528 nfrd960 - ok
21:21:17.0183 5528 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
21:21:17.0188 5528 NlaSvc - ok
21:21:17.0229 5528 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:21:17.0231 5528 Npfs - ok
21:21:17.0263 5528 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
21:21:17.0265 5528 nsi - ok
21:21:17.0311 5528 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:21:17.0321 5528 nsiproxy - ok
21:21:17.0393 5528 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:21:17.0436 5528 Ntfs - ok
21:21:17.0464 5528 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
21:21:17.0473 5528 Null - ok
21:21:17.0549 5528 [ 9733F305FA84AAF84E7FB09C0B345ADB ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x64.sys
21:21:17.0582 5528 NVENETFD - ok
21:21:17.0938 5528 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:21:18.0195 5528 nvlddmkm - ok
21:21:18.0234 5528 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:21:18.0274 5528 nvraid - ok
21:21:18.0303 5528 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:21:18.0339 5528 nvstor - ok
21:21:18.0417 5528 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:21:18.0495 5528 nvsvc - ok
21:21:18.0539 5528 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:21:18.0587 5528 nv_agp - ok
21:21:18.0595 5528 NwlnkFlt - ok
21:21:18.0601 5528 NwlnkFwd - ok
21:21:18.0657 5528 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:21:18.0659 5528 ohci1394 - ok
21:21:18.0729 5528 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:18.0810 5528 ose - ok
21:21:18.0866 5528 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:21:18.0952 5528 p2pimsvc - ok
21:21:18.0986 5528 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
21:21:18.0994 5528 p2psvc - ok
21:21:19.0061 5528 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
21:21:19.0091 5528 Parport - ok
21:21:19.0171 5528 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:21:19.0195 5528 partmgr - ok
21:21:19.0241 5528 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
21:21:19.0264 5528 PcaSvc - ok
21:21:19.0298 5528 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
21:21:19.0309 5528 pci - ok
21:21:19.0341 5528 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
21:21:19.0394 5528 pciide - ok
21:21:19.0434 5528 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:21:19.0477 5528 pcmcia - ok
21:21:19.0566 5528 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:21:19.0645 5528 PEAUTH - ok
21:21:19.0748 5528 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:21:19.0777 5528 PerfHost - ok
21:21:19.0866 5528 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
21:21:19.0888 5528 pla - ok
21:21:19.0972 5528 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:21:19.0989 5528 PlugPlay - ok
21:21:20.0077 5528 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:21:20.0084 5528 PNRPAutoReg - ok
21:21:20.0099 5528 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:21:20.0107 5528 PNRPsvc - ok
21:21:20.0185 5528 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:21:20.0195 5528 PolicyAgent - ok
21:21:20.0235 5528 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:21:20.0254 5528 PptpMiniport - ok
21:21:20.0287 5528 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
21:21:20.0298 5528 Processor - ok
21:21:20.0336 5528 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
21:21:20.0341 5528 ProfSvc - ok
21:21:20.0380 5528 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
21:21:20.0382 5528 ProtectedStorage - ok
21:21:20.0432 5528 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:21:20.0448 5528 PSched - ok
21:21:20.0495 5528 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:21:20.0671 5528 ql2300 - ok
21:21:20.0718 5528 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:21:20.0776 5528 ql40xx - ok
21:21:20.0968 5528 [ 2D757E14216E643E7885EBC0CFB0B906 ] QPCapSvc C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
21:21:20.0981 5528 QPCapSvc - ok
21:21:21.0011 5528 [ EA8B29EAD23DA9DA2F5DF1DA7C82E308 ] QPSched C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
21:21:21.0016 5528 QPSched - ok
21:21:21.0080 5528 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
21:21:21.0094 5528 QWAVE - ok
21:21:21.0127 5528 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:21:21.0141 5528 QWAVEdrv - ok
21:21:21.0211 5528 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:21:21.0224 5528 RasAcd - ok
21:21:21.0266 5528 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
21:21:21.0270 5528 RasAuto - ok
21:21:21.0340 5528 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:21.0383 5528 Rasl2tp - ok
21:21:21.0473 5528 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
21:21:21.0485 5528 RasMan - ok
21:21:21.0550 5528 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:21.0561 5528 RasPppoe - ok
21:21:21.0602 5528 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:21:21.0613 5528 RasSstp - ok
21:21:21.0765 5528 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:21:21.0824 5528 rdbss - ok
21:21:21.0875 5528 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:21.0919 5528 RDPCDD - ok
21:21:21.0971 5528 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:21:21.0986 5528 rdpdr - ok
21:21:22.0039 5528 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:21:22.0048 5528 RDPENCDD - ok
21:21:22.0108 5528 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:21:22.0125 5528 RDPWD - ok
21:21:22.0175 5528 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:21:22.0178 5528 RemoteAccess - ok
21:21:22.0211 5528 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:21:22.0256 5528 RemoteRegistry - ok
21:21:22.0364 5528 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
21:21:22.0368 5528 RichVideo - ok
21:21:22.0394 5528 [ E31960692CBB3A8BCDF300BC1D889E1F ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
21:21:22.0406 5528 rimmptsk - ok
21:21:22.0436 5528 [ 82356915157AB59064A24993AE5BE8AA ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
21:21:22.0655 5528 rimsptsk - ok
21:21:22.0662 5528 [ C01A92A546854A3E34103B642F0F94A1 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
21:21:22.0673 5528 rismxdp - ok
21:21:22.0694 5528 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
21:21:22.0703 5528 RpcLocator - ok
21:21:22.0732 5528 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
21:21:22.0738 5528 RpcSs - ok
21:21:22.0761 5528 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:21:22.0795 5528 rspndr - ok
21:21:22.0860 5528 [ 170A66DFAAA22358E08D6F4B38C8F3DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
21:21:22.0874 5528 RTL8169 - ok
21:21:22.0891 5528 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
21:21:22.0893 5528 SamSs - ok
21:21:22.0926 5528 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:21:22.0985 5528 sbp2port - ok
21:21:23.0021 5528 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:21:23.0034 5528 SCardSvr - ok
21:21:23.0109 5528 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
21:21:23.0122 5528 Schedule - ok
21:21:23.0159 5528 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:21:23.0160 5528 SCPolicySvc - ok
21:21:23.0196 5528 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:21:23.0209 5528 sdbus - ok
21:21:23.0246 5528 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:21:23.0261 5528 SDRSVC - ok
21:21:23.0267 5528 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:21:23.0277 5528 secdrv - ok
21:21:23.0301 5528 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
21:21:23.0304 5528 seclogon - ok
21:21:23.0325 5528 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
21:21:23.0328 5528 SENS - ok
21:21:23.0367 5528 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:21:23.0392 5528 Serenum - ok
21:21:23.0446 5528 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
21:21:23.0458 5528 Serial - ok
21:21:23.0490 5528 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:21:23.0500 5528 sermouse - ok
21:21:23.0546 5528 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
21:21:23.0549 5528 SessionEnv - ok
21:21:23.0610 5528 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:21:23.0620 5528 sffdisk - ok
21:21:23.0660 5528 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:21:23.0669 5528 sffp_mmc - ok
21:21:23.0713 5528 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:21:23.0747 5528 sffp_sd - ok
21:21:23.0789 5528 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:21:23.0798 5528 sfloppy - ok
21:21:23.0856 5528 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:21:23.0862 5528 SharedAccess - ok
21:21:23.0900 5528 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:21:23.0907 5528 ShellHWDetection - ok
21:21:23.0965 5528 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:21:24.0004 5528 SiSRaid2 - ok
21:21:24.0033 5528 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:21:24.0091 5528 SiSRaid4 - ok
21:21:24.0172 5528 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:21:24.0516 5528 SkypeUpdate - ok
21:21:24.0716 5528 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
21:21:24.0826 5528 slsvc - ok
21:21:24.0856 5528 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:21:24.0872 5528 SLUINotify - ok
21:21:24.0924 5528 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:21:24.0935 5528 Smb - ok
21:21:25.0017 5528 [ 22631AAF0AC9E9881CE76BEAC27D8030 ] smserial C:\Windows\system32\DRIVERS\smserial.sys
21:21:25.0066 5528 smserial - ok
21:21:25.0100 5528 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:21:25.0119 5528 SNMPTRAP - ok
21:21:25.0154 5528 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
21:21:25.0156 5528 spldr - ok
21:21:25.0185 5528 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
21:21:25.0191 5528 Spooler - ok
21:21:25.0228 5528 [ 7E4CC24A23262A84AE99DBFFEF69A6B0 ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
21:21:25.0236 5528 SRTSP - ok
21:21:25.0273 5528 [ 8B1DEDEBA049A3E1DAF8219EEC87EB00 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
21:21:25.0292 5528 SRTSPL - ok
21:21:25.0321 5528 [ 3DB35652E4460DA6730BB44908FA39CB ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
21:21:25.0368 5528 SRTSPX - ok
21:21:25.0400 5528 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
21:21:25.0408 5528 srv - ok
21:21:25.0447 5528 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:21:25.0451 5528 srv2 - ok
21:21:25.0467 5528 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:21:25.0471 5528 srvnet - ok
21:21:25.0520 5528 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:21:25.0524 5528 SSDPSRV - ok
21:21:25.0565 5528 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:21:25.0570 5528 SstpSvc - ok
21:21:25.0607 5528 Steam Client Service - ok
21:21:25.0650 5528 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
21:21:25.0661 5528 stisvc - ok
21:21:25.0683 5528 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:21:25.0738 5528 swenum - ok
21:21:25.0776 5528 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
21:21:25.0786 5528 swprv - ok
21:21:25.0912 5528 [ 438FAFE708C93B2236FC26B6F2BD5FD0 ] Symantec Core LC C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
21:21:25.0928 5528 Symantec Core LC - ok
21:21:25.0955 5528 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:21:25.0994 5528 Symc8xx - ok
21:21:26.0038 5528 [ 002E73DF2A07785E93943EEFC16EDB57 ] SYMDNS C:\Windows\System32\Drivers\SYMDNS.SYS
21:21:26.0079 5528 SYMDNS - ok
21:21:26.0134 5528 [ 209D2E4C78026EBA547121E73DD82EBE ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:21:26.0196 5528 SymEvent - ok
21:21:26.0225 5528 [ C785CA33D3DBCDF604E58C3A2EB1818A ] SYMFW C:\Windows\System32\Drivers\SYMFW.SYS
21:21:26.0278 5528 SYMFW - ok
21:21:26.0515 5528 [ F78828B90BD5BB5BCD8500F9B08BA76F ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
21:21:26.0529 5528 SymIM - ok
21:21:26.0553 5528 [ 8357806B06B514F6EDF9D10CFDCE2853 ] SYMNDISV C:\Windows\System32\Drivers\SYMNDISV.SYS
21:21:26.0601 5528 SYMNDISV - ok
21:21:26.0648 5528 [ E05FBAD45A96FB25F58BB0A9538A337E ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
21:21:26.0702 5528 SYMREDRV - ok
21:21:26.0735 5528 [ A30DEF26951B77788A71B1033D275E65 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
21:21:26.0783 5528 SYMTDI - ok
21:21:26.0826 5528 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:21:26.0881 5528 Sym_hi - ok
21:21:26.0927 5528 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:21:26.0967 5528 Sym_u3 - ok
21:21:27.0015 5528 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:21:27.0079 5528 SynTP - ok
21:21:27.0148 5528 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
21:21:27.0161 5528 SysMain - ok
21:21:27.0196 5528 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:21:27.0199 5528 TabletInputService - ok
21:21:27.0233 5528 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:21:27.0240 5528 TapiSrv - ok
21:21:27.0271 5528 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
21:21:27.0274 5528 TBS - ok
21:21:27.0329 5528 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:21:27.0348 5528 Tcpip - ok
21:21:27.0372 5528 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:21:27.0382 5528 Tcpip6 - ok
21:21:27.0429 5528 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:21:27.0439 5528 tcpipreg - ok
21:21:27.0473 5528 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:21:27.0484 5528 TDPIPE - ok
21:21:27.0527 5528 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:21:27.0537 5528 TDTCP - ok
21:21:27.0567 5528 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:21:27.0600 5528 tdx - ok
21:21:27.0637 5528 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:21:27.0680 5528 TermDD - ok
21:21:27.0735 5528 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
21:21:27.0744 5528 TermService - ok
21:21:27.0767 5528 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
21:21:27.0771 5528 Themes - ok
21:21:27.0804 5528 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
21:21:27.0806 5528 THREADORDER - ok
21:21:27.0875 5528 [ 949593A9ECB1D4DFFCED8EE94A050E3A ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
21:21:27.0917 5528 TomTomHOMEService - ok
21:21:27.0962 5528 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
21:21:27.0966 5528 TrkWks - ok
21:21:28.0011 5528 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:21:28.0020 5528 TrustedInstaller - ok
21:21:28.0058 5528 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:28.0068 5528 tssecsrv - ok
21:21:28.0092 5528 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:21:28.0101 5528 tunmp - ok
21:21:28.0144 5528 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:21:28.0154 5528 tunnel - ok
21:21:28.0181 5528 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:21:28.0211 5528 uagp35 - ok
21:21:28.0298 5528 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:21:28.0312 5528 udfs - ok
21:21:28.0347 5528 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:21:28.0366 5528 UI0Detect - ok
21:21:28.0398 5528 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:21:28.0449 5528 uliagpkx - ok
21:21:28.0496 5528 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:21:28.0534 5528 uliahci - ok
21:21:28.0584 5528 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:21:28.0660 5528 UlSata - ok
21:21:28.0704 5528 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:21:28.0770 5528 ulsata2 - ok
21:21:28.0806 5528 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:21:28.0816 5528 umbus - ok
21:21:28.0852 5528 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
21:21:28.0860 5528 upnphost - ok
21:21:28.0902 5528 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:21:28.0912 5528 USBAAPL64 - ok
21:21:28.0936 5528 [ C73CB90E6A2FF90FD02451A8DFC6AF8A ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
21:21:28.0953 5528 usbbus - ok
21:21:28.0974 5528 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:28.0986 5528 usbccgp - ok
21:21:29.0026 5528 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:21:29.0064 5528 usbcir - ok
21:21:29.0126 5528 [ 856CE1F23785369BB5A2DE0AEDAD0AA7 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
21:21:29.0136 5528 UsbDiag - ok
21:21:29.0170 5528 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:21:29.0172 5528 usbehci - ok
21:21:29.0201 5528 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:21:29.0206 5528 usbhub - ok
21:21:29.0242 5528 [ F81055629778D33C9317B32E4D2B58DB ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
21:21:29.0251 5528 USBModem - ok
21:21:29.0294 5528 [ 540B622DA0949695C40CDC9D5D497A8B ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:21:29.0322 5528 usbohci - ok
21:21:29.0347 5528 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:21:29.0357 5528 usbprint - ok
21:21:29.0374 5528 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:29.0388 5528 USBSTOR - ok
21:21:29.0405 5528 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:21:29.0414 5528 usbuhci - ok
21:21:29.0471 5528 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:21:29.0484 5528 usbvideo - ok
21:21:29.0542 5528 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
21:21:29.0552 5528 UxSms - ok
21:21:29.0580 5528 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
21:21:29.0602 5528 vds - ok
21:21:29.0639 5528 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:29.0649 5528 vga - ok
21:21:29.0682 5528 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:21:29.0691 5528 VgaSave - ok
21:21:29.0718 5528 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
21:21:29.0780 5528 viaide - ok
21:21:29.0787 5528 VMnetAdapter - ok
21:21:29.0820 5528 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:21:29.0822 5528 volmgr - ok
21:21:29.0856 5528 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:21:29.0862 5528 volmgrx - ok
21:21:29.0890 5528 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:21:29.0895 5528 volsnap - ok
21:21:29.0940 5528 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:21:29.0991 5528 vsmraid - ok
21:21:30.0081 5528 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
21:21:30.0102 5528 VSS - ok
21:21:30.0137 5528 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
21:21:30.0144 5528 W32Time - ok
21:21:30.0189 5528 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:21:30.0217 5528 WacomPen - ok
21:21:30.0316 5528 [ 375640F39F2D613B6FDCF8C2F956205A ] wampapache c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
21:21:30.0375 5528 wampapache - ok
21:21:30.0421 5528 wampmysqld - ok
21:21:30.0462 5528 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:21:30.0473 5528 Wanarp - ok
21:21:30.0479 5528 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:21:30.0480 5528 Wanarpv6 - ok
21:21:30.0536 5528 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:21:30.0556 5528 wcncsvc - ok
21:21:30.0586 5528 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:21:30.0608 5528 WcsPlugInService - ok
21:21:30.0647 5528 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
21:21:30.0691 5528 Wd - ok
21:21:30.0762 5528 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
21:21:30.0798 5528 WDC_SAM - ok
21:21:30.0872 5528 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:21:30.0905 5528 Wdf01000 - ok
21:21:30.0924 5528 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:21:30.0928 5528 WdiServiceHost - ok
21:21:30.0933 5528 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:21:30.0936 5528 WdiSystemHost - ok
21:21:30.0954 5528 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
21:21:30.0959 5528 WebClient - ok
21:21:31.0028 5528 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:21:31.0041 5528 Wecsvc - ok
21:21:31.0077 5528 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:21:31.0088 5528 wercplsupport - ok
21:21:31.0110 5528 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
21:21:31.0122 5528 WerSvc - ok
21:21:31.0221 5528 [ B5C348B265178FB9EE55ADDB3929485D ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:21:31.0243 5528 winachsf - ok
21:21:31.0272 5528 WinDefend - ok
21:21:31.0282 5528 WinHttpAutoProxySvc - ok
21:21:31.0359 5528 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:21:31.0363 5528 Winmgmt - ok
21:21:31.0441 5528 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
21:21:31.0473 5528 WinRM - ok
21:21:31.0544 5528 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:21:31.0556 5528 Wlansvc - ok
21:21:31.0651 5528 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:21:31.0693 5528 wlcrasvc - ok
21:21:31.0871 5528 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:21:31.0905 5528 wlidsvc - ok
21:21:31.0947 5528 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:21:31.0948 5528 WmiAcpi - ok
21:21:32.0030 5528 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:21:32.0047 5528 wmiApSrv - ok
21:21:32.0082 5528 WMPNetworkSvc - ok
21:21:32.0142 5528 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:21:32.0168 5528 WPCSvc - ok
21:21:32.0222 5528 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:21:32.0226 5528 WPDBusEnum - ok
21:21:32.0302 5528 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:21:32.0313 5528 WpdUsb - ok
21:21:32.0485 5528 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:21:32.0539 5528 WPFFontCache_v0400 - ok
21:21:32.0577 5528 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:21:32.0587 5528 ws2ifsl - ok
21:21:32.0634 5528 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
21:21:32.0637 5528 wscsvc - ok
21:21:32.0645 5528 WSearch - ok
21:21:32.0748 5528 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:21:32.0784 5528 wuauserv - ok
21:21:32.0832 5528 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:32.0843 5528 WUDFRd - ok
21:21:32.0886 5528 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:21:32.0893 5528 wudfsvc - ok
21:21:32.0965 5528 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {22D78859-9CE9-4B77-BF18-AC83E81A9263} C:\Program Files (x86)\HP\QuickPlay\000.fcl
21:21:33.0026 5528 {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok
21:21:33.0033 5528 ================ Scan global ===============================
21:21:33.0102 5528 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
21:21:33.0154 5528 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
21:21:33.0171 5528 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
21:21:33.0210 5528 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
21:21:33.0217 5528 [Global] - ok
21:21:33.0217 5528 ================ Scan MBR ==================================
21:21:33.0229 5528 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
21:21:33.0685 5528 \Device\Harddisk0\DR0 - ok
21:21:33.0689 5528 ================ Scan VBR ==================================
21:21:33.0694 5528 [ 446EB87D026F800D9BFBEA083B68BFA5 ] \Device\Harddisk0\DR0\Partition1
21:21:33.0695 5528 \Device\Harddisk0\DR0\Partition1 - ok
21:21:33.0702 5528 [ 1EFDD0F2704DFBCF253E2AAEADB11B3D ] \Device\Harddisk0\DR0\Partition2
21:21:33.0704 5528 \Device\Harddisk0\DR0\Partition2 - ok
21:21:33.0704 5528 ============================================================
21:21:33.0704 5528 Scan finished
21:21:33.0704 5528 ============================================================
21:21:33.0724 5340 Detected object count: 0
21:21:33.0724 5340 Actual detected object count: 0

*********************************************************************************************************

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-07 21:25:09
-----------------------------
21:25:09.399 OS Version: Windows x64 6.0.6002 Service Pack 2
21:25:09.400 Number of processors: 2 586 0xF0D
21:25:09.400 ComputerName: DV9830 UserName: Shawn
21:25:11.325 Initialize success
21:25:29.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:25:29.513 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
21:25:29.527 Disk 0 MBR read successfully
21:25:29.530 Disk 0 MBR scan
21:25:29.533 Disk 0 unknown MBR code
21:25:29.536 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 291884 MB offset 63
21:25:29.563 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13358 MB offset 597778650
21:25:29.603 Disk 0 scanning C:\Windows\system32\drivers
21:25:40.350 Service scanning
21:26:02.299 Modules scanning
21:26:02.307 Disk 0 trace - called modules:
21:26:02.338 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
21:26:02.342 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800510c650]
21:26:02.347 3 CLASSPNP.SYS[fffffa60011cec33] -> nt!IofCallDriver -> [0xfffffa8004a742a0]
21:26:02.353 5 acpi.sys[fffffa60008bffde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004ba8050]
21:26:02.358 Scan finished successfully
21:26:24.627 Disk 0 MBR has been saved successfully to "C:\Users\Shawn\Desktop\MBR.dat"
21:26:24.635 The log file has been saved successfully to "C:\Users\Shawn\Desktop\aswMBR.txt"

*****************************************************************************************************************************

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 08 October 2012 - 05:42 PM

Please now run an OTL scan

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Posted Image
m0le is a proud member of UNITE

#7 Samut

Samut
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 08 October 2012 - 07:03 PM

Here's the log. I see this only scans back 30 days. Since I started seeing this problem around 6 months ago, please let me know if i should run it again and scan further back. Thank you.

************************************************************************************************************

OTL logfile created on: 10/8/2012 7:30:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shawn\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 48.12% Memory free
8.18 Gb Paging File | 6.00 Gb Available in Paging File | 73.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.04 Gb Total Space | 100.63 Gb Free Space | 35.30% Space Free | Partition Type: NTFS
Drive D: | 13.05 Gb Total Space | 2.40 Gb Free Space | 18.42% Space Free | Partition Type: NTFS

Computer Name: DV9830 | User Name: Shawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 19:30:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shawn\Desktop\OTL.exe
PRC - [2012/09/24 09:01:02 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/05/19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/05/02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/24 09:01:01 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\libxml2.dll
MOD - [2012/02/22 22:32:29 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/03/17 11:09:56 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/03/17 11:09:56 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/03/17 11:09:42 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/01/12 17:50:42 | 000,259,480 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2009/01/12 17:50:42 | 000,120,216 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2009/01/12 17:50:42 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2009/01/12 17:50:40 | 000,345,384 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008/05/02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/05/02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/24 09:01:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/01 17:55:58 | 000,214,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/07/21 23:36:09 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/10 22:23:05 | 000,267,760 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService)
SRV - [2009/09/10 22:23:05 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService)
SRV - [2009/06/17 12:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/17 20:03:02 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/11 17:26:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/10 02:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/07/05 14:43:59 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/22 04:22:08 | 000,267,096 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/27 16:22:22 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\mozy.sys -- (mozyFilter)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/14 13:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/01/21 02:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 02:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 02:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/10/26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\smserial.sys -- (smserial)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 04:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/02/19 12:31:42 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/02/19 12:31:18 | 000,047,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/02/19 12:31:00 | 000,266,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/02/19 12:30:58 | 000,145,456 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/02/19 12:30:58 | 000,028,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2009/02/19 12:30:58 | 000,016,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2009/01/11 22:33:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009/01/11 15:57:52 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2008/11/17 16:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/07/30 17:55:06 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/02/29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008/01/31 21:51:18 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2008/01/31 21:51:18 | 000,440,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2008/01/31 21:51:18 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2008/01/20 22:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 22:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2007/10/31 18:44:38 | 003,197,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2007/07/11 13:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/06/15 11:50:40 | 001,138,176 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (hcw85bda)
DRV:64bit: - [2007/03/26 22:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 15:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/02/27 19:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/10/09 22:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2012/09/13 04:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121008.009\EX64.SYS -- (NAVEX15)
DRV - [2012/09/13 04:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121008.009\ENG64.SYS -- (NAVENG)
DRV - [2012/08/08 04:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 04:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/17 18:23:19 | 000,383,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20121004.001\IDSviA64.sys -- (IDSvia64)
DRV - [2009/01/12 17:50:04 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/13 23:58:20] [Kernel | Auto | Running] -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2009/01/11 22:33:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {02AE2DD0-A42A-4A5D-A810-7078282EB34E}
IE:64bit: - HKLM\..\SearchScopes\{02AE2DD0-A42A-4A5D-A810-7078282EB34E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE:64bit: - HKLM\..\SearchScopes\{1486AECD-A40B-4444-A6C2-049323A4173A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {02AE2DD0-A42A-4A5D-A810-7078282EB34E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1486AECD-A40B-4444-A6C2-049323A4173A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym&rl=1
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\SearchScopes\{02AE2DD0-A42A-4A5D-A810-7078282EB34E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\SearchScopes\{1486AECD-A40B-4444-A6C2-049323A4173A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\SearchScopes\{3EF95405-D163-42C6-BE42-6BA23BA8D8B1}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\SearchScopes\{5E3710C1-1A79-4C80-A924-4A7E1348E89F}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\SearchScopes\{F6883896-15B8-45E4-9802-3534234927C7}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.6.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shawn\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shawn\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Shawn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/17 01:35:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/17 01:35:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/24 09:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/02 20:55:35 | 000,000,000 | ---D | M]

[2010/02/10 17:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawn\AppData\Roaming\mozilla\Extensions
[2009/04/04 12:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawn\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/08/22 21:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawn\AppData\Roaming\mozilla\Firefox\Profiles\qrfgkfrx.default\extensions
[2011/08/01 20:53:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shawn\AppData\Roaming\mozilla\Firefox\Profiles\qrfgkfrx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/22 21:53:59 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Shawn\AppData\Roaming\mozilla\Firefox\Profiles\qrfgkfrx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/04/01 22:15:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Shawn\AppData\Roaming\mozilla\Firefox\Profiles\qrfgkfrx.default\extensions\engine@conduit.com
[2012/03/01 00:15:25 | 000,224,872 | ---- | M] () (No name found) -- C:\Users\Shawn\AppData\Roaming\mozilla\firefox\profiles\qrfgkfrx.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012/05/11 07:56:46 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\Shawn\AppData\Roaming\mozilla\firefox\profiles\qrfgkfrx.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
[2012/06/17 21:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/22 23:13:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/24 09:01:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/09/24 09:00:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/24 09:00:55 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Shawn\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shawn\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shawn\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Shawn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Shawn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Shawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [osCheck] C:\Program Files (x86)\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Shawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..Trusted Domains: nih.gov ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..Trusted Domains: skillport.com ([perotsystems] http in Trusted sites)
O15 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mail.hjf.org/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75697F6B-F900-4CD0-887C-8C05C717E254}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{5df68572-7738-11e1-be99-001e68388757}\Shell - "" = AutoRun
O33 - MountPoints2\{5df68572-7738-11e1-be99-001e68388757}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\{9cf39096-2130-11de-acf0-005056c00008}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 19:29:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shawn\Desktop\OTL.exe
[2012/10/07 20:43:46 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shawn\Desktop\TDSSKiller.exe
[2012/10/06 11:13:46 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Shawn\Desktop\aswMBR.exe
[2012/10/05 07:48:08 | 010,523,968 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Shawn\Desktop\mbam-setup.exe
[2012/10/04 22:07:00 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shawn\Desktop\20121004.com
[2012/10/04 21:39:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Shawn\Desktop\dds.com
[2012/10/03 08:12:55 | 000,000,000 | ---D | C] -- C:\Users\Shawn\Desktop\BC-Prepping Computer_files
[2012/09/13 22:00:39 | 000,066,552 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
[2012/08/12 13:18:41 | 012,562,920 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
[2011/10/08 13:17:05 | 009,608,392 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe
[2011/08/05 21:41:13 | 009,396,840 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
[2011/08/03 00:01:22 | 009,506,240 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-autoupdate-9168e69c9b17c74056d68fc0f28ff63a.exe
[2011/02/23 12:06:44 | 011,447,056 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-c0261ff8012aad585d55140a9b6ddcb9.exe
[2011/02/12 13:46:45 | 011,444,496 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
[2011/01/14 00:49:15 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2011/01/14 00:49:15 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2011/01/14 00:49:15 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2011/01/14 00:49:15 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2011/01/14 00:49:14 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2010/12/06 14:52:47 | 011,336,456 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 19:30:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shawn\Desktop\OTL.exe
[2012/10/08 19:27:46 | 000,000,253 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/10/08 19:27:37 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
[2012/10/08 19:08:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3510709771-1480322892-3055403066-1000UA.job
[2012/10/08 18:20:05 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 18:20:05 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 18:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 18:19:52 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 21:50:51 | 000,007,288 | ---- | M] () -- C:\Windows\mozy.blk
[2012/10/07 21:50:51 | 000,002,750 | ---- | M] () -- C:\Windows\mozy.flt
[2012/10/07 21:26:24 | 000,000,512 | ---- | M] () -- C:\Users\Shawn\Desktop\MBR.dat
[2012/10/07 21:24:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Shawn\Desktop\aswMBR.exe
[2012/10/07 19:41:32 | 002,193,278 | ---- | M] () -- C:\Users\Shawn\Desktop\tdsskiller.zip
[2012/10/05 08:08:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3510709771-1480322892-3055403066-1000Core.job
[2012/10/05 07:48:16 | 010,523,968 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Shawn\Desktop\mbam-setup.exe
[2012/10/04 22:07:04 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shawn\Desktop\20121004.com
[2012/10/04 21:40:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Shawn\Desktop\dds.com
[2012/10/04 21:04:23 | 000,050,477 | ---- | M] () -- C:\Users\Shawn\Desktop\Defogger.exe
[2012/10/03 08:13:01 | 000,092,950 | ---- | M] () -- C:\Users\Shawn\Desktop\BC-Prepping Computer.html
[2012/09/30 14:58:59 | 000,002,042 | ---- | M] () -- C:\Users\Shawn\Desktop\Google Chrome.lnk
[2012/09/30 14:58:59 | 000,002,004 | ---- | M] () -- C:\Users\Shawn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shawn\Desktop\TDSSKiller.exe
[2012/09/14 02:01:49 | 000,376,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/13 22:00:44 | 000,000,824 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/07 21:26:24 | 000,000,512 | ---- | C] () -- C:\Users\Shawn\Desktop\MBR.dat
[2012/10/07 19:41:26 | 002,193,278 | ---- | C] () -- C:\Users\Shawn\Desktop\tdsskiller.zip
[2012/10/04 21:04:22 | 000,050,477 | ---- | C] () -- C:\Users\Shawn\Desktop\Defogger.exe
[2012/10/03 08:12:54 | 000,092,950 | ---- | C] () -- C:\Users\Shawn\Desktop\BC-Prepping Computer.html
[2012/07/14 16:21:57 | 000,000,000 | ---- | C] () -- C:\Users\Shawn\defogger_reenable
[2012/05/15 09:03:04 | 000,009,086 | ---- | C] () -- C:\Users\Shawn\.recently-used.xbel
[2011/12/20 08:44:34 | 000,010,504 | -HS- | C] () -- C:\Users\Shawn\AppData\Local\l8wd60q2gr8abn
[2011/12/20 08:44:34 | 000,010,504 | -HS- | C] () -- C:\ProgramData\l8wd60q2gr8abn
[2011/06/16 20:32:07 | 4293,320,704 | -HS- | C] () -- \hiberfil.sys
[2011/04/21 22:48:58 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/30 14:54:53 | 000,000,632 | RHS- | C] () -- C:\Users\Shawn\ntuser.pol
[2011/01/14 00:47:26 | 000,000,253 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/12/23 00:58:43 | 000,000,092 | ---- | C] () -- C:\Users\Shawn\mm.cfg
[2009/09/10 22:40:49 | 000,000,093 | ---- | C] () -- C:\Users\Shawn\AppData\Local\fusioncache.dat
[2009/03/10 00:28:14 | 000,104,960 | ---- | C] () -- C:\Users\Shawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/14 22:35:02 | 000,166,611 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/11/14 22:35:02 | 000,166,611 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/09/16 20:46:56 | 000,000,680 | ---- | C] () -- C:\Users\Shawn\AppData\Local\d3d9caps.dat
[2008/08/17 11:05:21 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2008/04/23 23:44:46 | 000,027,839 | ---- | C] () -- C:\Users\Shawn\AppData\Roaming\nvModes.001
[2008/04/23 00:27:10 | 000,027,839 | ---- | C] () -- C:\Users\Shawn\AppData\Roaming\nvModes.dat
[2008/04/19 00:08:37 | 000,001,024 | ---- | C] () -- \.rnd
[2008/02/18 02:06:01 | 000,000,382 | -H-- | C] () -- \IPH.PH
[2008/02/08 04:51:02 | 000,333,257 | RHS- | C] () -- \bootmgr
[2007/11/07 08:53:12 | 000,242,176 | ---- | C] () -- \VC_RED.MSI
[2007/11/07 08:44:20 | 000,855,040 | ---- | C] () -- \install.exe
[2007/11/07 08:44:20 | 000,096,272 | ---- | C] () -- \install.res.1036.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | C] () -- \install.res.3082.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | C] () -- \install.res.1031.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | C] () -- \install.res.1040.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | C] () -- \install.res.1033.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | C] () -- \install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | C] () -- \install.res.1042.dll
[2007/11/07 08:44:20 | 000,075,280 | ---- | C] () -- \install.res.1028.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | C] () -- \install.res.2052.dll
[2007/11/07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini
[2006/12/02 03:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:517DBC32

< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 08 October 2012 - 07:27 PM

Did you install Ask and Conduit knowingly?

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O3 - HKU\S-1-5-21-3510709771-1480322892-3055403066-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    [2011/12/20 08:44:34 | 000,010,504 | -HS- | C] () -- C:\Users\Shawn\AppData\Local\l8wd60q2gr8abn
    [2011/12/20 08:44:34 | 000,010,504 | -HS- | C] () -- C:\ProgramData\l8wd60q2gr8abn
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:517DBC32
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


Next please run RKill

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.


Now run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.
Posted Image
m0le is a proud member of UNITE

#9 Samut

Samut
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 11 October 2012 - 12:42 AM

I'm not familiar with Ask or Conduit, but this is an old laptop. What are they?

Note: after running Combofix as directed, I am unable to turn on Windows Defender or Norton 360.

First the logs:

***************************************************************************************

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3510709771-1480322892-3055403066-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-3510709771-1480322892-3055403066-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-3510709771-1480322892-3055403066-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\Users\Shawn\AppData\Local\l8wd60q2gr8abn moved successfully.
C:\ProgramData\l8wd60q2gr8abn moved successfully.
ADS C:\ProgramData\Temp:517DBC32 deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10102012_232422

**************************************************************************************************************************************

At this point I ran Rkill successfully.

After that, I ran Combofix as directed - renaming to comfix.exe, disabling firewalls. It installed the Recovery Console, rebooted, and apparently finished - here's the log.

**************************************************************************************************************************************

ComboFix 12-10-10.02 - Shawn 10/10/2012 23:39:20.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2105 [GMT -4:00]
Running from: c:\users\Shawn\Desktop\comfix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Games.exe
c:\users\Amy\Documents\~WRL0004.tmp
c:\users\Amy\Documents\~WRL0038.tmp
c:\users\Shawn\AppData\Roaming\Local
c:\users\Shawn\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Shawn\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\windows\SysWow64\KBL.LOG
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-11 03:56 . 2012-10-11 03:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-11 03:56 . 2012-10-11 03:56 -------- d-----w- c:\users\William\AppData\Local\temp
2012-10-11 03:56 . 2012-10-11 03:56 -------- d-----w- c:\users\Wheelers\AppData\Local\temp
2012-10-11 03:56 . 2012-10-11 03:56 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-10-11 03:56 . 2012-10-11 03:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-11 03:56 . 2012-10-11 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-11 03:56 . 2012-10-11 03:56 -------- d-----w- c:\users\Dad\AppData\Local\temp
2012-10-11 03:56 . 2012-10-11 03:56 -------- d-----w- c:\users\Amy\AppData\Local\temp
2012-10-11 03:24 . 2012-10-11 03:24 -------- d-----w- C:\_OTL
2012-09-24 13:01 . 2012-09-24 13:01 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-18 01:09 . 2012-09-18 21:51 -------- d-----w- c:\users\William\AppData\Roaming\Pokémon Trading Card Game Online
2012-09-14 03:17 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-09-14 02:00 . 2011-07-27 20:22 66552 ----a-w- c:\windows\system32\drivers\mozy.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 04:43 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-08-30 07:27 . 2012-10-09 22:45 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDEC8CC2-3538-4922-9C11-B768748559A8}\mpengine.dll
2012-08-12 17:19 . 2012-08-12 17:18 12562920 ----a-w- c:\programdata\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files (x86)\Norton 360\osCheck.exe" [2008-02-26 988512]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-03-11 468264]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Shawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-17 1196048]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-7-12 6271888]
Online plug-in.lnk - c:\windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-11-23 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3510709771-1480322892-3055403066-1000Core.job
- c:\users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-12 20:29]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3510709771-1480322892-3055403066-1000UA.job
- c:\users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-12 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-07-12 16:37 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-07-12 16:37 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-09 5429760]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?&.src=ym&rl=1
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Evernote 4.0 - c:\users\Shawn\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: nih.gov\mail
Trusted Zone: skillport.com\perotsystems
Trusted Zone: yahoo.com\login
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\qrfgkfrx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files (x86)\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3510709771-1480322892-3055403066-1000\Software\SecuROM\License information*]
"datasecu"=hex:95,20,18,41,d3,2c,e1,1d,46,bd,b6,ec,14,63,5b,6e,8e,ee,c4,32,df,
29,13,a7,6e,fc,b7,7a,a0,da,42,13,31,dc,57,83,fd,df,8c,66,9b,59,14,04,37,f4,\
"rkeysecu"=hex:8b,dc,ae,56,b5,82,8b,92,c3,50,7e,e9,78,49,8a,1b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2012-10-11 00:11:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-11 04:11
.
Pre-Run: 107,654,995,968 bytes free
Post-Run: 107,713,757,184 bytes free
.
- - End Of File - - CAFC0B4B500371E9B775FC1C236C24F7

**************************************************************************

At this point, however, my network connection was down, as were numerous other services.

I rebooted but that did not resolve the issue. Finally, I restored to my last Restore point (from 10/8). I am now back online but as mentioned, Windows Defender and Norton 360 will not work - Defender won't start and Norton's firewall is up but the Auto-restore will not turn on.

Any further assistance will be much appreciated. Thank you.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 11 October 2012 - 07:09 PM

Losing your connection could be rootkit-connected. There's nothing showing up so far explaining the redirections so let's see if we can find any trace rootkit elements

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#11 Samut

Samut
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 13 October 2012 - 02:50 PM

Norton firewall and Windows Defender are now running normally, BTW. Here's the FRST log.

*************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2012
Ran by SYSTEM at 13-10-2012 15:37:11
Running from F:\Download
Windows Vista ™ Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [701440 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2184520 2009-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [x]
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2008-06-01] (Hewlett-Packard)
HKLM-x32\...\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [51048 2008-10-17] (Symantec Corporation)
HKLM-x32\...\Run: [osCheck] "C:\Program Files (x86)\Norton 360\osCheck.exe" [988512 2008-02-26] (Symantec Corporation)
HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-11-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [136544 2009-05-19] (CANON INC.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1226608 2010-12-09] ()
HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-03-10] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Amy\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Amy\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2387968 2009-03-17] (Hewlett-Packard Company)
HKU\Amy\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Amy\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [251240 2009-03-17] (TomTom)
HKU\Amy\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Amy\...\Policies\system: [LogonHoursAction] 2
HKU\Amy\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dad\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2387968 2009-03-17] (Hewlett-Packard Company)
HKU\Dad\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Dad\...\Policies\system: [LogonHoursAction] 2
HKU\Dad\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2387968 2009-03-17] (Hewlett-Packard Company)
HKU\Guest\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Guest\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [251240 2009-03-17] (TomTom)
HKU\Guest\...\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent [1242448 2011-09-11] (Valve Corporation)
HKU\Guest\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Shawn\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2387968 2009-03-17] (Hewlett-Packard Company)
HKU\Shawn\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Shawn\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Shawn\...\Run: [Google Update] "C:\Users\Shawn\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-12] (Google Inc.)
HKU\Shawn\...\Policies\system: [LogonHoursAction] 2
HKU\Shawn\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\TEMP\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\TEMP\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2387968 2009-03-17] (Hewlett-Packard Company)
HKU\Wheelers\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Wheelers\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2387968 2009-03-17] (Hewlett-Packard Company)
HKU\Wheelers\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Wheelers\...\Policies\system: [LogonHoursAction] 2
HKU\Wheelers\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\William\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2387968 2009-03-17] (Hewlett-Packard Company)
HKU\William\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\William\...\Policies\system: [LogonHoursAction] 2
HKU\William\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Online plug-in.lnk
ShortcutTarget: Online plug-in.lnk -> C:\Windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\Shawn\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\windows\system32\config\systemprofile\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (No File)

==================== Services (Whitelisted) ===================

2 Automatic LiveUpdate Scheduler; "C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe" [238968 2008-02-21] (Symantec Corporation)
2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
2 CLTNetCnService; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
3 Com4Qlb; "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
3 comHost; "C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe" [267096 2007-08-22] (Symantec Corporation)
2 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.)
3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160272 2008-05-01] (Logitech, Inc.)
3 LiveTurbineMessageService; "C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe" [267760 2009-09-10] (Turbine, Inc.)
3 LiveTurbineNetworkService; "C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe" [218608 2009-09-10] (Turbine, Inc.)
3 LiveUpdate; "C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE" [3220856 2008-08-04] (Symantec Corporation)
2 LiveUpdate Notice; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [149352 2008-10-17] (Symantec Corporation)
4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()
2 mozybackup; "C:\Program Files\MozyHome\mozybackup.exe" [54040 2011-07-27] (Mozy, Inc.)
2 QPCapSvc; "C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [292216 2009-01-12] ()
2 QPSched; "C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe" [116080 2009-01-12] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()
3 Symantec Core LC; C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1245064 2008-07-05] ()
3 wampapache; "C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" -k runservice [24636 2008-12-09] (Apache Software Foundation)
3 wampmysqld; C:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe wampmysqld [6582912 2009-06-17] ()
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) =====================

3 COH_Mon; C:\Windows\System32\Drivers\COH_Mon.sys [25424 2008-07-30] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
3 HpqRemHid; C:\Windows\System32\Drivers\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
1 IDSvia64; \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20121004.001\IDSvia64.sys [383096 2011-10-17] (Symantec Corporation)
3 MODEMCSA; C:\Windows\System32\Drivers\MODEMCSA.sys [24064 2008-01-20] (Microsoft Corporation)
1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [66552 2011-07-27] (Mozy, Inc.)
3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121012.020\ENG64.SYS [126112 2012-09-17] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121012.020\EX64.SYS [2084000 2012-09-17] (Symantec Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation)
3 smserial; C:\Windows\System32\Drivers\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
3 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [440880 2008-01-31] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [476720 2008-01-31] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2008-01-31] (Symantec Corporation)
3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.sys [16432 2009-02-19] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172080 2009-01-11] (Symantec Corporation)
3 SYMFW; C:\Windows\System32\Drivers\SYMFW.sys [145456 2009-02-19] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [28720 2009-02-19] (Symantec Corporation)
3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.sys [47664 2009-02-19] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.sys [28720 2009-02-19] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.sys [266800 2009-02-19] (Symantec Corporation)
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-20] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-01-20] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-20] (LG Electronics Inc.)
2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; \??\C:\Program Files (x86)\HP\QuickPlay\000.fcl [146928 2009-01-12] (CyberLink Corp.)
1 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-13 15:37 - 2012-10-13 15:37 - 00000000 ____D C:\FRST
2012-10-10 21:27 - 2012-10-10 21:27 - 00000085 ____A C:\Users\Shawn\Desktop\BC Forum Post.txt
2012-10-10 20:11 - 2012-10-10 20:11 - 00016925 ____A C:\Users\Shawn\Desktop\ComboFix20121010.txt
2012-10-10 20:11 - 2012-10-10 20:11 - 00000000 ____D C:\Users\William\Local Settings\Temp(20)
2012-10-10 20:11 - 2012-10-10 20:11 - 00000000 ____D C:\Users\William\Local Settings\Application Data\Temp(20)
2012-10-10 20:11 - 2012-10-10 20:11 - 00000000 ____D C:\Users\William\AppData\Local\Temp(20)
2012-10-10 20:11 - 2012-10-10 20:11 - 00000000 ____D C:\Users\Amy\Local Settings\Temp(5)
2012-10-10 20:11 - 2012-10-10 20:11 - 00000000 ____D C:\Users\Amy\Local Settings\Application Data\Temp(5)
2012-10-10 20:11 - 2012-10-10 20:11 - 00000000 ____D C:\Users\Amy\AppData\Local\Temp(5)
2012-10-10 19:32 - 2012-10-10 20:11 - 00000000 ____D C:\Qoobox
2012-10-10 19:26 - 2012-10-10 19:28 - 00002196 ____A C:\Users\Shawn\Desktop\Rkill.txt
2012-10-10 19:25 - 2012-10-10 19:25 - 00003428 ____A C:\Users\Shawn\Desktop\OTL10102012_232422.log
2012-10-10 19:24 - 2012-10-10 19:24 - 00000000 ____D C:\_OTL
2012-10-08 15:53 - 2012-10-08 15:53 - 00130620 ____A C:\Users\Shawn\Desktop\OTL.Txt
2012-10-07 17:26 - 2012-10-07 17:26 - 00001584 ____A C:\Users\Shawn\Desktop\aswMBR.txt
2012-10-07 17:26 - 2012-10-07 17:26 - 00000512 ____A C:\Users\Shawn\Desktop\MBR.dat
2012-10-07 17:23 - 2012-10-07 17:23 - 00066543 ____A C:\Users\Shawn\Desktop\TDSSReport.txt
2012-10-07 16:44 - 2012-10-07 17:25 - 00133172 ____A C:\Users\Shawn\Desktop\report.txt
2012-10-07 16:43 - 2012-09-17 15:25 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Desktop\TDSSKiller.exe
2012-10-07 15:41 - 2012-10-07 15:41 - 02193278 ____A C:\Users\Shawn\Desktop\tdsskiller.zip
2012-10-06 07:35 - 2012-10-06 07:35 - 00076112 ____A C:\Users\Shawn\Desktop\Extras360.Txt
2012-10-06 07:33 - 2012-10-06 07:33 - 00196952 ____A C:\Users\Shawn\Desktop\OTL360.Txt
2012-10-06 07:13 - 2012-10-07 17:24 - 04731392 ____A (AVAST Software) C:\Users\Shawn\Desktop\aswMBR.exe
2012-10-06 07:13 - 2012-10-06 07:13 - 00602112 ____A (OldTimer Tools) C:\Users\Shawn\Desktop\OTL.exe
2012-10-05 03:48 - 2012-10-05 03:48 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Shawn\Desktop\mbam-setup.exe
2012-10-04 18:07 - 2012-10-04 18:07 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Desktop\20121004.com
2012-10-04 17:48 - 2012-10-04 17:48 - 00014010 ____A C:\Users\Shawn\Desktop\Attach.txt
2012-10-04 17:47 - 2012-10-04 17:47 - 00025603 ____A C:\Users\Shawn\Desktop\DDS.txt
2012-10-04 17:39 - 2012-10-04 17:40 - 00607260 ____R (Swearware) C:\Users\Shawn\Desktop\dds.com
2012-10-04 17:05 - 2012-10-04 17:05 - 00000472 ____A C:\Users\Shawn\Desktop\defogger_disable.log
2012-10-04 17:04 - 2012-10-04 17:04 - 00050477 ____A C:\Users\Shawn\Desktop\Defogger.exe
2012-10-03 04:12 - 2012-10-03 04:13 - 00092950 ____A C:\Users\Shawn\Desktop\BC-Prepping Computer.html
2012-10-03 04:12 - 2012-10-03 04:12 - 00000000 ____D C:\Users\Shawn\Desktop\BC-Prepping Computer_files
2012-09-18 20:52 - 2012-09-18 20:53 - 00999696 ____A (Solid State Networks) C:\Users\Dad\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-09-17 17:10 - 2012-09-17 17:10 - 00001255 ____A C:\Users\William\Desktop\Pokémon Trading Card Game Online.lnk
2012-09-17 17:09 - 2012-09-18 13:51 - 00000000 ____D C:\Users\William\Application Data\Pokémon Trading Card Game Online
2012-09-17 17:09 - 2012-09-18 13:51 - 00000000 ____D C:\Users\William\AppData\Roaming\Pokémon Trading Card Game Online
2012-09-13 19:17 - 2012-07-04 06:33 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-09-13 18:00 - 2011-07-27 12:22 - 00066552 ____A (Mozy, Inc.) C:\Windows\System32\Drivers\mozy.sys

==================== 3 Months Modified Files ==================

2012-10-13 11:30 - 2006-11-02 07:42 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-13 11:30 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-13 11:28 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-13 11:28 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-13 11:25 - 2008-03-26 15:26 - 01094840 ____A C:\Windows\WindowsUpdate.log
2012-10-13 11:16 - 2011-01-13 20:47 - 00000253 ____A C:\Users\All Users\hpqp.ini
2012-10-13 11:16 - 2011-01-13 20:47 - 00000253 ____A C:\Users\All Users\Application Data\hpqp.ini
2012-10-13 10:09 - 2012-05-12 12:29 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3510709771-1480322892-3055403066-1000UA.job
2012-10-13 05:13 - 2011-08-04 11:15 - 00007288 ____A C:\Windows\mozy.blk
2012-10-13 05:13 - 2011-08-04 11:15 - 00002750 ____A C:\Windows\mozy.flt
2012-10-12 04:08 - 2012-05-12 12:29 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3510709771-1480322892-3055403066-1000Core.job
2012-10-10 21:27 - 2012-10-10 21:27 - 00000085 ____A C:\Users\Shawn\Desktop\BC Forum Post.txt
2012-10-10 20:59 - 2006-11-02 04:33 - 82575360 ____A C:\Windows\System32\config\software_previous
2012-10-10 20:59 - 2006-11-02 04:33 - 55836672 ____A C:\Windows\System32\config\components_previous
2012-10-10 20:59 - 2006-11-02 04:33 - 20971520 ____A C:\Windows\System32\config\system_previous
2012-10-10 20:59 - 2006-11-02 04:33 - 00524288 ____A C:\Windows\System32\config\default_previous
2012-10-10 20:59 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-10-10 20:59 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-10-10 20:11 - 2012-10-10 20:11 - 00016925 ____A C:\Users\Shawn\Desktop\ComboFix20121010.txt
2012-10-10 19:58 - 2008-01-20 19:26 - 00423878 ____A C:\Windows\PFRO.log
2012-10-10 19:28 - 2012-10-10 19:26 - 00002196 ____A C:\Users\Shawn\Desktop\Rkill.txt
2012-10-10 19:25 - 2012-10-10 19:25 - 00003428 ____A C:\Users\Shawn\Desktop\OTL10102012_232422.log
2012-10-08 15:53 - 2012-10-08 15:53 - 00130620 ____A C:\Users\Shawn\Desktop\OTL.Txt
2012-10-07 17:26 - 2012-10-07 17:26 - 00001584 ____A C:\Users\Shawn\Desktop\aswMBR.txt
2012-10-07 17:26 - 2012-10-07 17:26 - 00000512 ____A C:\Users\Shawn\Desktop\MBR.dat
2012-10-07 17:25 - 2012-10-07 16:44 - 00133172 ____A C:\Users\Shawn\Desktop\report.txt
2012-10-07 17:24 - 2012-10-06 07:13 - 04731392 ____A (AVAST Software) C:\Users\Shawn\Desktop\aswMBR.exe
2012-10-07 17:23 - 2012-10-07 17:23 - 00066543 ____A C:\Users\Shawn\Desktop\TDSSReport.txt
2012-10-07 15:41 - 2012-10-07 15:41 - 02193278 ____A C:\Users\Shawn\Desktop\tdsskiller.zip
2012-10-06 07:35 - 2012-10-06 07:35 - 00076112 ____A C:\Users\Shawn\Desktop\Extras360.Txt
2012-10-06 07:33 - 2012-10-06 07:33 - 00196952 ____A C:\Users\Shawn\Desktop\OTL360.Txt
2012-10-06 07:13 - 2012-10-06 07:13 - 00602112 ____A (OldTimer Tools) C:\Users\Shawn\Desktop\OTL.exe
2012-10-05 03:48 - 2012-10-05 03:48 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Shawn\Desktop\mbam-setup.exe
2012-10-04 18:07 - 2012-10-04 18:07 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Desktop\20121004.com
2012-10-04 17:48 - 2012-10-04 17:48 - 00014010 ____A C:\Users\Shawn\Desktop\Attach.txt
2012-10-04 17:47 - 2012-10-04 17:47 - 00025603 ____A C:\Users\Shawn\Desktop\DDS.txt
2012-10-04 17:40 - 2012-10-04 17:39 - 00607260 ____R (Swearware) C:\Users\Shawn\Desktop\dds.com
2012-10-04 17:05 - 2012-10-04 17:05 - 00000472 ____A C:\Users\Shawn\Desktop\defogger_disable.log
2012-10-04 17:04 - 2012-10-04 17:04 - 00050477 ____A C:\Users\Shawn\Desktop\Defogger.exe
2012-10-04 14:36 - 2008-12-13 17:13 - 00000680 ____A C:\Users\Amy\Local Settings\d3d9caps.dat
2012-10-04 14:36 - 2008-12-13 17:13 - 00000680 ____A C:\Users\Amy\Local Settings\Application Data\d3d9caps.dat
2012-10-04 14:36 - 2008-12-13 17:13 - 00000680 ____A C:\Users\Amy\AppData\Local\d3d9caps.dat
2012-10-03 04:13 - 2012-10-03 04:12 - 00092950 ____A C:\Users\Shawn\Desktop\BC-Prepping Computer.html
2012-09-30 10:58 - 2012-05-12 12:30 - 00002042 ____A C:\Users\Shawn\Desktop\Google Chrome.lnk
2012-09-18 20:53 - 2012-09-18 20:52 - 00999696 ____A (Solid State Networks) C:\Users\Dad\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-09-17 17:10 - 2012-09-17 17:10 - 00001255 ____A C:\Users\William\Desktop\Pokémon Trading Card Game Online.lnk
2012-09-17 16:52 - 2012-03-02 13:16 - 00000680 ____A C:\Users\William\Local Settings\d3d9caps.dat
2012-09-17 16:52 - 2012-03-02 13:16 - 00000680 ____A C:\Users\William\Local Settings\Application Data\d3d9caps.dat
2012-09-17 16:52 - 2012-03-02 13:16 - 00000680 ____A C:\Users\William\AppData\Local\d3d9caps.dat
2012-09-17 15:25 - 2012-10-07 16:43 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Shawn\Desktop\TDSSKiller.exe
2012-09-13 22:01 - 2006-11-02 07:21 - 00376552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-13 19:20 - 2006-11-02 04:34 - 00000240 ____A C:\Windows\win.ini
2012-08-30 20:43 - 2006-11-02 04:35 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-08-26 08:11 - 2012-08-26 08:11 - 00001243 ____A C:\Users\Dad\Desktop\Pokémon Trading Card Game Online.lnk
2012-08-24 15:31 - 2012-08-24 15:31 - 00001249 ____A C:\Users\Shawn\Desktop\Pokémon Trading Card Game Online.lnk
2012-08-24 15:25 - 2012-08-24 15:23 - 183642624 ____A C:\Users\Public\Downloads\PokemonInstaller.msi
2012-08-23 18:45 - 2012-08-23 18:45 - 00000891 ____A C:\Users\Dad\Desktop\Mozilla Firefox.lnk
2012-08-23 18:42 - 2012-08-23 18:41 - 16814136 ____A (Mozilla) C:\Users\Dad\Downloads\Firefox Setup 14.0.1.exe
2012-08-23 11:02 - 2012-08-23 11:02 - 00001227 ____A C:\Users\Amy\Downloads\event-250949.ics
2012-08-22 12:30 - 2012-08-22 12:30 - 16814136 ____A (Mozilla) C:\Users\William\Downloads\Firefox Setup 14.0.1.exe
2012-08-22 12:30 - 2012-08-22 12:30 - 00000903 ____A C:\Users\William\Desktop\Mozilla Firefox.lnk
2012-08-12 09:19 - 2012-08-12 09:18 - 12562920 ____A (Mozy, Inc.) C:\Users\All Users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
2012-08-12 09:19 - 2012-08-12 09:18 - 12562920 ____A (Mozy, Inc.) C:\Users\All Users\Application Data\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
2012-08-02 19:50 - 2012-08-02 19:50 - 00003543 ____A C:\Users\Dad\Desktop\Chicago Flight Info.txt
2012-08-02 19:49 - 2012-08-02 19:49 - 00000000 ____A C:\Users\Dad\Desktop\New Text Document.txt
2012-07-29 06:44 - 2006-11-02 04:46 - 00818170 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 06:05 - 2011-07-28 04:35 - 00002413 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-29 06:05 - 2011-07-28 04:35 - 00002413 ____A C:\Users\All Users\Desktop\Skype.lnk
2012-07-28 19:12 - 2012-07-28 19:12 - 00068095 ____A C:\Users\Dad\Desktop\DellSharePointWebAdministrator.htm
2012-07-23 04:01 - 2011-01-13 20:49 - 00000021 ____A C:\Users\All Users\hpqp.txt
2012-07-23 04:01 - 2011-01-13 20:49 - 00000021 ____A C:\Users\All Users\Application Data\hpqp.txt
2012-07-17 16:03 - 2010-05-16 10:44 - 00000156 ____A C:\Users\Shawn\Desktop\Numbers.txt


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-23 14:26:17
Restore point made on: 2012-09-24 04:19:09
Restore point made on: 2012-09-24 05:14:21
Restore point made on: 2012-09-29 15:05:32
Restore point made on: 2012-09-29 15:46:31
Restore point made on: 2012-09-29 17:06:36
Restore point made on: 2012-09-30 12:07:03
Restore point made on: 2012-09-30 13:16:39
Restore point made on: 2012-10-02 19:01:05
Restore point made on: 2012-10-02 19:48:21
Restore point made on: 2012-10-03 02:59:57
Restore point made on: 2012-10-04 15:25:39
Restore point made on: 2012-10-04 16:20:13
Restore point made on: 2012-10-05 03:25:35
Restore point made on: 2012-10-07 05:01:58
Restore point made on: 2012-10-07 17:50:07
Restore point made on: 2012-10-08 12:49:16
Restore point made on: 2012-10-10 20:51:44
Restore point made on: 2012-10-13 05:01:05
Restore point made on: 2012-10-13 05:12:45

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4093.63 MB
Available physical RAM: 3379.87 MB
Total Pagefile: 3764.23 MB
Available Pagefile: 3473.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:285.04 GB) (Free:101.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:13.05 GB) (Free:2.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:459.9 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1528 KB
Disk 1 Online 931 GB 993 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 285 GB 32 KB
Partition 2 Primary 13 GB 285 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 285 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F My Passport NTFS Partition 931 GB Healthy

=========================================================

Last Boot: 2012-10-13 11:23

==================== End Of Log =============================

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 13 October 2012 - 09:03 PM

The FRST log looks fine. Is the redirection still an issue? Which browser(s) do you use?
Posted Image
m0le is a proud member of UNITE

#13 Samut

Samut
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 17 October 2012 - 01:23 AM

I'm using IE 9 and Firefox 14.

The redirection seems to have stopped. Thank you!

However, around when the issue first appeared, I noticed I could not install some of the security hotfixes for IE, and that continues to be the case. If there could still be a virus blocking me from installing these, then I'd like to continue and keep looking.

If you think this sounds like more of a non-malware issue, then please go ahead and close this topic. If that's the case, please let me know the correct forum to go to and open another topic.

Thanks again.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 17 October 2012 - 02:53 PM

Might be a leftover effect from malware rather than live malware blocking processes. This next tool should check that

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.
Posted Image
m0le is a proud member of UNITE

#15 Samut

Samut
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 23 October 2012 - 06:45 PM

Windows Repair ran fine until the last part (Start Repairs).

That one got to about 10% finished and then Blue Screened, with the following showing up in the Event Viewer:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: c2
BCP1: 0000000000000007
BCP2: 000000000000110B
BCP3: 0000000004050003
BCP4: FFFFFA800A0BDB90
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini101812-01.dmp
C:\Users\Shawn\AppData\Local\Temp\WER-492931-0.sysdata.xml
C:\Users\Shawn\AppData\Local\Temp\WER471D.tmp.version.txt

Unfortunately, the files referred to in the Temp directory were gone when I looked later.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users