Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus? Wierd content on webpages.


  • This topic is locked This topic is locked
27 replies to this topic

#1 pnbsoup

pnbsoup

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 02 May 2013 - 09:47 AM

Within the past couple of days I've been on internet explorer and noticed that the webpages look wierd and odd..Below I have attached a couple of scans from Hijack this, Adware, and Rogue Killer...Please advise

 

Thanks for your help!!!

 

pnbsoup

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:21 PM, on 5/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Voltage Security\VSManager2.exe
C:\Program Files\Common Files\Voltage Security\VSAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Voltage Encryption Manager.lnk = C:\Program Files\Common Files\Voltage Security\VSManager2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.harleysvillegroup.com
O15 - Trusted Zone: http://www.qqsolutions.com
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Infragistics ActiveTreeView Control) - https://accesscl.harleysvillegroup.com/aqs.advantage.client/system/cab/sstree.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://accesscl.harleysvillegroup.com/aqs.advantage.client/system/CAB/iemenu.cab
O16 - DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} (IITLoadCtrl Class) - https://www.imoncall.com/go/iitloader.cab
O16 - DPF: {B52058E9-B6DD-11D3-AFDC-005004A74E81} (qqRegister Control) - http://www.qqsolutions.com/web/webupdates/qqRegister.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://harleysville.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
O18 - Filter: application/x-vs-authtoken - {1F17617E-C296-4C16-89E3-E22C6C454645} - C:\Program Files\Common Files\Voltage Security\VSTokenHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:  
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\system32\atashost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: ShareFile Auto-update Service (SFUpdater) - Unknown owner - C:\Program Files\ShareFile\Updater\UpdateService.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--
End of file - 10242 bytes
 

# AdwCleaner v2.300 - Logfile created 05/01/2013 at 13:17:41
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : End User - CK-1211-1
# Boot Mode : Normal
# Running from : C:\Users\End User\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Winamp Toolbar
Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\8mtigf06.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Folder Deleted : C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\8mtigf06.default\WinampToolbarData
Folder Deleted : C:\Users\End User\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\End User\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SaveByClick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\8mtigf06.default\prefs.js

C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\8mtigf06.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.50f836935005a.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8961 octets] - [01/05/2013 13:17:41]

########## EOF - C:\AdwCleaner[S1].txt - [9021 octets] ##########
 

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : End User [Admin rights]
Mode : Remove -- Date : 05/01/2013 13:28:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82EE2DA5 -> HOOKED (Unknown @ 0x8791A8A0)
SSDT[14] : NtAlertThread @ 0x82E35CC7 -> HOOKED (Unknown @ 0x8791A960)
SSDT[19] : NtAllocateVirtualMemory @ 0x82E2ECBC -> HOOKED (Unknown @ 0x878BBAB0)
SSDT[22] : NtAlpcConnectPort @ 0x82E7A56E -> HOOKED (Unknown @ 0x86BC5218)
SSDT[43] : NtAssignProcessToJobObject @ 0x82E040BE -> HOOKED (Unknown @ 0x878D5BA0)
SSDT[74] : NtCreateMutant @ 0x82E1534C -> HOOKED (Unknown @ 0x879279C0)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E069C6 -> HOOKED (Unknown @ 0x878D5920)
SSDT[87] : NtCreateThread @ 0x82EE0FE2 -> HOOKED (Unknown @ 0x8791D898)
SSDT[88] : NtCreateThreadEx @ 0x82E7549B -> HOOKED (Unknown @ 0x878D59F0)
SSDT[96] : NtDebugActiveProcess @ 0x82EB2EAA -> HOOKED (Unknown @ 0x8792C918)
SSDT[111] : NtDuplicateObject @ 0x82E36761 -> HOOKED (Unknown @ 0x86CB8C80)
SSDT[131] : NtFreeVirtualMemory @ 0x82CBD81C -> HOOKED (Unknown @ 0x878BB8C8)
SSDT[145] : NtImpersonateAnonymousToken @ 0x82DFA962 -> HOOKED (Unknown @ 0x87927A90)
SSDT[147] : NtImpersonateThread @ 0x82E7E962 -> HOOKED (Unknown @ 0x8791A868)
SSDT[155] : NtLoadDriver @ 0x82DCAC32 -> HOOKED (Unknown @ 0x86B29170)
SSDT[168] : NtMapViewOfSection @ 0x82E4B5F1 -> HOOKED (Unknown @ 0x87915B40)
SSDT[177] : NtOpenEvent @ 0x82E14D48 -> HOOKED (Unknown @ 0x87927900)
SSDT[190] : NtOpenProcess @ 0x82E16B93 -> HOOKED (Unknown @ 0x8792A8E0)
SSDT[191] : NtOpenProcessToken @ 0x82E6936F -> HOOKED (Unknown @ 0x86CB8C00)
SSDT[194] : NtOpenSection @ 0x82E6E9EB -> HOOKED (Unknown @ 0x8792CAE0)
SSDT[198] : NtOpenThread @ 0x82E630EE -> HOOKED (Unknown @ 0x86CB8D50)
SSDT[215] : NtProtectVirtualMemory @ 0x82E47651 -> HOOKED (Unknown @ 0x878D5AD0)
SSDT[304] : NtResumeThread @ 0x82E756C2 -> HOOKED (Unknown @ 0x8791AA20)
SSDT[316] : NtSetContextThread @ 0x82EE2851 -> HOOKED (Unknown @ 0x879158F0)
SSDT[333] : NtSetInformationProcess @ 0x82E3D875 -> HOOKED (Unknown @ 0x879159B0)
SSDT[350] : NtSetSystemInformation @ 0x82E5337A -> HOOKED (Unknown @ 0x8792C9D8)
SSDT[366] : NtSuspendProcess @ 0x82EE2CDF -> HOOKED (Unknown @ 0x8792CBA0)
SSDT[367] : NtSuspendThread @ 0x82E9A19B -> HOOKED (Unknown @ 0x8791AAE0)
SSDT[370] : NtTerminateProcess @ 0x82E5FD86 -> HOOKED (Unknown @ 0x8791D978)
SSDT[371] : unknown @ 0x82E7D69B -> HOOKED (Unknown @ 0x8791ABA0)
SSDT[385] : NtUnmapViewOfSection @ 0x82E699AA -> HOOKED (Unknown @ 0x87915A80)
SSDT[399] : NtWriteVirtualMemory @ 0x82E64A83 -> HOOKED (Unknown @ 0x878BB998)
S_SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8743D078)
S_SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87438078)
S_SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x86CD9248)
S_SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x86B855C8)
S_SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x86CDE008)
S_SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x86CE6088)
S_SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x86CE2080)
S_SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x86CE4088)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x86CDD0C8)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8669B3B8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-603CA0 ATA Device +++++
--- User ---
[MBR] 3df67d4cfd5ca7ce9bea0f1512f99f0e
[BSP] 2310f4ebb28028db18690506c4aea7bb : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05012013_02d1328.txt >>
RKreport[1]_S_05012013_02d1327.txt ; RKreport[2]_D_05012013_02d1328.txt

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:09 PM

Posted 02 May 2013 - 04:01 PM

Good evening. :)

 

the webpages look wierd and odd.

 

You are going to need to be more specific as the above doesn't tell me a great deal - please remember that only you can see it and I am reliant on how you describe it.


So long, and thanks for all the fish.

 

 


#3 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 03 May 2013 - 08:56 AM

When I go to a webpage to read an article, advertisement is over the article.  The font on the webpages varies by paragraph.  Also when I go to enter a login and password information these boxes are bold.  Also, when I enter my login and password information sometimes the signin button is not available..I hope this helps

 

Thanks

 

pnbsoup



#4 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 03 May 2013 - 02:47 PM

I went ahead and did a several scans and maybe you could view and let me know...But below are the following logs...DDS, ASWMBR, TDSSkiller, and MBam and a new HJT log...Thanks and let me know if I should do anything further...

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.4.1
Run by End User at 13:23:02 on 2013-05-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3494.2125 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atashost.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\Program Files\ShareFile\Updater\UpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Voltage Security\VSManager2.exe
C:\Program Files\Common Files\Voltage Security\VSAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - c:\program files\pdf architect\PDFIEHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.3.1.22\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\voltag~1.lnk - c:\program files\common files\voltage security\VSManager2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} - hxxps://accesscl.harleysvillegroup.com/aqs.advantage.client/system/cab/sstree.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} - hxxps://accesscl.harleysvillegroup.com/aqs.advantage.client/system/CAB/iemenu.cab
DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} - hxxps://www.imoncall.com/go/iitloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {B52058E9-B6DD-11D3-AFDC-005004A74E81} - hxxp://www.qqsolutions.com/web/webupdates/qqRegister.ocx
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://harleysville.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
TCP: NameServer = 66.80.130.23 64.7.11.2
TCP: Interfaces\{C41EF200-77F9-4716-92D6-1E01975B140F} : DHCPNameServer = 66.80.130.23 64.7.11.2
Filter: application/x-vs-authtoken - {1F17617E-C296-4C16-89E3-E22C6C454645} - c:\program files\common files\voltage security\VSTokenHandler.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=   
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\end user\appdata\roaming\mozilla\firefox\profiles\8mtigf06.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\voltage security\npvsth.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: !HIDDEN! 2012-01-04 10:34; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403010.016\symds.sys [2013-4-16 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403010.016\symefa.sys [2013-4-16 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130412.001\BHDrvx86.sys [2013-4-12 1000024]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys [2013-4-16 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130502.001\IDSvix86.sys [2013-5-3 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403010.016\ironx86.sys [2013-4-16 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1403010.016\symnets.sys [2013-4-16 338592]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-2-29 134456]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-12-30 110752]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-21 418376]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.3.1.22\ccsvchst.exe [2013-4-16 144520]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\pdf architect\HelperService.exe [2013-1-9 1324104]
R2 PDF Architect Service;PDF Architect Service;c:\program files\pdf architect\ConversionService.exe [2013-1-9 795208]
R2 SFUpdater;ShareFile Auto-update Service;c:\program files\sharefile\updater\UpdateService.exe [2012-7-11 24576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-12-30 2656280]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-1-28 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-19 22856]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-12-30 41088]
R3 rdsdrvdm;rdsdrvdm;c:\windows\system32\drivers\rdsdrvdm.sys [2012-1-3 27648]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-21 701512]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-31 1343400]
.
=============== Created Last 30 ================
.
2013-05-03 16:43:33    --------    d-----w-    C:\N360_BACKUP
2013-04-30 21:19:01    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-24 13:22:42    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-16 14:15:42    934488    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\symefa.sys
2013-04-16 14:15:42    367704    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\symds.sys
2013-04-16 14:15:42    338592    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\symnets.sys
2013-04-16 14:15:42    32344    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\srtspx.sys
2013-04-16 14:15:42    21400    ----a-r-    c:\windows\system32\drivers\n360\1403010.016\symelam.sys
2013-04-16 14:15:41    602712    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\srtsp.sys
2013-04-16 14:15:41    175264    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\ironx86.sys
2013-04-16 14:15:41    134304    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys
2013-04-16 14:15:19    14818    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\symvtcer.dat
2013-04-16 14:15:19    --------    d-----w-    c:\windows\system32\drivers\n360\1403010.016
2013-04-10 13:41:24    2347008    ----a-w-    c:\windows\system32\win32k.sys
2013-04-10 13:40:56    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-04-10 13:40:28    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-10 13:40:28    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-04-10 13:40:27    69632    ----a-w-    c:\windows\system32\smss.exe
2013-04-10 13:40:27    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-04-10 13:39:54    36864    ----a-w-    c:\windows\system32\tsgqec.dll
2013-04-10 13:39:54    3217408    ----a-w-    c:\windows\system32\mstscax.dll
2013-04-10 13:39:54    131584    ----a-w-    c:\windows\system32\aaclient.dll
.
==================== Find3M  ====================
.
2013-04-30 21:19:01    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-12 13:16:00    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-12 13:16:00    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-04 18:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-12 04:48:31    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32:45    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 13:23:41.43 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/30/2011 2:52:23 PM
System Uptime: 5/3/2013 12:50:34 PM (1 hours ago)
.
Motherboard: Intel Corporation |  | DH61CR
Processor: Intel® Pentium® CPU G620 @ 2.60GHz | LGA1155 CPU 1 | 2600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 414.498 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP360: 4/18/2013 5:10:16 PM - Windows Update
RP361: 4/19/2013 4:57:43 PM - Windows Update
RP362: 4/22/2013 5:07:48 PM - Windows Update
RP363: 4/23/2013 5:10:37 PM - Windows Update
RP364: 4/24/2013 4:59:19 PM - Windows Update
RP365: 4/25/2013 4:59:12 PM - Windows Update
RP366: 4/26/2013 4:58:49 PM - Windows Update
RP367: 4/29/2013 5:01:18 PM - Windows Update
RP368: 4/30/2013 5:16:16 PM - Windows Update
RP369: 5/1/2013 10:49:13 AM - Windows Update
RP370: 5/1/2013 10:52:19 AM - Windows Update
RP371: 5/1/2013 5:03:20 PM - Windows Update
RP372: 5/2/2013 12:00:33 PM - Windows Update
RP373: 5/2/2013 5:00:23 PM - Windows Update
RP374: 5/3/2013 11:52:37 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
8500A909_eDocs
8500A909_Help
8500A909a
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
AgencyStation
Bing Bar
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Cisco WebEx Meetings
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DHTML Editing Component
DocMgr
DocProc
ESET Online Scanner v3
Fantapper Player
Fantapper Updater
Fax
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.4.0.1082
GPBaseService2
HiJackThis
HP Customer Participation Program 14.0
HP Document Manager 2.0
HP Imaging Device Functions 14.0
HP Officejet Pro 8500 A909 Series
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
HPSSupply
Intel® Control Center
Intel® Management Engine Components
Intel® Network Connections 15.7.176.0
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 32
Java™ 7 Update 4
JavaFX 2.1.0
K-Lite Codec Pack 8.0.0 (Full)
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Access 2002 Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MPM
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network
Norton 360
OCR Software by I.R.I.S. 14.0
PDF Architect
PDFCreator
ProductContext
QQ Evolution
QuickQuote Runtime Files
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
ShareFile Outlook Plug-in
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Toolbox
Total Access Memo 2003 Runtime
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Voltage Encryption v5.3
WebReg
Winamp
Winamp Detector Plug-in
Windows Live ID Sign-in Assistant
.
==== Event Viewer Messages From Past Week ========
.
5/3/2013 12:23:49 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer DJ2596C1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C41EF200-77F9-4716-92D6-1E01975B1. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-03 13:28:15
-----------------------------
13:28:15.962    OS Version: Windows 6.1.7601 Service Pack 1
13:28:15.962    Number of processors: 2 586 0x2A07
13:28:15.965    ComputerName: CK-1211-1  UserName: End User
13:28:18.189    Initialize success
13:40:20.521    AVAST engine defs: 13050300
13:40:36.917    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:40:36.917    Disk 0 Vendor: WDC_WD5000AAKX-603CA0 18.01H18 Size: 476940MB BusType: 11
13:40:37.010    Disk 0 MBR read successfully
13:40:37.010    Disk 0 MBR scan
13:40:37.026    Disk 0 Windows 7 default MBR code
13:40:37.026    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:40:37.026    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
13:40:37.042    Disk 0 scanning sectors +976771072
13:40:37.104    Disk 0 scanning C:\Windows\system32\drivers
13:40:45.013    Service scanning
13:41:02.111    Modules scanning
13:41:07.150    Disk 0 trace - called modules:
13:41:07.165    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
13:41:07.165    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86697a78]
13:41:07.181    3 CLASSPNP.SYS[8c78e59e] -> nt!IofCallDriver -> [0x86224c10]
13:41:07.181    5 ACPI.sys[8c0c13d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x861c7908]
13:41:08.835    AVAST engine scan C:\Windows
13:41:11.377    AVAST engine scan C:\Windows\system32
13:43:12.480    AVAST engine scan C:\Windows\system32\drivers
13:43:34.788    AVAST engine scan C:\Users\End User
13:45:36.859    Disk 0 MBR has been saved successfully to "C:\Users\End User\Desktop\MBR.dat"
13:45:36.874    The log file has been saved successfully to "C:\Users\End User\Desktop\aswMBR.txt"

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.01.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
End User :: CK-1211-1 [administrator]

5/3/2013 2:14:34 PM
mbam-log-2013-05-03 (14-14-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206617
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:21 PM, on 5/1/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Voltage Security\VSManager2.exe
C:\Program Files\Common Files\Voltage Security\VSAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Voltage Encryption Manager.lnk = C:\Program Files\Common Files\Voltage Security\VSManager2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.harleysvillegroup.com
O15 - Trusted Zone: http://www.qqsolutions.com
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} (Infragistics ActiveTreeView Control) - https://accesscl.harleysvillegroup.com/aqs.advantage.client/system/cab/sstree.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://accesscl.harleysvillegroup.com/aqs.advantage.client/system/CAB/iemenu.cab
O16 - DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} (IITLoadCtrl Class) - https://www.imoncall.com/go/iitloader.cab
O16 - DPF: {B52058E9-B6DD-11D3-AFDC-005004A74E81} (qqRegister Control) - http://www.qqsolutions.com/web/webupdates/qqRegister.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://harleysville.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
O18 - Filter: application/x-vs-authtoken - {1F17617E-C296-4C16-89E3-E22C6C454645} - C:\Program Files\Common Files\Voltage Security\VSTokenHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:  
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\system32\atashost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: ShareFile Auto-update Service (SFUpdater) - Unknown owner - C:\Program Files\ShareFile\Updater\UpdateService.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--
End of file - 10242 bytes
 

 

thanks!

 



#5 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 03 May 2013 - 02:49 PM

TDDSSKiller log...

 

13:49:28.0047 4796  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

13:49:29.0188 4796  ============================================================

13:49:29.0188 4796  Current date / time: 2013/05/03 13:49:29.0188

13:49:29.0188 4796  SystemInfo:

13:49:29.0189 4796 

13:49:29.0189 4796  OS Version: 6.1.7601 ServicePack: 1.0

13:49:29.0189 4796  Product type: Workstation

13:49:29.0189 4796  ComputerName: CK-1211-1

13:49:29.0189 4796  UserName: End User

13:49:29.0189 4796  Windows directory: C:\Windows

13:49:29.0189 4796  System windows directory: C:\Windows

13:49:29.0189 4796  Processor architecture: Intel x86

13:49:29.0189 4796  Number of processors: 2

13:49:29.0189 4796  Page size: 0x1000

13:49:29.0189 4796  Boot type: Normal boot

13:49:29.0189 4796  ============================================================

13:49:30.0134 4796  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:49:30.0152 4796  ============================================================

13:49:30.0152 4796  \Device\Harddisk0\DR0:

13:49:30.0152 4796  MBR partitions:

13:49:30.0152 4796  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

13:49:30.0152 4796  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

13:49:30.0152 4796  ============================================================

13:49:30.0172 4796  C: <-> \Device\Harddisk0\DR0\Partition2

13:49:30.0172 4796  ============================================================

13:49:30.0172 4796  Initialize success

13:49:30.0172 4796  ============================================================

13:49:59.0285 0800  ============================================================

13:49:59.0285 0800  Scan started

13:49:59.0285 0800  Mode: Manual; TDLFS;

13:49:59.0285 0800  ============================================================

13:49:59.0541 0800  ================ Scan system memory ========================

13:49:59.0541 0800  System memory - ok

13:49:59.0542 0800  ================ Scan services =============================

13:49:59.0645 0800  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

13:49:59.0647 0800  1394ohci - ok

13:49:59.0660 0800  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

13:49:59.0662 0800  ACPI - ok

13:49:59.0681 0800  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

13:49:59.0681 0800  AcpiPmi - ok

13:49:59.0737 0800  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

13:49:59.0738 0800  AdobeARMservice - ok

13:49:59.0807 0800  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:49:59.0809 0800  AdobeFlashPlayerUpdateSvc - ok

13:49:59.0852 0800  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

13:49:59.0856 0800  adp94xx - ok

13:49:59.0883 0800  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys

13:49:59.0887 0800  adpahci - ok

13:49:59.0898 0800  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

13:49:59.0900 0800  adpu320 - ok

13:49:59.0926 0800  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

13:49:59.0928 0800  AeLookupSvc - ok

13:49:59.0970 0800  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys

13:49:59.0974 0800  AFD - ok

13:49:59.0986 0800  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys

13:49:59.0987 0800  agp440 - ok

13:50:00.0002 0800  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

13:50:00.0003 0800  aic78xx - ok

13:50:00.0025 0800  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe

13:50:00.0026 0800  ALG - ok

13:50:00.0056 0800  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys

13:50:00.0057 0800  aliide - ok

13:50:00.0071 0800  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

13:50:00.0072 0800  amdagp - ok

13:50:00.0089 0800  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys

13:50:00.0090 0800  amdide - ok

13:50:00.0110 0800  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

13:50:00.0111 0800  AmdK8 - ok

13:50:00.0123 0800  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys

13:50:00.0124 0800  AmdPPM - ok

13:50:00.0157 0800  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys

13:50:00.0158 0800  amdsata - ok

13:50:00.0173 0800  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys

13:50:00.0174 0800  amdsbs - ok

13:50:00.0186 0800  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

13:50:00.0186 0800  amdxata - ok

13:50:00.0220 0800  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys

13:50:00.0220 0800  AppID - ok

13:50:00.0247 0800  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

13:50:00.0248 0800  AppIDSvc - ok

13:50:00.0259 0800  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll

13:50:00.0260 0800  Appinfo - ok

13:50:00.0304 0800  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys

13:50:00.0305 0800  arc - ok

13:50:00.0316 0800  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

13:50:00.0317 0800  arcsas - ok

13:50:00.0330 0800  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

13:50:00.0330 0800  AsyncMac - ok

13:50:00.0337 0800  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys

13:50:00.0338 0800  atapi - ok

13:50:00.0382 0800  [ 3CC3E7786FFD8AF358C40B9CE592F321 ] atashost        C:\Windows\system32\atashost.exe

13:50:00.0384 0800  atashost - ok

13:50:00.0402 0800  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:50:00.0406 0800  AudioEndpointBuilder - ok

13:50:00.0419 0800  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll

13:50:00.0423 0800  Audiosrv - ok

13:50:00.0445 0800  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

13:50:00.0446 0800  AxInstSV - ok

13:50:00.0490 0800  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys

13:50:00.0494 0800  b06bdrv - ok

13:50:00.0518 0800  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

13:50:00.0521 0800  b57nd60x - ok

13:50:00.0591 0800  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

13:50:00.0593 0800  BBSvc - ok

13:50:00.0614 0800  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

13:50:00.0617 0800  BBUpdate - ok

13:50:00.0658 0800  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll

13:50:00.0659 0800  BDESVC - ok

13:50:00.0668 0800  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys

13:50:00.0669 0800  Beep - ok

13:50:00.0703 0800  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll

13:50:00.0707 0800  BFE - ok

13:50:00.0897 0800  [ 89BF5550E4FC31E3FE728E68C558BF10 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys

13:50:00.0906 0800  BHDrvx86 - ok

13:50:00.0945 0800  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll

13:50:00.0950 0800  BITS - ok

13:50:00.0961 0800  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

13:50:00.0962 0800  blbdrive - ok

13:50:00.0993 0800  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

13:50:00.0994 0800  bowser - ok

13:50:01.0019 0800  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys

13:50:01.0020 0800  BrFiltLo - ok

13:50:01.0036 0800  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys

13:50:01.0037 0800  BrFiltUp - ok

13:50:01.0063 0800  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys

13:50:01.0064 0800  BridgeMP - ok

13:50:01.0086 0800  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll

13:50:01.0088 0800  Browser - ok

13:50:01.0119 0800  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

13:50:01.0122 0800  Brserid - ok

13:50:01.0131 0800  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

13:50:01.0132 0800  BrSerWdm - ok

13:50:01.0144 0800  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

13:50:01.0145 0800  BrUsbMdm - ok

13:50:01.0156 0800  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

13:50:01.0157 0800  BrUsbSer - ok

13:50:01.0176 0800  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

13:50:01.0177 0800  BTHMODEM - ok

13:50:01.0210 0800  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll

13:50:01.0211 0800  bthserv - ok

13:50:01.0314 0800  catchme - ok

13:50:01.0389 0800  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\Windows\system32\drivers\N360\1403010.016\ccSetx86.sys

13:50:01.0390 0800  ccSet_N360 - ok

13:50:01.0416 0800  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

13:50:01.0417 0800  cdfs - ok

13:50:01.0456 0800  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

13:50:01.0458 0800  cdrom - ok

13:50:01.0484 0800  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll

13:50:01.0485 0800  CertPropSvc - ok

13:50:01.0505 0800  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys

13:50:01.0506 0800  circlass - ok

13:50:01.0520 0800  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys

13:50:01.0522 0800  CLFS - ok

13:50:01.0592 0800  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:50:01.0593 0800  clr_optimization_v2.0.50727_32 - ok

13:50:01.0666 0800  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:50:01.0668 0800  clr_optimization_v4.0.30319_32 - ok

13:50:01.0672 0800  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys

13:50:01.0673 0800  CmBatt - ok

13:50:01.0687 0800  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

13:50:01.0688 0800  cmdide - ok

13:50:01.0724 0800  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys

13:50:01.0728 0800  CNG - ok

13:50:01.0743 0800  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

13:50:01.0744 0800  Compbatt - ok

13:50:01.0770 0800  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys

13:50:01.0770 0800  CompositeBus - ok

13:50:01.0788 0800  COMSysApp - ok

13:50:01.0807 0800  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

13:50:01.0807 0800  crcdisk - ok

13:50:01.0842 0800  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll

13:50:01.0844 0800  CryptSvc - ok

13:50:01.0878 0800  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll

13:50:01.0883 0800  DcomLaunch - ok

13:50:01.0904 0800  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll

13:50:01.0907 0800  defragsvc - ok

13:50:01.0936 0800  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

13:50:01.0937 0800  DfsC - ok

13:50:01.0971 0800  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll

13:50:01.0974 0800  Dhcp - ok

13:50:02.0002 0800  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys

13:50:02.0002 0800  discache - ok

13:50:02.0032 0800  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys

13:50:02.0033 0800  Disk - ok

13:50:02.0060 0800  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

13:50:02.0062 0800  Dnscache - ok

13:50:02.0080 0800  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll

13:50:02.0082 0800  dot3svc - ok

13:50:02.0141 0800  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys

13:50:02.0143 0800  Dot4 - ok

13:50:02.0164 0800  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys

13:50:02.0165 0800  Dot4Print - ok

13:50:02.0176 0800  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys

13:50:02.0176 0800  dot4usb - ok

13:50:02.0189 0800  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll

13:50:02.0191 0800  DPS - ok

13:50:02.0226 0800  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

13:50:02.0226 0800  drmkaud - ok

13:50:02.0259 0800  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

13:50:02.0266 0800  DXGKrnl - ok

13:50:02.0296 0800  [ 94AD8BAE670E55BF646796B56BAC53A4 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c6232.sys

13:50:02.0298 0800  e1cexpress - ok

13:50:02.0307 0800  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll

13:50:02.0309 0800  EapHost - ok

13:50:02.0385 0800  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys

13:50:02.0403 0800  ebdrv - ok

13:50:02.0466 0800  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

13:50:02.0470 0800  eeCtrl - ok

13:50:02.0496 0800  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe

13:50:02.0498 0800  EFS - ok

13:50:02.0548 0800  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

13:50:02.0553 0800  ehRecvr - ok

13:50:02.0568 0800  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe

13:50:02.0569 0800  ehSched - ok

13:50:02.0594 0800  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys

13:50:02.0597 0800  elxstor - ok

13:50:02.0656 0800  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:50:02.0657 0800  EraserUtilRebootDrv - ok

13:50:02.0664 0800  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

13:50:02.0665 0800  ErrDev - ok

13:50:02.0692 0800  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll

13:50:02.0695 0800  EventSystem - ok

13:50:02.0722 0800  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys

13:50:02.0724 0800  exfat - ok

13:50:02.0748 0800  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

13:50:02.0750 0800  fastfat - ok

13:50:02.0780 0800  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe

13:50:02.0786 0800  Fax - ok

13:50:02.0797 0800  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys

13:50:02.0798 0800  fdc - ok

13:50:02.0809 0800  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll

13:50:02.0811 0800  fdPHost - ok

13:50:02.0817 0800  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll

13:50:02.0819 0800  FDResPub - ok

13:50:02.0827 0800  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

13:50:02.0828 0800  FileInfo - ok

13:50:02.0836 0800  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

13:50:02.0837 0800  Filetrace - ok

13:50:02.0855 0800  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys

13:50:02.0855 0800  flpydisk - ok

13:50:02.0868 0800  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

13:50:02.0869 0800  FltMgr - ok

13:50:02.0903 0800  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll

13:50:02.0909 0800  FontCache - ok

13:50:02.0971 0800  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:50:02.0972 0800  FontCache3.0.0.0 - ok

13:50:02.0985 0800  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

13:50:02.0986 0800  FsDepends - ok

13:50:03.0009 0800  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

13:50:03.0010 0800  Fs_Rec - ok

13:50:03.0048 0800  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

13:50:03.0050 0800  fvevol - ok

13:50:03.0081 0800  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

13:50:03.0082 0800  gagp30kx - ok

13:50:03.0115 0800  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll

13:50:03.0121 0800  gpsvc - ok

13:50:03.0209 0800  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe

13:50:03.0210 0800  gupdate - ok

13:50:03.0237 0800  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

13:50:03.0239 0800  gupdatem - ok

13:50:03.0276 0800  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:50:03.0278 0800  gusvc - ok

13:50:03.0299 0800  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

13:50:03.0300 0800  hcw85cir - ok

13:50:03.0319 0800  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

13:50:03.0322 0800  HdAudAddService - ok

13:50:03.0349 0800  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

13:50:03.0350 0800  HDAudBus - ok

13:50:03.0371 0800  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys

13:50:03.0372 0800  HidBatt - ok

13:50:03.0385 0800  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys

13:50:03.0386 0800  HidBth - ok

13:50:03.0408 0800  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys

13:50:03.0408 0800  HidIr - ok

13:50:03.0428 0800  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll

13:50:03.0429 0800  hidserv - ok

13:50:03.0443 0800  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

13:50:03.0444 0800  HidUsb - ok

13:50:03.0476 0800  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll

13:50:03.0478 0800  hkmsvc - ok

13:50:03.0513 0800  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

13:50:03.0516 0800  HomeGroupListener - ok

13:50:03.0538 0800  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

13:50:03.0542 0800  HomeGroupProvider - ok

13:50:03.0673 0800  [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

13:50:03.0675 0800  hpqcxs08 - ok

13:50:03.0691 0800  [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

13:50:03.0692 0800  hpqddsvc - ok

13:50:03.0719 0800  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

13:50:03.0720 0800  HpSAMD - ok

13:50:03.0764 0800  [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

13:50:03.0774 0800  HPSLPSVC - ok

13:50:03.0821 0800  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

13:50:03.0825 0800  HTTP - ok

13:50:03.0837 0800  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

13:50:03.0838 0800  hwpolicy - ok

13:50:03.0867 0800  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

13:50:03.0869 0800  i8042prt - ok

13:50:03.0904 0800  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

13:50:03.0906 0800  iaStorV - ok

13:50:03.0963 0800  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:50:03.0971 0800  idsvc - ok

13:50:04.0161 0800  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130502.001\IDSvix86.sys

13:50:04.0165 0800  IDSVix86 - ok

13:50:04.0363 0800  [ 3DE3493935396B81CC57FDAC32398001 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys

13:50:04.0426 0800  igfx - ok

13:50:04.0469 0800  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

13:50:04.0469 0800  iirsp - ok

13:50:04.0523 0800  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll

13:50:04.0531 0800  IKEEXT - ok

13:50:04.0623 0800  [ 544FCAF4CF73C6EF6A83747CB9274177 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

13:50:04.0646 0800  IntcAzAudAddService - ok

13:50:04.0671 0800  [ F2C6FB081B707863A0A21D639F325475 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe

13:50:04.0673 0800  Intel® PROSet Monitoring Service - ok

13:50:04.0685 0800  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys

13:50:04.0686 0800  intelide - ok

13:50:04.0701 0800  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

13:50:04.0702 0800  intelppm - ok

13:50:04.0715 0800  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

13:50:04.0716 0800  IPBusEnum - ok

13:50:04.0738 0800  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:50:04.0739 0800  IpFilterDriver - ok

13:50:04.0785 0800  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

13:50:04.0788 0800  iphlpsvc - ok

13:50:04.0801 0800  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

13:50:04.0802 0800  IPMIDRV - ok

13:50:04.0813 0800  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

13:50:04.0814 0800  IPNAT - ok

13:50:04.0829 0800  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys

13:50:04.0830 0800  IRENUM - ok

13:50:04.0845 0800  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

13:50:04.0846 0800  isapnp - ok

13:50:04.0862 0800  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

13:50:04.0863 0800  iScsiPrt - ok

13:50:04.0886 0800  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

13:50:04.0887 0800  kbdclass - ok

13:50:04.0907 0800  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

13:50:04.0907 0800  kbdhid - ok

13:50:04.0929 0800  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe

13:50:04.0930 0800  KeyIso - ok

13:50:04.0950 0800  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

13:50:04.0951 0800  KSecDD - ok

13:50:04.0966 0800  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

13:50:04.0967 0800  KSecPkg - ok

13:50:05.0003 0800  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll

13:50:05.0007 0800  KtmRm - ok

13:50:05.0046 0800  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll

13:50:05.0050 0800  LanmanServer - ok

13:50:05.0071 0800  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:50:05.0074 0800  LanmanWorkstation - ok

13:50:05.0109 0800  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

13:50:05.0110 0800  lltdio - ok

13:50:05.0140 0800  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

13:50:05.0142 0800  lltdsvc - ok

13:50:05.0151 0800  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll

13:50:05.0153 0800  lmhosts - ok

13:50:05.0196 0800  [ AF7090488DB99607D5AADEA6298ACC54 ] LMS             C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

13:50:05.0198 0800  LMS - ok

13:50:05.0231 0800  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

13:50:05.0232 0800  LSI_FC - ok

13:50:05.0251 0800  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

13:50:05.0252 0800  LSI_SAS - ok

13:50:05.0263 0800  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys

13:50:05.0263 0800  LSI_SAS2 - ok

13:50:05.0282 0800  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

13:50:05.0283 0800  LSI_SCSI - ok

13:50:05.0292 0800  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys

13:50:05.0293 0800  luafv - ok

13:50:05.0343 0800  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

13:50:05.0344 0800  MBAMProtector - ok

13:50:05.0385 0800  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

13:50:05.0389 0800  MBAMScheduler - ok

13:50:05.0437 0800  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:50:05.0444 0800  MBAMService - ok

13:50:05.0471 0800  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

13:50:05.0473 0800  Mcx2Svc - ok

13:50:05.0483 0800  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys

13:50:05.0484 0800  megasas - ok

13:50:05.0513 0800  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys

13:50:05.0515 0800  MegaSR - ok

13:50:05.0531 0800  [ D86AC00883B9C98B570E7643AAF8E554 ] MEI             C:\Windows\system32\DRIVERS\HECI.sys

13:50:05.0532 0800  MEI - ok

13:50:05.0560 0800  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll

13:50:05.0562 0800  MMCSS - ok

13:50:05.0576 0800  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys

13:50:05.0577 0800  Modem - ok

13:50:05.0597 0800  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

13:50:05.0598 0800  monitor - ok

13:50:05.0623 0800  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

13:50:05.0624 0800  mouclass - ok

13:50:05.0629 0800  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

13:50:05.0630 0800  mouhid - ok

13:50:05.0647 0800  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

13:50:05.0648 0800  mountmgr - ok

13:50:05.0705 0800  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:50:05.0707 0800  MozillaMaintenance - ok

13:50:05.0722 0800  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys

13:50:05.0723 0800  mpio - ok

13:50:05.0743 0800  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

13:50:05.0744 0800  mpsdrv - ok

13:50:05.0774 0800  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll

13:50:05.0780 0800  MpsSvc - ok

13:50:05.0792 0800  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

13:50:05.0794 0800  MRxDAV - ok

13:50:05.0819 0800  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

13:50:05.0820 0800  mrxsmb - ok

13:50:05.0831 0800  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:50:05.0833 0800  mrxsmb10 - ok

13:50:05.0844 0800  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:50:05.0845 0800  mrxsmb20 - ok

13:50:05.0855 0800  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys

13:50:05.0856 0800  msahci - ok

13:50:05.0884 0800  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

13:50:05.0885 0800  msdsm - ok

13:50:05.0898 0800  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe

13:50:05.0900 0800  MSDTC - ok

13:50:05.0932 0800  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys

13:50:05.0933 0800  Msfs - ok

13:50:05.0946 0800  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

13:50:05.0947 0800  mshidkmdf - ok

13:50:05.0959 0800  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

13:50:05.0959 0800  msisadrv - ok

13:50:05.0991 0800  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

13:50:05.0993 0800  MSiSCSI - ok

13:50:05.0997 0800  msiserver - ok

13:50:06.0020 0800  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

13:50:06.0021 0800  MSKSSRV - ok

13:50:06.0039 0800  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

13:50:06.0040 0800  MSPCLOCK - ok

13:50:06.0049 0800  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

13:50:06.0050 0800  MSPQM - ok

13:50:06.0068 0800  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

13:50:06.0070 0800  MsRPC - ok

13:50:06.0087 0800  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

13:50:06.0088 0800  mssmbios - ok

13:50:06.0105 0800  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

13:50:06.0106 0800  MSTEE - ok

13:50:06.0119 0800  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys

13:50:06.0120 0800  MTConfig - ok

13:50:06.0137 0800  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys

13:50:06.0138 0800  Mup - ok

13:50:06.0209 0800  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe

13:50:06.0211 0800  N360 - ok

13:50:06.0246 0800  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll

13:50:06.0250 0800  napagent - ok

13:50:06.0283 0800  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

13:50:06.0286 0800  NativeWifiP - ok

13:50:06.0344 0800  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130503.004\NAVENG.SYS

13:50:06.0345 0800  NAVENG - ok

13:50:06.0384 0800  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130503.004\NAVEX15.SYS

13:50:06.0398 0800  NAVEX15 - ok

13:50:06.0452 0800  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys

13:50:06.0458 0800  NDIS - ok

13:50:06.0474 0800  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

13:50:06.0475 0800  NdisCap - ok

13:50:06.0490 0800  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

13:50:06.0491 0800  NdisTapi - ok

13:50:06.0506 0800  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

13:50:06.0507 0800  Ndisuio - ok

13:50:06.0521 0800  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

13:50:06.0523 0800  NdisWan - ok

13:50:06.0533 0800  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

13:50:06.0534 0800  NDProxy - ok

13:50:06.0593 0800  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

13:50:06.0594 0800  Net Driver HPZ12 - ok

13:50:06.0607 0800  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

13:50:06.0608 0800  NetBIOS - ok

13:50:06.0622 0800  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

13:50:06.0624 0800  NetBT - ok

13:50:06.0637 0800  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe

13:50:06.0639 0800  Netlogon - ok

13:50:06.0673 0800  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll

13:50:06.0677 0800  Netman - ok

13:50:06.0687 0800  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

13:50:06.0691 0800  netprofm - ok

13:50:06.0742 0800  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:50:06.0743 0800  NetTcpPortSharing - ok

13:50:06.0766 0800  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

13:50:06.0767 0800  nfrd960 - ok

13:50:06.0812 0800  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll

13:50:06.0816 0800  NlaSvc - ok

13:50:06.0831 0800  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

13:50:06.0832 0800  Npfs - ok

13:50:06.0845 0800  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll

13:50:06.0847 0800  nsi - ok

13:50:06.0853 0800  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

13:50:06.0854 0800  nsiproxy - ok

13:50:06.0899 0800  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

13:50:06.0910 0800  Ntfs - ok

13:50:06.0921 0800  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys

13:50:06.0921 0800  Null - ok

13:50:06.0947 0800  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

13:50:06.0948 0800  nvraid - ok

13:50:06.0963 0800  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

13:50:06.0965 0800  nvstor - ok

13:50:06.0979 0800  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

13:50:06.0980 0800  nv_agp - ok

13:50:06.0992 0800  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

13:50:06.0993 0800  ohci1394 - ok

13:50:07.0042 0800  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:50:07.0043 0800  ose - ok

13:50:07.0166 0800  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:50:07.0197 0800  osppsvc - ok

13:50:07.0223 0800  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

13:50:07.0226 0800  p2pimsvc - ok

13:50:07.0236 0800  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll

13:50:07.0239 0800  p2psvc - ok

13:50:07.0270 0800  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

13:50:07.0271 0800  Parport - ok

13:50:07.0302 0800  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

13:50:07.0302 0800  partmgr - ok

13:50:07.0312 0800  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys

13:50:07.0312 0800  Parvdm - ok

13:50:07.0325 0800  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll

13:50:07.0327 0800  PcaSvc - ok

13:50:07.0335 0800  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys

13:50:07.0337 0800  pci - ok

13:50:07.0347 0800  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys

13:50:07.0347 0800  pciide - ok

13:50:07.0378 0800  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

13:50:07.0380 0800  pcmcia - ok

13:50:07.0392 0800  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys

13:50:07.0393 0800  pcw - ok

13:50:07.0469 0800  [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe

13:50:07.0480 0800  PDF Architect Helper Service - ok

13:50:07.0512 0800  [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe

13:50:07.0517 0800  PDF Architect Service - ok

13:50:07.0534 0800  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

13:50:07.0538 0800  PEAUTH - ok

13:50:07.0586 0800  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll

13:50:07.0600 0800  pla - ok

13:50:07.0652 0800  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

13:50:07.0657 0800  PlugPlay - ok

13:50:07.0704 0800  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

13:50:07.0706 0800  Pml Driver HPZ12 - ok

13:50:07.0720 0800  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

13:50:07.0722 0800  PNRPAutoReg - ok

13:50:07.0740 0800  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

13:50:07.0744 0800  PNRPsvc - ok

13:50:07.0776 0800  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

13:50:07.0780 0800  PolicyAgent - ok

13:50:07.0801 0800  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll

13:50:07.0804 0800  Power - ok

13:50:07.0849 0800  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

13:50:07.0851 0800  PptpMiniport - ok

13:50:07.0862 0800  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys

13:50:07.0863 0800  Processor - ok

13:50:07.0893 0800  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll

13:50:07.0896 0800  ProfSvc - ok

13:50:07.0904 0800  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

13:50:07.0906 0800  ProtectedStorage - ok

13:50:07.0917 0800  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

13:50:07.0918 0800  Psched - ok

13:50:07.0952 0800  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

13:50:07.0963 0800  ql2300 - ok

13:50:07.0989 0800  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

13:50:07.0990 0800  ql40xx - ok

13:50:08.0008 0800  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll

13:50:08.0010 0800  QWAVE - ok

13:50:08.0019 0800  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

13:50:08.0020 0800  QWAVEdrv - ok

13:50:08.0033 0800  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

13:50:08.0034 0800  RasAcd - ok

13:50:08.0051 0800  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

13:50:08.0052 0800  RasAgileVpn - ok

13:50:08.0062 0800  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll

13:50:08.0064 0800  RasAuto - ok

13:50:08.0071 0800  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

13:50:08.0072 0800  Rasl2tp - ok

13:50:08.0081 0800  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll

13:50:08.0084 0800  RasMan - ok

13:50:08.0094 0800  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

13:50:08.0095 0800  RasPppoe - ok

13:50:08.0106 0800  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

13:50:08.0107 0800  RasSstp - ok

13:50:08.0119 0800  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

13:50:08.0121 0800  rdbss - ok

13:50:08.0137 0800  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys

13:50:08.0137 0800  rdpbus - ok

13:50:08.0152 0800  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

13:50:08.0153 0800  RDPCDD - ok

13:50:08.0180 0800  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

13:50:08.0180 0800  RDPENCDD - ok

13:50:08.0191 0800  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

13:50:08.0191 0800  RDPREFMP - ok

13:50:08.0221 0800  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

13:50:08.0222 0800  RDPWD - ok

13:50:08.0249 0800  [ 35045BC673E74FE0E8AA89BC16D50FBB ] rdsdrvdm        C:\Windows\system32\DRIVERS\rdsdrvdm.sys

13:50:08.0249 0800  rdsdrvdm - ok

13:50:08.0269 0800  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

13:50:08.0271 0800  rdyboost - ok

13:50:08.0297 0800  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll

13:50:08.0299 0800  RemoteAccess - ok

13:50:08.0310 0800  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

13:50:08.0313 0800  RemoteRegistry - ok

13:50:08.0325 0800  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

13:50:08.0327 0800  RpcEptMapper - ok

13:50:08.0351 0800  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe

13:50:08.0353 0800  RpcLocator - ok

13:50:08.0369 0800  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll

13:50:08.0374 0800  RpcSs - ok

13:50:08.0396 0800  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

13:50:08.0397 0800  rspndr - ok

13:50:08.0404 0800  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe

13:50:08.0406 0800  SamSs - ok

13:50:08.0432 0800  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

13:50:08.0433 0800  sbp2port - ok

13:50:08.0444 0800  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

13:50:08.0446 0800  SCardSvr - ok

13:50:08.0451 0800  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

13:50:08.0452 0800  scfilter - ok

13:50:08.0478 0800  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll

13:50:08.0485 0800  Schedule - ok

13:50:08.0500 0800  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll

13:50:08.0501 0800  SCPolicySvc - ok

13:50:08.0511 0800  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

13:50:08.0513 0800  SDRSVC - ok

13:50:08.0540 0800  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

13:50:08.0541 0800  secdrv - ok

13:50:08.0548 0800  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll

13:50:08.0550 0800  seclogon - ok

13:50:08.0562 0800  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll

13:50:08.0564 0800  SENS - ok

13:50:08.0590 0800  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll

13:50:08.0592 0800  SensrSvc - ok

13:50:08.0609 0800  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

13:50:08.0610 0800  Serenum - ok

13:50:08.0638 0800  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

13:50:08.0639 0800  Serial - ok

13:50:08.0659 0800  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

13:50:08.0660 0800  sermouse - ok

13:50:08.0679 0800  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll

13:50:08.0682 0800  SessionEnv - ok

13:50:08.0693 0800  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

13:50:08.0694 0800  sffdisk - ok

13:50:08.0711 0800  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

13:50:08.0712 0800  sffp_mmc - ok

13:50:08.0717 0800  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

13:50:08.0718 0800  sffp_sd - ok

13:50:08.0732 0800  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

13:50:08.0732 0800  sfloppy - ok

13:50:08.0788 0800  [ 371D4270C28DB44D92087B1F04746897 ] SFUpdater       C:\Program Files\ShareFile\Updater\UpdateService.exe

13:50:08.0788 0800  SFUpdater - ok

13:50:08.0822 0800  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

13:50:08.0825 0800  SharedAccess - ok

13:50:08.0852 0800  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:50:08.0857 0800  ShellHWDetection - ok

13:50:08.0874 0800  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys

13:50:08.0875 0800  sisagp - ok

13:50:08.0917 0800  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys

13:50:08.0918 0800  SiSRaid2 - ok

13:50:08.0933 0800  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

13:50:08.0934 0800  SiSRaid4 - ok

13:50:08.0960 0800  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys

13:50:08.0961 0800  Smb - ok

13:50:08.0984 0800  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

13:50:08.0987 0800  SNMPTRAP - ok

13:50:08.0999 0800  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys

13:50:09.0001 0800  spldr - ok

13:50:09.0033 0800  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe

13:50:09.0037 0800  Spooler - ok

13:50:09.0101 0800  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe

13:50:09.0121 0800  sppsvc - ok

13:50:09.0136 0800  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

13:50:09.0137 0800  sppuinotify - ok

13:50:09.0204 0800  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\Windows\System32\Drivers\N360\1403010.016\SRTSP.SYS

13:50:09.0209 0800  SRTSP - ok

13:50:09.0234 0800  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\N360\1403010.016\SRTSPX.SYS

13:50:09.0235 0800  SRTSPX - ok

13:50:09.0267 0800  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys

13:50:09.0270 0800  srv - ok

13:50:09.0287 0800  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

13:50:09.0290 0800  srv2 - ok

13:50:09.0303 0800  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

13:50:09.0305 0800  srvnet - ok

13:50:09.0332 0800  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

13:50:09.0335 0800  SSDPSRV - ok

13:50:09.0345 0800  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

13:50:09.0348 0800  SstpSvc - ok

13:50:09.0374 0800  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys

13:50:09.0375 0800  stexstor - ok

13:50:09.0416 0800  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll

13:50:09.0422 0800  StiSvc - ok

13:50:09.0432 0800  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

13:50:09.0433 0800  swenum - ok

13:50:09.0446 0800  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll

13:50:09.0451 0800  swprv - ok

13:50:09.0485 0800  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\Windows\system32\drivers\N360\1403010.016\SYMDS.SYS

13:50:09.0488 0800  SymDS - ok

13:50:09.0524 0800  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\N360\1403010.016\SYMEFA.SYS

13:50:09.0532 0800  SymEFA - ok

13:50:09.0559 0800  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS

13:50:09.0561 0800  SymEvent - ok

13:50:09.0591 0800  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\N360\1403010.016\Ironx86.SYS

13:50:09.0592 0800  SymIRON - ok

13:50:09.0609 0800  [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS         C:\Windows\System32\Drivers\N360\1403010.016\SYMNETS.SYS

13:50:09.0612 0800  SymNetS - ok

13:50:09.0636 0800  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll

13:50:09.0644 0800  SysMain - ok

13:50:09.0656 0800  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:50:09.0658 0800  TabletInputService - ok

13:50:09.0672 0800  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll

13:50:09.0674 0800  TapiSrv - ok

13:50:09.0683 0800  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll

13:50:09.0685 0800  TBS - ok

13:50:09.0737 0800  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

13:50:09.0745 0800  Tcpip - ok

13:50:09.0779 0800  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

13:50:09.0787 0800  TCPIP6 - ok

13:50:09.0833 0800  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

13:50:09.0834 0800  tcpipreg - ok

13:50:09.0866 0800  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

13:50:09.0867 0800  TDPIPE - ok

13:50:09.0894 0800  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

13:50:09.0895 0800  TDTCP - ok

13:50:09.0906 0800  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

13:50:09.0908 0800  tdx - ok

13:50:09.0922 0800  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

13:50:09.0923 0800  TermDD - ok

13:50:09.0946 0800  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll

13:50:09.0952 0800  TermService - ok

13:50:09.0981 0800  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll

13:50:09.0983 0800  Themes - ok

13:50:09.0993 0800  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll

13:50:09.0995 0800  THREADORDER - ok

13:50:10.0004 0800  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll

13:50:10.0007 0800  TrkWks - ok

13:50:10.0051 0800  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:50:10.0053 0800  TrustedInstaller - ok

13:50:10.0068 0800  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

13:50:10.0069 0800  tssecsrv - ok

13:50:10.0083 0800  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

13:50:10.0084 0800  TsUsbFlt - ok

13:50:10.0110 0800  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys

13:50:10.0110 0800  TsUsbGD - ok

13:50:10.0142 0800  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

13:50:10.0143 0800  tunnel - ok

13:50:10.0161 0800  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys

13:50:10.0162 0800  uagp35 - ok

13:50:10.0173 0800  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

13:50:10.0175 0800  udfs - ok

13:50:10.0201 0800  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

13:50:10.0203 0800  UI0Detect - ok

13:50:10.0233 0800  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

13:50:10.0235 0800  uliagpkx - ok

13:50:10.0250 0800  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

13:50:10.0251 0800  umbus - ok

13:50:10.0281 0800  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys

13:50:10.0282 0800  UmPass - ok

13:50:10.0354 0800  [ 4CE819AFF4608198957B375B3456751A ] UNS             C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

13:50:10.0373 0800  UNS - ok

13:50:10.0384 0800  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll

13:50:10.0388 0800  upnphost - ok

13:50:10.0410 0800  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

13:50:10.0411 0800  usbccgp - ok

13:50:10.0429 0800  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

13:50:10.0430 0800  usbcir - ok

13:50:10.0443 0800  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys

13:50:10.0444 0800  usbehci - ok

13:50:10.0458 0800  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

13:50:10.0460 0800  usbhub - ok

13:50:10.0479 0800  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

13:50:10.0479 0800  usbohci - ok

13:50:10.0501 0800  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

13:50:10.0502 0800  usbprint - ok

13:50:10.0527 0800  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

13:50:10.0527 0800  usbscan - ok

13:50:10.0551 0800  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:50:10.0553 0800  USBSTOR - ok

13:50:10.0580 0800  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

13:50:10.0581 0800  usbuhci - ok

13:50:10.0602 0800  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll

13:50:10.0604 0800  UxSms - ok

13:50:10.0612 0800  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe

13:50:10.0614 0800  VaultSvc - ok

13:50:10.0637 0800  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

13:50:10.0638 0800  vdrvroot - ok

13:50:10.0662 0800  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe

13:50:10.0667 0800  vds - ok

13:50:10.0681 0800  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

13:50:10.0682 0800  vga - ok

13:50:10.0690 0800  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys

13:50:10.0691 0800  VgaSave - ok

13:50:10.0712 0800  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

13:50:10.0714 0800  vhdmp - ok

13:50:10.0733 0800  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

13:50:10.0734 0800  viaagp - ok

13:50:10.0747 0800  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys

13:50:10.0748 0800  ViaC7 - ok

13:50:10.0758 0800  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys

13:50:10.0758 0800  viaide - ok

13:50:10.0773 0800  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

13:50:10.0774 0800  volmgr - ok

13:50:10.0793 0800  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

13:50:10.0795 0800  volmgrx - ok

13:50:10.0807 0800  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

13:50:10.0809 0800  volsnap - ok

13:50:10.0837 0800  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

13:50:10.0838 0800  vsmraid - ok

13:50:10.0880 0800  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe

13:50:10.0891 0800  VSS - ok

13:50:10.0903 0800  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys

13:50:10.0904 0800  vwifibus - ok

13:50:10.0931 0800  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll

13:50:10.0934 0800  W32Time - ok

13:50:10.0951 0800  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

13:50:10.0952 0800  WacomPen - ok

13:50:10.0976 0800  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

13:50:10.0976 0800  WANARP - ok

13:50:10.0979 0800  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

13:50:10.0980 0800  Wanarpv6 - ok

13:50:11.0049 0800  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe

13:50:11.0059 0800  WatAdminSvc - ok

13:50:11.0092 0800  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe

13:50:11.0101 0800  wbengine - ok

13:50:11.0112 0800  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

13:50:11.0115 0800  WbioSrvc - ok

13:50:11.0131 0800  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll

13:50:11.0134 0800  wcncsvc - ok

13:50:11.0141 0800  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:50:11.0142 0800  WcsPlugInService - ok

13:50:11.0166 0800  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys

13:50:11.0167 0800  Wd - ok

13:50:11.0205 0800  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

13:50:11.0209 0800  Wdf01000 - ok

13:50:11.0223 0800  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

13:50:11.0226 0800  WdiServiceHost - ok

13:50:11.0231 0800  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

13:50:11.0234 0800  WdiSystemHost - ok

13:50:11.0250 0800  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll

13:50:11.0253 0800  WebClient - ok

13:50:11.0267 0800  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll

13:50:11.0270 0800  Wecsvc - ok

13:50:11.0280 0800  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll

13:50:11.0282 0800  wercplsupport - ok

13:50:11.0311 0800  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll

13:50:11.0313 0800  WerSvc - ok

13:50:11.0335 0800  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

13:50:11.0336 0800  WfpLwf - ok

13:50:11.0358 0800  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

13:50:11.0359 0800  WIMMount - ok

13:50:11.0418 0800  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

13:50:11.0424 0800  WinDefend - ok

13:50:11.0435 0800  WinHttpAutoProxySvc - ok

13:50:11.0491 0800  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

13:50:11.0493 0800  Winmgmt - ok

13:50:11.0543 0800  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll

13:50:11.0555 0800  WinRM - ok

13:50:11.0602 0800  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll

13:50:11.0608 0800  Wlansvc - ok

13:50:11.0667 0800  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:50:11.0680 0800  wlidsvc - ok

13:50:11.0701 0800  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

13:50:11.0702 0800  WmiAcpi - ok

13:50:11.0719 0800  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

13:50:11.0720 0800  wmiApSrv - ok

13:50:11.0800 0800  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

13:50:11.0810 0800  WMPNetworkSvc - ok

13:50:11.0826 0800  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll

13:50:11.0829 0800  WPCSvc - ok

13:50:11.0845 0800  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

13:50:11.0848 0800  WPDBusEnum - ok

13:50:11.0876 0800  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

13:50:11.0877 0800  ws2ifsl - ok

13:50:11.0890 0800  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll

13:50:11.0893 0800  wscsvc - ok

13:50:11.0897 0800  WSearch - ok

13:50:11.0961 0800  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

13:50:11.0979 0800  wuauserv - ok

13:50:12.0007 0800  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

13:50:12.0008 0800  WudfPf - ok

13:50:12.0030 0800  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

13:50:12.0032 0800  WUDFRd - ok

13:50:12.0056 0800  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

13:50:12.0059 0800  wudfsvc - ok

13:50:12.0081 0800  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll

13:50:12.0086 0800  WwanSvc - ok

13:50:12.0105 0800  ================ Scan global ===============================

13:50:12.0124 0800  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

13:50:12.0155 0800  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

13:50:12.0164 0800  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

13:50:12.0182 0800  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

13:50:12.0215 0800  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

13:50:12.0220 0800  [Global] - ok

13:50:12.0220 0800  ================ Scan MBR ==================================

13:50:12.0225 0800  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

13:50:12.0509 0800  \Device\Harddisk0\DR0 - ok

13:50:12.0510 0800  ================ Scan VBR ==================================

13:50:12.0513 0800  [ 67170DCB2C63815EB51C701694C9E02F ] \Device\Harddisk0\DR0\Partition1

13:50:12.0515 0800  \Device\Harddisk0\DR0\Partition1 - ok

13:50:12.0545 0800  [ FFB1E9A05AF091C2E9443EF25A14518B ] \Device\Harddisk0\DR0\Partition2

13:50:12.0547 0800  \Device\Harddisk0\DR0\Partition2 - ok

13:50:12.0547 0800  ============================================================

13:50:12.0547 0800  Scan finished

13:50:12.0547 0800  ============================================================

13:50:12.0557 4900  Detected object count: 0

13:50:12.0557 4900  Actual detected object count: 0

 

 

 



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:09 PM

Posted 04 May 2013 - 02:43 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.
 

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 

 

 


So long, and thanks for all the fish.

 

 


#7 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 06 May 2013 - 08:11 AM

I've been away from my computer all weekend, i will run and post a scan...thanks!



#8 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 06 May 2013 - 08:14 AM

Here is Extras.txt log...

 

OTL Extras logfile created on: 5/6/2013 9:07:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\End User\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.41 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 50.40% Memory free
6.82 Gb Paging File | 5.08 Gb Available in Paging File | 74.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 415.93 Gb Free Space | 89.32% Space Free | Partition Type: NTFS
 
Computer Name: CK-1211-1 | User Name: End User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19310029-12B5-43FE-9F1A-A2C128325C82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21D80B92-EF94-462E-B5DC-2450731785F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{22964EF8-D543-47F1-9BD8-BDBCFFC56513}" = lport=445 | protocol=6 | dir=in | app=system |
"{24C3B779-D007-4A48-BCDD-BB598CE8863C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{449F5F23-F3E2-4BC9-A2D2-D9DCF9501B0C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48E9737C-BF6B-4064-8141-851C2B048999}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A9CA48D-ACF1-479A-94CC-4840F24D838A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55D16F97-8A97-46E9-983E-AC727C86B49D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59FFD084-A2ED-455F-941E-21476E6833A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{759771F3-F5DD-476E-A868-69123D7168CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{816AA6B6-CA17-41E5-8BC5-94FA1923A805}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{84165BAB-7269-408F-8912-E8913726454D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DCD1F0D-C9BD-4242-A13A-D928A884FF01}" = rport=445 | protocol=6 | dir=out | app=system |
"{A34D27CF-11FF-4AD7-8F53-923942A80985}" = rport=137 | protocol=17 | dir=out | app=system |
"{ADA917BD-6059-4FF9-A146-041CF84094E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{B0AEB830-BE3F-407B-BC32-265DF9D58A5A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{BE0F3A4F-805C-4408-A1AD-D22EA0435406}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C867B8AE-1EDA-40D8-BB47-7994189EEAB4}" = lport=137 | protocol=17 | dir=in | app=system |
"{C9767D38-5BC8-4145-9065-55A9ED70AC0C}" = lport=138 | protocol=17 | dir=in | app=system |
"{CA8335CD-2994-45EB-BBE7-B119C576DFD6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E96B594B-331B-4C25-93BF-4DAA46B13E3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F166FEB6-7EEA-492A-8559-88140B3CB7B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4ED6FB7-154A-4C06-89D1-F469078DEDC4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC8D75ED-CE1A-4EED-BD7E-DA51CDF6C2F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FD0B58-CD99-4EBB-9BED-B21D9BE6526A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{01146116-874F-422F-9D5B-E4935E978C6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{05DD9BBC-C989-4F61-936E-F8EF9E7E854D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{0CB4020D-F399-4DA3-8779-D4B7BF5B881D}" = protocol=6 | dir=out | app=system |
"{0E3F6A25-D5F3-4F0E-8148-B42767BFFB9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E893C97-3465-4AAF-97CF-2D3DD4B700BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{11C3ACE9-7071-436D-88C4-BDCEA02E988D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1390AABE-8797-48B7-ADDD-1F6D03E3E890}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{258473A9-925C-48DA-94CF-B3CF32636E6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26F63815-6287-4F1F-BD85-38D9ADA46831}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{340A2A0D-3CC6-4D75-A67E-E4B602042DA6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{383F14AB-8E17-48FB-A43F-FF59DB86869E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{400C97C4-40C4-412D-AD5E-A0A3BDD4F143}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{4D83C403-4AE9-48FB-A984-3CB5FBE09BE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{505B46CB-107D-4FFF-BE74-863A4442E4B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{54383366-C9F2-4795-9DFA-2F54BC37E68B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{5869B176-AD00-4F1F-9373-961FC008839F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{63621358-39DD-49AD-A41D-BF5FC02EBD92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{638ED166-1687-42A3-8A55-F9B5F99B969E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{688AA87B-5392-4F55-81AA-DF06C6121B2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7A1010E6-E562-4C7C-B6AD-7E34EE0A76E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F8C781B-1DE8-4708-9F84-6811DB11269C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{814877A0-159A-4147-95F7-E52E5CAB038E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{927F211B-13B3-4190-94E1-BA964FCC0E0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B0231F2-0105-4036-A90E-115932699BEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{A03C2A10-603D-46DF-9CF1-EA6FC5A9CDC0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A07C668C-9133-4955-9DBC-939D7224190A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{AD5C7556-BB01-46D8-9705-BEAB88BA496F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{AF027475-CCCD-48A9-9086-C4C6BCC109D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B8862845-3243-4EAA-B89C-E330A334DEF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD7AC2AD-229C-4930-BD8F-443163E15732}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{C0549BBA-339D-4A6A-91AA-66A3CFC1419E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4694E3B-B136-4B56-9E96-F4A64B37DE98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{DED3911E-5C7B-4711-A97D-A4274219B854}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E10672D2-BB0B-4562-ACCF-5C1DD134AD14}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E22AE3F7-790A-4D70-822E-3455323F1C0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{F867CC98-CE1D-4013-AF7F-B8826881DB49}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{C1C7998E-C779-40A8-9147-F019662F9C40}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{077A609C-283C-4199-8072-7218AE37AFCE}" = ShareFile Outlook Plug-in
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{603C0DC4-665E-4CC9-8ED1-7FE1F03AB943}" = Fantapper Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel® Network Connections 15.7.176.0
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{901C0409-6000-11D3-8CFE-0150048383C9}" = QuickQuote Runtime Files
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6F797DB-9D0C-4243-B15B-91CD21D7E980}" = 8500A909a
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDACD4C9-F984-409A-9D26-DF77E003FD89}" = Fantapper Player
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FFBAEE48-365D-4fee-A83C-6F94E0B8947B}" = Voltage Encryption v5.3
"7-Zip" = 7-Zip 9.20
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PROSetDX" = Intel® Network Connections 15.7.176.0
"QuickFile Florida" = QQ Evolution
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = AgencyStation
"Total Access Memo 2003 Runtime" = Total Access Memo 2003 Runtime
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.4.0.1082
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/18/2012 9:03:50 AM | Computer Name = CK-1211-1 | Source = WinMgmt | ID = 10
Description =
 
Error - 9/18/2012 2:36:05 PM | Computer Name = CK-1211-1 | Source = WinMgmt | ID = 10
Description =
 
Error - 9/19/2012 9:06:45 AM | Computer Name = CK-1211-1 | Source = WinMgmt | ID = 10
Description =
 
Error - 9/19/2012 2:51:08 PM | Computer Name = CK-1211-1 | Source = Application Hang | ID = 1002
Description = The program atsckernel.EXE version 2.6.32.1 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 14f0    Start
 Time: 01cd9696f558aef6    Termination Time: 15    Application Path: C:\Windows\system32\atsckernel.EXE

Report
 Id: f04caf98-028a-11e2-85d8-386077505b22  
 
Error - 9/19/2012 2:51:10 PM | Computer Name = CK-1211-1 | Source = Application Hang | ID = 1002
Description = The program atscmgr.exe version 2729.3200.1111.200 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 16a8    Start
 Time: 01cd9696c225659a    Termination Time: 16    Application Path: C:\ProgramData\WebEx\Webex\1232\atscmgr.exe

Report
 Id: f6b4c3b4-028a-11e2-85d8-386077505b22  
 
Error - 9/19/2012 4:38:28 PM | Computer Name = CK-1211-1 | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_4_402_265.exe, version:
 11.4.402.265, time stamp: 0x502bf384  Faulting module name: NPSWF32_11_4_402_265.dll,
 version: 11.4.402.265, time stamp: 0x502bf58e  Exception code: 0xc0000005  Fault offset:
 0x006ac2d8  Faulting process id: 0x1260  Faulting application start time: 0x01cd969f6fcdb895
Faulting
 application path: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
Faulting
 module path: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll  Report
Id: f7778920-0299-11e2-85d8-386077505b22
 
Error - 9/20/2012 9:09:47 AM | Computer Name = CK-1211-1 | Source = WinMgmt | ID = 10
Description =
 
Error - 9/20/2012 5:03:57 PM | Computer Name = CK-1211-1 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 15.0.1.4631, time
 stamp: 0x5047f9c5  Faulting module name: xul.dll, version: 15.0.1.4631, time stamp:
 0x5047f93b  Exception code: 0xc0000005  Fault offset: 0x0010e567  Faulting process id:
 0x1744  Faulting application start time: 0x01cd9732a654d789  Faulting application path:
 C:\Program Files\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program Files\Mozilla
 Firefox\xul.dll  Report Id: b0b150f7-0366-11e2-8732-386077505b22
 
Error - 9/21/2012 9:12:09 AM | Computer Name = CK-1211-1 | Source = WinMgmt | ID = 10
Description =
 
Error - 9/24/2012 9:12:13 AM | Computer Name = CK-1211-1 | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 10/23/2012 5:11:40 PM | Computer Name = CK-1211-1 | Source = DCOM | ID = 10010
Description =
 
Error - 10/24/2012 3:10:35 PM | Computer Name = CK-1211-1 | Source = DCOM | ID = 10010
Description =
 
Error - 11/5/2012 6:03:59 PM | Computer Name = CK-1211-1 | Source = DCOM | ID = 10010
Description =
 
Error - 11/6/2012 6:04:57 PM | Computer Name = CK-1211-1 | Source = DCOM | ID = 10010
Description =
 
Error - 11/9/2012 1:39:04 PM | Computer Name = CK-1211-1 | Source = Service Control Manager | ID = 7030
Description = The IOC service is marked as an interactive service.  However, the
 system is configured to not allow interactive services.  This service may not function
 properly.
 
Error - 11/13/2012 4:30:33 PM | Computer Name = CK-1211-1 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 11/13/2012 6:09:21 PM | Computer Name = CK-1211-1 | Source = DCOM | ID = 10010
Description =
 
Error - 11/15/2012 6:13:06 PM | Computer Name = CK-1211-1 | Source = DCOM | ID = 10010
Description =
 
Error - 11/20/2012 6:00:28 PM | Computer Name = CK-1211-1 | Source = DCOM | ID = 10010
Description =
 
Error - 11/26/2012 6:07:40 PM | Computer Name = CK-1211-1 | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error:   %%1115
 
 
< End of report >
 



#9 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 06 May 2013 - 08:16 AM

here is the OTL.txt...thank you for taking a look at my logs...

 

OTL logfile created on: 5/6/2013 9:07:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\End User\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.41 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 50.40% Memory free
6.82 Gb Paging File | 5.08 Gb Available in Paging File | 74.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 415.93 Gb Free Space | 89.32% Space Free | Partition Type: NTFS
 
Computer Name: CK-1211-1 | User Name: End User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/06 09:06:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\End User\Downloads\OTL.scr
PRC - [2013/04/12 10:43:16 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2013/01/09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2012/12/23 23:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 22:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/19 14:45:09 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2012/07/11 22:43:20 | 000,024,576 | ---- | M] () -- C:\Program Files\ShareFile\Updater\UpdateService.exe
PRC - [2012/02/15 16:56:10 | 001,188,936 | ---- | M] () -- C:\Program Files\Common Files\Voltage Security\VSManager2.exe
PRC - [2012/02/15 16:56:10 | 000,205,896 | ---- | M] () -- C:\Program Files\Common Files\Voltage Security\VSAgent.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/10/26 14:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/23 23:00:38 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/23 23:00:38 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/22 02:05:22 | 000,110,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/12 10:43:16 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.3.1.22\wincfi39.dll
MOD - [2012/02/15 16:56:34 | 000,767,048 | ---- | M] () -- C:\Program Files\Common Files\Voltage Security\VSLog_com.dll
MOD - [2012/02/15 16:56:24 | 002,843,720 | ---- | M] () -- C:\Program Files\Common Files\Voltage Security\VSCOM2.dll
MOD - [2012/02/15 16:56:10 | 001,188,936 | ---- | M] () -- C:\Program Files\Common Files\Voltage Security\VSManager2.exe
MOD - [2012/02/15 16:56:10 | 000,205,896 | ---- | M] () -- C:\Program Files\Common Files\Voltage Security\VSAgent.exe
MOD - [2012/02/15 16:44:18 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Voltage Security\VSzlib1.dll
MOD - [2012/02/15 16:42:28 | 000,851,968 | ---- | M] () -- C:\Program Files\Common Files\Voltage Security\vslibxml2.dll
MOD - [2011/01/23 23:05:40 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/04/12 10:43:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/12 09:16:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/01/09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/12/23 23:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/19 14:45:09 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2012/07/11 22:43:20 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\ShareFile\Updater\UpdateService.exe -- (SFUpdater)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/12/31 11:02:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/23 23:00:38 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/23 23:00:38 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/22 02:05:22 | 000,110,752 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel®
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ENDUSE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/12 19:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/27 06:41:46 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130503.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/03/27 06:41:46 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130503.004\NAVENG.SYS -- (NAVENG)
DRV - [2013/02/04 15:31:13 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/01/30 23:18:18 | 000,338,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symnets.sys -- (SymNetS)
DRV - [2013/01/30 23:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symefa.sys -- (SymEFA)
DRV - [2013/01/28 21:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.sys -- (SRTSP)
DRV - [2013/01/28 21:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.sys -- (SRTSPX)
DRV - [2013/01/28 14:35:52 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/21 22:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symds.sys -- (SymDS)
DRV - [2012/12/20 17:39:38 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130502.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/12/20 16:10:45 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/11/15 22:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\ironx86.sys -- (SymIRON)
DRV - [2012/11/15 22:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.sys -- (ccSet_N360)
DRV - [2011/01/23 23:00:37 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/01/04 00:12:26 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2008/12/17 22:48:36 | 000,027,648 | ---- | M] (01 Communique Laboratory Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdsdrvdm.sys -- (rdsdrvdm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 8D 84 6D B9 41 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {501F7CE9-5CB0-402E-B2A4-D1CF0C0B11F9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{501F7CE9-5CB0-402E-B2A4-D1CF0C0B11F9}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@voltage.com/MozillaTokenHandler;version=1: C:\Program Files\Common Files\Voltage Security\npvsth.dll (Voltage Security, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/04 11:34:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/01/28 16:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/05/06 09:05:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013/01/17 13:32:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 10:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/01 13:18:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/04 11:34:33 | 000,000,000 | ---D | M]
 
[2011/12/30 16:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\End User\AppData\Roaming\Mozilla\Extensions
[2013/05/01 13:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\8mtigf06.default\extensions
[2012/05/08 09:31:27 | 000,179,239 | ---- | M] () (No name found) -- C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\8mtigf06.default\extensions\FantapperExtension@brandaffinity.net.xpi
[2013/04/12 10:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/28 16:53:32 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN
[2013/04/12 10:43:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/08/30 09:24:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/20 10:58:26 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Voltage Encryption (Enabled) = C:\Program Files\Common Files\Voltage Security\npvsth.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: SaveByclick = C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmcmkgondlghafclblnojpogbbkpboo\1\
 
O1 HOSTS File: ([2012/07/19 14:21:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: harleysvillegroup.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: harleysvillegroup.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: qqsolutions.com ([www] http in Trusted sites)
O16 - DPF: {1C203F13-95AD-11D0-A84B-00A0247B735B} https://accesscl.harleysvillegroup.com/aqs.advantage.client/system/cab/sstree.cab (Infragistics ActiveTreeView Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} https://accesscl.harleysvillegroup.com/aqs.advantage.client/system/CAB/iemenu.cab (PopupMenu Object)
O16 - DPF: {81F0C919-AB0B-4F5C-932D-5CEEF05879E9} https://www.imoncall.com/go/iitloader.cab (IITLoadCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {B52058E9-B6DD-11D3-AFDC-005004A74E81} http://www.qqsolutions.com/web/webupdates/qqRegister.ocx (qqRegister Control)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://harleysville.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.80.130.23 64.7.11.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C41EF200-77F9-4716-92D6-1E01975B140F}: DhcpNameServer = 66.80.130.23 64.7.11.2
O18 - Protocol\Filter\application/x-vs-authtoken {1F17617E-C296-4C16-89E3-E22C6C454645} - C:\Program Files\Common Files\Voltage Security\VSTokenHandler.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/03 15:56:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/03 12:43:33 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2013/04/12 10:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/03 17:12:42 | 000,131,072 | ---- | C] (01 Communique Laboratory Inc.) -- C:\Users\End User\SvrUtl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/06 09:04:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/06 09:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/06 09:03:53 | 2748,153,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/03 16:35:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/03 16:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/03 16:03:55 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/03 16:03:55 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/03 13:45:36 | 000,000,512 | ---- | M] () -- C:\Users\End User\Desktop\MBR.dat
[2013/05/03 12:18:17 | 000,002,368 | ---- | M] () -- C:\{57140938-09A6-4E1B-86DF-84661EB4AD5A}
[2013/05/01 11:11:33 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/01 09:02:40 | 001,442,581 | ---- | M] () -- C:\Windows\System32\drivers\N360\1403010.016\Cat.DB
[2013/04/30 17:20:45 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/04/23 15:52:36 | 000,023,139 | ---- | M] () -- C:\Users\End User\Documents\Equipment Insured change request form.pdf
[2013/04/17 09:10:51 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\1403010.016\VT20130115.021
[2013/04/11 09:08:52 | 000,345,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 14:44:26 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013/05/03 13:45:36 | 000,000,512 | ---- | C] () -- C:\Users\End User\Desktop\MBR.dat
[2013/05/03 12:18:17 | 000,002,368 | ---- | C] () -- C:\{57140938-09A6-4E1B-86DF-84661EB4AD5A}
[2013/04/30 17:20:45 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/04/23 15:52:35 | 000,023,139 | ---- | C] () -- C:\Users\End User\Documents\Equipment Insured change request form.pdf
[2012/11/09 13:38:29 | 000,098,304 | ---- | C] () -- C:\Users\End User\RDesktop1225.exe
[2012/08/15 11:58:27 | 000,060,304 | ---- | C] () -- C:\Users\End User\g2mdlhlpx.exe
[2012/07/19 14:11:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/19 14:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/19 14:11:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/19 14:11:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/19 14:11:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/04 11:46:14 | 000,000,064 | ---- | C] () -- C:\Windows\TLWREG.INI
[2012/01/04 11:31:06 | 000,233,064 | ---- | C] () -- C:\Windows\hpwins22.dat
[2012/01/04 11:31:06 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2012/01/03 17:44:53 | 000,001,108 | ---- | C] () -- C:\Windows\TLW.INI
[2012/01/03 17:21:11 | 000,512,000 | ---- | C] () -- C:\Windows\System32\ipdll.dll
[2012/01/03 17:12:47 | 000,194,439 | ---- | C] () -- C:\Users\End User\drv_vx86.exe
[2012/01/03 17:12:42 | 000,077,824 | ---- | C] () -- C:\Users\End User\01FileSys.exe
[2012/01/03 17:12:41 | 000,135,168 | ---- | C] () -- C:\Users\End User\aspsecur.dll
[2012/01/03 17:12:40 | 000,262,394 | ---- | C] () -- C:\Users\End User\ioc_com.exe
[2011/12/30 16:22:19 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/12/30 16:22:18 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/30 16:22:18 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/12/30 16:22:18 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/12/30 16:08:31 | 000,008,192 | R--- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011/12/30 16:05:22 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/12/30 16:05:22 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/12/30 16:05:22 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/10/21 18:23:10 | 000,217,536 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011/10/21 18:23:06 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/10/21 18:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011/10/21 18:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011/10/21 17:52:06 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/12/31 11:57:43 | 000,000,000 | ---D | M] -- C:\Users\End User\AppData\Roaming\Auslogics
[2013/01/22 11:35:48 | 000,000,000 | ---D | M] -- C:\Users\End User\AppData\Roaming\PDF Architect
[2013/03/11 10:28:33 | 000,000,000 | ---D | M] -- C:\Users\End User\AppData\Roaming\ShareFile
[2013/05/06 09:04:43 | 000,000,000 | ---D | M] -- C:\Users\End User\AppData\Roaming\Voltage
[2013/02/01 14:27:06 | 000,000,000 | ---D | M] -- C:\Users\End User\AppData\Roaming\webex
 
========== Purity Check ==========
 
 

< End of report >
 



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:09 PM

Posted 06 May 2013 - 01:27 PM

Good evening. :)

Do you have the same experience with Firefox?


So long, and thanks for all the fish.

 

 


#11 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 06 May 2013 - 02:19 PM

No i do not only with Internet Explorer...I know the above mentions Chrome, but i never use Chrome....In Internet Explorer, advertisements are over the articles, wierd fonts...Also, when I enter in password information there is an icon of an eye (something like this " .)"  but more centered...



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:09 PM

Posted 06 May 2013 - 03:04 PM

Pay a visit to the ESET Online Scanner.
 

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 

 


So long, and thanks for all the fish.

 

 


#13 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 06 May 2013 - 04:12 PM

C:\Users\End User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmcmkgondlghafclblnojpogbbkpboo\1\50f836934ff086.85587076.js    Win32/Adware.MultiPlug.H application
C:\Users\End User\Desktop\Recoverd Data\Juan\Hp_Owner\DoctorWeb\Quarantine\Process.exe    Win32/PrcView application
C:\Users\End User\Downloads\PDFCreator-1_3_2_setup.exe    Win32/OpenCandy application
C:\Users\End User\Downloads\PDFCreator-1_6_2_setup.exe    Win32/OpenCandy application
C:\Users\End User\Downloads\winamp5622_full_emusic-7plus_en-us.exe    Win32/OpenCandy application
 

Above is the ESET log...



#14 pnbsoup

pnbsoup
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 07 May 2013 - 08:09 AM

Noviciate -

Anything?  What should I do next?



#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:09 PM

Posted 07 May 2013 - 02:00 PM

Good evening.

 

The number of scans that you have run which have failed to identify a malicious cause bothers me - i'd hope that something would point to a cause. Did you install any software just prior to this issue starting?


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users