Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

$RPYWURJ.exe Virus/Spyware?


  • This topic is locked This topic is locked
14 replies to this topic

#1 elite1dmw

elite1dmw

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 09 June 2013 - 05:23 PM

Hello all. I'm not sure if this is a problem or not. To start out, I am running windows Vista home premium, with Norton 360. So I clicked on a link, and it took me to a website that had a really long, seemingly random set of characters in the address bar. Right after this, my Norton resource monitor gave me a pop-up saying that the "Microsoft Search Indexer had high disk write activity(209 MB total for this process)". Thinking my computer had been infected with something, I ran a virus scan with Norton-all ok. I then ran CCleaner, to remove any cookies/flash cookies etc that may have been stored on my computer. During the process, I got a popup from Norton download manager saying that the file was too new and couldn't be verified as safe. The files listed were ZZZZZZZZ-ZZZ and $RPYWURJ.exe. I don't know what these files relate to, but I know that a .exe file is some sort of executable. Now the panic set in, and I started trying different products that I already had installed, to see if they picked up anything. I tried Superantispyware, and Malwarebytes. Outside of a few tracking cookies, they came out clean. I tried Norton Power eraser-OK, and All above scans in Safe mode. All were clean. I also got aother pop-up from Norton dowload manager saying the file $RGPY19Q.exe, is too new and couldn't be verified as safe. Thinking that something may be hiding in the system restore files, I turned that off, restarted my computer and rescanned with Norton and Malwarebytes-all showed clean. I have no idea what any of these files do, or if the .exe is running something that may compromise my security. I am very nervous about doing anything important on this computer, until I know if it's infected or not. Help. I posted this in the "am I infected forum" last night, and recieved a response from boopme saying he thinks you guys should look at it to be sure. I followed everything in the preperation guide. Here are my results.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 1.6.0_22
Run by Dave at 17:07:38 on 2013-06-09
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1137 [GMT -5:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360 Premier Edition\Engine\20.3.1.22\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehsched.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehRecvr.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\20.3.1.22\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier edition\engine\20.3.1.22\ips\ipsbho.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_22\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.6.0_22\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\20.3.1.22\coieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Akamai NetSession Interface] "c:\users\dave\appdata\local\akamai\netsession_win.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F1A8124B-010A-4CFF-8B67-A4B39E40A7C9} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =  scecli DPPWDFLT
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\np6e2eqz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\digitalpersona\bin\firefoxext\components\dpffcli.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\autodesk\autodesk design review browser add-on v1.2\npADRdwf.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\np6e2eqz.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - plugin: c:\users\dave\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-10-10 20:34; otis@digitalpersona.com; c:\program files\digitalpersona\bin\FirefoxExt
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403010.016\symds.sys [2013-4-15 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403010.016\symefa.sys [2013-4-15 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.0.36\definitions\bashdefs\20130531.001\BHDrvx86.sys [2013-5-31 1002072]
R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\mclient\0302000.013\ccSetx86.sys [2013-5-30 134304]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys [2013-4-15 134304]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.0.36\definitions\ipsdefs\20130607.001\IDSvix86.sys [2013-6-7 386720]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403010.016\ironx86.sys [2013-4-15 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1403010.016\symtdiv.sys [2013-4-15 350368]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-3-22 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-9-11 1811704]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-22 21504]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MCLIENT;Norton Management;c:\program files\norton management\engine\3.2.0.19\ccSvcHst.exe [2013-5-30 143928]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-14 659328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-4-14 106656]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2008-7-8 27904]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2008-7-8 1198720]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2008-7-8 1191552]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-06-08 00:08:10    934488    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\symefa.sys
2013-06-08 00:08:10    367704    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\symds.sys
2013-06-08 00:08:10    352344    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys
2013-06-08 00:08:10    339544    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\symnets.sys
2013-06-08 00:08:10    32344    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\srtspx.sys
2013-06-08 00:08:10    21400    ----a-r-    c:\windows\system32\drivers\n360\1404000.028\symelam.sys
2013-06-08 00:08:09    603224    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\srtsp.sys
2013-06-08 00:08:09    175264    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\ironx86.sys
2013-06-08 00:08:09    134744    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys
2013-06-08 00:07:36    14818    ----a-w-    c:\windows\system32\drivers\n360\1404000.028\symvtcer.dat
2013-06-08 00:07:36    --------    d-----w-    c:\windows\system32\drivers\n360\1404000.028
2013-06-01 20:43:12    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-01 20:43:12    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-05-31 02:32:01    134304    ----a-r-    c:\windows\system32\drivers\mclient\0302000.013\ccSetx86.sys
2013-05-31 02:31:58    --------    d-----w-    c:\windows\system32\drivers\mclient\0302000.013
2013-05-31 02:31:58    --------    d-----w-    c:\windows\system32\drivers\MCLIENT
2013-05-31 02:31:58    --------    d-----w-    c:\program files\Norton Management
2013-05-30 12:26:37    36512    ----a-r-    c:\windows\system32\drivers\SymIMV.sys
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-05-25 19:03:45    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-05-25 18:58:12    --------    d-----w-    c:\program files\iPod
2013-05-25 18:58:10    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-25 18:58:10    --------    d-----w-    c:\program files\iTunes
2013-05-23 01:58:01    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-15 01:05:03    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-15 00:23:22    638328    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 00:23:21    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-05-15 00:23:15    2049024    ----a-w-    c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2013-05-15 01:19:34    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 01:19:34    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-01 08:59:12    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59:12    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2013-04-14 21:18:40    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-04-04 22:11:34    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-04-04 22:02:59    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-04-04 21:58:51    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-23 01:09:28    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
.
============= FINISH: 17:08:08.60 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:17 PM

Posted 10 June 2013 - 01:53 PM

Hello elite1 dmw and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)




-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 elite1dmw

elite1dmw
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 10 June 2013 - 08:37 PM

Hello D-FRED-BROWN, Thank you for your help. I have followed your instructions carefully. The TDSSKiller showed one item, but it did not allow me to cure. I skipped, and moved on to step 2. Malwarebytes Anti-Rootkit did not find any items to cleanup, so I moved to step 3. I read the complete instructions for ComboFix, and downloaded it to my desktop. I disabled Norton Antivirus Auto Protect following the instructions you provided, and ran the ComboFix tool. Upon starting of the tool, it said there was still an antimalware program running, and listed Norton 360 as the program. I double checked that the system was deactivated, which it was. There was also an option to Disable smart firewall, thinking this may be the cause, I disabled it as well and hit continue on the ComboFix tool. It said there was still antimalware program active, and listed the program as Norton 360. It then said that the scan will continue, at users own risk. I clicked the OK button(the only option) and the scan started and completed succesfully. It appeard that there were 3 items removed during the scan. I reactivated my firewall and antivirus, then ran the Security Check. The folowing are the results of the scans.

 

19:01:16.0228 6768  TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34
19:01:17.0449 6768  ============================================================
19:01:17.0449 6768  Current date / time: 2013/06/10 19:01:17.0449
19:01:17.0450 6768  SystemInfo:
19:01:17.0450 6768  
19:01:17.0450 6768  OS Version: 6.0.6002 ServicePack: 2.0
19:01:17.0450 6768  Product type: Workstation
19:01:17.0450 6768  ComputerName: DAVEMOBILE
19:01:17.0451 6768  UserName: Dave
19:01:17.0451 6768  Windows directory: C:\Windows
19:01:17.0451 6768  System windows directory: C:\Windows
19:01:17.0451 6768  Processor architecture: Intel x86
19:01:17.0451 6768  Number of processors: 2
19:01:17.0451 6768  Page size: 0x1000
19:01:17.0451 6768  Boot type: Normal boot
19:01:17.0451 6768  ============================================================
19:01:18.0667 6768  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:01:18.0691 6768  ============================================================
19:01:18.0691 6768  \Device\Harddisk0\DR0:
19:01:18.0691 6768  MBR partitions:
19:01:18.0691 6768  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1B91DA39
19:01:18.0691 6768  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B91DA78, BlocksNum 0x18A6B09
19:01:18.0691 6768  ============================================================
19:01:18.0719 6768  C: <-> \Device\Harddisk0\DR0\Partition1
19:01:18.0763 6768  D: <-> \Device\Harddisk0\DR0\Partition2
19:01:18.0771 6768  ============================================================
19:01:18.0771 6768  Initialize success
19:01:18.0771 6768  ============================================================
19:01:46.0207 4480  ============================================================
19:01:46.0207 4480  Scan started
19:01:46.0207 4480  Mode: Manual;
19:01:46.0207 4480  ============================================================
19:01:47.0657 4480  ================ Scan system memory ========================
19:01:47.0657 4480  System memory - ok
19:01:47.0657 4480  ================ Scan services =============================
19:01:47.0782 4480  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:01:47.0782 4480  !SASCORE - ok
19:01:49.0046 4480  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:01:49.0061 4480  ACPI - ok
19:01:49.0217 4480  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:01:49.0249 4480  AdobeARMservice - ok
19:01:49.0436 4480  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:01:49.0451 4480  AdobeFlashPlayerUpdateSvc - ok
19:01:49.0545 4480  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:01:49.0561 4480  adp94xx - ok
19:01:49.0607 4480  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:01:49.0607 4480  adpahci - ok
19:01:49.0639 4480  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:01:49.0639 4480  adpu160m - ok
19:01:49.0670 4480  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:01:49.0670 4480  adpu320 - ok
19:01:49.0717 4480  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:01:49.0717 4480  AeLookupSvc - ok
19:01:49.0748 4480  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
19:01:49.0763 4480  AFD - ok
19:01:49.0810 4480  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:01:49.0810 4480  agp440 - ok
19:01:49.0857 4480  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:01:49.0873 4480  aic78xx - ok
19:01:50.0309 4480  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files\common files\akamai/netsession_win_ca0e279.dll
19:01:50.0309 4480  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
19:01:50.0325 4480  Akamai ( HiddenFile.Multi.Generic ) - warning
19:01:50.0325 4480  Akamai - detected HiddenFile.Multi.Generic (1)
19:01:50.0434 4480  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
19:01:50.0450 4480  ALG - ok
19:01:50.0481 4480  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:01:50.0481 4480  aliide - ok
19:01:50.0512 4480  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:01:50.0512 4480  amdagp - ok
19:01:50.0528 4480  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
19:01:50.0528 4480  amdide - ok
19:01:50.0543 4480  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
19:01:50.0543 4480  AmdK7 - ok
19:01:50.0559 4480  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:01:50.0559 4480  AmdK8 - ok
19:01:50.0621 4480  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
19:01:50.0621 4480  Appinfo - ok
19:01:50.0731 4480  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:01:50.0731 4480  Apple Mobile Device - ok
19:01:50.0762 4480  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
19:01:50.0762 4480  arc - ok
19:01:50.0809 4480  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:01:50.0809 4480  arcsas - ok
19:01:51.0027 4480  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:01:51.0027 4480  aspnet_state - ok
19:01:51.0074 4480  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:01:51.0074 4480  AsyncMac - ok
19:01:51.0105 4480  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:01:51.0105 4480  atapi - ok
19:01:51.0339 4480  [ 4FEE29D288226C9252E49A3277F025C3 ] ATService       C:\Program Files\Fingerprint Sensor\AtService.exe
19:01:51.0386 4480  ATService - ok
19:01:51.0448 4480  [ 53FF3096D5D9AE2A75C16703A9819965 ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
19:01:51.0464 4480  ATSwpWDF - ok
19:01:51.0511 4480  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:01:51.0511 4480  AudioEndpointBuilder - ok
19:01:51.0526 4480  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:01:51.0526 4480  Audiosrv - ok
19:01:51.0604 4480  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
19:01:51.0604 4480  BCM43XV - ok
19:01:51.0667 4480  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:01:51.0698 4480  Beep - ok
19:01:51.0760 4480  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
19:01:51.0760 4480  BFE - ok
19:01:51.0979 4480  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
19:01:52.0010 4480  BHDrvx86 - ok
19:01:52.0150 4480  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
19:01:52.0166 4480  BITS - ok
19:01:52.0181 4480  blbdrive - ok
19:01:52.0369 4480  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:01:52.0384 4480  Bonjour Service - ok
19:01:52.0431 4480  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:01:52.0447 4480  bowser - ok
19:01:52.0493 4480  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:01:52.0493 4480  BrFiltLo - ok
19:01:52.0509 4480  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:01:52.0509 4480  BrFiltUp - ok
19:01:52.0540 4480  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
19:01:52.0540 4480  Browser - ok
19:01:52.0571 4480  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
19:01:52.0571 4480  Brserid - ok
19:01:52.0587 4480  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:01:52.0587 4480  BrSerWdm - ok
19:01:52.0603 4480  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:01:52.0618 4480  BrUsbMdm - ok
19:01:52.0634 4480  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:01:52.0634 4480  BrUsbSer - ok
19:01:52.0681 4480  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
19:01:52.0681 4480  BthEnum - ok
19:01:52.0712 4480  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:01:52.0712 4480  BTHMODEM - ok
19:01:52.0759 4480  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:01:52.0774 4480  BthPan - ok
19:01:52.0852 4480  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:01:52.0883 4480  BTHPORT - ok
19:01:52.0915 4480  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
19:01:52.0930 4480  BthServ - ok
19:01:52.0961 4480  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:01:52.0961 4480  BTHUSB - ok
19:01:53.0008 4480  [ 99AEEA7CEFDFC6E4151A8F620D682088 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
19:01:53.0008 4480  btwaudio - ok
19:01:53.0039 4480  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
19:01:53.0039 4480  btwavdt - ok
19:01:53.0055 4480  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
19:01:53.0071 4480  btwrchid - ok
19:01:53.0133 4480  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_MCLIENT   C:\Windows\system32\drivers\MCLIENT\0302000.013\ccSetx86.sys
19:01:53.0133 4480  ccSet_MCLIENT - ok
19:01:53.0258 4480  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\Windows\system32\drivers\N360\1403010.016\ccSetx86.sys
19:01:53.0258 4480  ccSet_N360 - ok
19:01:53.0305 4480  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:01:53.0320 4480  cdfs - ok
19:01:53.0429 4480  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:01:53.0445 4480  cdrom - ok
19:01:53.0492 4480  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:01:53.0492 4480  CertPropSvc - ok
19:01:53.0539 4480  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:01:53.0539 4480  circlass - ok
19:01:53.0570 4480  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
19:01:53.0585 4480  CLFS - ok
19:01:53.0617 4480  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:01:53.0632 4480  clr_optimization_v2.0.50727_32 - ok
19:01:53.0679 4480  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:01:53.0710 4480  clr_optimization_v4.0.30319_32 - ok
19:01:53.0757 4480  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:01:53.0773 4480  CmBatt - ok
19:01:53.0804 4480  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:01:53.0804 4480  cmdide - ok
19:01:53.0882 4480  [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb         C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
19:01:53.0882 4480  Com4Qlb - ok
19:01:53.0929 4480  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:01:53.0944 4480  Compbatt - ok
19:01:53.0944 4480  COMSysApp - ok
19:01:53.0960 4480  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:01:53.0960 4480  crcdisk - ok
19:01:53.0975 4480  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
19:01:53.0975 4480  Crusoe - ok
19:01:54.0022 4480  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:01:54.0022 4480  CryptSvc - ok
19:01:54.0085 4480  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:01:54.0100 4480  DcomLaunch - ok
19:01:54.0131 4480  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:01:54.0131 4480  DfsC - ok
19:01:54.0241 4480  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
19:01:54.0287 4480  DFSR - ok
19:01:54.0397 4480  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:01:54.0428 4480  Dhcp - ok
19:01:54.0475 4480  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
19:01:54.0475 4480  disk - ok
19:01:54.0506 4480  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:01:54.0506 4480  Dnscache - ok
19:01:54.0568 4480  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:01:54.0568 4480  dot3svc - ok
19:01:54.0631 4480  [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
19:01:54.0646 4480  DpHost - ok
19:01:54.0693 4480  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
19:01:54.0693 4480  DPS - ok
19:01:54.0740 4480  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:01:54.0740 4480  drmkaud - ok
19:01:54.0833 4480  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:01:54.0849 4480  DXGKrnl - ok
19:01:54.0974 4480  [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B           C:\Windows\system32\DRIVERS\e100b325.sys
19:01:54.0974 4480  E100B - ok
19:01:54.0989 4480  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
19:01:54.0989 4480  E1G60 - ok
19:01:55.0036 4480  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
19:01:55.0036 4480  EapHost - ok
19:01:55.0083 4480  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:01:55.0083 4480  Ecache - ok
19:01:55.0177 4480  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:01:55.0177 4480  eeCtrl - ok
19:01:55.0223 4480  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:01:55.0223 4480  ehRecvr - ok
19:01:55.0239 4480  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
19:01:55.0255 4480  ehSched - ok
19:01:55.0270 4480  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
19:01:55.0270 4480  ehstart - ok
19:01:55.0317 4480  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:01:55.0317 4480  elxstor - ok
19:01:55.0395 4480  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
19:01:55.0395 4480  EMDMgmt - ok
19:01:55.0442 4480  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:01:55.0442 4480  EraserUtilRebootDrv - ok
19:01:55.0473 4480  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
19:01:55.0473 4480  EventSystem - ok
19:01:55.0520 4480  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
19:01:55.0535 4480  exfat - ok
19:01:55.0567 4480  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:01:55.0567 4480  fastfat - ok
19:01:55.0598 4480  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:01:55.0598 4480  fdc - ok
19:01:55.0629 4480  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:01:55.0629 4480  fdPHost - ok
19:01:55.0660 4480  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:01:55.0660 4480  FDResPub - ok
19:01:55.0707 4480  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:01:55.0707 4480  FileInfo - ok
19:01:55.0738 4480  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:01:55.0738 4480  Filetrace - ok
19:01:55.0925 4480  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:01:55.0941 4480  FLEXnet Licensing Service - ok
19:01:55.0972 4480  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:01:55.0972 4480  flpydisk - ok
19:01:56.0035 4480  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:01:56.0050 4480  FltMgr - ok
19:01:56.0097 4480  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
19:01:56.0113 4480  FontCache - ok
19:01:56.0206 4480  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:01:56.0206 4480  FontCache3.0.0.0 - ok
19:01:56.0253 4480  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:01:56.0253 4480  Fs_Rec - ok
19:01:56.0284 4480  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:01:56.0284 4480  gagp30kx - ok
19:01:56.0347 4480  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:01:56.0456 4480  GEARAspiWDM - ok
19:01:56.0518 4480  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:01:56.0534 4480  gpsvc - ok
19:01:56.0659 4480  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:01:56.0674 4480  gupdate - ok
19:01:56.0690 4480  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:01:56.0690 4480  gupdatem - ok
19:01:56.0721 4480  [ 713F7F6C5F3D6F3EE04C383EE4C7AB1D ] hcw72ADFilter   C:\Windows\system32\DRIVERS\hcw72ADFilter.sys
19:01:56.0721 4480  hcw72ADFilter - ok
19:01:56.0908 4480  [ 9E510E8E7342721E1CDA678FDF3784A4 ] hcw72ATV        C:\Windows\system32\DRIVERS\hcw72ATV.sys
19:01:56.0939 4480  hcw72ATV - ok
19:01:57.0173 4480  [ D3CDF45A0CE2202F9B1F47D026EF02D8 ] hcw72DTV        C:\Windows\system32\DRIVERS\hcw72DTV.sys
19:01:57.0205 4480  hcw72DTV - ok
19:01:57.0251 4480  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:01:57.0251 4480  HdAudAddService - ok
19:01:57.0298 4480  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:01:57.0298 4480  HDAudBus - ok
19:01:57.0314 4480  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:01:57.0314 4480  HidBth - ok
19:01:57.0345 4480  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:01:57.0345 4480  HidIr - ok
19:01:57.0454 4480  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
19:01:57.0454 4480  hidserv - ok
19:01:57.0485 4480  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:01:57.0501 4480  HidUsb - ok
19:01:57.0532 4480  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:01:57.0532 4480  hkmsvc - ok
19:01:57.0595 4480  [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
19:01:57.0595 4480  HP Health Check Service - ok
19:01:57.0626 4480  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
19:01:57.0626 4480  HpCISSs - ok
19:01:57.0719 4480  [ F55442690A70A0278A7EED4FAAEBF576 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:01:57.0719 4480  HPDrvMntSvc.exe - ok
19:01:57.0766 4480  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:01:57.0766 4480  HpqKbFiltr - ok
19:01:57.0782 4480  [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid       C:\Windows\system32\DRIVERS\HpqRemHid.sys
19:01:57.0782 4480  HpqRemHid - ok
19:01:57.0813 4480  [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
19:01:57.0813 4480  hpqwmiex - ok
19:01:57.0860 4480  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:01:57.0875 4480  HSFHWAZL - ok
19:01:57.0907 4480  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:01:57.0922 4480  HSF_DPV - ok
19:01:57.0969 4480  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:01:57.0985 4480  HTTP - ok
19:01:58.0016 4480  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
19:01:58.0016 4480  i2omp - ok
19:01:58.0063 4480  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:01:58.0063 4480  i8042prt - ok
19:01:58.0125 4480  [ F79525634B192F5A18DE503568F94EF3 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:01:58.0141 4480  IAANTMON - ok
19:01:58.0297 4480  [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:01:58.0375 4480  ialm - ok
19:01:58.0515 4480  [ BAABB0301949774A66B955C65319635A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:01:58.0515 4480  iaStor - ok
19:01:58.0577 4480  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
19:01:58.0577 4480  iaStorV - ok
19:01:58.0624 4480  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:01:58.0624 4480  IDriverT - ok
19:01:58.0702 4480  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:01:58.0702 4480  idsvc - ok
19:01:58.0796 4480  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130607.001\IDSvix86.sys
19:01:58.0811 4480  IDSVix86 - ok
19:01:58.0827 4480  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:01:58.0843 4480  iirsp - ok
19:01:58.0889 4480  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:01:58.0889 4480  IKEEXT - ok
19:01:59.0218 4480  [ 1F10ED6F98C57EFB4E7FB9972B2DBB71 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:01:59.0312 4480  IntcAzAudAddService - ok
19:01:59.0343 4480  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:01:59.0343 4480  intelide - ok
19:01:59.0374 4480  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:01:59.0374 4480  intelppm - ok
19:01:59.0577 4480  [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:01:59.0592 4480  IntuitUpdateServiceV4 - ok
19:01:59.0655 4480  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:01:59.0655 4480  IPBusEnum - ok
19:01:59.0686 4480  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:01:59.0702 4480  IpFilterDriver - ok
19:01:59.0733 4480  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:01:59.0733 4480  iphlpsvc - ok
19:01:59.0733 4480  IpInIp - ok
19:01:59.0764 4480  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
19:01:59.0764 4480  IPMIDRV - ok
19:01:59.0795 4480  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
19:01:59.0795 4480  IPNAT - ok
19:01:59.0858 4480  [ E3E71649A926CB34FA4D7AB75DCE126C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:01:59.0873 4480  iPod Service - ok
19:01:59.0904 4480  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:01:59.0904 4480  IRENUM - ok
19:01:59.0920 4480  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:01:59.0920 4480  isapnp - ok
19:01:59.0967 4480  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:01:59.0982 4480  iScsiPrt - ok
19:01:59.0998 4480  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:01:59.0998 4480  iteatapi - ok
19:02:00.0029 4480  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
19:02:00.0029 4480  iteraid - ok
19:02:00.0060 4480  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:02:00.0060 4480  kbdclass - ok
19:02:00.0092 4480  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:02:00.0092 4480  kbdhid - ok
19:02:00.0123 4480  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
19:02:00.0138 4480  KeyIso - ok
19:02:00.0248 4480  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:02:00.0248 4480  KSecDD - ok
19:02:00.0294 4480  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:02:00.0294 4480  KtmRm - ok
19:02:00.0326 4480  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:02:00.0341 4480  LanmanServer - ok
19:02:00.0388 4480  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:02:00.0404 4480  LanmanWorkstation - ok
19:02:00.0513 4480  [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:02:00.0513 4480  LightScribeService - ok
19:02:00.0560 4480  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:02:00.0560 4480  lltdio - ok
19:02:00.0606 4480  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:02:00.0606 4480  lltdsvc - ok
19:02:00.0638 4480  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:02:00.0653 4480  lmhosts - ok
19:02:00.0684 4480  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:02:00.0684 4480  LSI_FC - ok
19:02:00.0700 4480  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:02:00.0700 4480  LSI_SAS - ok
19:02:00.0716 4480  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:02:00.0716 4480  LSI_SCSI - ok
19:02:00.0762 4480  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
19:02:00.0762 4480  luafv - ok
19:02:00.0887 4480  [ 0CF633A54C681C65297C63106C4BC376 ] MatSvc          C:\Program Files\Microsoft Fix it Center\Matsvc.exe
19:02:00.0903 4480  MatSvc - ok
19:02:00.0996 4480  [ 4A9258B9597A31DB68EC9740F3A8A70B ] MCLIENT         C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
19:02:00.0996 4480  MCLIENT - ok
19:02:01.0043 4480  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:02:01.0043 4480  Mcx2Svc - ok
19:02:01.0090 4480  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
19:02:01.0090 4480  megasas - ok
19:02:01.0121 4480  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
19:02:01.0121 4480  MMCSS - ok
19:02:01.0152 4480  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
19:02:01.0152 4480  Modem - ok
19:02:01.0199 4480  [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
19:02:01.0230 4480  MODEMCSA - ok
19:02:01.0277 4480  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:02:01.0277 4480  monitor - ok
19:02:01.0324 4480  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:02:01.0324 4480  mouclass - ok
19:02:01.0355 4480  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:02:01.0355 4480  mouhid - ok
19:02:01.0386 4480  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:02:01.0402 4480  MountMgr - ok
19:02:01.0511 4480  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:02:01.0511 4480  MozillaMaintenance - ok
19:02:01.0542 4480  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:02:01.0542 4480  mpio - ok
19:02:01.0589 4480  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:02:01.0589 4480  mpsdrv - ok
19:02:01.0636 4480  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:02:01.0636 4480  MpsSvc - ok
19:02:01.0667 4480  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:02:01.0667 4480  Mraid35x - ok
19:02:01.0698 4480  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:02:01.0698 4480  MRxDAV - ok
19:02:01.0730 4480  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:01.0730 4480  mrxsmb - ok
19:02:01.0792 4480  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:01.0792 4480  mrxsmb10 - ok
19:02:01.0792 4480  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:01.0808 4480  mrxsmb20 - ok
19:02:01.0808 4480  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:02:01.0808 4480  msahci - ok
19:02:01.0823 4480  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:02:01.0823 4480  msdsm - ok
19:02:01.0854 4480  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
19:02:01.0854 4480  MSDTC - ok
19:02:01.0886 4480  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:02:01.0886 4480  Msfs - ok
19:02:01.0932 4480  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:02:01.0932 4480  msisadrv - ok
19:02:01.0979 4480  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:02:01.0979 4480  MSiSCSI - ok
19:02:01.0979 4480  msiserver - ok
19:02:02.0026 4480  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:02:02.0026 4480  MSKSSRV - ok
19:02:02.0057 4480  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:02.0057 4480  MSPCLOCK - ok
19:02:02.0073 4480  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:02:02.0073 4480  MSPQM - ok
19:02:02.0104 4480  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:02:02.0120 4480  MsRPC - ok
19:02:02.0198 4480  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:02:02.0213 4480  mssmbios - ok
19:02:02.0229 4480  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:02:02.0229 4480  MSTEE - ok
19:02:02.0244 4480  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
19:02:02.0244 4480  Mup - ok
19:02:02.0369 4480  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files\Norton 360 Premier Edition\Engine\20.3.1.22\ccSvcHst.exe
19:02:02.0369 4480  N360 - ok
19:02:02.0432 4480  [ 88705DC61B9275B82E48904D53031F5B ] n558            C:\Windows\system32\Drivers\n558.sys
19:02:02.0447 4480  n558 - ok
19:02:02.0572 4480  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
19:02:02.0572 4480  napagent - ok
19:02:02.0619 4480  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:02:02.0619 4480  NativeWifiP - ok
19:02:02.0712 4480  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130610.007\NAVENG.SYS
19:02:02.0728 4480  NAVENG - ok
19:02:02.0837 4480  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130610.007\NAVEX15.SYS
19:02:02.0884 4480  NAVEX15 - ok
19:02:02.0946 4480  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:02:02.0946 4480  NDIS - ok
19:02:02.0978 4480  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:02.0978 4480  NdisTapi - ok
19:02:03.0024 4480  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:03.0024 4480  Ndisuio - ok
19:02:03.0040 4480  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:03.0040 4480  NdisWan - ok
19:02:03.0087 4480  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:02:03.0087 4480  NDProxy - ok
19:02:03.0149 4480  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:02:03.0149 4480  Net Driver HPZ12 - ok
19:02:03.0180 4480  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:02:03.0180 4480  NetBIOS - ok
19:02:03.0212 4480  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
19:02:03.0227 4480  netbt - ok
19:02:03.0274 4480  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
19:02:03.0274 4480  Netlogon - ok
19:02:03.0368 4480  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
19:02:03.0368 4480  Netman - ok
19:02:03.0508 4480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:02:03.0508 4480  NetMsmqActivator - ok
19:02:03.0508 4480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:02:03.0508 4480  NetPipeActivator - ok
19:02:03.0633 4480  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
19:02:03.0633 4480  netprofm - ok
19:02:03.0633 4480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:02:03.0633 4480  NetTcpActivator - ok
19:02:03.0664 4480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:02:03.0664 4480  NetTcpPortSharing - ok
19:02:03.0836 4480  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
19:02:03.0898 4480  NETw4v32 - ok
19:02:04.0600 4480  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
19:02:04.0709 4480  NETw5v32 - ok
19:02:04.0740 4480  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:02:04.0740 4480  nfrd960 - ok
19:02:04.0787 4480  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:02:04.0787 4480  NlaSvc - ok
19:02:04.0834 4480  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:02:04.0834 4480  Npfs - ok
19:02:04.0959 4480  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
19:02:04.0959 4480  nsi - ok
19:02:05.0021 4480  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:02:05.0052 4480  nsiproxy - ok
19:02:05.0162 4480  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:02:05.0193 4480  Ntfs - ok
19:02:05.0224 4480  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
19:02:05.0224 4480  ntrigdigi - ok
19:02:05.0286 4480  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
19:02:05.0333 4480  Null - ok
19:02:09.0764 4480  [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:02:10.0091 4480  nvlddmkm - ok
19:02:10.0185 4480  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:02:10.0294 4480  nvraid - ok
19:02:10.0325 4480  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:02:10.0325 4480  nvstor - ok
19:02:10.0372 4480  [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:02:10.0372 4480  nvsvc - ok
19:02:10.0388 4480  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:02:10.0388 4480  nv_agp - ok
19:02:10.0388 4480  NwlnkFlt - ok
19:02:10.0388 4480  NwlnkFwd - ok
19:02:10.0450 4480  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:02:10.0466 4480  ohci1394 - ok
19:02:10.0528 4480  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:10.0528 4480  ose - ok
19:02:10.0590 4480  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:02:10.0590 4480  p2pimsvc - ok
19:02:10.0606 4480  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:02:10.0622 4480  p2psvc - ok
19:02:10.0684 4480  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
19:02:10.0700 4480  Parport - ok
19:02:10.0762 4480  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:02:10.0762 4480  partmgr - ok
19:02:10.0809 4480  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
19:02:10.0840 4480  Parvdm - ok
19:02:10.0887 4480  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:02:10.0887 4480  PcaSvc - ok
19:02:10.0918 4480  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
19:02:10.0934 4480  pci - ok
19:02:10.0980 4480  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:02:10.0980 4480  pciide - ok
19:02:10.0996 4480  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:02:10.0996 4480  pcmcia - ok
19:02:11.0105 4480  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:02:11.0152 4480  PEAUTH - ok
19:02:11.0682 4480  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
19:02:11.0776 4480  pla - ok
19:02:11.0807 4480  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:02:11.0823 4480  PlugPlay - ok
19:02:11.0932 4480  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:02:11.0994 4480  Pml Driver HPZ12 - ok
19:02:12.0150 4480  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
19:02:12.0150 4480  PNRPAutoReg - ok
19:02:12.0572 4480  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
19:02:12.0587 4480  PNRPsvc - ok
19:02:12.0728 4480  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:02:12.0743 4480  PolicyAgent - ok
19:02:12.0837 4480  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:02:12.0884 4480  PptpMiniport - ok
19:02:12.0915 4480  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
19:02:12.0915 4480  Processor - ok
19:02:12.0946 4480  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:02:12.0946 4480  ProfSvc - ok
19:02:12.0977 4480  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:02:12.0977 4480  ProtectedStorage - ok
19:02:13.0055 4480  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:02:13.0102 4480  PSched - ok
19:02:13.0164 4480  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:02:13.0196 4480  ql2300 - ok
19:02:13.0227 4480  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:02:13.0242 4480  ql40xx - ok
19:02:14.0022 4480  [ 8B0F258DE1045482337C54EEA544C782 ] QPCapSvc        C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
19:02:14.0022 4480  QPCapSvc - ok
19:02:14.0038 4480  [ 4C83EB2DB6970FFC879CEC604C355881 ] QPSched         C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
19:02:14.0069 4480  QPSched - ok
19:02:14.0116 4480  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
19:02:14.0116 4480  QWAVE - ok
19:02:14.0225 4480  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:02:14.0256 4480  QWAVEdrv - ok
19:02:14.0303 4480  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:02:14.0303 4480  RasAcd - ok
19:02:14.0350 4480  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
19:02:14.0350 4480  RasAuto - ok
19:02:14.0428 4480  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:14.0444 4480  Rasl2tp - ok
19:02:14.0475 4480  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
19:02:14.0490 4480  RasMan - ok
19:02:14.0553 4480  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:14.0553 4480  RasPppoe - ok
19:02:14.0584 4480  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:02:14.0600 4480  RasSstp - ok
19:02:14.0646 4480  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:02:14.0646 4480  rdbss - ok
19:02:14.0740 4480  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:14.0740 4480  RDPCDD - ok
19:02:14.0849 4480  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
19:02:14.0880 4480  rdpdr - ok
19:02:14.0896 4480  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:02:14.0896 4480  RDPENCDD - ok
19:02:14.0990 4480  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:02:14.0990 4480  RDPWD - ok
19:02:15.0036 4480  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:02:15.0036 4480  RemoteAccess - ok
19:02:15.0083 4480  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:02:15.0083 4480  RemoteRegistry - ok
19:02:15.0161 4480  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:02:15.0161 4480  RFCOMM - ok
19:02:15.0208 4480  [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
19:02:15.0208 4480  rimmptsk - ok
19:02:15.0255 4480  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
19:02:15.0255 4480  rimsptsk - ok
19:02:15.0270 4480  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
19:02:15.0270 4480  rismxdp - ok
19:02:15.0286 4480  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
19:02:15.0286 4480  RpcLocator - ok
19:02:15.0411 4480  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
19:02:15.0411 4480  RpcSs - ok
19:02:15.0504 4480  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:02:15.0582 4480  rspndr - ok
19:02:15.0660 4480  [ CB0BD9E10E3E244D312C106DEE1BBB93 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
19:02:15.0660 4480  RTL8169 - ok
19:02:15.0676 4480  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
19:02:15.0676 4480  SamSs - ok
19:02:15.0785 4480  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:02:15.0801 4480  SASDIFSV - ok
19:02:15.0941 4480  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:02:15.0941 4480  SASKUTIL - ok
19:02:16.0128 4480  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:02:16.0191 4480  sbp2port - ok
19:02:16.0253 4480  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:02:16.0269 4480  SCardSvr - ok
19:02:16.0643 4480  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
19:02:16.0908 4480  Schedule - ok
19:02:16.0955 4480  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:02:16.0955 4480  SCPolicySvc - ok
19:02:17.0018 4480  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:02:17.0049 4480  sdbus - ok
19:02:17.0096 4480  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:02:17.0096 4480  SDRSVC - ok
19:02:17.0189 4480  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:02:17.0220 4480  secdrv - ok
19:02:17.0252 4480  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
19:02:17.0283 4480  seclogon - ok
19:02:17.0314 4480  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
19:02:17.0345 4480  SENS - ok
19:02:17.0423 4480  [ 227DF2E68510D25462EE80136722374E ] ser2plms        C:\Windows\system32\DRIVERS\ser2plms.sys
19:02:17.0423 4480  ser2plms - ok
19:02:17.0439 4480  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:02:17.0439 4480  Serenum - ok
19:02:17.0454 4480  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
19:02:17.0454 4480  Serial - ok
19:02:17.0548 4480  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:02:17.0595 4480  sermouse - ok
19:02:17.0657 4480  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:02:17.0673 4480  SessionEnv - ok
19:02:17.0720 4480  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:02:17.0720 4480  sffdisk - ok
19:02:17.0829 4480  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:02:17.0844 4480  sffp_mmc - ok
19:02:17.0969 4480  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:02:18.0032 4480  sffp_sd - ok
19:02:18.0063 4480  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:02:18.0063 4480  sfloppy - ok
19:02:18.0094 4480  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:02:18.0094 4480  SharedAccess - ok
19:02:18.0344 4480  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:02:18.0344 4480  ShellHWDetection - ok
19:02:18.0390 4480  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:02:18.0437 4480  sisagp - ok
19:02:18.0484 4480  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:02:18.0484 4480  SiSRaid2 - ok
19:02:18.0500 4480  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:02:18.0515 4480  SiSRaid4 - ok
19:02:18.0640 4480  [ 0973BD0931BF4D0DFB1885BD464E9766 ] SlingAgentService C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
19:02:18.0656 4480  SlingAgentService - ok
19:02:19.0014 4480  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
19:02:19.0139 4480  slsvc - ok
19:02:19.0155 4480  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:02:19.0155 4480  SLUINotify - ok
19:02:19.0202 4480  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:02:19.0217 4480  Smb - ok
19:02:19.0389 4480  [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
19:02:19.0436 4480  smserial - ok
19:02:19.0451 4480  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:02:19.0451 4480  SNMPTRAP - ok
19:02:19.0482 4480  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
19:02:19.0498 4480  spldr - ok
19:02:19.0529 4480  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
19:02:19.0529 4480  Spooler - ok
19:02:19.0592 4480  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\Windows\System32\Drivers\N360\1403010.016\SRTSP.SYS
19:02:19.0607 4480  SRTSP - ok
19:02:19.0638 4480  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\N360\1403010.016\SRTSPX.SYS
19:02:19.0654 4480  SRTSPX - ok
19:02:19.0716 4480  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:02:19.0732 4480  srv - ok
19:02:19.0763 4480  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:02:19.0763 4480  srv2 - ok
19:02:19.0763 4480  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:02:19.0779 4480  srvnet - ok
19:02:19.0810 4480  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:02:19.0810 4480  SSDPSRV - ok
19:02:19.0857 4480  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:02:19.0872 4480  SstpSvc - ok
19:02:19.0919 4480  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
19:02:19.0919 4480  stisvc - ok
19:02:19.0935 4480  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:02:19.0935 4480  swenum - ok
19:02:19.0966 4480  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
19:02:19.0982 4480  swprv - ok
19:02:20.0075 4480  [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
19:02:20.0091 4480  Symantec RemoteAssist - ok
19:02:20.0106 4480  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
19:02:20.0106 4480  Symc8xx - ok
19:02:20.0169 4480  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\Windows\system32\drivers\N360\1403010.016\SYMDS.SYS
19:02:20.0169 4480  SymDS - ok
19:02:20.0356 4480  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\N360\1403010.016\SYMEFA.SYS
19:02:20.0372 4480  SymEFA - ok
19:02:20.0418 4480  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
19:02:20.0418 4480  SymEvent - ok
19:02:20.0465 4480  [ 3DAAD401453F5A46CAE076F9D9D1458E ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
19:02:20.0481 4480  SymIM - ok
19:02:20.0528 4480  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\N360\1403010.016\Ironx86.SYS
19:02:20.0528 4480  SymIRON - ok
19:02:20.0621 4480  [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv         C:\Windows\System32\Drivers\N360\1403010.016\SYMTDIV.SYS
19:02:20.0621 4480  SYMTDIv - ok
19:02:20.0652 4480  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:02:20.0668 4480  Sym_hi - ok
19:02:20.0715 4480  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:02:20.0715 4480  Sym_u3 - ok
19:02:20.0777 4480  [ 964524A9EDCCE945E82419ABE9DB94EE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:02:20.0777 4480  SynTP - ok
19:02:20.0824 4480  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
19:02:20.0824 4480  SysMain - ok
19:02:20.0886 4480  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:02:20.0886 4480  TabletInputService - ok
19:02:20.0949 4480  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:02:20.0964 4480  TapiSrv - ok
19:02:20.0980 4480  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
19:02:20.0996 4480  TBS - ok
19:02:21.0074 4480  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:02:21.0089 4480  Tcpip - ok
19:02:21.0105 4480  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:02:21.0105 4480  Tcpip6 - ok
19:02:21.0167 4480  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:02:21.0183 4480  tcpipreg - ok
19:02:21.0214 4480  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:02:21.0214 4480  TDPIPE - ok
19:02:21.0230 4480  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:02:21.0230 4480  TDTCP - ok
19:02:21.0276 4480  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:02:21.0276 4480  tdx - ok
19:02:21.0308 4480  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:02:21.0308 4480  TermDD - ok
19:02:21.0354 4480  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
19:02:21.0370 4480  TermService - ok
19:02:21.0370 4480  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
19:02:21.0370 4480  Themes - ok
19:02:21.0432 4480  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:02:21.0432 4480  THREADORDER - ok
19:02:21.0464 4480  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
19:02:21.0464 4480  TrkWks - ok
19:02:21.0542 4480  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:02:21.0542 4480  TrustedInstaller - ok
19:02:21.0573 4480  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:02:21.0588 4480  tssecsrv - ok
19:02:21.0635 4480  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
19:02:21.0635 4480  tunmp - ok
19:02:21.0682 4480  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:02:21.0682 4480  tunnel - ok
19:02:21.0698 4480  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:02:21.0698 4480  uagp35 - ok
19:02:21.0744 4480  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:02:21.0744 4480  udfs - ok
19:02:21.0791 4480  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:02:21.0807 4480  UI0Detect - ok
19:02:21.0838 4480  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:02:21.0838 4480  uliagpkx - ok
19:02:21.0854 4480  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
19:02:21.0854 4480  uliahci - ok
19:02:21.0885 4480  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:02:21.0885 4480  UlSata - ok
19:02:21.0916 4480  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
19:02:21.0916 4480  ulsata2 - ok
19:02:21.0963 4480  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:02:21.0978 4480  umbus - ok
19:02:22.0010 4480  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
19:02:22.0025 4480  upnphost - ok
19:02:22.0056 4480  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
19:02:22.0056 4480  USBAAPL - ok
19:02:22.0119 4480  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:02:22.0119 4480  usbaudio - ok
19:02:22.0166 4480  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:02:22.0166 4480  usbccgp - ok
19:02:22.0228 4480  [ 47B9770EA21436DE4AD5AEA7926E0900 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:02:22.0228 4480  usbcir - ok
19:02:22.0259 4480  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:02:22.0259 4480  usbehci - ok
19:02:22.0275 4480  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:02:22.0290 4480  usbhub - ok
19:02:22.0306 4480  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:02:22.0322 4480  usbohci - ok
19:02:22.0337 4480  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:02:22.0337 4480  usbprint - ok
19:02:22.0400 4480  [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
19:02:22.0400 4480  usbser - ok
19:02:22.0431 4480  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:02:22.0431 4480  USBSTOR - ok
19:02:22.0493 4480  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:02:22.0493 4480  usbuhci - ok
19:02:22.0556 4480  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:02:22.0556 4480  usbvideo - ok
19:02:22.0602 4480  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
19:02:22.0618 4480  UxSms - ok
19:02:22.0680 4480  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
19:02:22.0696 4480  vds - ok
19:02:22.0758 4480  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:02:22.0758 4480  vga - ok
19:02:22.0774 4480  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:02:22.0774 4480  VgaSave - ok
19:02:22.0821 4480  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:02:22.0821 4480  viaagp - ok
19:02:22.0836 4480  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:02:22.0836 4480  ViaC7 - ok
19:02:22.0852 4480  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
19:02:22.0852 4480  viaide - ok
19:02:22.0883 4480  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:02:22.0883 4480  volmgr - ok
19:02:22.0930 4480  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:02:22.0946 4480  volmgrx - ok
19:02:22.0977 4480  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:02:22.0977 4480  volsnap - ok
19:02:23.0039 4480  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:02:23.0055 4480  vsmraid - ok
19:02:23.0086 4480  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
19:02:23.0117 4480  VSS - ok
19:02:23.0164 4480  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
19:02:23.0164 4480  W32Time - ok
19:02:23.0242 4480  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:02:23.0258 4480  WacomPen - ok
19:02:23.0289 4480  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:02:23.0289 4480  Wanarp - ok
19:02:23.0304 4480  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:02:23.0304 4480  Wanarpv6 - ok
19:02:23.0320 4480  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:02:23.0320 4480  wcncsvc - ok
19:02:23.0336 4480  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:02:23.0336 4480  WcsPlugInService - ok
19:02:23.0382 4480  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
19:02:23.0382 4480  Wd - ok
19:02:23.0429 4480  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:02:23.0460 4480  Wdf01000 - ok
19:02:23.0507 4480  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:02:23.0523 4480  WdiServiceHost - ok
19:02:23.0523 4480  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:02:23.0523 4480  WdiSystemHost - ok
19:02:23.0570 4480  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
19:02:23.0585 4480  WebClient - ok
19:02:23.0616 4480  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:02:23.0616 4480  Wecsvc - ok
19:02:23.0648 4480  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:02:23.0648 4480  wercplsupport - ok
19:02:23.0710 4480  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:02:23.0710 4480  WerSvc - ok
19:02:23.0757 4480  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:02:23.0772 4480  winachsf - ok
19:02:23.0850 4480  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:02:23.0866 4480  WinDefend - ok
19:02:23.0866 4480  WinHttpAutoProxySvc - ok
19:02:23.0944 4480  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:02:23.0960 4480  Winmgmt - ok
19:02:24.0022 4480  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:02:24.0053 4480  WinRM - ok
19:02:24.0131 4480  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:02:24.0147 4480  Wlansvc - ok
19:02:24.0412 4480  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:02:24.0459 4480  wlidsvc - ok
19:02:24.0521 4480  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:02:24.0521 4480  WmiAcpi - ok
19:02:24.0552 4480  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:02:24.0552 4480  wmiApSrv - ok
19:02:24.0662 4480  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:02:24.0693 4480  WMPNetworkSvc - ok
19:02:24.0740 4480  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:02:24.0755 4480  WPCSvc - ok
19:02:24.0771 4480  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:02:24.0771 4480  WPDBusEnum - ok
19:02:24.0818 4480  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
19:02:24.0818 4480  WpdUsb - ok
19:02:25.0145 4480  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:02:25.0161 4480  WPFFontCache_v0400 - ok
19:02:25.0192 4480  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:02:25.0192 4480  ws2ifsl - ok
19:02:25.0223 4480  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
19:02:25.0239 4480  wscsvc - ok
19:02:25.0239 4480  WSearch - ok
19:02:25.0520 4480  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:02:25.0582 4480  wuauserv - ok
19:02:25.0613 4480  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:02:25.0613 4480  WudfPf - ok
19:02:25.0644 4480  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:02:25.0660 4480  WUDFRd - ok
19:02:25.0707 4480  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:02:25.0707 4480  wudfsvc - ok
19:02:25.0722 4480  ================ Scan global ===============================
19:02:25.0785 4480  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:02:25.0832 4480  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
19:02:25.0847 4480  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
19:02:25.0956 4480  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:02:25.0972 4480  [Global] - ok
19:02:25.0972 4480  ================ Scan MBR ==================================
19:02:25.0988 4480  [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
19:02:27.0345 4480  \Device\Harddisk0\DR0 - ok
19:02:27.0345 4480  ================ Scan VBR ==================================
19:02:27.0345 4480  [ F38648DE2A04BB0A208D13BD6CF59828 ] \Device\Harddisk0\DR0\Partition1
19:02:27.0360 4480  \Device\Harddisk0\DR0\Partition1 - ok
19:02:27.0376 4480  [ D3DC17FE917FEFD759A319EEA5E0892B ] \Device\Harddisk0\DR0\Partition2
19:02:27.0376 4480  \Device\Harddisk0\DR0\Partition2 - ok
19:02:27.0376 4480  ============================================================
19:02:27.0376 4480  Scan finished
19:02:27.0376 4480  ============================================================
19:02:27.0392 1672  Detected object count: 1
19:02:27.0392 1672  Actual detected object count: 1
19:03:31.0523 1672  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:03:31.0523 1672  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:03:42.0849 8180  Deinitialize success
 

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.10.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dave :: DAVEMOBILE [administrator]

6/10/2013 7:11:33 PM
mbar-log-2013-06-10 (19-11-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 245687
Time elapsed: 16 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 3218599936, free: 1550516224

Downloaded database version: v2013.06.10.08
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     06/10/2013 19:11:28
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360\1403010.016\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360\1403010.016\SYMEFA.SYS
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\HpqRemHid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\smserial.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\drivers\MCLIENT\0302000.013\ccSetx86.sys
\SystemRoot\system32\drivers\N360\1403010.016\ccSetx86.sys
\SystemRoot\system32\drivers\N360\1403010.016\Ironx86.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\N360\1403010.016\SYMTDIV.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\SymIMv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\N360\1403010.016\SRTSPX.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130607.001\IDSvix86.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\System32\Drivers\n558.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\hidbth.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\N360\1403010.016\SRTSP.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Users\Dave\AppData\Local\Temp\mbr.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130610.007\NAVEX15.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130610.007\NAVENG.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86c43ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff85af1028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86c43ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86c437b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86c43ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85b31248, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85af1028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 33F133F0

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 462543417
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 462543480  Numsec = 25848585

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

 

 

ComboFix 13-06-08.02 - Dave 06/10/2013  19:47:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1642 [GMT -5:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\KBL.LOG
c:\windows\system32\sm56co85.txt
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-11 00:57 . 2013-06-11 00:57    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-06-11 00:57 . 2013-06-11 00:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-11 00:11 . 2013-06-11 00:28    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-08 00:07 . 2013-06-08 00:08    --------    d-----w-    c:\windows\system32\drivers\N360\1404000.028
2013-06-01 20:43 . 2013-06-01 20:43    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-01 20:43 . 2013-04-04 19:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-31 02:31 . 2013-05-31 02:31    --------    d-----w-    c:\windows\system32\drivers\MCLIENT
2013-05-31 02:31 . 2013-05-31 02:31    --------    d-----w-    c:\program files\Norton Management
2013-05-30 12:26 . 2012-11-16 02:45    36512    ----a-r-    c:\windows\system32\drivers\SymIMV.sys
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-25 19:03 . 2013-05-25 19:03    --------    d-----w-    c:\program files\QuickTime
2013-05-25 18:58 . 2013-05-25 18:58    --------    d-----w-    c:\program files\iPod
2013-05-25 18:58 . 2013-05-25 18:59    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-25 18:58 . 2013-05-25 18:59    --------    d-----w-    c:\program files\iTunes
2013-05-15 01:05 . 2013-05-05 19:12    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-15 00:23 . 2013-04-15 14:20    638328    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 00:23 . 2013-04-13 10:56    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-05-15 00:23 . 2013-04-09 01:36    2049024    ----a-w-    c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 01:19 . 2013-04-21 13:25    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 01:19 . 2013-04-21 13:25    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-15 01:11 . 2010-06-24 16:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 08:59 . 2013-05-01 08:59    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2013-04-14 21:18 . 2013-04-14 21:18    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-03-23 01:09 . 2013-03-23 01:09    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Akamai NetSession Interface"="c:\users\Dave\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-10-22 468264]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54    551296    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-22 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 18211097
*Deregistered* - 18211097
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
Akamai    REG_MULTI_SZ       Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 23:34    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-21 01:19]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 18:29]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 18:29]
.
2013-06-01 c:\windows\Tasks\HPCeeScheduleForDave.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-26 19:58]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - ExtSQL: !HIDDEN! 2009-10-10 20:34; otis@digitalpersona.com; c:\program files\DigitalPersona\Bin\FirefoxExt
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-10 19:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCLIENT]
"ImagePath"="\"c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2013-06-10  19:59:47
ComboFix-quarantined-files.txt  2013-06-11 00:59
.
Pre-Run: 104,739,758,080 bytes free
Post-Run: 104,661,262,336 bytes free
.
- - End Of File - - 8597C3FF9F74B00CCCF4F6F5D5F79E19
1A1A06F62E891045814007163C1C76C3
 

 

 

 Results of screen317's Security Check version 0.99.64  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Norton 360 Premier Edition   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java™ 6 Update 22  
 Java version out of Date!
 Adobe Flash Player     11.7.700.202  
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 



#4 elite1dmw

elite1dmw
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 10 June 2013 - 08:52 PM

To answer your question about how my computer is running,,,It seems to be running great. Is there any need to keep the previously downloaded programs on my computer or can I uninstall them?



#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:17 PM

Posted 10 June 2013 - 09:35 PM

To answer your question about how my computer is running,,,It seems to be running great. Is there any need to keep the previously downloaded programs on my computer or can I uninstall them?

I'll let you know when we can uninstall them, as we may need them in the near future.

------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::
C:\Windows\System32\Drivers\18211097.sys

Driver::
18211097

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#6 elite1dmw

elite1dmw
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 10 June 2013 - 10:42 PM

I performed the steps listed and pasted the results below. Also as a side note, I got the message that the AntiSpyware program(Norton 360) is still running. I found a setting specifically for this in the antivirus section of the Norton 360 settings screen. I turned this off, and never got another warning message from ComboFix.

 

ComboFix 13-06-08.02 - Dave 06/10/2013  22:12:17.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1626 [GMT -5:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
Command switches used :: c:\users\Dave\Desktop\CFScript.txt.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\18211097.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_18211097
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-11 03:22 . 2013-06-11 03:25    --------    d-----w-    c:\users\Dave\AppData\Local\temp
2013-06-11 03:22 . 2013-06-11 03:22    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-06-11 00:11 . 2013-06-11 00:28    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-08 00:07 . 2013-06-08 00:08    --------    d-----w-    c:\windows\system32\drivers\N360\1404000.028
2013-06-01 20:43 . 2013-06-01 20:43    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-01 20:43 . 2013-04-04 19:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-31 02:31 . 2013-05-31 02:31    --------    d-----w-    c:\windows\system32\drivers\MCLIENT
2013-05-31 02:31 . 2013-05-31 02:31    --------    d-----w-    c:\program files\Norton Management
2013-05-30 12:26 . 2012-11-16 02:45    36512    ----a-r-    c:\windows\system32\drivers\SymIMV.sys
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-25 19:03 . 2013-05-25 19:03    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-25 19:03 . 2013-05-25 19:03    --------    d-----w-    c:\program files\QuickTime
2013-05-25 18:58 . 2013-05-25 18:58    --------    d-----w-    c:\program files\iPod
2013-05-25 18:58 . 2013-05-25 18:59    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-25 18:58 . 2013-05-25 18:59    --------    d-----w-    c:\program files\iTunes
2013-05-15 01:05 . 2013-05-05 19:12    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-15 00:23 . 2013-04-15 14:20    638328    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 00:23 . 2013-04-13 10:56    37376    ----a-w-    c:\windows\system32\cdd.dll
2013-05-15 00:23 . 2013-04-09 01:36    2049024    ----a-w-    c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 01:19 . 2013-04-21 13:25    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 01:19 . 2013-04-21 13:25    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-15 01:11 . 2010-06-24 16:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 08:59 . 2013-05-01 08:59    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2013-04-14 21:18 . 2013-04-14 21:18    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-03-23 01:09 . 2013-03-23 01:09    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Akamai NetSession Interface"="c:\users\Dave\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-10-22 468264]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54    551296    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-12-22 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
Akamai    REG_MULTI_SZ       Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 23:34    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-21 01:19]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 18:29]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-10 18:29]
.
2013-06-01 c:\windows\Tasks\HPCeeScheduleForDave.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-26 19:58]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - ExtSQL: !HIDDEN! 2009-10-10 20:34; otis@digitalpersona.com; c:\program files\DigitalPersona\Bin\FirefoxExt
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-10 22:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCLIENT]
"ImagePath"="\"c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(5740)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fingerprint Sensor\AtService.exe
c:\windows\system32\nvvsvc.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
c:\windows\system32\msiexec.exe
c:\program files\Norton 360 Premier Edition\Engine\20.3.1.22\ccSvcHst.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Sling Media\SlingAgent\SlingAgentService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\DllHost.exe
c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
c:\program files\Norton 360 Premier Edition\Engine\20.3.1.22\ccSvcHst.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\windows\ehome\ehRecvr.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
**************************************************************************
.
Completion time: 2013-06-10  22:31:47 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-11 03:31
ComboFix2.txt  2013-06-11 00:59
.
Pre-Run: 104,688,992,256 bytes free
Post-Run: 104,377,122,816 bytes free
.
- - End Of File - - 1285EA22FFBB1736D8777F337F953318
1A1A06F62E891045814007163C1C76C3
 



#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:17 PM

Posted 11 June 2013 - 11:17 AM

Looks a whole lot better. I'd like to run a few more scans to see if we missed anything:

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

----------Step 2----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 3 (note: this scan may take a little time)----------------
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 4----------------
Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 elite1dmw

elite1dmw
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 12 June 2013 - 06:04 AM

I performed step 1, 2 and 3. The ESET scan in step 3 was a little different, in the menu choices before and after the scan. When the screen with the "scan archives" selection came up, there was another box that said "remove threats", and was selected by default. I did not change this setting, so maybe that's why I didn't get the same options after the scan. After the scan completed, there was no option to display list of found threats, or to export to text file. However, I searched the file path given above, and there was a log that was automatically saved. I've attached that log. The scan results showed no threats. Thanks.

 

# AdwCleaner v2.303 - Logfile created 06/11/2013 at 19:07:36
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Dave - DAVEMOBILE
# Boot Mode : Normal
# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\searchplugins\safesearch.xml
Folder Found : C:\Users\Dave\AppData\Local\Coupon Companion Plugin
Folder Found : C:\Users\Dave\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\StumbleUpon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-2075612851-348985100-2488228609-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3133 octets] - [11/06/2013 19:07:36]

########## EOF - C:\AdwCleaner[R1].txt - [3193 octets] ##########
 

 

 

OTL logfile created on: 6/11/2013 7:10:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dave\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 29.71% Memory free
6.20 Gb Paging File | 4.10 Gb Available in Paging File | 66.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.56 Gb Total Space | 96.37 Gb Free Space | 43.69% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 1.49 Gb Free Space | 12.12% Space Free | Partition Type: NTFS
 
Computer Name: DAVEMOBILE | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/11 19:06:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/12/21 21:02:05 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/10/10 13:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/09/29 08:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/09/29 08:52:52 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/09/11 13:51:48 | 001,811,704 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/12/04 15:13:34 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/12/04 15:13:34 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/07/12 13:43:50 | 000,226,904 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.1.22\wincfi39.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/10/22 16:35:00 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008/10/22 16:35:00 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008/10/22 16:35:00 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2008/10/22 16:34:58 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008/10/22 16:34:08 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/12/04 15:07:28 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/12/04 14:55:36 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/06/11 18:59:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/22 20:58:00 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/25 18:19:58 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/12/21 21:02:05 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/10/10 13:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe -- (MCLIENT)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/09/29 08:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/09/11 13:51:48 | 001,811,704 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/27 16:25:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Dave\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/06/07 19:26:22 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130610.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/06/07 19:26:22 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130610.025\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/31 11:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130531.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/04/14 16:18:40 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/04/14 11:16:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/04/14 11:16:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/04/12 15:59:32 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130608.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/01/30 22:18:18 | 000,350,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symtdiv.sys -- (SYMTDIv)
DRV - [2013/01/30 22:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symefa.sys -- (SymEFA)
DRV - [2013/01/28 20:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1403010.016\srtsp.sys -- (SRTSP)
DRV - [2013/01/28 20:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\srtspx.sys -- (SRTSPX)
DRV - [2013/01/21 21:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1403010.016\symds.sys -- (SymDS)
DRV - [2012/11/15 21:45:16 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2012/11/15 21:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\ironx86.sys -- (SymIRON)
DRV - [2012/11/15 21:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1403010.016\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/10/03 12:19:14 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys -- (ccSet_MCLIENT)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/09 17:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/09/14 10:31:54 | 000,659,328 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/07/08 19:41:34 | 001,191,552 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw72DTV.sys -- (hcw72DTV)
DRV - [2008/07/08 19:37:02 | 001,198,720 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw72ATV.sys -- (hcw72ATV)
DRV - [2008/07/08 19:35:46 | 000,027,904 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw72ADFilter.sys -- (hcw72ADFilter)
DRV - [2008/01/25 00:46:40 | 000,106,496 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/08/15 16:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\n558.sys -- (n558)
DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/15 13:23:40 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2plms.sys -- (ser2plms)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {2EB0099A-73A8-4524-94E8-4129AA76060E}
IE - HKLM\..\SearchScopes\{2EB0099A-73A8-4524-94E8-4129AA76060E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{7DE94659-AF72-403C-8167-EC9A9F125D4E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..\SearchScopes,DefaultScope = {BED391BB-F56A-48CE-BC93-2047C50FDB2F}
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..\SearchScopes\{2EB0099A-73A8-4524-94E8-4129AA76060E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..\SearchScopes\{7DE94659-AF72-403C-8167-EC9A9F125D4E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..\SearchScopes\{BED391BB-F56A-48CE-BC93-2047C50FDB2F}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7BC0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51%7D:2.3.54
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.14.755
FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.26
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.67
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@autodesk.com/DWF: C:\Program Files\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009/10/10 20:34:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/04/14 16:19:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013/06/10 22:24:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/27 20:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/25 14:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/25 14:03:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009/10/10 20:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/25 14:03:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/25 14:03:45 | 000,000,000 | ---D | M]
 
[2008/07/26 20:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2013/05/25 12:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\extensions
[2012/11/29 22:07:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/05/25 12:51:45 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2013/05/13 19:23:13 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2010/02/10 20:36:09 | 000,000,000 | ---D | M] (Answers) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2009/01/10 23:57:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(505)
[2013/05/09 06:01:16 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/02/02 19:31:08 | 000,002,470 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\searchplugins\safesearch.xml
[2013/05/22 20:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/22 20:58:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/27 20:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/06/10 22:24:48 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\COFFPLGN
[2013/04/14 16:19:50 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPLGN
 
O1 HOSTS File: ([2013/06/10 22:25:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000..\Run: [Akamai NetSession Interface] C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2075612851-348985100-2488228609-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A8124B-010A-4CFF-8B67-A4B39E40A7C9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dave\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/25 23:52:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/11 19:06:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2013/06/10 22:31:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/10 22:25:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/10 22:22:03 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\temp
[2013/06/10 19:45:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/10 19:45:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/10 19:45:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/10 19:42:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/10 19:42:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/10 19:38:33 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe
[2013/06/10 19:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/10 19:07:51 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\mbar-1.06.0.1003
[2013/06/10 19:03:47 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\New Folder
[2013/06/10 18:57:10 | 002,240,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2013/06/09 15:16:41 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dave\Desktop\dds.com
[2013/06/08 21:50:30 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\ProcessExplorer
[2013/06/08 09:02:01 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Users\Dave\Desktop\NPE.exe
[2013/06/01 15:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/01 15:43:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/01 15:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/30 21:32:01 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys
[2013/05/30 21:31:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
[2013/05/30 21:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Management
[2013/05/30 21:31:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT
[2013/05/30 21:31:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT\0302000.013
[2013/05/30 07:26:37 | 000,036,512 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013/05/25 14:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/25 14:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/05/25 13:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/25 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/25 13:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/25 13:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/22 20:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/14 20:05:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/14 19:54:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/14 19:54:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/14 19:54:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/14 19:54:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/14 19:54:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/14 19:54:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/14 19:54:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/14 19:23:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/14 19:23:15 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/01/03 20:51:23 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009/01/03 20:51:23 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009/01/03 20:51:22 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009/01/03 20:51:22 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009/01/03 20:51:22 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/11 19:20:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/11 19:06:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.exe
[2013/06/11 19:05:50 | 000,648,201 | ---- | M] () -- C:\Users\Dave\Desktop\AdwCleaner.exe
[2013/06/11 19:04:11 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 18:58:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/11 18:58:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/11 18:58:31 | 000,244,339 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/11 18:58:31 | 000,244,339 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/11 18:58:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 18:58:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 18:58:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 18:58:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/10 22:32:10 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/10 22:32:10 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/10 22:27:14 | 000,000,471 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/06/10 22:25:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/06/10 22:24:14 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 22:22:43 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/10 20:04:08 | 000,890,839 | ---- | M] () -- C:\Users\Dave\Desktop\SecurityCheck.exe
[2013/06/10 19:38:41 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe
[2013/06/10 19:07:16 | 013,169,742 | ---- | M] () -- C:\Users\Dave\Desktop\mbar-1.06.0.1003.zip
[2013/06/10 18:57:19 | 002,240,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dave\Desktop\tdsskiller.exe
[2013/06/09 15:17:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dave\Desktop\dds.com
[2013/06/08 21:49:36 | 001,176,629 | ---- | M] () -- C:\Users\Dave\Desktop\ProcessExplorer.zip
[2013/06/08 09:02:21 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Users\Dave\Desktop\NPE.exe
[2013/06/04 01:53:56 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\isolate.ini
[2013/06/01 15:34:53 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDave.job
[2013/06/01 14:08:57 | 000,407,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/27 20:17:53 | 000,000,000 | ---- | M] () -- C:\END
[2013/05/23 21:09:47 | 000,008,059 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\symds.cat
[2013/05/23 00:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1404000.028\symefa.sys
[2013/05/23 00:25:28 | 000,007,583 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\symefa.cat
[2013/05/23 00:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\symefa.inf
[2013/05/21 00:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1404000.028\symds.sys
[2013/05/21 00:02:00 | 000,002,852 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\symds.inf
[2013/05/20 23:40:20 | 000,008,059 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.cat
[2013/05/16 00:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys
[2013/05/16 00:02:14 | 000,001,388 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.inf
[2013/05/13 21:34:00 | 000,000,115 | ---- | M] () -- C:\Users\Dave\.ewanapi_cookie
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/11 19:05:49 | 000,648,201 | ---- | C] () -- C:\Users\Dave\Desktop\AdwCleaner.exe
[2013/06/10 20:04:08 | 000,890,839 | ---- | C] () -- C:\Users\Dave\Desktop\SecurityCheck.exe
[2013/06/10 19:45:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/10 19:45:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/10 19:45:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/10 19:45:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/10 19:45:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/10 19:06:06 | 013,169,742 | ---- | C] () -- C:\Users\Dave\Desktop\mbar-1.06.0.1003.zip
[2013/06/08 21:49:35 | 001,176,629 | ---- | C] () -- C:\Users\Dave\Desktop\ProcessExplorer.zip
[2013/06/08 15:31:53 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/30 21:31:58 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.cat
[2013/05/30 21:31:58 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.inf
[2013/05/30 21:31:58 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\isolate.ini
[2013/05/27 20:17:53 | 000,000,000 | ---- | C] () -- C:\END
[2013/02/02 21:26:26 | 000,000,115 | ---- | C] () -- C:\Users\Dave\.ewanapi_cookie
[2012/01/27 17:12:32 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2009/01/03 20:48:05 | 000,000,471 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/01/03 20:08:38 | 000,244,339 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/03 20:08:38 | 000,244,339 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/03/23 11:20:29 | 000,007,916 | ---- | C] () -- C:\Users\Dave\AppData\Local\d3d9caps.dat
[2008/02/24 13:49:41 | 000,027,503 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\UserTile.png
[2008/02/23 16:41:53 | 000,019,968 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/22 07:27:16 | 000,097,880 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\nvModes.001
[2008/02/22 07:15:06 | 000,097,880 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Dave\Documents\David White Taser.MOV:TOC.WMV

< End of report >
 

 

 

OTL Extras logfile created on: 6/11/2013 7:10:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dave\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 29.71% Memory free
6.20 Gb Paging File | 4.10 Gb Available in Paging File | 66.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.56 Gb Total Space | 96.37 Gb Free Space | 43.69% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 1.49 Gb Free Space | 12.12% Space Free | Partition Type: NTFS
 
Computer Name: DAVEMOBILE | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2075612851-348985100-2488228609-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013006EE-5F5A-4608-960D-3BD21039EE0C}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{32245030-AB53-467C-80F3-C18121543855}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94F579C3-4BEC-45F4-8D16-D9602780B3A8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9D9B7C6F-9E68-4838-BA3B-C271BC3C3897}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CA2E0D2C-5F90-4EDB-8CE3-B4DCAA0BCF55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DE6C4CFD-AA69-44B7-87B2-D4416B2C938E}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{139E8357-3FD3-40B6-803D-33FD8041D66D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{1BEB838A-B1EB-4DCF-809E-CB368005F905}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{22711DA2-8728-4798-B91F-05ED7BF3851A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{23D4EF0D-3B86-4ABE-8323-371231521973}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{24AF786A-C547-41EF-B799-D6D219284F35}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{271F2236-1B6D-41BA-92B6-A4210D01F160}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{273DF46E-CA7A-4C2B-BF36-8F62AF27457F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{391B6388-EF39-4888-80F0-848D80BEDBAC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{40245AFD-AF59-4183-8FE0-224EF61A346A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{42F732BF-BC62-486A-98E9-287BD4D8D249}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4CB2B037-E6D7-4C01-A48E-62674D02F614}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{547192FF-6A40-4864-9D00-AFECDB174310}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{62CB39E4-423C-4053-9F3B-94C155728559}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{6EAA3364-B7A3-48D1-80B3-F088A439D8FA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{712CAACA-EEF9-4FE2-BF99-9192DB8FA710}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{73E776EE-C59E-4B3B-9037-BDFAAB4F3BED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A7957594-0D6A-4A6D-BBEF-A76FA5A2BF17}" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
"{AEA3979A-0283-4B8F-AB9E-6CA3EDAA7411}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D2F39CB5-5C88-4092-B8BD-151338A596F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{E2EBDE1E-6623-4BAC-B239-F71B0EDBECB0}" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\akamai\netsession_win.exe |
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{166EABB1-F073-40CD-866B-E457C35A41BC}" = TurboTax 2012 wwiiper
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A5D65E1-B438-4148-97E3-1BC3627BEC71}" = DigitalPersona Personal 4.11
"{1BCD4650-C76A-45A0-B8F1-FD8709DE2E52}" = hpgN6310
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{539B83B9-1233-4404-BF2A-4307416B0032}" = HP Scanjet N6310
"{5783F2D7-B028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A475EF0-35F9-46AA-AD6F-FD3D8E568D9D}" = TurboTax 2011 wwiiper
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F136F0-2AE5-420C-A0B6-A440AD42591C}" = AuthenTec Fingerprint Software
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C21C30F2-521C-4F86-882E-60CDCE615FBD}" = Intel® IPP Run-Time Installer 5.3 for Windows* on IA-32
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software  1.10.13.1
"{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}" = Autodesk Design Review Browser Add-on v1.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}" = Microsoft Easy Assist v2
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Akamai" = Akamai NetSession Interface Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"DivX Setup" = DivX Setup
"DWG TrueView 2013" = DWG TrueView 2013
"EOS Utility" = Canon Utilities EOS Utility
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.24341)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCLIENT" = Norton Management
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360 Premier Edition
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2075612851-348985100-2488228609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/16/2009 7:26:37 PM | Computer Name = DaveMobile | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Dave\AppData\Local\Temp\NAVW32.EXE.manifest".
Dependent
 Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 9/16/2009 7:26:37 PM | Computer Name = DaveMobile | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Dave\AppData\Local\Temp\NAVWNT.EXE.manifest".
Dependent
 Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/6/2009 10:34:31 PM | Computer Name = DaveMobile | Source = Application Error | ID = 1000
Description = Faulting application mobsync.exe, version 6.0.6001.18000, time stamp
 0x47918e41, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
 exception code 0xc0000374, fault offset 0x000afaf8,  process id 0x1024, application
 start time 0x01ca46f6b2f715c8.
 
Error - 10/9/2009 7:11:43 AM | Computer Name = DaveMobile | Source = ESENT | ID = 215
Description = WinMail (6332) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
Error - 10/11/2009 2:32:10 PM | Computer Name = DaveMobile | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Hewlett-Packard\HP
 Advisor\SecurityStatusServer.dll".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/11/2009 2:32:36 PM | Computer Name = DaveMobile | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Hewlett-Packard\HP
 Advisor\SecurityStatusServer.dll".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/11/2009 2:33:20 PM | Computer Name = DaveMobile | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Hewlett-Packard\HP
 Advisor\SecurityStatusServer.dll".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/11/2009 8:40:22 PM | Computer Name = DaveMobile | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Hewlett-Packard\HP
 Advisor\SecurityStatusServer.dll".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/11/2009 8:40:45 PM | Computer Name = DaveMobile | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Hewlett-Packard\HP
 Advisor\SecurityStatusServer.dll".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 10/11/2009 8:41:51 PM | Computer Name = DaveMobile | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Hewlett-Packard\HP
 Advisor\SecurityStatusServer.dll".  Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ Media Center Events ]
Error - 4/6/2008 3:31:31 PM | Computer Name = DaveMobile | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 6/8/2008 11:02:25 PM | Computer Name = DaveMobile | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 10/1/2008 10:24:54 PM | Computer Name = DaveMobile | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 10/27/2008 7:38:21 PM | Computer Name = DaveMobile | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 11/16/2008 3:31:39 AM | Computer Name = DaveMobile | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 11/19/2008 9:36:58 PM | Computer Name = DaveMobile | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 12/31/2008 6:34:14 PM | Computer Name = DaveMobile | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 6/7/2010 12:07:52 AM | Computer Name = DaveMobile | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 5/15/2011 9:38:37 AM | Computer Name = DaveMobile | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
[ System Events ]
Error - 6/10/2013 11:11:35 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7034
Description =
 
Error - 6/10/2013 11:11:35 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7034
Description =
 
Error - 6/10/2013 11:11:35 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7031
Description =
 
Error - 6/10/2013 11:11:35 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7031
Description =
 
Error - 6/10/2013 11:11:35 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7031
Description =
 
Error - 6/10/2013 11:11:50 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7031
Description =
 
Error - 6/10/2013 11:17:51 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7030
Description =
 
Error - 6/10/2013 11:22:07 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7030
Description =
 
Error - 6/10/2013 11:22:17 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7030
Description =
 
Error - 6/10/2013 11:25:46 PM | Computer Name = DaveMobile | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=044ab147c868364b9145461752236d82
# engine=14051
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-12 05:10:48
# local_time=2013-06-12 12:10:48 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3592 16777213 100 93 1512108 121589944 0 0
# compatibility_mode=5892 16776574 100 100 85321104 207621376 0 0
# scanned=242515
# found=0
# cleaned=0
# scan_time=15523
 



#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:17 PM

Posted 12 June 2013 - 09:40 AM

----------Step 1----------------
We need to run an OTL Fix
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.

    :OTL
    @Alternate Data Stream - 64 bytes -> C:\Users\Dave\Documents\David White Taser.MOV:TOC.WMV
    
    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
----------Step 2----------------
Instructions for DELETE:
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Edited by D-FRED-BROWN, 12 June 2013 - 09:40 AM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#10 elite1dmw

elite1dmw
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 12 June 2013 - 07:17 PM

The above steps were performed successfully, and the reports are listed below. The computer seems to be running well.

 

All processes killed
========== OTL ==========
ADS C:\Users\Dave\Documents\David White Taser.MOV:TOC.WMV deleted successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Dave
->Temp folder emptied: 32591 bytes
->Temporary Internet Files folder emptied: 772357 bytes
->Java cache emptied: 74888499 bytes
->FireFox cache emptied: 64649257 bytes
->Apple Safari cache emptied: 11225088 bytes
->Flash cache emptied: 655 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 2821466 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 147.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Dave
->Java cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Guest
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Dave
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Guest
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06122013_185947

Files\Folders moved on Reboot...
C:\Users\Dave\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

 

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 19:07:22
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Dave - DAVEMOBILE
# Boot Mode : Normal
# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\searchplugins\safesearch.xml
Folder Deleted : C:\Users\Dave\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Dave\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\StumbleUpon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\np6e2eqz.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3037 octets] - [12/06/2013 19:07:22]

########## EOF - C:\AdwCleaner[S1].txt - [3097 octets] ##########
 



#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:17 PM

Posted 12 June 2013 - 07:40 PM

Glad to hear things are running better. Judging by your last few logs, I'd say your system is clean. smile.png

---------

Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware.

 


Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your
system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

 

---------

 

Upgrade Java : (32 bits)

  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.[/b]".
  • Click on the link to download Windows Offline Installation 32 bit ( jre-7u3-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-i586.exe and select "Run as an Administrator.")

---------

 

Please let me know how the updates went, as failed updates may be due to malware.


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#12 elite1dmw

elite1dmw
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 12 June 2013 - 09:46 PM

Great! It's good to hear that my system is now clean(thanks to you!) I downloaded the above software, removed old versions, then installed the newest versions. The Java update, did not list Java 7 update 3. The latest version was Java 7 update 21. I installed that one. After installing it, my computer ran very slow for a while, and I received a Norton Performance alert for "high disk read usage by host process for windows services". Not sure if that was related to the install or not, but everything seems to be running great now.



#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:17 PM

Posted 12 June 2013 - 10:01 PM

The Java update, did not list Java 7 update 3. The latest version was Java 7 update 21. I installed that one. After installing it, my computer ran very slow for a while, and I received a Norton Performance alert for "high disk read usage by host process for windows services". Not sure if that was related to the install or not, but everything seems to be running great now.

It happens. Try rebooting- if it keeps happening often (the system running unsually slow) let me know.
 
---------
 
Glad to hear the updates went successfully!

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, however we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:
  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.
-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG
Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions availableA tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.

 

---------------------------------------------------------


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:
paypal.gif Every little bit helps. :)

-DFB

Edited by D-FRED-BROWN, 12 June 2013 - 10:01 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#14 elite1dmw

elite1dmw
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 13 June 2013 - 09:49 PM

Thank you for all your help. Let's hope that I don't need it again any time soon!



#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:11:17 PM

Posted 13 June 2013 - 09:56 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users