Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit infection. No longer have Adminstrator user account.


  • This topic is locked This topic is locked
220 replies to this topic

#1 jjrob

jjrob

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 20 October 2013 - 07:52 AM

Windows XP Home Edition, SP3

Dell Dimension 8300

 

 

Recently, I have noticed during normal restart that I am no longer given a choice of logging in under My Name or Administrator.  The restart leads to Windows screen and then goes straight to the Windows desktop.  I DO have a choice when I restart in Safe Mode.   Here are the following problems I have noticed so far:

 

-Updates from Windows Update download and install but do not complete on restart.  The same updates exist as though they were never downloaded and installed.

 

-After returning to the computer from inactivity, it frequently has shut down on it's own and restarted.  Maybe this is related to it trying to complete Window Update install...I am not sure.

 

-Under User Accounts in Control Panel, the following exists:  My Name with computer administrator underneath, Guest with Guest account is off underneath.  There is no separate Administrator account listing.

 

-After right-clicking My Computer and then Manage, there is no listing for User Accounts under Computer Management.

 

Please help ASAP.  Thank you.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Jay Goldbaum at 8:09:51 on 2013-10-20
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1187 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FingerPrint\FingerPrintService.exe
C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
C:\Documents and Settings\Jay Goldbaum\Application Data\HP SimpleSave

Application\HPSSBackupMonitor.exe
C:\Program Files\FingerPrint\FingerPrint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton

360\engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program

files\norton 360\engine\21.1.0.18\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program

files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program

files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program

files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program

files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton

360\engine\21.1.0.18\coieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\jaygol~1\startm~1\programs\startup\hpsimp~1.lnk - c:\documents and

settings\jay goldbaum\application data\hp simplesave application\StartHelper.exe
StartupFolder: c:\docume~1\jaygol~1\startm~1\programs\startup\myprog~1.lnk - c:\program

files\fingerprint\FingerPrint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program

files\apc\powerchute personal edition\Display.exe
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program

files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program

files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program

files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program

files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: schonfeld.com
Trusted Zone: schonfeld.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} -

hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?134503

4063980
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} -

hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{39C64DFF-05CB-47FB-A0D9-AD13D2F45233} : DHCPNameServer = 192.168.1.1
Handler: bw+0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw+0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw-0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw-0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw00 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw00s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw10 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw10s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw20 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw20s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw30 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw30s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw40 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw40s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw50 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw50s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw60 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw60s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw70 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw70s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw80 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw80s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw90 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw90s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwa0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwa0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwb0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwb0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwc0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwc0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwd0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwd0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwe0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwe0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwf0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwf0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program

files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: bwg0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwg0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwh0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwh0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwi0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwi0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwj0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwj0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwk0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwk0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwl0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwl0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwm0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwm0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwn0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwn0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwo0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwo0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwp0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwp0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwq0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwq0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwr0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwr0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bws0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bws0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwt0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwt0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwu0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwu0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwv0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwv0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bww0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bww0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwx0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwx0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwy0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwy0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwz0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwz0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop

messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft

office\office12\GrooveSystemServices.dll
Handler: offline-8876480 - {D1214E63-35D6-4210-894B-5B7BCF2D64A1} - c:\program

files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\759\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program

files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program

files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings

--verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jay goldbaum\application

data\mozilla\firefox\profiles\mbh9wbgl.default\
FF - prefs.js: browser.search.defaulturl -

hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbo

x-en-us&tb_uuid=20120621180456772&tb_oid=21-06-2012&tb_mrud=21-06-2012
FF - prefs.js: browser.startup.homepage -

hxxp://my.yahoo.com/?fr=yfp-t-403|https://us-mg6.mail.yahoo.com/neo/launch?.rand=3q5om0iem4482|ht

tp://www.nationalreview.com/corner/341825/closed-door-meeting-cantor-warned-civil-war-katrina-tri

nko
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate -

false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate -

false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1501000.012\symds.sys [2013-10-11

367704]
R0 SymEFA;Symantec Extended File

Attributes;c:\windows\system32\drivers\n360\1501000.012\symefa.sys [2013-10-11 935512]
R1 BHDrvx86;BHDrvx86;c:\program files\norton

360\nortondata\21.0.2.1\definitions\bashdefs\20131002.001\BHDrvx86.sys [2013-10-1 1097304]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1501000.012\ccsetx86.sys

[2013-10-11 127064]
R1 NEOFLTR_7114_23943;Juniper Networks TDI Filter Driver

(NEOFLTR_7114_23943);c:\windows\system32\drivers\NEOFLTR_7114_23943.SYS [2013-5-19 87144]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1501000.012\ironx86.sys

[2013-10-11 206936]
R2 APC Data Service;APC Data Service;c:\program files\apc\powerchute personal

edition\dataserv.exe [2012-1-24 21880]
R2 FingerPrint;FingerPrint Service;c:\program files\fingerprint\fingerprintservice.exe -start -->

c:\program files\fingerprint\FingerPrintService.exe -start [?]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-5-1

10448]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys

[2011-8-17 47640]
R2 N360;Norton 360;c:\program files\norton 360\engine\21.1.0.18\n360.exe [2013-10-13 264360]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-7-26 2944]
R3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-7-26 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-7-26

11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-7-26

10368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2013-10-13 108120]
R3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [2010-6-5

17376]
R3 IDSxpx86;IDSxpx86;c:\program files\norton

360\nortondata\21.0.2.1\definitions\ipsdefs\20131018.001\IDSXpx86.sys [2013-10-18 380824]
R3 NAVENG;NAVENG;c:\program files\norton

360\nortondata\21.0.2.1\definitions\virusdefs\20131019.005\NAVENG.SYS [2013-10-19 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton

360\nortondata\21.0.2.1\definitions\virusdefs\20131019.005\NAVEX15.SYS [2013-10-19 1612376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys -->

c:\program files\logmein\x86\RaInfo.sys [?]
S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys -->

c:\windows\system32\drivers\jnprva.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network

Adapter;c:\windows\system32\drivers\rtl8192su.sys [2013-8-21 606440]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20

754856]
S4 BackupService;BackupService;c:\documents and settings\jay goldbaum\application data\hp

simplesave application\uUACTokenSvc.exe [2011-3-15 83512]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-10-18 01:28:53    --------    dc-h--w-    c:\windows\ie8
2013-10-17 23:17:56    271256    ----a-w-    c:\program files\mozilla

firefox\browser\components\browsercomps.dll
2013-10-17 23:17:55    871608    ----a-w-    c:\program files\mozilla

firefox\uninstall\helper.exe
2013-10-17 23:17:39    27544    ----a-w-    c:\program files\mozilla

firefox\plugin-hang-ui.exe
2013-10-13 18:04:40    142936    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-10-13 18:04:40    --------    d-----w-    c:\program files\Symantec
2013-10-13 18:04:40    --------    d-----w-    c:\program files\common files\Symantec

Shared
2013-10-13 18:00:48    --------    d-----w-    c:\program files\Norton 360
2013-10-13 13:23:56    --------    d-----w-    c:\documents and settings\jay

goldbaum\local settings\application data\NPE
2013-10-12 12:57:37    --------    d-----w-    c:\documents and settings\jay

goldbaum\application data\Systweak
2013-10-12 02:53:10    421592    ----a-w-    

c:\windows\system32\drivers\n360\1501000.012\symtdi.sys
2013-10-12 02:53:10    383576    ----a-w-    

c:\windows\system32\drivers\n360\1501000.012\symtdiv.sys
2013-10-12 02:53:09    446552    ----a-w-    

c:\windows\system32\drivers\n360\1501000.012\symnets.sys
2013-10-12 02:53:09    21520    ----a-r-    

c:\windows\system32\drivers\n360\1501000.012\symelam.sys
2013-10-12 02:53:08    935512    ----a-w-    

c:\windows\system32\drivers\n360\1501000.012\symefa.sys
2013-10-12 02:53:08    651352    ----a-w-    

c:\windows\system32\drivers\n360\1501000.012\srtsp.sys
2013-10-12 02:53:08    367704    ----a-r-    

c:\windows\system32\drivers\n360\1501000.012\symds.sys
2013-10-12 02:53:08    32344    ----a-r-    

c:\windows\system32\drivers\n360\1501000.012\srtspx.sys
2013-10-12 02:53:08    206936    ----a-r-    

c:\windows\system32\drivers\n360\1501000.012\ironx86.sys
2013-10-12 02:53:08    127064    ----a-w-    

c:\windows\system32\drivers\n360\1501000.012\ccsetx86.sys
2013-10-12 02:51:52    14818    ----a-w-    

c:\windows\system32\drivers\n360\1501000.012\symvtcer.dat
2013-10-12 02:51:51    --------    d-----w-    

c:\windows\system32\drivers\n360\1501000.012
2013-10-10 20:25:13    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-10 20:25:13    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-10 20:24:31    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-10 20:24:31    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-10 20:24:31    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-10 20:24:31    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-09 00:21:42    17813896    ----a-w-    

c:\windows\system32\FlashPlayerInstaller.exe
2013-09-26 18:00:39    208760    ----a-w-    c:\program files\mozilla

firefox\plugins\nppdf32.dll
2013-09-26 18:00:39    208760    ----a-w-    c:\program files\internet

explorer\plugins\nppdf32.dll
2013-09-26 01:37:18    --------    d-----w-    c:\documents and settings\jay

goldbaum\local settings\application data\CheckPoint
2013-09-26 00:37:56    --------    d-----w-    c:\program files\CheckPoint
.
==================== Find3M  ====================
.
2013-10-09 00:22:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 00:22:19    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ------w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ------w-    c:\windows\system32\html.iec
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-21 23:43:09    21361    ----a-w-    c:\windows\system32\drivers\AegisP.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 18:18:38    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-08-02 03:35:14    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-08-02 03:35:02    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-08-02 03:35:02    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-02 03:35:02    144896    ----a-w-    c:\windows\system32\javacpl.cpl
.
============= FINISH:  8:11:41.31 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 AM

Posted 25 October 2013 - 07:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/511319 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jjrob

jjrob
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 27 October 2013 - 11:38 AM

Here is a repost of the original problem with some additions:
 

Windows XP Home Edition, SP3

Version 2002

32bit

Dell Dimension 8300

 

Recently, I have noticed during normal restart that I am no longer given a choice of logging in under My Name or Administrator.  The restart leads to Windows screen and then goes straight to the Windows desktop.  I DO have a choice when I restart in Safe Mode.   Here are the following problems I have noticed so far:

 

-Updates from Windows Update download and install but do not complete on restart.  The same updates exist as though they were never downloaded and installed.

 

-After returning to the computer from inactivity OVERNIGHT , it has shut down on it's own and restarted.   Maybe this is related to it trying to complete Window Update install...I am not sure.  Last night, it didn't complete the shutdown (Blue screen saying Windows is Shutting Down) and I had to hold down the Power button.   

 

-Under User Accounts in Control Panel, the following exists:  My Name with computer administrator underneath, Guest with Guest account is off underneath.  There is no separate Administrator account listing.

 

-After right-clicking My Computer and then Manage, there is no listing for User Accounts under Computer Management.

 

-I have the following original CDs:

1) Dell Dimension Resource CD

2) Reinstallation CD Windows XP Home Edition Including SP 1a

 

Please help ASAP.  Thank you.

 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Jay Goldbaum at 12:13:30 on 2013-10-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1027 [GMT -4:00]
.
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FingerPrint\FingerPrintService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
C:\Documents and Settings\Jay Goldbaum\Application Data\HP SimpleSave Application\HPSSBackupMonitor.exe
C:\Program Files\FingerPrint\FingerPrint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.1.0.18\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.1.0.18\coieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\jaygol~1\startm~1\programs\startup\hpsimp~1.lnk - c:\documents and settings\jay goldbaum\application data\hp simplesave application\StartHelper.exe
StartupFolder: c:\docume~1\jaygol~1\startm~1\programs\startup\myprog~1.lnk - c:\program files\fingerprint\FingerPrint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\powerchute personal edition\Display.exe
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: schonfeld.com
Trusted Zone: schonfeld.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345034063980
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{39C64DFF-05CB-47FB-A0D9-AD13D2F45233} : DHCPNameServer = 192.168.1.1
Handler: bw+0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw+0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw-0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw-0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw00 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw00s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw10 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw10s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw20 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw20s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw30 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw30s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw40 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw40s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw50 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw50s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw60 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw60s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw70 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw70s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw80 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw80s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw90 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bw90s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwa0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwa0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwb0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwb0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwc0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwc0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwd0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwd0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwe0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwe0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwf0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwf0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: bwg0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwg0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwh0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwh0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwi0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwi0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwj0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwj0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwk0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwk0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwl0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwl0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwm0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwm0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwn0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwn0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwo0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwo0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwp0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwp0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwq0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwq0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwr0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwr0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bws0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bws0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwt0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwt0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwu0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwu0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwv0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwv0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bww0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bww0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwx0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwx0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwy0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwy0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwz0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: bwz0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: offline-8876480 - {D1214E63-35D6-4210-894B-5B7BCF2D64A1} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\759\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jay goldbaum\application data\mozilla\firefox\profiles\mbh9wbgl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20120621180456772&tb_oid=21-06-2012&tb_mrud=21-06-2012
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1501000.012\symds.sys [2013-10-11 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1501000.012\symefa.sys [2013-10-11 935512]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.0.2.1\definitions\bashdefs\20131022.001\BHDrvx86.sys [2013-10-22 1096280]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1501000.012\ccsetx86.sys [2013-10-11 127064]
R1 NEOFLTR_7114_23943;Juniper Networks TDI Filter Driver (NEOFLTR_7114_23943);c:\windows\system32\drivers\NEOFLTR_7114_23943.SYS [2013-5-19 87144]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1501000.012\ironx86.sys [2013-10-11 206936]
R2 APC Data Service;APC Data Service;c:\program files\apc\powerchute personal edition\dataserv.exe [2012-1-24 21880]
R2 FingerPrint;FingerPrint Service;c:\program files\fingerprint\fingerprintservice.exe -start --> c:\program files\fingerprint\FingerPrintService.exe -start [?]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-5-1 10448]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-8-17 47640]
R2 N360;Norton 360;c:\program files\norton 360\engine\21.1.0.18\n360.exe [2013-10-13 264360]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-7-26 2944]
R3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-7-26 60416]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-7-26 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-7-26 10368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-10-13 108120]
R3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [2010-6-5 17376]
R3 IDSxpx86;IDSxpx86;c:\program files\norton 360\nortondata\21.0.2.1\definitions\ipsdefs\20131025.001\IDSXpx86.sys [2013-10-25 380824]
R3 NAVENG;NAVENG;c:\program files\norton 360\nortondata\21.0.2.1\definitions\virusdefs\20131026.007\NAVENG.SYS [2013-10-26 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton 360\nortondata\21.0.2.1\definitions\virusdefs\20131026.007\NAVEX15.SYS [2013-10-26 1612376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys --> c:\windows\system32\drivers\jnprva.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2013-8-21 606440]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 BackupService;BackupService;c:\documents and settings\jay goldbaum\application data\hp simplesave application\uUACTokenSvc.exe [2011-3-15 83512]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-10-24 09:52:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-24 09:52:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-24 00:38:04 -------- d-----w- c:\program files\iPod
2013-10-24 00:37:06 -------- d-----w- c:\program files\iTunes
2013-10-24 00:37:06 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-18 01:28:53 -------- dc-h--w- c:\windows\ie8
2013-10-17 23:17:56 271256 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-10-17 23:17:55 871608 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-10-17 23:17:39 27544 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-10-13 18:04:40 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-10-13 18:04:40 -------- d-----w- c:\program files\Symantec
2013-10-13 18:04:40 -------- d-----w- c:\program files\common files\Symantec Shared
2013-10-13 18:00:48 -------- d-----w- c:\program files\Norton 360
2013-10-13 13:23:56 -------- d-----w- c:\documents and settings\jay goldbaum\local settings\application data\NPE
2013-10-12 12:57:37 -------- d-----w- c:\documents and settings\jay goldbaum\application data\Systweak
2013-10-12 02:53:10 421592 ----a-w- c:\windows\system32\drivers\n360\1501000.012\symtdi.sys
2013-10-12 02:53:10 383576 ----a-w- c:\windows\system32\drivers\n360\1501000.012\symtdiv.sys
2013-10-12 02:53:09 446552 ----a-w- c:\windows\system32\drivers\n360\1501000.012\symnets.sys
2013-10-12 02:53:09 21520 ----a-r- c:\windows\system32\drivers\n360\1501000.012\symelam.sys
2013-10-12 02:53:08 935512 ----a-w- c:\windows\system32\drivers\n360\1501000.012\symefa.sys
2013-10-12 02:53:08 651352 ----a-w- c:\windows\system32\drivers\n360\1501000.012\srtsp.sys
2013-10-12 02:53:08 367704 ----a-r- c:\windows\system32\drivers\n360\1501000.012\symds.sys
2013-10-12 02:53:08 32344 ----a-r- c:\windows\system32\drivers\n360\1501000.012\srtspx.sys
2013-10-12 02:53:08 206936 ----a-r- c:\windows\system32\drivers\n360\1501000.012\ironx86.sys
2013-10-12 02:53:08 127064 ----a-w- c:\windows\system32\drivers\n360\1501000.012\ccsetx86.sys
2013-10-12 02:51:51 -------- d-----w- c:\windows\system32\drivers\n360\1501000.012
2013-10-10 20:25:13 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-10 20:25:13 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-10 20:24:31 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-10 20:24:31 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-10-10 20:24:31 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-10 20:24:31 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-09 00:21:42 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2013-10-09 00:22:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 00:22:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ------w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ------w- c:\windows\system32\html.iec
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-21 23:43:09 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 12:14:59.06 ===============
 


#4 jjrob

jjrob
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 27 October 2013 - 11:47 AM

See previous.  I had forgotten to attach new Attach file which I have done with this post.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 27 October 2013 - 07:34 PM

Greetings jjrob and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 jjrob

jjrob
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 28 October 2013 - 08:54 PM

Hi Gary.  My name is Jay.

Below are the attached FRST and Addition 32bit results.  FYI, after the scan was completed and the results displayed, I got an red error box, AutoIt I believe with FRST comment included.  Not exactly sure about it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Jay Goldbaum (administrator) on OFFICE on 28-10-2013 18:16:46
Running from C:\Documents and Settings\Jay Goldbaum\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device 
 
Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Collobos Software) C:\Program Files\FingerPrint\FingerPrintService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Brother Industries, Ltd.) C:\WINDOWS\system32\BRMFRSMG.EXE
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
(Collobos Software) C:\Program Files\FingerPrint\FingerPrint.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Documents and Settings\Jay Goldbaum\Application Data\HP SimpleSave 
 
Application\HPSSBackupMonitor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application 
 
Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-19] 
 
(Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe 
 
[254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll ()
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\759\g2awinlogon.dll (Citrix 
 
Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, 
 
Inc.)
Winlogon\Notify\LMIinit: C:\Windows\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal 
 
Edition\Display.exe (Schneider Electric)
Startup: C:\Documents and Settings\Jay Goldbaum\Start Menu\Programs\Startup\HP SimpleSave 
 
Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\HP SimpleSave Application\StartHelper.exe ()
Startup: C:\Documents and Settings\Jay Goldbaum\Start Menu\Programs\Startup\My Program.lnk
ShortcutTarget: My Program.lnk -> C:\Program Files\FingerPrint\FingerPrint.exe (Collobos 
 
Software)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = 
 
HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = 
 
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = 
 
SearchScopes: HKCU - {6e748c7d-2523-4b09-a5b5-f237920a1628} URL = 
 
 
pe=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120621180456772&tb_oid=21-06-2012&tb_mrud=21-06-20
 
12
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = 
 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program 
 
Files\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program 
 
Files\Norton 360\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program 
 
Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program 
 
Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program 
 
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program 
 
Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program 
 
Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 
 
360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - 
 
C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll 
 
(Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} 
 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} 
 
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} 
 
Handler: bw+0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw+0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw-0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw-0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw00 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw00s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw10 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw10s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw20 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw20s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw30 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw30s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw40 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw40s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw50 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw50s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw60 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw60s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw70 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw70s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw80 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw80s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw90 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bw90s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwa0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwa0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwb0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwb0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwc0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwc0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwd0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwd0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwe0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwe0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwf0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwf0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program 
 
Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies 
 
Inc.                         )
Handler: bwg0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwg0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwh0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwh0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwi0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwi0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwj0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwj0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwk0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwk0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwl0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwl0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwm0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwm0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwn0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwn0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwo0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwo0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwp0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwp0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwq0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwq0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwr0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwr0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bws0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bws0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwt0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwt0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwu0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwu0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwv0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwv0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bww0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bww0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwx0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwx0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwy0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwy0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwz0 - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: bwz0s - {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                   
 
      )
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft 
 
Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: offline-8876480 - {D1214E63-35D6-4210-894B-5B7BCF2D64A1} - C:\Program 
 
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies 
 
Inc.                         )
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\Mozilla\Firefox\Profiles\mbh9wbgl.default
FF user.js: detected! => C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\user.js
FF Homepage: 
 
 
xp://www.nationalreview.com/corner/341825/closed-door-meeting-cantor-warned-civil-war-katrina-tri
 
nko
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll 
 
()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll 
 
(Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll 
 
()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll 
 
(Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program 
 
Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program 
 
Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft 
 
Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office 
 
Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo 
 
Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows 
 
Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program 
 
Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program 
 
Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe 
 
Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\searchplugins\safesearch.xml
FF Extension: No Name - C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\Extensions\nostmp
FF Extension: AddThis - C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF Extension: amznUWL2 - C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: readability - C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\Extensions\readability@readability.com.xpi
FF Extension: prefs - C:\Documents and Settings\Jay Goldbaum\Application 
 
Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.
 
xpi
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and 
 
Settings\All Users\Application 
 
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application 
 
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and 
 
Settings\All Users\Application 
 
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application 
 
Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF
 
Chrome: 
=======
CHR HomePage: hxxp://my.yahoo.com/
CHR RestoreOnStartup: "hxxp://my.yahoo.com/"
CHR Extension: (Google Docs) - C:\DOCUME~1\JAYGOL~1\LOCALS~1\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\JAYGOL~1\LOCALS~1\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\JAYGOL~1\LOCALS~1\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\JAYGOL~1\LOCALS~1\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\DOCUME~1\JAYGOL~1\LOCALS~1\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_1
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\JAYGOL~1\LOCALS~1\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\DOCUME~1\JAYGOL~1\LOCALS~1\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Documents and Settings\Jay 
 
Goldbaum\Application Data\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Documents and Settings\Jay 
 
Goldbaum\Application Data\Media Finder\Extensions\mf_plugin_gc.crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 
 
360\Engine\21.1.0.18\Exts\Chrome.crx
 
========================== Services (Whitelisted) =================
 
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 
 
2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 
 
2012-01-24] (Schneider Electric)
S4 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [385024 2004-07-10] ()
S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-07-11] ()
S4 BackupService; C:\Documents and Settings\Jay Goldbaum\Application Data\HP SimpleSave 
 
Application\uUACTokenSvc.exe [83512 2011-03-31] (ArcSoft, Inc.)
R2 FingerPrint; C:\Program Files\FingerPrint\FingerPrintService.exe [2202904 2013-03-01] 
 
(Collobos Software)
R2 N360; C:\Program Files\Norton 360\Engine\21.1.0.18\diMaster.dll [567600 2013-10-08] (Symantec 
 
Corporation)
S4 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-06-16] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program 
 
Files\Java\jre7\lib\deploy\jqs\jqs.conf"
 
==================== Drivers (Whitelisted) ====================
 
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-08-21] (Cisco Systems, Inc.)
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [25244 1999-09-10] (Adaptec)
R1 BHDrvx86; C:\Program Files\Norton 
 
360\NortonData\21.0.2.1\Definitions\BASHDefs\20131022.001\BHDrvx86.sys [1096280 2013-10-22] 
 
(Symantec Corporation)
R3 brfilt; C:\Windows\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
R3 BrUsbScn; C:\Windows\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries 
 
Ltd.)
S3 bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys [4272 2003-08-28] ()
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1501000.012\ccSetx86.sys [127064 2013-09-25] 
 
(Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-10-13] 
 
(Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec 
 
Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-10-13] (Symantec Corporation)
R3 GT680xNT; C:\Windows\System32\drivers\gt680x.sys [17376 2003-08-29] (         )
R3 IDSxpx86; C:\Program Files\Norton 
 
360\NortonData\21.0.2.1\Definitions\IPSDefs\20131025.002\IDSxpx86.sys [380824 2013-10-28] 
 
(Symantec Corporation)
S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36480 2005-05-20] (Logitech, Inc.)
R2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2011-01-11] (LogMeIn, Inc.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)
S3 MXOFX; C:\Windows\System32\DRIVERS\MXOFX.SYS [32512 2003-04-14] (Cypress Semiconductor)
R3 NAVENG; C:\Program Files\Norton 
 
360\NortonData\21.0.2.1\Definitions\VirusDefs\20131028.003\NAVENG.SYS [93272 2013-10-13] 
 
(Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 
 
360\NortonData\21.0.2.1\Definitions\VirusDefs\20131028.003\NAVEX15.SYS [1612376 2013-10-13] 
 
(Symantec Corporation)
R1 NEOFLTR_7114_23943; C:\WINDOWS\system32\Drivers\NEOFLTR_7114_23943.SYS [87144 2013-02-18] 
 
(Juniper Networks)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec 
 
Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1501000.012\SRTSPX.SYS [32344 2013-07-30] (Symantec 
 
Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1501000.012\SYMDS.SYS [367704 2013-07-31] (Symantec 
 
Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec 
 
Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-10-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1501000.012\Ironx86.SYS [206936 2013-07-31] 
 
(Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\N360\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec 
 
Corporation)
S3 catchme; \??\C:\DOCUME~1\JAYGOL~1\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
S3 jnprva; system32\DRIVERS\jnprva.sys [x]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; 
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-28 18:16 - 2013-10-28 18:16 - 00000000 ____D C:\FRST
2013-10-28 03:00 - 2013-10-28 03:20 - 00028226 _____ C:\WINDOWS\setupapi.log
2013-10-24 05:52 - 2013-10-24 05:52 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-24 05:52 - 2013-10-24 05:52 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Java
2013-10-24 05:52 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-24 05:52 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\javaws.exe
2013-10-24 05:52 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\javaw.exe
2013-10-24 05:52 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\java.exe
2013-10-24 05:52 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\javacpl.cpl
2013-10-24 05:49 - 2013-10-24 05:52 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-23 20:41 - 2013-10-23 20:41 - 00001542 _____ C:\Documents and Settings\All 
 
Users\Desktop\iTunes.lnk
2013-10-23 20:41 - 2013-10-23 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\iTunes
2013-10-23 20:38 - 2013-10-23 20:38 - 00000000 ____D C:\Program Files\iPod
2013-10-23 20:37 - 2013-10-23 20:41 - 00000000 ____D C:\Program Files\iTunes
2013-10-23 20:37 - 2013-10-23 20:41 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-20 08:11 - 2013-10-27 12:20 - 00027234 _____ C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\attach.txt
2013-10-20 08:11 - 2013-10-27 12:17 - 00027588 _____ C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\dds.txt
2013-10-20 08:08 - 2013-10-20 08:08 - 00688992 ____R (Swearware) C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\dds(1).com
2013-10-18 14:30 - 2013-10-18 14:30 - 00000000 ____D C:\Documents and 
 
Settings\Administrator\Application Data\Malwarebytes
2013-10-18 03:01 - 2013-10-18 03:06 - 00006875 _____ C:\WINDOWS\KB2510531-IE8.log
2013-10-17 21:37 - 2013-10-17 21:38 - 00036924 _____ C:\WINDOWS\KB2744842-IE8.log
2013-10-17 21:35 - 2013-10-17 21:37 - 00039967 _____ C:\WINDOWS\KB2618444-IE8.log
2013-10-17 21:35 - 2013-10-17 21:35 - 00033149 _____ C:\WINDOWS\KB2598845-IE8.log
2013-10-17 21:32 - 2013-10-17 21:35 - 00044333 _____ C:\WINDOWS\KB982381-IE8.log
2013-10-17 21:31 - 2013-10-17 21:44 - 00006923 _____ C:\WINDOWS\spupdsvc.log
2013-10-17 21:28 - 2013-10-17 21:31 - 00046536 _____ C:\WINDOWS\ie8.log
2013-10-17 21:28 - 2013-10-17 21:31 - 00000000 __HDC C:\WINDOWS\ie8
2013-10-17 19:18 - 2013-10-17 19:22 - 00032116 _____ C:\WINDOWS\ie8Uninst.log
2013-10-17 19:17 - 2013-10-17 21:41 - 00233948 _____ C:\WINDOWS\ie8_main.log
2013-10-13 14:04 - 2013-10-17 00:22 - 00001819 _____ C:\Documents and Settings\All 
 
Users\Desktop\Norton 360.LNK
2013-10-13 14:04 - 2013-10-13 17:06 - 00000000 ____D C:\Program Files\Common Files\Symantec 
 
Shared
2013-10-13 14:04 - 2013-10-13 14:04 - 00142936 _____ (Symantec Corporation) 
 
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2013-10-13 14:04 - 2013-10-13 14:04 - 00008194 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2013-10-13 14:04 - 2013-10-13 14:04 - 00000000 ____D C:\Program Files\Symantec
2013-10-13 14:00 - 2013-10-17 00:22 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Norton 360
2013-10-13 14:00 - 2013-10-13 14:00 - 00000000 ____D C:\Program Files\Norton 360
2013-10-13 09:23 - 2013-10-16 20:42 - 00000000 ____D C:\Documents and Settings\Jay Goldbaum\Local 
 
Settings\Application Data\NPE
2013-10-12 17:10 - 2013-10-12 17:10 - 00000873 _____ C:\Documents and Settings\Jay Goldbaum\Start 
 
Menu\BitTorrent.lnk
2013-10-12 09:23 - 2013-10-12 09:23 - 00000845 _____ C:\Documents and Settings\All 
 
Users\Desktop\Leawo Video Converter.lnk
2013-10-12 09:17 - 2013-10-12 09:17 - 00000719 _____ C:\Documents and Settings\All 
 
Users\Desktop\VLC media player.lnk
2013-10-12 09:17 - 2013-10-12 09:17 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\VideoLAN
2013-10-12 08:57 - 2013-10-12 08:57 - 00000000 ____D C:\Documents and Settings\Jay 
 
Goldbaum\Application Data\Systweak
2013-10-11 21:41 - 2013-10-11 21:41 - 00000751 _____ C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\Norton Installation Files.lnk
2013-10-11 18:57 - 2013-10-11 18:57 - 02986440 _____ (Symantec Corporation) C:\Documents and 
 
Settings\Jay Goldbaum\Desktop\NPE.exe
2013-10-11 03:58 - 2013-10-11 03:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 03:56 - 2013-10-11 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 03:55 - 2013-10-11 03:56 - 00136087 _____ C:\WINDOWS\KB2862335.log
2013-10-11 03:27 - 2013-10-11 03:27 - 00020176 _____ C:\WINDOWS\KB2868038.log
2013-10-11 03:27 - 2013-10-11 03:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 03:23 - 2013-10-17 21:41 - 00045541 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-11 03:23 - 2013-10-11 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 03:22 - 2013-10-11 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-10 18:26 - 2013-10-10 18:26 - 00344156 _____ C:\Documents and Settings\LocalService\Local 
 
Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-790525478-839522115-1004-0.dat
2013-10-10 18:26 - 2013-10-10 18:26 - 00271346 _____ C:\Documents and Settings\LocalService\Local 
 
Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-10 16:25 - 2013-10-11 03:58 - 00195760 _____ C:\WINDOWS\KB2847311.log
2013-10-10 16:25 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) 
 
C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-10 16:25 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) 
 
C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-10 16:24 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) 
 
C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-10 16:24 - 2013-08-08 20:55 - 00032384 ____C (Microsoft Corporation) 
 
C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-10 16:24 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) 
 
C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-10 16:24 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) 
 
C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-08 20:21 - 2013-10-08 20:21 - 17813896 _____ (Adobe Systems Incorporated) 
 
C:\WINDOWS\system32\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
2013-10-28 18:16 - 2013-10-28 18:16 - 00000000 ____D C:\FRST
2013-10-28 17:21 - 2012-12-29 14:52 - 00000898 _____ 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-28 17:21 - 2012-09-03 15:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player 
 
Updater.job
2013-10-28 16:21 - 2012-12-29 14:52 - 00000894 _____ 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-28 09:37 - 2009-07-26 15:43 - 01365262 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-28 07:21 - 2009-07-26 13:55 - 00032502 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-28 06:36 - 2012-12-21 21:01 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Application Data\FingerPrintService
2013-10-28 05:20 - 2012-09-26 08:58 - 00000000 ____D C:\Documents and Settings\Jay Goldbaum\Local 
 
Settings\Application Data\FingerPrint
2013-10-28 03:20 - 2013-10-28 03:00 - 00028226 _____ C:\WINDOWS\setupapi.log
2013-10-28 03:20 - 2009-07-26 14:35 - 00002652 _____ C:\WINDOWS\BRMFBIDI.INI
2013-10-28 03:20 - 2009-07-26 06:31 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-28 03:20 - 2009-07-26 06:31 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-28 03:19 - 2009-07-26 13:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-28 03:18 - 2009-07-26 13:56 - 00000178 ___SH C:\Documents and Settings\Jay 
 
Goldbaum\ntuser.ini
2013-10-27 13:58 - 2009-07-26 15:05 - 00000000 ____D C:\Documents and Settings\Jay 
 
Goldbaum\Application Data\Adobe
2013-10-27 12:20 - 2013-10-20 08:11 - 00027234 _____ C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\attach.txt
2013-10-27 12:17 - 2013-10-20 08:11 - 00027588 _____ C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\dds.txt
2013-10-27 11:20 - 2013-08-03 16:20 - 01031306 _____ C:\WINDOWS\setupapi.log.1.old
2013-10-24 05:52 - 2013-10-24 05:52 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-24 05:52 - 2013-10-24 05:52 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Java
2013-10-24 05:52 - 2013-10-24 05:49 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-24 05:52 - 2009-07-27 16:16 - 00000000 ____D C:\Program Files\Java
2013-10-23 20:41 - 2013-10-23 20:41 - 00001542 _____ C:\Documents and Settings\All 
 
Users\Desktop\iTunes.lnk
2013-10-23 20:41 - 2013-10-23 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\iTunes
2013-10-23 20:41 - 2013-10-23 20:37 - 00000000 ____D C:\Program Files\iTunes
2013-10-23 20:41 - 2013-10-23 20:37 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-23 20:38 - 2013-10-23 20:38 - 00000000 ____D C:\Program Files\iPod
2013-10-23 20:37 - 2010-12-21 14:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-23 14:20 - 2011-06-11 19:37 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-23 05:30 - 2010-10-26 22:28 - 00000000 ____D C:\Documents and Settings\Jay 
 
Goldbaum\Application Data\vlc
2013-10-21 20:38 - 2009-07-26 15:05 - 00000000 ____D C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\Network Shared
2013-10-21 03:18 - 2009-07-26 13:56 - 00000000 ____D C:\Documents and Settings\Jay Goldbaum
2013-10-20 20:08 - 2009-07-26 17:41 - 00000000 ____D C:\Program Files\Palm
2013-10-20 08:08 - 2013-10-20 08:08 - 00688992 ____R (Swearware) C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\dds(1).com
2013-10-20 07:49 - 2013-07-18 20:45 - 00000178 ___SH C:\Documents and 
 
Settings\Administrator\ntuser.ini
2013-10-19 08:20 - 2009-07-26 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Microsoft Office
2013-10-19 08:20 - 2009-07-26 22:13 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Application Data\Microsoft Help
2013-10-18 14:30 - 2013-10-18 14:30 - 00000000 ____D C:\Documents and 
 
Settings\Administrator\Application Data\Malwarebytes
2013-10-18 03:06 - 2013-10-18 03:01 - 00006875 _____ C:\WINDOWS\KB2510531-IE8.log
2013-10-18 03:06 - 2013-08-15 03:19 - 00148385 _____ C:\WINDOWS\FaxSetup.log
2013-10-18 03:06 - 2013-08-15 03:19 - 00070944 _____ C:\WINDOWS\ocgen.log
2013-10-18 03:06 - 2013-08-15 03:19 - 00056616 _____ C:\WINDOWS\tsoc.log
2013-10-18 03:06 - 2013-08-15 03:19 - 00049185 _____ C:\WINDOWS\comsetup.log
2013-10-18 03:06 - 2013-08-15 03:19 - 00029858 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-18 03:06 - 2013-08-15 03:19 - 00023662 _____ C:\WINDOWS\iis6.log
2013-10-18 03:06 - 2013-08-15 03:19 - 00008208 _____ C:\WINDOWS\ocmsn.log
2013-10-18 03:06 - 2013-08-15 03:19 - 00007416 _____ C:\WINDOWS\msgsocm.log
2013-10-18 03:06 - 2013-08-15 03:19 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-17 21:44 - 2013-10-17 21:31 - 00006923 _____ C:\WINDOWS\spupdsvc.log
2013-10-17 21:44 - 2012-04-06 08:19 - 00000803 _____ C:\Documents and Settings\Jay Goldbaum\Start 
 
Menu\Programs\Internet Explorer.lnk
2013-10-17 21:44 - 2009-07-26 13:56 - 00000000 ___RD C:\Documents and Settings\Jay Goldbaum\Start 
 
Menu\Programs\Accessories
2013-10-17 21:43 - 2009-07-26 06:23 - 00000000 ____D C:\WINDOWS\Help
2013-10-17 21:41 - 2013-10-17 19:17 - 00233948 _____ C:\WINDOWS\ie8_main.log
2013-10-17 21:41 - 2013-10-11 03:23 - 00045541 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-17 21:41 - 2013-08-15 03:19 - 00054317 _____ C:\WINDOWS\updspapi.log
2013-10-17 21:41 - 2013-08-15 03:19 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-17 21:40 - 2013-08-15 03:45 - 00048043 _____ C:\WINDOWS\KB2862772-IE8.log
2013-10-17 21:38 - 2013-10-17 21:37 - 00036924 _____ C:\WINDOWS\KB2744842-IE8.log
2013-10-17 21:37 - 2013-10-17 21:35 - 00039967 _____ C:\WINDOWS\KB2618444-IE8.log
2013-10-17 21:35 - 2013-10-17 21:35 - 00033149 _____ C:\WINDOWS\KB2598845-IE8.log
2013-10-17 21:35 - 2013-10-17 21:32 - 00044333 _____ C:\WINDOWS\KB982381-IE8.log
2013-10-17 21:31 - 2013-10-17 21:28 - 00046536 _____ C:\WINDOWS\ie8.log
2013-10-17 21:31 - 2013-10-17 21:28 - 00000000 __HDC C:\WINDOWS\ie8
2013-10-17 21:30 - 2009-07-26 06:23 - 00000000 ____D C:\WINDOWS\Media
2013-10-17 21:11 - 2013-01-19 16:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-17 19:32 - 2012-02-05 10:14 - 00000719 _____ C:\Documents and Settings\All 
 
Users\Desktop\calibre - E-book management.lnk
2013-10-17 19:32 - 2011-11-21 20:53 - 00000000 ____D C:\Program Files\Calibre2
2013-10-17 19:32 - 2011-11-21 20:53 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\calibre - E-book Management
2013-10-17 19:22 - 2013-10-17 19:18 - 00032116 _____ C:\WINDOWS\ie8Uninst.log
2013-10-17 19:22 - 2012-04-06 08:04 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-17 19:18 - 2013-01-19 16:24 - 00000730 _____ C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Mozilla Firefox.lnk
2013-10-17 19:18 - 2013-01-19 16:24 - 00000724 _____ C:\Documents and Settings\All 
 
Users\Desktop\Mozilla Firefox.lnk
2013-10-17 19:17 - 2013-02-23 08:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-17 00:23 - 2010-12-15 22:21 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360
2013-10-17 00:22 - 2013-10-13 14:04 - 00001819 _____ C:\Documents and Settings\All 
 
Users\Desktop\Norton 360.LNK
2013-10-17 00:22 - 2013-10-13 14:00 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Norton 360
2013-10-16 20:42 - 2013-10-13 09:23 - 00000000 ____D C:\Documents and Settings\Jay Goldbaum\Local 
 
Settings\Application Data\NPE
2013-10-16 06:34 - 2012-12-29 14:56 - 00001813 _____ C:\Documents and Settings\All 
 
Users\Desktop\Google Chrome.lnk
2013-10-15 21:09 - 2003-07-16 16:53 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-13 17:06 - 2013-10-13 14:04 - 00000000 ____D C:\Program Files\Common Files\Symantec 
 
Shared
2013-10-13 16:44 - 2012-03-25 15:02 - 00000000 ____D C:\Documents and Settings\Jay Goldbaum\Local 
 
Settings\Application Data\LogMeIn Rescue Applet
2013-10-13 14:04 - 2013-10-13 14:04 - 00142936 _____ (Symantec Corporation) 
 
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2013-10-13 14:04 - 2013-10-13 14:04 - 00008194 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2013-10-13 14:04 - 2013-10-13 14:04 - 00000000 ____D C:\Program Files\Symantec
2013-10-13 14:00 - 2013-10-13 14:00 - 00000000 ____D C:\Program Files\Norton 360
2013-10-13 14:00 - 2009-08-06 20:38 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Application Data\Norton
2013-10-13 12:18 - 2009-07-26 06:28 - 00000336 __RSH C:\boot.ini
2013-10-13 12:18 - 2003-07-16 16:51 - 00000592 _____ C:\WINDOWS\win.ini
2013-10-13 12:18 - 2003-07-16 16:47 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-12 19:24 - 2009-08-01 21:46 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-12 19:11 - 2009-07-26 15:16 - 00000000 ____D C:\Documents and Settings\Jay Goldbaum\Local 
 
Settings\Application Data\Adobe
2013-10-12 17:20 - 2012-10-27 12:33 - 00002347 _____ C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Adobe Reader XI.lnk
2013-10-12 17:12 - 2011-11-24 16:38 - 00000000 ____D C:\Documents and Settings\Jay 
 
Goldbaum\Application Data\BitTorrent
2013-10-12 17:10 - 2013-10-12 17:10 - 00000873 _____ C:\Documents and Settings\Jay Goldbaum\Start 
 
Menu\BitTorrent.lnk
2013-10-12 17:10 - 2013-08-03 16:07 - 00000873 _____ C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\BitTorrent.lnk
2013-10-12 09:23 - 2013-10-12 09:23 - 00000845 _____ C:\Documents and Settings\All 
 
Users\Desktop\Leawo Video Converter.lnk
2013-10-12 09:23 - 2011-06-25 10:05 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Leawo
2013-10-12 09:20 - 2011-06-25 10:05 - 00000000 ____D C:\Program Files\Leawo
2013-10-12 09:18 - 2013-05-19 20:20 - 00001538 _____ C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\MPC-HC.lnk
2013-10-12 09:18 - 2013-05-19 20:20 - 00000000 ____D C:\Program Files\MPC-HC
2013-10-12 09:18 - 2013-05-19 20:20 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\MPC-HC
2013-10-12 09:17 - 2013-10-12 09:17 - 00000719 _____ C:\Documents and Settings\All 
 
Users\Desktop\VLC media player.lnk
2013-10-12 09:17 - 2013-10-12 09:17 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\VideoLAN
2013-10-12 09:13 - 2009-07-26 15:33 - 00000000 ____D C:\WINDOWS\pss
2013-10-12 09:02 - 2010-10-30 13:04 - 00000682 _____ C:\Documents and Settings\All 
 
Users\Desktop\CCleaner.lnk
2013-10-12 09:02 - 2010-03-28 12:10 - 00000000 ____D C:\Program Files\CCleaner
2013-10-12 08:57 - 2013-10-12 08:57 - 00000000 ____D C:\Documents and Settings\Jay 
 
Goldbaum\Application Data\Systweak
2013-10-12 08:57 - 2013-05-19 11:07 - 00001219 _____ C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\Download App.lnk
2013-10-11 22:03 - 2013-01-19 14:50 - 00000000 ____D C:\Documents and Settings\Jay Goldbaum\Start 
 
Menu\Programs\Norton
2013-10-11 21:41 - 2013-10-11 21:41 - 00000751 _____ C:\Documents and Settings\Jay 
 
Goldbaum\Desktop\Norton Installation Files.lnk
2013-10-11 21:41 - 2012-05-17 06:05 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Documents\Norton
2013-10-11 18:57 - 2013-10-11 18:57 - 02986440 _____ (Symantec Corporation) C:\Documents and 
 
Settings\Jay Goldbaum\Desktop\NPE.exe
2013-10-11 05:25 - 2009-08-01 21:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 05:25 - 2009-07-26 06:28 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-11 04:06 - 2009-07-26 06:30 - 00586240 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-11 03:58 - 2013-10-11 03:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-11 03:58 - 2013-10-10 16:25 - 00195760 _____ C:\WINDOWS\KB2847311.log
2013-10-11 03:56 - 2013-10-11 03:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-11 03:56 - 2013-10-11 03:55 - 00136087 _____ C:\WINDOWS\KB2862335.log
2013-10-11 03:47 - 2013-08-15 03:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-11 03:35 - 2009-07-26 16:56 - 78106760 _____ (Microsoft Corporation) 
 
C:\WINDOWS\system32\MRT.exe
2013-10-11 03:34 - 2010-06-03 22:54 - 00000000 ____D C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Microsoft Silverlight
2013-10-11 03:27 - 2013-10-11 03:27 - 00020176 _____ C:\WINDOWS\KB2868038.log
2013-10-11 03:27 - 2013-10-11 03:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-11 03:23 - 2013-10-11 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-11 03:23 - 2013-10-11 03:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-10 21:49 - 2010-01-10 23:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2013-10-10 18:26 - 2013-10-10 18:26 - 00344156 _____ C:\Documents and Settings\LocalService\Local 
 
Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-790525478-839522115-1004-0.dat
2013-10-10 18:26 - 2013-10-10 18:26 - 00271346 _____ C:\Documents and Settings\LocalService\Local 
 
Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-10 18:26 - 2013-09-25 21:36 - 00065536 _____ C:\WINDOWS\system32\config\CheckPoi.evt
2013-10-08 20:22 - 2012-04-04 19:42 - 00692616 _____ (Adobe Systems Incorporated) 
 
C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-08 20:22 - 2011-05-15 21:03 - 00071048 _____ (Adobe Systems Incorporated) 
 
C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-08 20:21 - 2013-10-08 20:21 - 17813896 _____ (Adobe Systems Incorporated) 
 
C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-08 07:50 - 2013-10-24 05:52 - 00094632 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-08 07:46 - 2013-10-24 05:52 - 00264616 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\javaws.exe
2013-10-08 07:46 - 2013-10-24 05:52 - 00175016 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\javaw.exe
2013-10-08 07:46 - 2013-10-24 05:52 - 00174504 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\java.exe
2013-10-08 07:29 - 2013-10-24 05:52 - 00145408 _____ (Oracle Corporation) 
 
C:\WINDOWS\system32\javacpl.cpl
2013-10-05 09:02 - 2013-09-25 20:37 - 00000000 ____D C:\Program Files\CheckPoint
2013-09-29 11:11 - 2010-06-23 22:44 - 00000000 ____D C:\WINDOWS\system32\Adobe
 
Some content of TEMP:
====================
C:\Documents and Settings\Jay Goldbaum\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-10-2013
Ran by Jay Goldbaum at 2013-10-28 18:19:00
Running from C:\Documents and Settings\Jay Goldbaum\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
Could not list Security Center items. Check WMI.
 
 
==================== Installed Programs ======================
 
 Leawo AVI Converter version  4.0.0.0
Across Lite 2.0 (Version: 2.0)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
AIM 7
AMD APP SDK Runtime (Version: 2.4.650.9)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.829.0)
ATI Display Driver (Version: 8.033-040710a-016685C-ATI)
Autoplay Repair 2.2.0 (Version: 2.2.0)
B57Inst (Version: 3.40)
BitTorrent (HKCU Version: 7.8.2.30182)
Bonjour (Version: 3.0.0.10)
Broadcom Driver Installer (Version: 3.40)
Brother MFL Pro Suite
calibre (Version: 1.6.0)
Canon iP4200
Canon iP7200 series On-screen Manual (Version: 7.5.0)
Canon My Printer (Version: 3.1.0)
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
CCleaner (Version: 4.06)
Citrix Receiver Updater (Version: 4.0.0.45893)
CNET TechTracker (HKCU Version: 2.1.0)
Conexant SmartHSFi V.9x 56K DF PCI Modem
Dell ResourceCD
DING! (Version: 1.05.005)
Download App (HKCU Version: 1.5.0)
Download Updater (AOL Inc.)
Dropbox (HKCU Version: 2.2.13)
Easy Outlook Express Repair 1.2
Easy-WebPrint
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
Everything 1.2.1.371
FingerPrint 2.2.0.609 (Version: 2.2.0.609)
Free DVD ISO Maker version 1.2 (Version: 1.2)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
GoToAssist Corporate (Version: 10.0.0.759)
GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132)
ImgBurn (Version: 2.5.8.0)
Intel® PRO Network Adapters and Drivers
iTunes (Version: 11.1.2.31)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Juniper Networks Host Checker (HKCU Version: 6.5.0.15255)
Juniper Networks Secure Application Manager (Version: 7.1.14.23943)
Juniper Networks Secure Meeting 6.5.0 (HKCU Version: 6.5.0.15255)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.4.3.36355)
K-Lite Mega Codec Pack 9.8.0 (Version: 9.8.0)
Leawo Video Converter version  6.0.0.0 (Version: 6.0.0.0)
Logitech Desktop Messenger (Version: 2.01.02)
Logitech SetPoint 6.20 (Version: 6.20.64)
Logitech Unifying Software 2.10 (Version: 2.10.37)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaInfo Lite 0.7.62 (Version: 0.7.62)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ Run Time  Lib Setup (Version: 1.0.0)
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 6-9 Converter (Version: 14.0.6120.5002)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MPC-HC 1.7.0 (Version: 1.7.0.7858)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NOOK for PC (Version: 2.5.6.9575)
Norton 360 (Version: 21.1.0.18)
NortonVRQ (Version: 5.0.1.6)
Paint.NET v3.5.6 (Version: 3.56.0)
Palm Desktop by ACCESS (Version: 6.4.0.0)
PaperPort 8.0 SE (Version: 1.0.0.0000)
Photo Resize Magic 1.1 (Version: 1.1)
Picasa 3 (Version: 3.8)
PowerChute Personal Edition 3.0.2 (Version: 3.0.2)
QuickTime (Version: 7.74.80.86)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0187)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
SAMSUNG Intelli-studio
Segoe UI (Version: 14.0.4327.805)
SoundMAX (Version: 5.12.01.3650)
swMSM (Version: 12.0.0.1)
Unlocker 1.9.2 (Version: 1.9.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
USB Storage Adapter FX (MXO)
Visioneer OneTouch 7300 (Version: Version 3.3)
VLC media player 2.1.0 (Version: 2.1.0)
WebEx
WebFldrs XP (Version: 9.50.6513)
Windows Backup Utility (Version: 5.1)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
 
==================== Restore Points  =========================
 
05-09-2013 06:51:37 System Checkpoint
06-09-2013 07:11:04 System Checkpoint
07-09-2013 07:37:17 System Checkpoint
08-09-2013 08:35:02 System Checkpoint
09-09-2013 10:03:45 System Checkpoint
10-09-2013 10:07:02 System Checkpoint
11-09-2013 11:09:53 System Checkpoint
12-09-2013 04:19:49 Software Distribution Service 3.0
12-09-2013 09:40:34 Software Distribution Service 3.0
12-09-2013 09:52:00 Software Distribution Service 3.0
13-09-2013 07:00:59 Software Distribution Service 3.0
13-09-2013 09:35:53 Software Distribution Service 3.0
16-09-2013 01:39:34 System Checkpoint
17-09-2013 02:40:36 System Checkpoint
18-09-2013 03:38:16 System Checkpoint
19-09-2013 03:58:16 System Checkpoint
20-09-2013 12:58:10 System Checkpoint
23-09-2013 10:18:04 System Checkpoint
24-09-2013 12:10:52 System Checkpoint
25-09-2013 12:57:14 System Checkpoint
26-09-2013 09:31:11 Software Distribution Service 3.0
27-09-2013 09:54:28 System Checkpoint
28-09-2013 10:39:37 System Checkpoint
29-09-2013 12:26:41 System Checkpoint
30-09-2013 13:12:19 System Checkpoint
01-10-2013 14:11:14 System Checkpoint
02-10-2013 15:36:49 System Checkpoint
03-10-2013 18:35:26 System Checkpoint
04-10-2013 19:54:16 System Checkpoint
05-10-2013 20:12:41 System Checkpoint
07-10-2013 00:50:47 System Checkpoint
08-10-2013 01:53:56 System Checkpoint
09-10-2013 01:59:29 System Checkpoint
10-10-2013 03:36:59 System Checkpoint
11-10-2013 07:00:58 Software Distribution Service 3.0
12-10-2013 07:01:20 Software Distribution Service 3.0
12-10-2013 07:32:33 Norton 360 Registry Clean
12-10-2013 19:04:05 Installed calibre
12-10-2013 19:09:09 Removed calibre
12-10-2013 23:12:32 Software Distribution Service 3.0
13-10-2013 07:00:35 Software Distribution Service 3.0
13-10-2013 13:09:14 Software Distribution Service 3.0
13-10-2013 13:49:29 Norton Error 8506
13-10-2013 16:01:43 Norton_Power_Eraser_20131013120119890
13-10-2013 16:19:56 Software Distribution Service 3.0
13-10-2013 19:58:24 Software Distribution Service 3.0
14-10-2013 07:00:44 Software Distribution Service 3.0
15-10-2013 07:00:37 Software Distribution Service 3.0
16-10-2013 01:09:52 Software Distribution Service 3.0
17-10-2013 02:16:26 System Checkpoint
17-10-2013 03:22:15 Software Distribution Service 3.0
17-10-2013 07:00:36 Software Distribution Service 3.0
17-10-2013 23:29:43 Installed calibre
17-10-2013 23:33:36 Removed calibre
18-10-2013 01:30:13 Installed Windows Internet Explorer 8.
18-10-2013 01:32:16 Software Distribution Service 3.0
18-10-2013 07:00:41 Software Distribution Service 3.0
19-10-2013 07:00:39 Software Distribution Service 3.0
20-10-2013 07:00:41 Software Distribution Service 3.0
20-10-2013 11:10:26 Software Distribution Service 3.0
21-10-2013 07:00:56 Software Distribution Service 3.0
22-10-2013 07:00:41 Software Distribution Service 3.0
23-10-2013 07:00:37 Software Distribution Service 3.0
24-10-2013 07:00:37 Software Distribution Service 3.0
24-10-2013 09:49:00 Installed Java 7 Update 45
25-10-2013 07:00:37 Software Distribution Service 3.0
26-10-2013 07:00:42 Software Distribution Service 3.0
27-10-2013 07:00:38 Software Distribution Service 3.0
28-10-2013 07:00:38 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2011-04-10 11:54 - 2013-06-21 07:33 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2004-07-10 21:35 - 2004-07-10 21:35 - 00086016 _____ () C:\WINDOWS\system32\Ati2evxx.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-26 08:57 - 2013-03-01 11:22 - 01044480 _____ () C:\Program Files\FingerPrint\libcups2.dll
2003-07-16 16:26 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2003-07-16 16:35 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2011-03-15 19:28 - 2011-03-31 19:50 - 00090112 _____ () C:\Documents and Settings\Jay Goldbaum\Application Data\HP SimpleSave Application\FileMapInfoDB.dll
2013-10-16 06:33 - 2013-10-08 20:02 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-16 06:34 - 2013-10-08 20:02 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-16 06:33 - 2013-10-08 20:01 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-16 06:33 - 2013-10-08 20:02 - 13584336 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_ebf03993-f0a4-4acb-b9bf-cf8f2316a705 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/25/2013 10:36:02 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 30.0.1599.101, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/25/2013 05:34:16 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 30.0.1599.101, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/16/2013 08:42:39 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/16/2013 08:41:48 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/13/2013 04:02:02 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 30.0.1599.69, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/13/2013 00:47:41 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 30.0.1599.69, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/13/2013 09:20:28 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 30.0.1599.69, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/13/2013 09:20:26 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 30.0.1599.69, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/13/2013 08:40:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (10/12/2013 04:31:20 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
 
System errors:
=============
Error: (10/28/2013 03:20:14 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/27/2013 11:20:21 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/26/2013 03:19:14 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/25/2013 10:45:52 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/25/2013 03:20:25 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/24/2013 03:20:17 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/23/2013 03:21:35 AM) (Source: DCOM) (User: OFFICE)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error: (10/23/2013 03:20:16 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (10/22/2013 05:33:50 AM) (Source: DCOM) (User: OFFICE)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error: (10/22/2013 05:32:14 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 55%
Total physical RAM: 2047 MB
Available physical RAM: 917.62 MB
Total Pagefile: 3432.48 MB
Available Pagefile: 2495.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.23 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.46 GB) (Free:3.17 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (HP SimpleSave) (Fixed) (Total:465.11 GB) (Free:414.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465 GB) (Disk ID: 000549FA)
Partition 1: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 29 October 2013 - 09:00 AM

Hi Jay,

Can you tell me if you aware of the presence of BackWeb on your computer?

Please consider and do these things for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run TDSSKiller by Kaspersky on XP

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


tdss2.png


  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


tdss4.png


  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 jjrob

jjrob
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 30 October 2013 - 06:42 PM

Gary,

I am unaware of BackWeb on my computer?  What is it?  Is there a way to know?

 

I have not been using Bit Torrent recently but I would like to keep it for now.  I will uninstall if you insist.

 

Attached are the results of AdwCleaner scan.

 

Regarding Junkware Removal Tool, it says to Run as Administrator.  If you remember, this is the problem I have with this computer, no Administrator user in regular mode.  My choices listed when I attempt Run As are:

 

-Current user (OFFICE\Jay Goldbaum) with a box checked (or unchecked) to Protect my computer and data from unauthorized program activity... OR

 

-The following user: Jay Goldbaum with a password OR APNS certificate with a red X on an icon to the left.

 

I believe that I can use Administrator in Safe Mode.  

 

What would you like me to do?

 

# AdwCleaner v3.010 - Report created 30/10/2013 at 19:15:46
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jay Goldbaum - OFFICE
# Running from : C:\Documents and Settings\Jay Goldbaum\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Documents and Settings\Jay Goldbaum\Application Data\Systweak
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\searchplugins\safesearch.xml
File Deleted : C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\prefs.js ]
 
Line Deleted : user_pref("aol_toolbar.surf.date", "77");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "4");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "6");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Line Deleted : user_pref("aol_toolbar.surf.month", "513");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "902");
Line Deleted : user_pref("aol_toolbar.surf.total", "1427");
Line Deleted : user_pref("aol_toolbar.surf.week", "513");
Line Deleted : user_pref("aol_toolbar.surf.year", "1414");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20120621180456772&tb_oid=21-06-2012&tb_mrud=21-[...]
Line Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=360&chn=retail&geo=US&ver=20&q=");
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5912 octets] - [30/10/2013 19:11:42]
AdwCleaner[S0].txt - [5967 octets] - [30/10/2013 19:15:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6027 octets] ##########
 

 

 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 30 October 2013 - 07:25 PM

I provided a link for BackWeb in my previous post.  You can click on the link and review the program.

 

Don't worry about Bit Torrent or Junkware Removal Tool. 

 

Once you are able to post the TDSSKiller results we can plan our next steps.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 jjrob

jjrob
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 02 November 2013 - 11:49 AM

I was unaware if BackWeb exists on my computer so I used SearchEverthing and found 2 results:
 
-backweb.dll in C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program
 
-backweb.tlb in same path
 
I do have a wireless Logitech mouse.
 
One result appeared in the TDSSKiller scan which is displayed near the end of this log:
 
Rootkit.Boot.Sinowal.b
 
I then followed the step to Cure and reboot to complete.  Why don't I have the Administrator user choice on Startup or in User Accounts on this first reboot to complete cure?
 
 
 
12:07:00.0265 3024  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:07:02.0265 3024  ============================================================
12:07:02.0265 3024  Current date / time: 2013/11/02 12:07:02.0265
12:07:02.0265 3024  SystemInfo:
12:07:02.0265 3024  
12:07:02.0265 3024  OS Version: 5.1.2600 ServicePack: 3.0
12:07:02.0265 3024  Product type: Workstation
12:07:02.0265 3024  ComputerName: OFFICE
12:07:02.0265 3024  UserName: Jay Goldbaum
12:07:02.0265 3024  Windows directory: C:\WINDOWS
12:07:02.0265 3024  System windows directory: C:\WINDOWS
12:07:02.0265 3024  Processor architecture: Intel x86
12:07:02.0265 3024  Number of processors: 1
12:07:02.0265 3024  Page size: 0x1000
12:07:02.0265 3024  Boot type: Normal boot
12:07:02.0265 3024  ============================================================
12:07:15.0343 3024  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:07:15.0531 3024  Drive \Device\Harddisk1\DR3 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:07:19.0656 3024  ============================================================
12:07:19.0656 3024  \Device\Harddisk0\DR0:
12:07:20.0015 3024  MBR partitions:
12:07:20.0015 3024  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
12:07:20.0015 3024  \Device\Harddisk1\DR3:
12:07:20.0015 3024  MBR partitions:
12:07:20.0015 3024  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
12:07:20.0015 3024  ============================================================
12:07:20.0078 3024  C: <-> \Device\Harddisk0\DR0\Partition1
12:07:20.0218 3024  F: <-> \Device\Harddisk1\DR3\Partition1
12:07:20.0234 3024  ============================================================
12:07:20.0234 3024  Initialize success
12:07:20.0234 3024  ============================================================
12:09:46.0234 5060  Deinitialize success
 
12:09:56.0265 1172  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:09:58.0265 1172  ============================================================
12:09:58.0265 1172  Current date / time: 2013/11/02 12:09:58.0265
12:09:58.0265 1172  SystemInfo:
12:09:58.0265 1172  
12:09:58.0265 1172  OS Version: 5.1.2600 ServicePack: 3.0
12:09:58.0265 1172  Product type: Workstation
12:09:58.0265 1172  ComputerName: OFFICE
12:09:58.0265 1172  UserName: Jay Goldbaum
12:09:58.0265 1172  Windows directory: C:\WINDOWS
12:09:58.0265 1172  System windows directory: C:\WINDOWS
12:09:58.0265 1172  Processor architecture: Intel x86
12:09:58.0265 1172  Number of processors: 1
12:09:58.0265 1172  Page size: 0x1000
12:09:58.0265 1172  Boot type: Normal boot
12:09:58.0265 1172  ============================================================
12:10:02.0203 1172  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:10:02.0234 1172  Drive \Device\Harddisk1\DR3 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:10:06.0234 1172  ============================================================
12:10:06.0265 1172  \Device\Harddisk0\DR0:
12:10:06.0281 1172  MBR partitions:
12:10:06.0281 1172  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
12:10:06.0281 1172  \Device\Harddisk1\DR3:
12:10:06.0343 1172  MBR partitions:
12:10:06.0343 1172  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
12:10:06.0343 1172  ============================================================
12:10:06.0406 1172  C: <-> \Device\Harddisk0\DR0\Partition1
12:10:06.0453 1172  F: <-> \Device\Harddisk1\DR3\Partition1
12:10:06.0453 1172  ============================================================
12:10:06.0453 1172  Initialize success
12:10:06.0453 1172  ============================================================
12:12:13.0296 5412  ============================================================
12:12:13.0296 5412  Scan started
12:12:13.0296 5412  Mode: Manual; 
12:12:13.0296 5412  ============================================================
12:12:17.0937 5412  ================ Scan system memory ========================
12:12:17.0937 5412  System memory - ok
12:12:17.0937 5412  ================ Scan services =============================
12:12:18.0265 5412  Abiosdsk - ok
12:12:18.0281 5412  abp480n5 - ok
12:12:18.0390 5412  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:12:18.0453 5412  ACPI - ok
12:12:18.0515 5412  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:12:18.0531 5412  ACPIEC - ok
12:12:18.0703 5412  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:12:18.0765 5412  AdobeFlashPlayerUpdateSvc - ok
12:12:18.0890 5412  adpu160m - ok
12:12:18.0953 5412  [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
12:12:18.0968 5412  aeaudio - ok
12:12:19.0046 5412  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:12:19.0109 5412  aec - ok
12:12:19.0171 5412  [ 023867B6606FBABCDD52E089C4A507DA ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:12:19.0171 5412  AegisP - ok
12:12:19.0265 5412  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:12:19.0312 5412  AFD - ok
12:12:19.0375 5412  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
12:12:19.0390 5412  agp440 - ok
12:12:19.0406 5412  Aha154x - ok
12:12:19.0421 5412  aic78u2 - ok
12:12:19.0421 5412  aic78xx - ok
12:12:19.0484 5412  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:12:19.0484 5412  Alerter - ok
12:12:19.0546 5412  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:12:19.0546 5412  ALG - ok
12:12:19.0562 5412  AliIde - ok
12:12:19.0578 5412  amsint - ok
12:12:19.0703 5412  [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
12:12:19.0734 5412  APC Data Service - ok
12:12:20.0093 5412  [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
12:12:20.0375 5412  APC UPS Service - ok
12:12:20.0515 5412  [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:12:20.0531 5412  Apple Mobile Device - ok
12:12:20.0546 5412  AppMgmt - ok
12:12:20.0562 5412  asc - ok
12:12:20.0562 5412  asc3350p - ok
12:12:20.0578 5412  asc3550 - ok
12:12:20.0671 5412  [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32          C:\WINDOWS\system32\drivers\Aspi32.sys
12:12:20.0671 5412  Aspi32 - ok
12:12:20.0968 5412  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:12:21.0031 5412  aspnet_state - ok
12:12:21.0125 5412  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:12:21.0125 5412  AsyncMac - ok
12:12:21.0187 5412  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:12:21.0187 5412  atapi - ok
12:12:21.0218 5412  Atdisk - ok
12:12:21.0390 5412  [ D24907C31A3004A560385E5048C72DD7 ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
12:12:21.0531 5412  Ati HotKey Poller - ok
12:12:21.0703 5412  [ B3AA0BCC7E0F2931AD9A2947D8E3EB1C ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
12:12:21.0968 5412  ATI Smart - ok
12:12:22.0234 5412  [ 3729639E9DD14FACF8B927240C5236DE ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:12:22.0453 5412  ati2mtag - ok
12:12:22.0531 5412  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:12:22.0546 5412  Atmarpc - ok
12:12:22.0609 5412  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:12:22.0625 5412  AudioSrv - ok
12:12:22.0687 5412  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:12:22.0687 5412  audstub - ok
12:12:23.0078 5412  [ 68B86DD9D455A6A8DE6D13C84FB5CE31 ] BackupService   C:\Documents and Settings\Jay Goldbaum\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
12:12:23.0109 5412  BackupService - ok
12:12:23.0156 5412  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:12:23.0171 5412  Beep - ok
12:12:23.0656 5412  [ 22C49DE7297AE80F27F2E4A00F3D7C94 ] BHDrvx86        C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131022.001\BHDrvx86.sys
12:12:24.0109 5412  BHDrvx86 - ok
12:12:24.0296 5412  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:12:24.0453 5412  BITS - ok
12:12:24.0687 5412  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:12:24.0796 5412  Bonjour Service - ok
12:12:24.0843 5412  [ 4BA311473E0D8557827E6F2FE33A8095 ] brfilt          C:\WINDOWS\system32\Drivers\Brfilt.sys
12:12:24.0859 5412  brfilt - ok
12:12:24.0937 5412  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
12:12:25.0062 5412  Browser - ok
12:12:25.0140 5412  [ 8E06CD96E00472C03770A697D04031C0 ] BrSerWDM        C:\WINDOWS\system32\Drivers\BrSerWdm.sys
12:12:25.0156 5412  BrSerWDM - ok
12:12:25.0218 5412  [ 37E2D0B12DDF536CD64AF6EB3B580EF8 ] BrUsbMdm        C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
12:12:25.0234 5412  BrUsbMdm - ok
12:12:25.0250 5412  [ 1C5F014048E5B2748C1A8AD297C50B6F ] BrUsbScn        C:\WINDOWS\system32\Drivers\BrUsbScn.sys
12:12:25.0250 5412  BrUsbScn - ok
12:12:25.0328 5412  [ C915A416F265149471D74E0815C928B2 ] bvrp_pci        C:\WINDOWS\System32\drivers\bvrp_pci.sys
12:12:25.0328 5412  bvrp_pci - ok
12:12:25.0500 5412  catchme - ok
12:12:25.0546 5412  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:12:25.0562 5412  cbidf2k - ok
12:12:25.0703 5412  [ 56C2811FD0D7B727808A69407B5BFAE0 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1501000.012\ccSetx86.sys
12:12:25.0796 5412  ccSet_N360 - ok
12:12:25.0812 5412  cd20xrnt - ok
12:12:25.0890 5412  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:12:25.0890 5412  Cdaudio - ok
12:12:25.0953 5412  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:12:26.0093 5412  Cdfs - ok
12:12:26.0156 5412  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:12:26.0203 5412  Cdrom - ok
12:12:26.0218 5412  Changer - ok
12:12:26.0281 5412  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:12:26.0281 5412  CiSvc - ok
12:12:26.0359 5412  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:12:26.0359 5412  ClipSrv - ok
12:12:26.0468 5412  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:12:26.0734 5412  clr_optimization_v2.0.50727_32 - ok
12:12:26.0812 5412  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:12:27.0000 5412  clr_optimization_v4.0.30319_32 - ok
12:12:27.0015 5412  CmdIde - ok
12:12:27.0171 5412  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:12:27.0187 5412  Compbatt - ok
12:12:27.0203 5412  COMSysApp - ok
12:12:27.0218 5412  Cpqarray - ok
12:12:27.0296 5412  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:12:27.0312 5412  CryptSvc - ok
12:12:27.0328 5412  dac2w2k - ok
12:12:27.0343 5412  dac960nt - ok
12:12:27.0500 5412  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:12:27.0625 5412  DcomLaunch - ok
12:12:27.0703 5412  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:12:27.0718 5412  Dhcp - ok
12:12:27.0781 5412  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:12:27.0796 5412  Disk - ok
12:12:27.0812 5412  dmadmin - ok
12:12:28.0187 5412  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:12:28.0453 5412  dmboot - ok
12:12:28.0578 5412  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:12:28.0625 5412  dmio - ok
12:12:28.0656 5412  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:12:28.0656 5412  dmload - ok
12:12:28.0703 5412  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:12:28.0718 5412  dmserver - ok
12:12:28.0750 5412  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:12:28.0765 5412  DMusic - ok
12:12:28.0843 5412  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:12:28.0859 5412  Dnscache - ok
12:12:28.0953 5412  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:12:29.0000 5412  Dot3svc - ok
12:12:29.0000 5412  dpti2o - ok
12:12:29.0062 5412  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:12:29.0062 5412  drmkaud - ok
12:12:29.0265 5412  [ 98B46B331404A951CABAD8B4877E1276 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:12:29.0312 5412  E100B - ok
12:12:29.0375 5412  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:12:29.0375 5412  EapHost - ok
12:12:29.0593 5412  [ E1E3804F7C59EA3E14637C2A763F65E2 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:12:29.0703 5412  eeCtrl - ok
12:12:29.0796 5412  [ 6D84DFC3B5C5052881BF50470D0C03D1 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:12:29.0859 5412  EraserUtilRebootDrv - ok
12:12:29.0906 5412  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:12:29.0921 5412  ERSvc - ok
12:12:30.0000 5412  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
12:12:30.0062 5412  Eventlog - ok
12:12:30.0281 5412  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
12:12:30.0359 5412  EventSystem - ok
12:12:30.0500 5412  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:12:30.0546 5412  Fastfat - ok
12:12:30.0640 5412  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:12:30.0671 5412  FastUserSwitchingCompatibility - ok
12:12:30.0703 5412  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:12:30.0718 5412  Fdc - ok
12:12:30.0765 5412  FingerPrint - ok
12:12:30.0796 5412  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:12:30.0812 5412  Fips - ok
12:12:30.0875 5412  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:12:30.0875 5412  Flpydisk - ok
12:12:30.0968 5412  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:12:31.0000 5412  FltMgr - ok
12:12:31.0250 5412  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:12:31.0359 5412  FontCache3.0.0.0 - ok
12:12:31.0406 5412  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:12:31.0421 5412  Fs_Rec - ok
12:12:31.0500 5412  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:12:31.0515 5412  Ftdisk - ok
12:12:31.0578 5412  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:12:31.0593 5412  GEARAspiWDM - ok
12:12:31.0718 5412  [ FBBB5FB8931BDA2F921A19147582CFCC ] GoToAssist      C:\Program Files\Citrix\GoToAssist\759\g2aservice.exe
12:12:31.0734 5412  GoToAssist - ok
12:12:31.0796 5412  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:12:31.0812 5412  Gpc - ok
12:12:31.0921 5412  [ 39272946CC027EE9717166876F913F51 ] GT680xNT        C:\WINDOWS\system32\drivers\gt680x.sys
12:12:31.0937 5412  GT680xNT - ok
12:12:32.0078 5412  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:12:32.0250 5412  gupdate - ok
12:12:32.0296 5412  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:12:32.0296 5412  gupdatem - ok
12:12:32.0437 5412  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:12:32.0484 5412  gusvc - ok
12:12:32.0609 5412  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:12:32.0625 5412  helpsvc - ok
12:12:32.0640 5412  HidServ - ok
12:12:32.0687 5412  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:12:32.0687 5412  hidusb - ok
12:12:32.0750 5412  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:12:32.0765 5412  hkmsvc - ok
12:12:32.0781 5412  hpn - ok
12:12:32.0890 5412  [ 5380253D2751F2B5D95941C09E7E42AC ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:12:32.0953 5412  HSFHWBS2 - ok
12:12:33.0484 5412  [ E9A4C20AB168BE8BD78486AFEBBA5836 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:12:33.0843 5412  HSF_DP - ok
12:12:33.0984 5412  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:12:34.0062 5412  HTTP - ok
12:12:34.0109 5412  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:12:34.0125 5412  HTTPFilter - ok
12:12:34.0140 5412  i2omgmt - ok
12:12:34.0140 5412  i2omp - ok
12:12:34.0328 5412  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:12:34.0343 5412  i8042prt - ok
12:12:34.0484 5412  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:12:34.0500 5412  IDriverT - ok
12:12:34.0843 5412  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:12:35.0125 5412  idsvc - ok
12:12:35.0421 5412  [ 5260C0F8FC9A3932EF8776262076ECA8 ] IDSxpx86        C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20131101.001\IDSxpx86.sys
12:12:35.0546 5412  IDSxpx86 - ok
12:12:35.0609 5412  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:12:35.0609 5412  Imapi - ok
12:12:35.0718 5412  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:12:35.0765 5412  ImapiService - ok
12:12:35.0781 5412  ini910u - ok
12:12:35.0796 5412  IntelIde - ok
12:12:35.0843 5412  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:12:35.0859 5412  intelppm - ok
12:12:35.0890 5412  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
12:12:35.0921 5412  ip6fw - ok
12:12:35.0953 5412  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:12:35.0968 5412  IpFilterDriver - ok
12:12:36.0000 5412  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:12:36.0000 5412  IpInIp - ok
12:12:36.0093 5412  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:12:36.0140 5412  IpNat - ok
12:12:36.0468 5412  [ B21735A057ED5C2811B45DFCE067F4CD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:12:36.0687 5412  iPod Service - ok
12:12:36.0750 5412  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:12:36.0781 5412  IPSec - ok
12:12:36.0828 5412  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:12:36.0828 5412  IRENUM - ok
12:12:36.0875 5412  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:12:36.0890 5412  isapnp - ok
12:12:37.0093 5412  [ 80A79264302910C7C24BA7E44267EFEF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:12:37.0156 5412  JavaQuickStarterService - ok
12:12:37.0156 5412  jnprva - ok
12:12:37.0203 5412  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:12:37.0218 5412  Kbdclass - ok
12:12:37.0343 5412  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:12:37.0390 5412  kmixer - ok
12:12:37.0500 5412  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:12:37.0515 5412  KSecDD - ok
12:12:37.0609 5412  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:12:37.0640 5412  lanmanserver - ok
12:12:37.0734 5412  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:12:37.0781 5412  lanmanworkstation - ok
12:12:37.0843 5412  [ C99BA72106A858CB8B521BB4C02C93ED ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
12:12:37.0859 5412  LBeepKE - ok
12:12:37.0859 5412  lbrtfdc - ok
12:12:38.0000 5412  [ 0F98B9384C37C8C29904B8AE4359A54F ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:12:38.0093 5412  LBTServ - ok
12:12:38.0171 5412  [ 318B3D608FBEC44B7E0C23BF759DCED5 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:12:38.0171 5412  LHidFilt - ok
12:12:38.0218 5412  [ 31B582394DA3290DFF300F10952E9A4D ] LHidKe          C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
12:12:38.0234 5412  LHidKe - ok
12:12:38.0296 5412  [ CBD1C6BFF70E170CEC6E1502E7FCFEF6 ] LHidUsbK        C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
12:12:38.0312 5412  LHidUsbK - ok
12:12:38.0359 5412  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:12:38.0359 5412  LmHosts - ok
12:12:38.0406 5412  LMIInfo - ok
12:12:38.0453 5412  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:12:38.0468 5412  lmimirr - ok
12:12:38.0468 5412  LMIRfsClientNP - ok
12:12:38.0515 5412  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:12:38.0531 5412  LMIRfsDriver - ok
12:12:38.0609 5412  [ 84AF069D219DF3C43DC6792B2BBD7BED ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:12:38.0625 5412  LMouFilt - ok
12:12:38.0687 5412  [ 90A794D0A0BF3531C4BA1C0510449629 ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
12:12:38.0703 5412  LMouKE - ok
12:12:38.0765 5412  [ 81642F134929946AB4B9572C4C17298C ] LUsbFilt        C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
12:12:38.0781 5412  LUsbFilt - ok
12:12:38.0812 5412  [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:12:38.0828 5412  mdmxsdk - ok
12:12:38.0875 5412  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:12:38.0890 5412  Messenger - ok
12:12:38.0937 5412  [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf              C:\WINDOWS\system32\DRIVERS\mf.sys
12:12:38.0953 5412  mf - ok
12:12:39.0078 5412  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:12:39.0093 5412  Microsoft Office Groove Audit Service - ok
12:12:39.0140 5412  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:12:39.0156 5412  mnmdd - ok
12:12:39.0218 5412  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
12:12:39.0234 5412  mnmsrvc - ok
12:12:39.0312 5412  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:12:39.0328 5412  Modem - ok
12:12:39.0390 5412  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:12:39.0406 5412  Mouclass - ok
12:12:39.0421 5412  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:12:39.0437 5412  mouhid - ok
12:12:39.0500 5412  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:12:39.0515 5412  MountMgr - ok
12:12:39.0640 5412  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:12:39.0687 5412  MozillaMaintenance - ok
12:12:39.0703 5412  mraid35x - ok
12:12:39.0796 5412  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:12:39.0843 5412  MRxDAV - ok
12:12:40.0031 5412  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:12:40.0203 5412  MRxSmb - ok
12:12:40.0265 5412  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
12:12:40.0265 5412  MSDTC - ok
12:12:40.0328 5412  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:12:40.0343 5412  Msfs - ok
12:12:40.0359 5412  MSIServer - ok
12:12:40.0390 5412  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:12:40.0406 5412  MSKSSRV - ok
12:12:40.0421 5412  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:12:40.0421 5412  MSPCLOCK - ok
12:12:40.0453 5412  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:12:40.0453 5412  MSPQM - ok
12:12:40.0531 5412  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:12:40.0546 5412  mssmbios - ok
12:12:40.0640 5412  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:12:40.0671 5412  Mup - ok
12:12:40.0718 5412  [ 799A99D21E72023EE5ADB28AE424EFC8 ] MXOFX           C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
12:12:40.0734 5412  MXOFX - ok
12:12:41.0078 5412  [ 832303953D7BB2AE7F09BF5F7131C23E ] N360            C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
12:12:41.0156 5412  N360 - ok
12:12:41.0312 5412  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:12:41.0406 5412  napagent - ok
12:12:41.0531 5412  [ 81E928EE3751FAF725C87CC17726C05D ] NAVENG          C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131101.018\NAVENG.SYS
12:12:41.0562 5412  NAVENG - ok
12:12:42.0078 5412  [ E0C39FA6C76AE8ED53ABF043F35ECDFF ] NAVEX15         C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131101.018\NAVEX15.SYS
12:12:42.0578 5412  NAVEX15 - ok
12:12:42.0656 5412  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:12:42.0718 5412  NDIS - ok
12:12:42.0765 5412  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:12:42.0781 5412  NdisTapi - ok
12:12:42.0843 5412  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:12:42.0843 5412  Ndisuio - ok
12:12:42.0921 5412  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:12:42.0953 5412  NdisWan - ok
12:12:43.0015 5412  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:12:43.0031 5412  NDProxy - ok
12:12:43.0109 5412  [ 0DBA7DE0EDDD49C6214C1A404C092533 ] NEOFLTR_7114_23943 C:\WINDOWS\system32\Drivers\NEOFLTR_7114_23943.SYS
12:12:43.0140 5412  NEOFLTR_7114_23943 - ok
12:12:43.0203 5412  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:12:43.0218 5412  NetBIOS - ok
12:12:43.0328 5412  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:12:43.0375 5412  NetBT - ok
12:12:43.0500 5412  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:12:43.0546 5412  NetDDE - ok
12:12:43.0593 5412  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:12:43.0593 5412  NetDDEdsdm - ok
12:12:43.0656 5412  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:12:43.0656 5412  Netlogon - ok
12:12:43.0734 5412  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:12:43.0796 5412  Netman - ok
12:12:43.0921 5412  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:12:44.0078 5412  NetTcpPortSharing - ok
12:12:44.0187 5412  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:12:44.0203 5412  Nla - ok
12:12:44.0250 5412  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:12:44.0265 5412  Npfs - ok
12:12:44.0484 5412  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:12:44.0687 5412  Ntfs - ok
12:12:44.0718 5412  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
12:12:44.0718 5412  NtLmSsp - ok
12:12:44.0890 5412  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:12:45.0062 5412  NtmsSvc - ok
12:12:45.0093 5412  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:12:45.0109 5412  Null - ok
12:12:45.0156 5412  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:12:45.0187 5412  NwlnkFlt - ok
12:12:45.0218 5412  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:12:45.0234 5412  NwlnkFwd - ok
12:12:45.0484 5412  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:12:45.0656 5412  odserv - ok
12:12:45.0734 5412  [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI            C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
12:12:45.0734 5412  OMCI - ok
12:12:45.0843 5412  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:12:45.0890 5412  ose - ok
12:12:45.0937 5412  [ DC450992EBA6F914080C1F7FBEEED72C ] PalmUSBD        C:\WINDOWS\system32\drivers\PalmUSBD.sys
12:12:45.0937 5412  PalmUSBD - ok
12:12:46.0000 5412  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:12:46.0031 5412  Parport - ok
12:12:46.0062 5412  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:12:46.0062 5412  PartMgr - ok
12:12:46.0109 5412  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:12:46.0125 5412  ParVdm - ok
12:12:46.0140 5412  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:12:46.0171 5412  PCI - ok
12:12:46.0171 5412  PCIDump - ok
12:12:46.0359 5412  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:12:46.0359 5412  PCIIde - ok
12:12:46.0453 5412  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:12:46.0484 5412  Pcmcia - ok
12:12:46.0500 5412  PDCOMP - ok
12:12:46.0515 5412  PDFRAME - ok
12:12:46.0531 5412  PDRELI - ok
12:12:46.0531 5412  PDRFRAME - ok
12:12:46.0546 5412  perc2 - ok
12:12:46.0562 5412  perc2hib - ok
12:12:46.0640 5412  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:12:46.0640 5412  PlugPlay - ok
12:12:46.0656 5412  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:12:46.0671 5412  PolicyAgent - ok
12:12:46.0765 5412  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:12:46.0781 5412  PptpMiniport - ok
12:12:46.0828 5412  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
12:12:46.0843 5412  Processor - ok
12:12:46.0875 5412  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:12:46.0875 5412  ProtectedStorage - ok
12:12:46.0906 5412  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:12:46.0921 5412  PSched - ok
12:12:46.0984 5412  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:12:46.0984 5412  Ptilink - ok
12:12:47.0062 5412  [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:12:47.0078 5412  PxHelp20 - ok
12:12:47.0093 5412  ql1080 - ok
12:12:47.0109 5412  Ql10wnt - ok
12:12:47.0109 5412  ql12160 - ok
12:12:47.0125 5412  ql1240 - ok
12:12:47.0140 5412  ql1280 - ok
12:12:47.0156 5412  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:12:47.0156 5412  RasAcd - ok
12:12:47.0343 5412  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:12:47.0375 5412  RasAuto - ok
12:12:47.0437 5412  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:12:47.0453 5412  Rasl2tp - ok
12:12:47.0562 5412  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:12:47.0609 5412  RasMan - ok
12:12:47.0671 5412  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:12:47.0687 5412  RasPppoe - ok
12:12:47.0734 5412  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:12:47.0734 5412  Raspti - ok
12:12:47.0859 5412  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:12:47.0906 5412  Rdbss - ok
12:12:47.0953 5412  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:12:47.0953 5412  RDPCDD - ok
12:12:48.0046 5412  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:12:48.0093 5412  RDPWD - ok
12:12:48.0312 5412  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:12:48.0375 5412  RDSessMgr - ok
12:12:48.0453 5412  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:12:48.0468 5412  redbook - ok
12:12:48.0531 5412  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:12:48.0546 5412  RemoteAccess - ok
12:12:48.0546 5412  RimUsb - ok
12:12:48.0625 5412  [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:12:48.0640 5412  RimVSerPort - ok
12:12:48.0703 5412  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
12:12:48.0703 5412  ROOTMODEM - ok
12:12:48.0796 5412  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
12:12:48.0812 5412  RpcLocator - ok
12:12:48.0968 5412  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:12:48.0968 5412  RpcSs - ok
12:12:49.0062 5412  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
12:12:49.0109 5412  RSVP - ok
12:12:49.0437 5412  [ B1DB1E76D94788B48D9C579F4439C71D ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
12:12:49.0640 5412  RTL8192su - ok
12:12:49.0671 5412  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:12:49.0671 5412  SamSs - ok
12:12:49.0765 5412  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:12:49.0796 5412  SCardSvr - ok
12:12:49.0921 5412  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:12:49.0984 5412  Schedule - ok
12:12:50.0031 5412  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:12:50.0046 5412  Secdrv - ok
12:12:50.0156 5412  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:12:50.0156 5412  seclogon - ok
12:12:50.0234 5412  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:12:50.0234 5412  SENS - ok
12:12:50.0421 5412  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:12:50.0421 5412  serenum - ok
12:12:50.0484 5412  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:12:50.0500 5412  Serial - ok
12:12:50.0609 5412  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:12:50.0609 5412  Sfloppy - ok
12:12:50.0765 5412  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:12:50.0906 5412  SharedAccess - ok
12:12:50.0984 5412  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:12:50.0984 5412  ShellHWDetection - ok
12:12:51.0000 5412  Simbad - ok
12:12:51.0390 5412  [ 39F9595D2F6F7EB93F45A466789A6F49 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
12:12:51.0593 5412  smwdm - ok
12:12:51.0609 5412  Sparrow - ok
12:12:51.0687 5412  [ DC7F26E519331D074E6D3D8A90595364 ] spkrmon         C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
12:12:51.0718 5412  spkrmon - ok
12:12:51.0781 5412  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:12:51.0781 5412  splitter - ok
12:12:51.0859 5412  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:12:51.0875 5412  Spooler - ok
12:12:51.0953 5412  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:12:51.0968 5412  sr - ok
12:12:52.0078 5412  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:12:52.0125 5412  srservice - ok
12:12:52.0718 5412  [ 40714B1C586AF7E61BED7AE1D5113280 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1501000.012\SRTSP.SYS
12:12:52.0968 5412  SRTSP - ok
12:12:53.0015 5412  [ 1B6D68043F488F70E889276E1585B7AA ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1501000.012\SRTSPX.SYS
12:12:53.0015 5412  SRTSPX - ok
12:12:53.0171 5412  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:12:53.0437 5412  Srv - ok
12:12:53.0515 5412  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:12:53.0531 5412  SSDPSRV - ok
12:12:53.0703 5412  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:12:53.0843 5412  stisvc - ok
12:12:53.0937 5412  [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:12:53.0968 5412  stllssvr - ok
12:12:54.0015 5412  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:12:54.0015 5412  swenum - ok
12:12:54.0093 5412  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:12:54.0109 5412  swmidi - ok
12:12:54.0109 5412  SwPrv - ok
12:12:54.0125 5412  symc810 - ok
12:12:54.0140 5412  symc8xx - ok
12:12:54.0296 5412  [ 4C3DEF736D3857570166DE5C858600F5 ] SymDS           C:\WINDOWS\system32\drivers\N360\1501000.012\SYMDS.SYS
12:12:54.0531 5412  SymDS - ok
12:12:54.0843 5412  [ 68762EF9ED8A8D4A07112B3E3590EA29 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1501000.012\SYMEFA.SYS
12:12:55.0140 5412  SymEFA - ok
12:12:55.0234 5412  [ E987A9CB539147527F56943BB34B7375 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:12:55.0281 5412  SymEvent - ok
12:12:55.0515 5412  [ E3A3CA230C7547364BB3D9DA0C301A36 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1501000.012\Ironx86.SYS
12:12:55.0625 5412  SymIRON - ok
12:12:55.0781 5412  [ C26DD7EFDC48B426ED6AC1665202779F ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1501000.012\SYMTDI.SYS
12:12:55.0937 5412  SYMTDI - ok
12:12:55.0937 5412  sym_hi - ok
12:12:55.0953 5412  sym_u3 - ok
12:12:56.0000 5412  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:12:56.0015 5412  sysaudio - ok
12:12:56.0109 5412  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:12:56.0125 5412  SysmonLog - ok
12:12:56.0250 5412  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:12:56.0328 5412  TapiSrv - ok
12:12:56.0468 5412  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:12:56.0625 5412  Tcpip - ok
12:12:56.0687 5412  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:12:56.0687 5412  TDPIPE - ok
12:12:56.0781 5412  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:12:56.0781 5412  TDTCP - ok
12:12:56.0843 5412  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:12:56.0843 5412  TermDD - ok
12:12:57.0015 5412  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:12:57.0140 5412  TermService - ok
12:12:57.0218 5412  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:12:57.0234 5412  Themes - ok
12:12:57.0250 5412  TosIde - ok
12:12:57.0328 5412  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:12:57.0343 5412  TrkWks - ok
12:12:57.0421 5412  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:12:57.0437 5412  Udfs - ok
12:12:57.0453 5412  ultra - ok
12:12:57.0562 5412  [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
12:12:57.0562 5412  UnlockerDriver5 - ok
12:12:57.0750 5412  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:12:57.0859 5412  Update - ok
12:12:57.0984 5412  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:12:58.0046 5412  upnphost - ok
12:12:58.0078 5412  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:12:58.0078 5412  UPS - ok
12:12:58.0140 5412  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
12:12:58.0156 5412  USBAAPL - ok
12:12:58.0203 5412  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:12:58.0203 5412  usbccgp - ok
12:12:58.0265 5412  [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:12:58.0281 5412  usbehci - ok
12:12:58.0375 5412  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:12:58.0390 5412  usbhub - ok
12:12:58.0437 5412  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:12:58.0437 5412  usbprint - ok
12:12:58.0484 5412  [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:12:58.0484 5412  usbscan - ok
12:12:58.0593 5412  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:12:58.0609 5412  USBSTOR - ok
12:12:58.0671 5412  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:12:58.0671 5412  usbuhci - ok
12:12:58.0734 5412  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:12:58.0734 5412  VgaSave - ok
12:12:58.0750 5412  ViaIde - ok
12:12:58.0812 5412  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:12:58.0828 5412  VolSnap - ok
12:12:58.0968 5412  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:12:59.0046 5412  VSS - ok
12:12:59.0125 5412  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:12:59.0171 5412  W32Time - ok
12:12:59.0203 5412  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:12:59.0218 5412  Wanarp - ok
12:12:59.0390 5412  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
12:12:59.0531 5412  Wdf01000 - ok
12:12:59.0546 5412  WDICA - ok
12:12:59.0593 5412  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:12:59.0625 5412  wdmaud - ok
12:12:59.0703 5412  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:12:59.0718 5412  WebClient - ok
12:12:59.0953 5412  [ 2E5BC3DDF1C44C84C3093E1148A0354E ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:13:00.0140 5412  winachsf - ok
12:13:00.0625 5412  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:13:00.0671 5412  winmgmt - ok
12:13:00.0750 5412  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:13:00.0750 5412  WmdmPmSN - ok
12:13:00.0843 5412  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:13:00.0890 5412  WmiApSrv - ok
12:13:01.0250 5412  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:13:01.0515 5412  WMPNetworkSvc - ok
12:13:01.0828 5412  [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:13:02.0078 5412  WPFFontCache_v0400 - ok
12:13:02.0125 5412  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:13:02.0140 5412  WS2IFSL - ok
12:13:02.0218 5412  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:13:02.0234 5412  wscsvc - ok
12:13:02.0265 5412  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:13:02.0265 5412  wuauserv - ok
12:13:02.0328 5412  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:13:02.0359 5412  WudfPf - ok
12:13:02.0406 5412  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:13:02.0437 5412  WudfSvc - ok
12:13:02.0640 5412  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:13:02.0796 5412  WZCSVC - ok
12:13:02.0890 5412  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:13:02.0937 5412  xmlprov - ok
12:13:02.0937 5412  ================ Scan global ===============================
12:13:03.0015 5412  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:13:03.0140 5412  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:13:03.0328 5412  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:13:03.0375 5412  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:13:03.0375 5412  [Global] - ok
12:13:03.0390 5412  ================ Scan MBR ==================================
12:13:03.0421 5412  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:13:03.0453 5412  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
12:13:03.0453 5412  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
12:13:07.0453 5412  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
12:13:07.0453 5412  \Device\Harddisk1\DR3 - ok
12:13:07.0468 5412  ================ Scan VBR ==================================
12:13:07.0484 5412  [ F37F6C5039B0345E6938528B044B91EC ] \Device\Harddisk0\DR0\Partition1
12:13:07.0484 5412  \Device\Harddisk0\DR0\Partition1 - ok
12:13:07.0500 5412  [ DC4D5150EFDA1C42BAC5E70EE0D79B7E ] \Device\Harddisk1\DR3\Partition1
12:13:07.0500 5412  \Device\Harddisk1\DR3\Partition1 - ok
12:13:07.0500 5412  ============================================================
12:13:07.0500 5412  Scan finished
12:13:07.0500 5412  ============================================================
12:13:07.0515 4644  Detected object count: 1
12:13:07.0515 4644  Actual detected object count: 1
12:13:45.0500 4644  \Device\Harddisk0\DR0\# - copied to quarantine
12:13:45.0500 4644  \Device\Harddisk0\DR0 - copied to quarantine
12:13:45.0703 4644  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
12:13:45.0781 4644  \Device\Harddisk0\DR0 - ok
12:13:45.0781 4644  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure 
12:13:56.0015 5128  Deinitialize success
 
 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 02 November 2013 - 07:17 PM

Greetings,
 

Why don't I have the Administrator user choice on Startup or in User Accounts on this first reboot to complete cure?

We are not done cleaning your computer.

Please rerun TDSSKiller and post the results. Do this as well.

===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • OTL logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 jjrob

jjrob
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 November 2013 - 08:39 AM

Gary,
Sorry if it seemed that I expected the computer to be fixed after the last TDSSKiller scan.  I just noticed that a rootkit infection had been found and "cured".  Here are the latest scan results.
 
07:37:19.0531 0x0c50  TDSS rootkit removing tool 3.0.0.16 Nov  1 2013 15:53:38
07:37:24.0031 0x0c50  ============================================================
07:37:24.0031 0x0c50  Current date / time: 2013/11/03 07:37:24.0031
07:37:24.0031 0x0c50  SystemInfo:
07:37:24.0031 0x0c50  
07:37:24.0031 0x0c50  OS Version: 5.1.2600 ServicePack: 3.0
07:37:24.0031 0x0c50  Product type: Workstation
07:37:24.0031 0x0c50  ComputerName: OFFICE
07:37:24.0031 0x0c50  UserName: Jay Goldbaum
07:37:24.0031 0x0c50  Windows directory: C:\WINDOWS
07:37:24.0031 0x0c50  System windows directory: C:\WINDOWS
07:37:24.0031 0x0c50  Processor architecture: Intel x86
07:37:24.0031 0x0c50  Number of processors: 1
07:37:24.0031 0x0c50  Page size: 0x1000
07:37:24.0031 0x0c50  Boot type: Normal boot
07:37:24.0031 0x0c50  ============================================================
07:37:30.0921 0x0c50  System UUID: {C767E60D-48AD-02BD-6E4D-3CA9413F2709}
07:37:34.0015 0x0c50  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:37:34.0015 0x0c50  Drive \Device\Harddisk1\DR3 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:37:34.0046 0x0c50  ============================================================
07:37:34.0046 0x0c50  \Device\Harddisk0\DR0:
07:37:34.0046 0x0c50  MBR partitions:
07:37:34.0046 0x0c50  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
07:37:34.0046 0x0c50  \Device\Harddisk1\DR3:
07:37:34.0046 0x0c50  MBR partitions:
07:37:34.0046 0x0c50  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
07:37:34.0046 0x0c50  ============================================================
07:37:34.0109 0x0c50  C: <-> \Device\Harddisk0\DR0\Partition1
07:37:34.0171 0x0c50  F: <-> \Device\Harddisk1\DR3\Partition1
07:37:34.0187 0x0c50  ============================================================
07:37:34.0187 0x0c50  Initialize success
07:37:34.0187 0x0c50  ============================================================
07:37:36.0656 0x0ed4  ============================================================
07:37:36.0656 0x0ed4  Scan started
07:37:36.0656 0x0ed4  Mode: Manual; 
07:37:36.0656 0x0ed4  ============================================================
07:37:36.0656 0x0ed4  KSN ping started
07:37:39.0015 0x0ed4  KSN ping finished: true
07:37:40.0203 0x0ed4  ================ Scan system memory ========================
07:37:40.0203 0x0ed4  System memory - ok
07:37:40.0203 0x0ed4  ================ Scan services =============================
07:37:40.0546 0x0ed4  Abiosdsk - ok
07:37:40.0546 0x0ed4  abp480n5 - ok
07:37:40.0656 0x0ed4  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:37:40.0687 0x0ed4  ACPI - ok
07:37:40.0828 0x0ed4  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
07:37:40.0828 0x0ed4  ACPIEC - ok
07:37:41.0015 0x0ed4  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:37:41.0093 0x0ed4  AdobeFlashPlayerUpdateSvc - ok
07:37:41.0093 0x0ed4  adpu160m - ok
07:37:41.0156 0x0ed4  [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
07:37:41.0156 0x0ed4  aeaudio - ok
07:37:41.0234 0x0ed4  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
07:37:41.0281 0x0ed4  aec - ok
07:37:41.0343 0x0ed4  [ 023867B6606FBABCDD52E089C4A507DA, 30BE26F63B7EC6C9607AB46A97ACE83DD8140191D28BAB9E6292DA835A922289 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
07:37:41.0343 0x0ed4  AegisP - ok
07:37:41.0437 0x0ed4  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
07:37:41.0484 0x0ed4  AFD - ok
07:37:41.0562 0x0ed4  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
07:37:41.0562 0x0ed4  agp440 - ok
07:37:41.0578 0x0ed4  Aha154x - ok
07:37:41.0593 0x0ed4  aic78u2 - ok
07:37:41.0593 0x0ed4  aic78xx - ok
07:37:41.0656 0x0ed4  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
07:37:41.0656 0x0ed4  Alerter - ok
07:37:41.0718 0x0ed4  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
07:37:41.0734 0x0ed4  ALG - ok
07:37:41.0734 0x0ed4  AliIde - ok
07:37:41.0750 0x0ed4  amsint - ok
07:37:41.0906 0x0ed4  [ 107AB19CC1D40B9D04537F6EEAAC34C9, 3EE00EFCBF80CD4470EAF90C39285B35749EC9CC5822B882379D3D40400E1815 ] APC Data Service C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
07:37:41.0921 0x0ed4  APC Data Service - ok
07:37:42.0203 0x0ed4  [ C7F8C8080B055B3DE9A8141DFD8E308A, E4BB4EA75B8DEF4D410CC0B9EABE487F9207057E76BB8FB30326135659E5241A ] APC UPS Service C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
07:37:42.0453 0x0ed4  APC UPS Service - ok
07:37:42.0609 0x0ed4  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:37:42.0625 0x0ed4  Apple Mobile Device - ok
07:37:42.0640 0x0ed4  AppMgmt - ok
07:37:42.0656 0x0ed4  asc - ok
07:37:42.0656 0x0ed4  asc3350p - ok
07:37:42.0671 0x0ed4  asc3550 - ok
07:37:42.0765 0x0ed4  [ B979979AB8027F7F53FB16EC4229B7DB, 3D50396B13B494D0082266C29C40715981CA105F6E407288C71410D4B833BB10 ] Aspi32          C:\WINDOWS\system32\drivers\Aspi32.sys
07:37:42.0765 0x0ed4  Aspi32 - ok
07:37:42.0937 0x0ed4  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:37:42.0984 0x0ed4  aspnet_state - ok
07:37:43.0031 0x0ed4  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:37:43.0046 0x0ed4  AsyncMac - ok
07:37:43.0093 0x0ed4  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
07:37:43.0093 0x0ed4  atapi - ok
07:37:43.0109 0x0ed4  Atdisk - ok
07:37:43.0312 0x0ed4  [ D24907C31A3004A560385E5048C72DD7, 6C6CF2446FCB6248A75D18040D12C7BC3811B3E9FB13A01C6188CCF851A0CF5B ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
07:37:43.0421 0x0ed4  Ati HotKey Poller - ok
07:37:43.0609 0x0ed4  [ B3AA0BCC7E0F2931AD9A2947D8E3EB1C, 17EB053BDBB443833AE4A591102F9662A4F2D2A5E254A107700C537D6B8BC170 ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
07:37:43.0765 0x0ed4  ATI Smart - ok
07:37:44.0109 0x0ed4  [ 3729639E9DD14FACF8B927240C5236DE, 27B5039710C697ED417DB3E8E00E4E1F59D9B515B9BD4AF46CB3F025E082BCBA ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:37:44.0390 0x0ed4  ati2mtag - ok
07:37:44.0437 0x0ed4  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:37:44.0468 0x0ed4  Atmarpc - ok
07:37:44.0531 0x0ed4  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
07:37:44.0546 0x0ed4  AudioSrv - ok
07:37:44.0593 0x0ed4  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
07:37:44.0593 0x0ed4  audstub - ok
07:37:44.0843 0x0ed4  [ 68B86DD9D455A6A8DE6D13C84FB5CE31, ED02BCEE2874F2E1B32CB0F6E44712BEDF80ABC3E8F233D258D485CCE2714C17 ] BackupService   C:\Documents and Settings\Jay Goldbaum\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
07:37:44.0875 0x0ed4  BackupService - ok
07:37:44.0937 0x0ed4  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
07:37:44.0937 0x0ed4  Beep - ok
07:37:45.0453 0x0ed4  [ 22C49DE7297AE80F27F2E4A00F3D7C94, 158E14C8E5FE9EB6AD20AD6EADB9048984C41C96D17701B39EC740C8B6AFB96B ] BHDrvx86        C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131022.001\BHDrvx86.sys
07:37:45.0828 0x0ed4  BHDrvx86 - ok
07:37:46.0015 0x0ed4  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
07:37:46.0140 0x0ed4  BITS - ok
07:37:46.0375 0x0ed4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:37:46.0500 0x0ed4  Bonjour Service - ok
07:37:46.0562 0x0ed4  [ 4BA311473E0D8557827E6F2FE33A8095, 5F4842802B6043119DD6C4D949559515B5FBD0B75A79FA56A8C4C70626050470 ] brfilt          C:\WINDOWS\system32\Drivers\Brfilt.sys
07:37:46.0562 0x0ed4  brfilt - ok
07:37:46.0640 0x0ed4  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
07:37:46.0671 0x0ed4  Browser - ok
07:37:46.0703 0x0ed4  [ 8E06CD96E00472C03770A697D04031C0, A3EBACBF6300C5C888303FE336D92C318BA17312B3B99DC0DB047F443089F413 ] BrSerWDM        C:\WINDOWS\system32\Drivers\BrSerWdm.sys
07:37:46.0718 0x0ed4  BrSerWDM - ok
07:37:46.0796 0x0ed4  [ 37E2D0B12DDF536CD64AF6EB3B580EF8, E100B68CA6815809BE96EECC449A0D641A5EBEA1F22A1A7E9880C28495717B49 ] BrUsbMdm        C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
07:37:46.0796 0x0ed4  BrUsbMdm - ok
07:37:46.0812 0x0ed4  [ 1C5F014048E5B2748C1A8AD297C50B6F, 8339692D56C01A9BBC816A8CE0A6644D3F04F997168CF3990D7FB07AD3C1E748 ] BrUsbScn        C:\WINDOWS\system32\Drivers\BrUsbScn.sys
07:37:46.0828 0x0ed4  BrUsbScn - ok
07:37:46.0875 0x0ed4  [ C915A416F265149471D74E0815C928B2, 7BD858209D007FE9DAB8E73AE01AE7B9A14408FA6C122B2069B9BEFB22C800EC ] bvrp_pci        C:\WINDOWS\System32\drivers\bvrp_pci.sys
07:37:46.0890 0x0ed4  bvrp_pci - ok
07:37:47.0015 0x0ed4  catchme - ok
07:37:47.0078 0x0ed4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
07:37:47.0078 0x0ed4  cbidf2k - ok
07:37:47.0218 0x0ed4  [ 56C2811FD0D7B727808A69407B5BFAE0, 5F84A29A9E6D8F566F95399F3B41A82DD128EA69678BBBCF75AD914DE70D9A74 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1501000.012\ccSetx86.sys
07:37:47.0265 0x0ed4  ccSet_N360 - ok
07:37:47.0281 0x0ed4  cd20xrnt - ok
07:37:47.0343 0x0ed4  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
07:37:47.0343 0x0ed4  Cdaudio - ok
07:37:47.0421 0x0ed4  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
07:37:47.0421 0x0ed4  Cdfs - ok
07:37:47.0515 0x0ed4  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:37:47.0531 0x0ed4  Cdrom - ok
07:37:47.0546 0x0ed4  Changer - ok
07:37:47.0593 0x0ed4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
07:37:47.0593 0x0ed4  CiSvc - ok
07:37:47.0625 0x0ed4  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
07:37:47.0625 0x0ed4  ClipSrv - ok
07:37:47.0734 0x0ed4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:37:47.0984 0x0ed4  clr_optimization_v2.0.50727_32 - ok
07:37:48.0093 0x0ed4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:37:48.0265 0x0ed4  clr_optimization_v4.0.30319_32 - ok
07:37:48.0281 0x0ed4  CmdIde - ok
07:37:48.0343 0x0ed4  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:37:48.0343 0x0ed4  Compbatt - ok
07:37:48.0359 0x0ed4  COMSysApp - ok
07:37:48.0375 0x0ed4  Cpqarray - ok
07:37:48.0437 0x0ed4  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
07:37:48.0468 0x0ed4  CryptSvc - ok
07:37:48.0468 0x0ed4  dac2w2k - ok
07:37:48.0484 0x0ed4  dac960nt - ok
07:37:48.0656 0x0ed4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
07:37:48.0671 0x0ed4  DcomLaunch - ok
07:37:48.0765 0x0ed4  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
07:37:48.0796 0x0ed4  Dhcp - ok
07:37:48.0859 0x0ed4  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
07:37:48.0859 0x0ed4  Disk - ok
07:37:48.0875 0x0ed4  dmadmin - ok
07:37:49.0156 0x0ed4  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
07:37:49.0406 0x0ed4  dmboot - ok
07:37:49.0500 0x0ed4  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
07:37:49.0546 0x0ed4  dmio - ok
07:37:49.0578 0x0ed4  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
07:37:49.0578 0x0ed4  dmload - ok
07:37:49.0640 0x0ed4  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
07:37:49.0640 0x0ed4  dmserver - ok
07:37:49.0687 0x0ed4  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
07:37:49.0703 0x0ed4  DMusic - ok
07:37:49.0828 0x0ed4  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
07:37:49.0875 0x0ed4  Dnscache - ok
07:37:49.0984 0x0ed4  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
07:37:50.0000 0x0ed4  Dot3svc - ok
07:37:50.0015 0x0ed4  dpti2o - ok
07:37:50.0062 0x0ed4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
07:37:50.0062 0x0ed4  drmkaud - ok
07:37:50.0171 0x0ed4  [ 98B46B331404A951CABAD8B4877E1276, DC683271BFF3BCC40D656E8190A4BA25E76B5876FE3C22C66ED789068C7017A7 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:37:50.0218 0x0ed4  E100B - ok
07:37:50.0281 0x0ed4  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
07:37:50.0281 0x0ed4  EapHost - ok
07:37:50.0437 0x0ed4  [ E1E3804F7C59EA3E14637C2A763F65E2, DE230937450EA73819B207BA513D7C2830EC981B77B3AD2FADF2A2A828BAF412 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:37:50.0562 0x0ed4  eeCtrl - ok
07:37:50.0625 0x0ed4  [ 6D84DFC3B5C5052881BF50470D0C03D1, 5609B71BED7DC906EA163949980D98AEFE9E197EC9AA571B1A3CF960D95FC329 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:37:50.0671 0x0ed4  EraserUtilRebootDrv - ok
07:37:50.0718 0x0ed4  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
07:37:50.0718 0x0ed4  ERSvc - ok
07:37:50.0828 0x0ed4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
07:37:50.0859 0x0ed4  Eventlog - ok
07:37:51.0000 0x0ed4  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
07:37:51.0093 0x0ed4  EventSystem - ok
07:37:51.0171 0x0ed4  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
07:37:51.0203 0x0ed4  Fastfat - ok
07:37:51.0296 0x0ed4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:37:51.0343 0x0ed4  FastUserSwitchingCompatibility - ok
07:37:51.0359 0x0ed4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
07:37:51.0375 0x0ed4  Fdc - ok
07:37:51.0437 0x0ed4  FingerPrint - ok
07:37:51.0453 0x0ed4  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
07:37:51.0468 0x0ed4  Fips - ok
07:37:51.0531 0x0ed4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:37:51.0546 0x0ed4  Flpydisk - ok
07:37:51.0640 0x0ed4  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
07:37:51.0656 0x0ed4  FltMgr - ok
07:37:51.0781 0x0ed4  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:37:51.0796 0x0ed4  FontCache3.0.0.0 - ok
07:37:51.0843 0x0ed4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:37:51.0843 0x0ed4  Fs_Rec - ok
07:37:51.0921 0x0ed4  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:37:51.0953 0x0ed4  Ftdisk - ok
07:37:52.0000 0x0ed4  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:37:52.0015 0x0ed4  GEARAspiWDM - ok
07:37:52.0125 0x0ed4  [ FBBB5FB8931BDA2F921A19147582CFCC, 613C3F40B295B9AAEE09612F98841D2475D317FBA6F7C898D71327419CD67B63 ] GoToAssist      C:\Program Files\Citrix\GoToAssist\759\g2aservice.exe
07:37:52.0125 0x0ed4  GoToAssist - ok
07:37:52.0187 0x0ed4  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:37:52.0203 0x0ed4  Gpc - ok
07:37:52.0265 0x0ed4  [ 39272946CC027EE9717166876F913F51, AB22A43D69C0E07104F21094852E4D6C4920D5A2B04A032778924969B5DAE45B ] GT680xNT        C:\WINDOWS\system32\drivers\gt680x.sys
07:37:52.0265 0x0ed4  GT680xNT - ok
07:37:52.0421 0x0ed4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
07:37:52.0468 0x0ed4  gupdate - ok
07:37:52.0531 0x0ed4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
07:37:52.0531 0x0ed4  gupdatem - ok
07:37:52.0656 0x0ed4  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:37:52.0718 0x0ed4  gusvc - ok
07:37:52.0843 0x0ed4  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:37:52.0859 0x0ed4  helpsvc - ok
07:37:52.0859 0x0ed4  HidServ - ok
07:37:52.0906 0x0ed4  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:37:52.0921 0x0ed4  hidusb - ok
07:37:52.0984 0x0ed4  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
07:37:52.0984 0x0ed4  hkmsvc - ok
07:37:52.0984 0x0ed4  hpn - ok
07:37:53.0109 0x0ed4  [ 5380253D2751F2B5D95941C09E7E42AC, E9A32BEC7230312ABFCD60333FC70714CC294B741BEC7FFD397EEB1C77E7CB3D ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
07:37:53.0171 0x0ed4  HSFHWBS2 - ok
07:37:53.0515 0x0ed4  [ E9A4C20AB168BE8BD78486AFEBBA5836, BB71828D15BFDE8BF996F7B44E3594AF8835CADEEA37AA5086DC33B722879F08 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
07:37:53.0843 0x0ed4  HSF_DP - ok
07:37:53.0968 0x0ed4  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
07:37:54.0062 0x0ed4  HTTP - ok
07:37:54.0125 0x0ed4  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
07:37:54.0125 0x0ed4  HTTPFilter - ok
07:37:54.0140 0x0ed4  i2omgmt - ok
07:37:54.0140 0x0ed4  i2omp - ok
07:37:54.0218 0x0ed4  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:37:54.0234 0x0ed4  i8042prt - ok
07:37:54.0359 0x0ed4  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:37:54.0390 0x0ed4  IDriverT - ok
07:37:54.0750 0x0ed4  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:37:55.0031 0x0ed4  idsvc - ok
07:37:55.0203 0x0ed4  [ 5260C0F8FC9A3932EF8776262076ECA8, D67A494989B321AB56C837C05EE8C27F7114D64169DB811193134D77288E7B89 ] IDSxpx86        C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20131101.001\IDSxpx86.sys
07:37:55.0328 0x0ed4  IDSxpx86 - ok
07:37:55.0390 0x0ed4  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
07:37:55.0406 0x0ed4  Imapi - ok
07:37:55.0500 0x0ed4  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
07:37:55.0546 0x0ed4  ImapiService - ok
07:37:55.0562 0x0ed4  ini910u - ok
07:37:55.0578 0x0ed4  IntelIde - ok
07:37:55.0656 0x0ed4  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:37:55.0671 0x0ed4  intelppm - ok
07:37:55.0718 0x0ed4  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
07:37:55.0718 0x0ed4  ip6fw - ok
07:37:55.0796 0x0ed4  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:37:55.0796 0x0ed4  IpFilterDriver - ok
07:37:55.0828 0x0ed4  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:37:55.0828 0x0ed4  IpInIp - ok
07:37:55.0921 0x0ed4  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:37:55.0968 0x0ed4  IpNat - ok
07:37:56.0187 0x0ed4  [ B21735A057ED5C2811B45DFCE067F4CD, 69D99AB0E5DA580012B6FA634A2DE34A9080411A96C93B6B9A3DC31D4B30BAE3 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:37:56.0359 0x0ed4  iPod Service - ok
07:37:56.0406 0x0ed4  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:37:56.0437 0x0ed4  IPSec - ok
07:37:56.0484 0x0ed4  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
07:37:56.0484 0x0ed4  IRENUM - ok
07:37:56.0531 0x0ed4  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:37:56.0531 0x0ed4  isapnp - ok
07:37:56.0734 0x0ed4  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:37:56.0796 0x0ed4  JavaQuickStarterService - ok
07:37:56.0812 0x0ed4  jnprva - ok
07:37:56.0843 0x0ed4  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:37:56.0859 0x0ed4  Kbdclass - ok
07:37:56.0968 0x0ed4  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
07:37:57.0015 0x0ed4  kmixer - ok
07:37:57.0109 0x0ed4  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
07:37:57.0140 0x0ed4  KSecDD - ok
07:37:57.0218 0x0ed4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
07:37:57.0250 0x0ed4  lanmanserver - ok
07:37:57.0359 0x0ed4  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:37:57.0390 0x0ed4  lanmanworkstation - ok
07:37:57.0453 0x0ed4  [ C99BA72106A858CB8B521BB4C02C93ED, BE446C96005A30EC0FE8407A9055A4EB4C657280F3369C0541F7A62F52773059 ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
07:37:57.0453 0x0ed4  LBeepKE - ok
07:37:57.0484 0x0ed4  lbrtfdc - ok
07:37:57.0687 0x0ed4  [ 0F98B9384C37C8C29904B8AE4359A54F, 365DECB71467C18944D2557EC20F7FDAAD2D6D66DCF5B40B013BB219F783F0BD ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
07:37:57.0812 0x0ed4  LBTServ - ok
07:37:57.0875 0x0ed4  [ 318B3D608FBEC44B7E0C23BF759DCED5, D943C07D3D67545BF33FEEC5B351CE22E78A8D40453168D1C79178740C4A3976 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
07:37:57.0890 0x0ed4  LHidFilt - ok
07:37:57.0937 0x0ed4  [ 31B582394DA3290DFF300F10952E9A4D, 6600F365AB4DC77377B47343A5A3BA9398E0619E0C727F27E2CB90C9A05B26D8 ] LHidKe          C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
07:37:57.0937 0x0ed4  LHidKe - ok
07:37:57.0984 0x0ed4  [ CBD1C6BFF70E170CEC6E1502E7FCFEF6, 5C55CD15087EED865DCF912F7019B8BC1D71C7195C4E6522023D64BCEC4ECDB6 ] LHidUsbK        C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
07:37:58.0000 0x0ed4  LHidUsbK - ok
07:37:58.0046 0x0ed4  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
07:37:58.0046 0x0ed4  LmHosts - ok
07:37:58.0093 0x0ed4  LMIInfo - ok
07:37:58.0140 0x0ed4  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr         C:\WINDOWS\system32\DRIVERS\lmimirr.sys
07:37:58.0140 0x0ed4  lmimirr - ok
07:37:58.0156 0x0ed4  LMIRfsClientNP - ok
07:37:58.0187 0x0ed4  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver    C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
07:37:58.0203 0x0ed4  LMIRfsDriver - ok
07:37:58.0265 0x0ed4  [ 84AF069D219DF3C43DC6792B2BBD7BED, D36E35A9508E05AEA848E5E3ADF2AB1B91037F25634DE9811CCBB26A4004B298 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
07:37:58.0281 0x0ed4  LMouFilt - ok
07:37:58.0343 0x0ed4  [ 90A794D0A0BF3531C4BA1C0510449629, 736AACE0A5F152B4C7A547473FB20DF6758028B2AA427820FC2FD41F63D99787 ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
07:37:58.0375 0x0ed4  LMouKE - ok
07:37:58.0421 0x0ed4  [ 81642F134929946AB4B9572C4C17298C, ECD5923ED78D048446AB3E7EDA2AFE0A8F7AA2BF703A3DA77ECB96647895E07C ] LUsbFilt        C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
07:37:58.0437 0x0ed4  LUsbFilt - ok
07:37:58.0453 0x0ed4  [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:37:58.0453 0x0ed4  mdmxsdk - ok
07:37:58.0515 0x0ed4  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
07:37:58.0515 0x0ed4  Messenger - ok
07:37:58.0562 0x0ed4  [ A7DA20AB18A1BDAE28B0F349E57DA0D1, C668F419579ADDF37558241982B0334A93644E9C05919967C494FE9853E62D5B ] mf              C:\WINDOWS\system32\DRIVERS\mf.sys
07:37:58.0593 0x0ed4  mf - ok
07:37:58.0718 0x0ed4  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:37:58.0734 0x0ed4  Microsoft Office Groove Audit Service - ok
07:37:58.0812 0x0ed4  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
07:37:58.0812 0x0ed4  mnmdd - ok
07:37:58.0890 0x0ed4  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
07:37:58.0890 0x0ed4  mnmsrvc - ok
07:37:58.0953 0x0ed4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
07:37:58.0968 0x0ed4  Modem - ok
07:37:59.0031 0x0ed4  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:37:59.0031 0x0ed4  Mouclass - ok
07:37:59.0078 0x0ed4  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:37:59.0093 0x0ed4  mouhid - ok
07:37:59.0156 0x0ed4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
07:37:59.0156 0x0ed4  MountMgr - ok
07:37:59.0312 0x0ed4  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:37:59.0343 0x0ed4  MozillaMaintenance - ok
07:37:59.0359 0x0ed4  mraid35x - ok
07:37:59.0453 0x0ed4  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:37:59.0500 0x0ed4  MRxDAV - ok
07:37:59.0671 0x0ed4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:37:59.0843 0x0ed4  MRxSmb - ok
07:37:59.0875 0x0ed4  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
07:37:59.0890 0x0ed4  MSDTC - ok
07:37:59.0937 0x0ed4  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
07:37:59.0937 0x0ed4  Msfs - ok
07:37:59.0953 0x0ed4  MSIServer - ok
07:37:59.0984 0x0ed4  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:37:59.0984 0x0ed4  MSKSSRV - ok
07:38:00.0015 0x0ed4  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:38:00.0015 0x0ed4  MSPCLOCK - ok
07:38:00.0046 0x0ed4  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
07:38:00.0046 0x0ed4  MSPQM - ok
07:38:00.0093 0x0ed4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:38:00.0093 0x0ed4  mssmbios - ok
07:38:00.0187 0x0ed4  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
07:38:00.0218 0x0ed4  Mup - ok
07:38:00.0265 0x0ed4  [ 799A99D21E72023EE5ADB28AE424EFC8, 47923EFE598262CB9BAD31F747903313221114E0B941E17D2FBC0355018F4B5B ] MXOFX           C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
07:38:00.0281 0x0ed4  MXOFX - ok
07:38:00.0625 0x0ed4  [ 832303953D7BB2AE7F09BF5F7131C23E, 51EE9D7C3FA4D2AF5F6C8925075A66AE44802D9651F0279169366AC8C03E48C4 ] N360            C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
07:38:00.0750 0x0ed4  N360 - ok
07:38:00.0890 0x0ed4  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
07:38:00.0968 0x0ed4  napagent - ok
07:38:01.0125 0x0ed4  [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG          C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131102.007\NAVENG.SYS
07:38:01.0156 0x0ed4  NAVENG - ok
07:38:01.0734 0x0ed4  [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15         C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131102.007\NAVEX15.SYS
07:38:02.0296 0x0ed4  NAVEX15 - ok
07:38:02.0390 0x0ed4  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
07:38:02.0437 0x0ed4  NDIS - ok
07:38:02.0500 0x0ed4  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:38:02.0515 0x0ed4  NdisTapi - ok
07:38:02.0562 0x0ed4  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:38:02.0562 0x0ed4  Ndisuio - ok
07:38:02.0640 0x0ed4  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:38:02.0671 0x0ed4  NdisWan - ok
07:38:02.0734 0x0ed4  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
07:38:02.0750 0x0ed4  NDProxy - ok
07:38:02.0812 0x0ed4  [ 0DBA7DE0EDDD49C6214C1A404C092533, F1BE0986A7BFDA08A55D533A3A10518E7E99A0200BC6F424987B5FB09F8C06EE ] NEOFLTR_7114_23943 C:\WINDOWS\system32\Drivers\NEOFLTR_7114_23943.SYS
07:38:02.0859 0x0ed4  NEOFLTR_7114_23943 - ok
07:38:02.0890 0x0ed4  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
07:38:02.0890 0x0ed4  NetBIOS - ok
07:38:03.0000 0x0ed4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
07:38:03.0062 0x0ed4  NetBT - ok
07:38:03.0125 0x0ed4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
07:38:03.0140 0x0ed4  NetDDE - ok
07:38:03.0187 0x0ed4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
07:38:03.0187 0x0ed4  NetDDEdsdm - ok
07:38:03.0265 0x0ed4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
07:38:03.0265 0x0ed4  Netlogon - ok
07:38:03.0359 0x0ed4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
07:38:03.0421 0x0ed4  Netman - ok
07:38:03.0546 0x0ed4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:38:03.0671 0x0ed4  NetTcpPortSharing - ok
07:38:03.0765 0x0ed4  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
07:38:03.0859 0x0ed4  Nla - ok
07:38:03.0937 0x0ed4  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
07:38:03.0937 0x0ed4  Npfs - ok
07:38:04.0140 0x0ed4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
07:38:04.0328 0x0ed4  Ntfs - ok
07:38:04.0375 0x0ed4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
07:38:04.0375 0x0ed4  NtLmSsp - ok
07:38:04.0546 0x0ed4  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
07:38:04.0671 0x0ed4  NtmsSvc - ok
07:38:04.0703 0x0ed4  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
07:38:04.0718 0x0ed4  Null - ok
07:38:04.0765 0x0ed4  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:38:04.0765 0x0ed4  NwlnkFlt - ok
07:38:04.0796 0x0ed4  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:38:04.0812 0x0ed4  NwlnkFwd - ok
07:38:05.0078 0x0ed4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:38:05.0234 0x0ed4  odserv - ok
07:38:05.0296 0x0ed4  [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI            C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
07:38:05.0312 0x0ed4  OMCI - ok
07:38:05.0406 0x0ed4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:38:05.0453 0x0ed4  ose - ok
07:38:05.0515 0x0ed4  [ DC450992EBA6F914080C1F7FBEEED72C, A7B9CB59E10EB7C973E53BB70A8FE2CDD25FCC3CC499A0D311449F861223A447 ] PalmUSBD        C:\WINDOWS\system32\drivers\PalmUSBD.sys
07:38:05.0531 0x0ed4  PalmUSBD - ok
07:38:05.0593 0x0ed4  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
07:38:05.0625 0x0ed4  Parport - ok
07:38:05.0640 0x0ed4  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
07:38:05.0640 0x0ed4  PartMgr - ok
07:38:05.0703 0x0ed4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
07:38:05.0703 0x0ed4  ParVdm - ok
07:38:05.0734 0x0ed4  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
07:38:05.0734 0x0ed4  PCI - ok
07:38:05.0750 0x0ed4  PCIDump - ok
07:38:05.0781 0x0ed4  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
07:38:05.0781 0x0ed4  PCIIde - ok
07:38:05.0859 0x0ed4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
07:38:05.0906 0x0ed4  Pcmcia - ok
07:38:05.0921 0x0ed4  PDCOMP - ok
07:38:05.0921 0x0ed4  PDFRAME - ok
07:38:05.0937 0x0ed4  PDRELI - ok
07:38:05.0953 0x0ed4  PDRFRAME - ok
07:38:05.0968 0x0ed4  perc2 - ok
07:38:05.0968 0x0ed4  perc2hib - ok
07:38:06.0046 0x0ed4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
07:38:06.0046 0x0ed4  PlugPlay - ok
07:38:06.0078 0x0ed4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
07:38:06.0078 0x0ed4  PolicyAgent - ok
07:38:06.0140 0x0ed4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:38:06.0156 0x0ed4  PptpMiniport - ok
07:38:06.0187 0x0ed4  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
07:38:06.0203 0x0ed4  Processor - ok
07:38:06.0218 0x0ed4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:38:06.0218 0x0ed4  ProtectedStorage - ok
07:38:06.0250 0x0ed4  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
07:38:06.0281 0x0ed4  PSched - ok
07:38:06.0343 0x0ed4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:38:06.0343 0x0ed4  Ptilink - ok
07:38:06.0406 0x0ed4  [ 03E0FE281823BA64B3782F5B38950E73, D47E5536AD28D02B7D784846CFB2F4FD96187BFD64FC07BACDE9DC7B75D1D2E2 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:38:06.0406 0x0ed4  PxHelp20 - ok
07:38:06.0421 0x0ed4  ql1080 - ok
07:38:06.0437 0x0ed4  Ql10wnt - ok
07:38:06.0437 0x0ed4  ql12160 - ok
07:38:06.0453 0x0ed4  ql1240 - ok
07:38:06.0468 0x0ed4  ql1280 - ok
07:38:06.0484 0x0ed4  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:38:06.0484 0x0ed4  RasAcd - ok
07:38:06.0562 0x0ed4  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
07:38:06.0562 0x0ed4  RasAuto - ok
07:38:06.0609 0x0ed4  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:38:06.0625 0x0ed4  Rasl2tp - ok
07:38:06.0750 0x0ed4  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
07:38:06.0796 0x0ed4  RasMan - ok
07:38:06.0968 0x0ed4  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:38:06.0984 0x0ed4  RasPppoe - ok
07:38:07.0031 0x0ed4  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
07:38:07.0031 0x0ed4  Raspti - ok
07:38:07.0156 0x0ed4  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:38:07.0187 0x0ed4  Rdbss - ok
07:38:07.0234 0x0ed4  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:38:07.0234 0x0ed4  RDPCDD - ok
07:38:07.0343 0x0ed4  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
07:38:07.0375 0x0ed4  RDPWD - ok
07:38:07.0468 0x0ed4  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
07:38:07.0484 0x0ed4  RDSessMgr - ok
07:38:07.0562 0x0ed4  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
07:38:07.0593 0x0ed4  redbook - ok
07:38:07.0687 0x0ed4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
07:38:07.0687 0x0ed4  RemoteAccess - ok
07:38:07.0703 0x0ed4  RimUsb - ok
07:38:07.0750 0x0ed4  [ 3A5633AD615E2B15291BD0B1B97CCD8A, 17E6FE788E8FBC6CB84B68F49FAFB4F63398EA97D89AACF677B338464B68E2AD ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
07:38:07.0765 0x0ed4  RimVSerPort - ok
07:38:07.0828 0x0ed4  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
07:38:07.0828 0x0ed4  ROOTMODEM - ok
07:38:08.0031 0x0ed4  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
07:38:08.0046 0x0ed4  RpcLocator - ok
07:38:08.0203 0x0ed4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
07:38:08.0218 0x0ed4  RpcSs - ok
07:38:08.0328 0x0ed4  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
07:38:08.0343 0x0ed4  RSVP - ok
07:38:08.0578 0x0ed4  [ B1DB1E76D94788B48D9C579F4439C71D, 066DCE4F6D69F73F2EAEF33E2D9CCC85C962B3B8E0DB27B17280F441E0582B2C ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
07:38:08.0796 0x0ed4  RTL8192su - ok
07:38:08.0843 0x0ed4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
07:38:08.0843 0x0ed4  SamSs - ok
07:38:09.0062 0x0ed4  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
07:38:09.0062 0x0ed4  SCardSvr - ok
07:38:09.0187 0x0ed4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
07:38:09.0281 0x0ed4  Schedule - ok
07:38:09.0328 0x0ed4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:38:09.0343 0x0ed4  Secdrv - ok
07:38:09.0390 0x0ed4  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
07:38:09.0390 0x0ed4  seclogon - ok
07:38:09.0437 0x0ed4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
07:38:09.0453 0x0ed4  SENS - ok
07:38:09.0515 0x0ed4  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
07:38:09.0531 0x0ed4  serenum - ok
07:38:09.0593 0x0ed4  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
07:38:09.0609 0x0ed4  Serial - ok
07:38:09.0656 0x0ed4  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
07:38:09.0671 0x0ed4  Sfloppy - ok
07:38:09.0828 0x0ed4  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
07:38:10.0062 0x0ed4  SharedAccess - ok
07:38:10.0140 0x0ed4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:38:10.0140 0x0ed4  ShellHWDetection - ok
07:38:10.0156 0x0ed4  Simbad - ok
07:38:10.0390 0x0ed4  [ 39F9595D2F6F7EB93F45A466789A6F49, 57BF163924D9EA1CC109ABA49899E04D478D9A85195A1161F9611C07A8F58D4D ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
07:38:10.0593 0x0ed4  smwdm - ok
07:38:10.0609 0x0ed4  Sparrow - ok
07:38:10.0687 0x0ed4  [ DC7F26E519331D074E6D3D8A90595364, 4DB650046BB439101F48224E21F69CB10DD441EDA25E1A1895496C5FF1F88C6D ] spkrmon         C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
07:38:10.0703 0x0ed4  spkrmon - ok
07:38:10.0765 0x0ed4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
07:38:10.0765 0x0ed4  splitter - ok
07:38:10.0843 0x0ed4  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
07:38:10.0859 0x0ed4  Spooler - ok
07:38:11.0031 0x0ed4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
07:38:11.0031 0x0ed4  sr - ok
07:38:11.0156 0x0ed4  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
07:38:11.0203 0x0ed4  srservice - ok
07:38:11.0453 0x0ed4  [ 40714B1C586AF7E61BED7AE1D5113280, 383B555211E742359CCAECB14A5517E0DB5819043BE8D8B7F2FD4AE4500093E2 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1501000.012\SRTSP.SYS
07:38:11.0687 0x0ed4  SRTSP - ok
07:38:11.0718 0x0ed4  [ 1B6D68043F488F70E889276E1585B7AA, 574925053F0EB2DED6DA03D0720A8E1588590948DFF1E2C6DE84EA5B6856E3DB ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1501000.012\SRTSPX.SYS
07:38:11.0734 0x0ed4  SRTSPX - ok
07:38:11.0875 0x0ed4  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
07:38:12.0125 0x0ed4  Srv - ok
07:38:12.0203 0x0ed4  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
07:38:12.0218 0x0ed4  SSDPSRV - ok
07:38:12.0406 0x0ed4  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
07:38:12.0546 0x0ed4  stisvc - ok
07:38:12.0640 0x0ed4  [ 7489520E98A119B5A9A00857F4F87D16, 818E070C16A85DD641A865CF439FF862A0D05B1E18B2329C24E8983074E0354E ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
07:38:12.0671 0x0ed4  stllssvr - ok
07:38:12.0734 0x0ed4  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
07:38:12.0734 0x0ed4  swenum - ok
07:38:12.0796 0x0ed4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
07:38:12.0812 0x0ed4  swmidi - ok
07:38:12.0828 0x0ed4  SwPrv - ok
07:38:12.0843 0x0ed4  symc810 - ok
07:38:12.0843 0x0ed4  symc8xx - ok
07:38:13.0125 0x0ed4  [ 4C3DEF736D3857570166DE5C858600F5, 45613D3F1935AFDDB1DFE3A427222A0B38430ABF15F9110A35E7C55CDADF1D43 ] SymDS           C:\WINDOWS\system32\drivers\N360\1501000.012\SYMDS.SYS
07:38:13.0265 0x0ed4  SymDS - ok
07:38:13.0593 0x0ed4  [ 68762EF9ED8A8D4A07112B3E3590EA29, 1D07F12351F5CC0D296841D7084159BB547CB76209F10E7117E851750B66497A ] SymEFA          C:\WINDOWS\system32\drivers\N360\1501000.012\SYMEFA.SYS
07:38:14.0015 0x0ed4  SymEFA - ok
07:38:14.0125 0x0ed4  [ E987A9CB539147527F56943BB34B7375, 4627C3E237549587B53CBD0D89AC2CEFF03C04F7624E2868936BCE5D70496AFD ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
07:38:14.0171 0x0ed4  SymEvent - ok
07:38:14.0375 0x0ed4  [ E3A3CA230C7547364BB3D9DA0C301A36, 8F173DE08BAF81A7BE7F2D306DC595D60E6537D95AFE32A39E521E43C35AB629 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1501000.012\Ironx86.SYS
07:38:14.0437 0x0ed4  SymIRON - ok
07:38:14.0609 0x0ed4  [ C26DD7EFDC48B426ED6AC1665202779F, B1F3027551F9F14F5225D035085B437DD3B6B46AC5749B0FED75206C41CCF98F ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1501000.012\SYMTDI.SYS
07:38:14.0781 0x0ed4  SYMTDI - ok
07:38:14.0796 0x0ed4  sym_hi - ok
07:38:14.0812 0x0ed4  sym_u3 - ok
07:38:14.0859 0x0ed4  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
07:38:14.0875 0x0ed4  sysaudio - ok
07:38:15.0015 0x0ed4  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
07:38:15.0015 0x0ed4  SysmonLog - ok
07:38:15.0125 0x0ed4  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
07:38:15.0218 0x0ed4  TapiSrv - ok
07:38:15.0390 0x0ed4  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:38:15.0531 0x0ed4  Tcpip - ok
07:38:15.0562 0x0ed4  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
07:38:15.0578 0x0ed4  TDPIPE - ok
07:38:15.0640 0x0ed4  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
07:38:15.0640 0x0ed4  TDTCP - ok
07:38:15.0703 0x0ed4  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
07:38:15.0718 0x0ed4  TermDD - ok
07:38:15.0875 0x0ed4  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
07:38:15.0953 0x0ed4  TermService - ok
07:38:16.0062 0x0ed4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
07:38:16.0078 0x0ed4  Themes - ok
07:38:16.0093 0x0ed4  TosIde - ok
07:38:16.0156 0x0ed4  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
07:38:16.0187 0x0ed4  TrkWks - ok
07:38:16.0250 0x0ed4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
07:38:16.0265 0x0ed4  Udfs - ok
07:38:16.0265 0x0ed4  ultra - ok
07:38:16.0359 0x0ed4  [ BB879DCFD22926EFBEB3298129898CBB, 2A24E6CD5D6E0CEA3082C0699A2371084CC1268B31BC714098EA0D0C11B3AFAC ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
07:38:16.0359 0x0ed4  UnlockerDriver5 - ok
07:38:16.0531 0x0ed4  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
07:38:16.0687 0x0ed4  Update - ok
07:38:16.0796 0x0ed4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
07:38:16.0843 0x0ed4  upnphost - ok
07:38:16.0875 0x0ed4  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
07:38:16.0875 0x0ed4  UPS - ok
07:38:16.0921 0x0ed4  [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
07:38:16.0937 0x0ed4  USBAAPL - ok
07:38:17.0000 0x0ed4  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:38:17.0015 0x0ed4  usbccgp - ok
07:38:17.0062 0x0ed4  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:38:17.0078 0x0ed4  usbehci - ok
07:38:17.0140 0x0ed4  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:38:17.0156 0x0ed4  usbhub - ok
07:38:17.0187 0x0ed4  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:38:17.0187 0x0ed4  usbprint - ok
07:38:17.0250 0x0ed4  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:38:17.0250 0x0ed4  usbscan - ok
07:38:17.0312 0x0ed4  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:38:17.0312 0x0ed4  USBSTOR - ok
07:38:17.0375 0x0ed4  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:38:17.0375 0x0ed4  usbuhci - ok
07:38:17.0406 0x0ed4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
07:38:17.0421 0x0ed4  VgaSave - ok
07:38:17.0421 0x0ed4  ViaIde - ok
07:38:17.0500 0x0ed4  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
07:38:17.0500 0x0ed4  VolSnap - ok
07:38:17.0656 0x0ed4  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
07:38:17.0734 0x0ed4  VSS - ok
07:38:17.0828 0x0ed4  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
07:38:17.0828 0x0ed4  W32Time - ok
07:38:17.0859 0x0ed4  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:38:17.0875 0x0ed4  Wanarp - ok
07:38:18.0109 0x0ed4  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
07:38:18.0265 0x0ed4  Wdf01000 - ok
07:38:18.0281 0x0ed4  WDICA - ok
07:38:18.0328 0x0ed4  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
07:38:18.0359 0x0ed4  wdmaud - ok
07:38:18.0437 0x0ed4  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
07:38:18.0468 0x0ed4  WebClient - ok
07:38:18.0703 0x0ed4  [ 2E5BC3DDF1C44C84C3093E1148A0354E, 64AE778556C26C737CA1A2C4F198EF568E6A5D10667BC1474E972DDCF4403851 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:38:18.0906 0x0ed4  winachsf - ok
07:38:19.0109 0x0ed4  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
07:38:19.0156 0x0ed4  winmgmt - ok
07:38:19.0250 0x0ed4  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
07:38:19.0250 0x0ed4  WmdmPmSN - ok
07:38:19.0359 0x0ed4  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
07:38:19.0406 0x0ed4  WmiApSrv - ok
07:38:19.0781 0x0ed4  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
07:38:20.0078 0x0ed4  WMPNetworkSvc - ok
07:38:20.0421 0x0ed4  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:38:20.0718 0x0ed4  WPFFontCache_v0400 - ok
07:38:20.0765 0x0ed4  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:38:20.0765 0x0ed4  WS2IFSL - ok
07:38:20.0843 0x0ed4  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
07:38:20.0875 0x0ed4  wscsvc - ok
07:38:20.0890 0x0ed4  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
07:38:20.0890 0x0ed4  wuauserv - ok
07:38:20.0953 0x0ed4  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:38:20.0984 0x0ed4  WudfPf - ok
07:38:21.0046 0x0ed4  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
07:38:21.0046 0x0ed4  WudfSvc - ok
07:38:21.0265 0x0ed4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
07:38:21.0437 0x0ed4  WZCSVC - ok
07:38:21.0531 0x0ed4  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
07:38:21.0546 0x0ed4  xmlprov - ok
07:38:21.0562 0x0ed4  ================ Scan global ===============================
07:38:21.0625 0x0ed4  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
07:38:21.0796 0x0ed4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:38:22.0062 0x0ed4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:38:22.0140 0x0ed4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
07:38:22.0140 0x0ed4  [ Global ] - ok
07:38:22.0156 0x0ed4  ================ Scan MBR ==================================
07:38:22.0187 0x0ed4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:38:22.0546 0x0ed4  \Device\Harddisk0\DR0 - ok
07:38:26.0359 0x0ed4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
07:38:26.0359 0x0ed4  \Device\Harddisk1\DR3 - ok
07:38:26.0375 0x0ed4  ================ Scan VBR ==================================
07:38:26.0390 0x0ed4  [ F37F6C5039B0345E6938528B044B91EC ] \Device\Harddisk0\DR0\Partition1
07:38:26.0390 0x0ed4  \Device\Harddisk0\DR0\Partition1 - ok
07:38:26.0406 0x0ed4  [ DC4D5150EFDA1C42BAC5E70EE0D79B7E ] \Device\Harddisk1\DR3\Partition1
07:38:26.0406 0x0ed4  \Device\Harddisk1\DR3\Partition1 - ok
07:38:26.0406 0x0ed4  Waiting for KSN requests completion. In queue: 247
07:38:27.0406 0x0ed4  Waiting for KSN requests completion. In queue: 247
07:38:28.0437 0x0ed4  AV detected via SS1: Norton 360, 21.1.0.18, enabled, updated
07:38:28.0437 0x0ed4  FW detected via SS1: Norton 360, 21.1.0.18, enabled
07:38:30.0890 0x0ed4  ============================================================
07:38:30.0890 0x0ed4  Scan finished
07:38:30.0890 0x0ed4  ============================================================
07:38:30.0906 0x0d58  Detected object count: 0
07:38:30.0906 0x0d58  Actual detected object count: 0
 
 

OTL logfile created on: 11/3/2013 7:43:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jay Goldbaum\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.27% Memory free
3.35 Gb Paging File | 2.99 Gb Available in Paging File | 89.14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 4.02 Gb Free Space | 5.40% Space Free | Partition Type: NTFS
Drive E: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.11 Gb Total Space | 414.42 Gb Free Space | 89.10% Space Free | Partition Type: NTFS
 
Computer Name: OFFICE | User Name: Jay Goldbaum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/03 07:36:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Goldbaum\Desktop\OTL.exe
PRC - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.1.0.18\n360.exe
PRC - [2013/10/08 06:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/01 10:26:38 | 005,444,376 | ---- | M] (Collobos Software) -- C:\Program Files\FingerPrint\FingerPrint.exe
PRC - [2013/03/01 10:26:36 | 002,202,904 | ---- | M] (Collobos Software) -- C:\Program Files\FingerPrint\FingerPrintService.exe
PRC - [2012/01/24 15:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012/01/24 15:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012/01/24 15:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/18 00:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/11 03:21:11 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/11 03:05:35 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/10/11 03:04:56 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2013/10/11 03:04:52 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/08/15 02:54:20 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 02:53:55 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9c02362e677418460c52569019a266e4\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 02:53:55 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9c02362e677418460c52569019a266e4\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/15 02:53:53 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\b01bf82d99cca42b8140884fb833583d\System.Transactions.ni.dll
MOD - [2013/08/15 02:33:27 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 02:23:42 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
MOD - [2013/08/15 02:15:37 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/08/02 05:15:36 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/03/01 10:22:06 | 001,044,480 | ---- | M] () -- C:\Program Files\FingerPrint\libcups2.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2004/07/10 20:35:16 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/08 19:22:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/10/08 06:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/09/10 21:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/01 10:26:36 | 002,202,904 | ---- | M] (Collobos Software) [Auto | Running] -- C:\Program Files\FingerPrint\FingerPrintService.exe -- (FingerPrint)
SRV - [2012/09/10 12:16:31 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\759\g2aservice.exe -- (GoToAssist)
SRV - [2012/01/24 15:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012/01/24 15:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2011/03/31 18:50:15 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Documents and Settings\Jay Goldbaum\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2003/06/16 20:02:24 | 000,061,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\jnprva.sys -- (jnprva)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JAYGOL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/10/28 13:02:08 | 000,380,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20131101.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/10/22 18:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131022.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/10/13 13:14:52 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131102.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/10/13 13:14:52 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131102.007\NAVENG.SYS -- (NAVENG)
DRV - [2013/10/13 13:14:49 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/10/13 13:14:49 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/10/13 13:04:40 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 22:18:30 | 000,935,512 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\symefa.sys -- (SymEFA)
DRV - [2013/09/26 21:26:03 | 000,651,352 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:28:00 | 000,421,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\symtdi.sys -- (SYMTDI)
DRV - [2013/09/25 21:50:25 | 000,127,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/07/31 22:19:50 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\symds.sys -- (SymDS)
DRV - [2013/07/30 23:13:30 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\ironx86.sys -- (SymIRON)
DRV - [2013/07/30 22:44:44 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/02/18 07:38:20 | 000,087,144 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_7114_23943.SYS -- (NEOFLTR_7114_23943)
DRV - [2011/08/11 12:46:46 | 000,606,440 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2011/07/06 15:32:50 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 12:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/04/13 13:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/12/04 19:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005/05/20 17:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/05/20 17:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/05/20 17:01:00 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/07/10 20:37:02 | 000,747,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/29 12:12:00 | 000,017,376 | ---- | M] (         ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT)
DRV - [2003/08/28 18:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/07/02 10:26:20 | 000,202,368 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/07/02 10:25:24 | 000,631,680 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/07/02 10:24:16 | 001,063,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/14 18:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 15:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 15:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [1999/09/10 06:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1085031214-790525478-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-1085031214-790525478-839522115-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1085031214-790525478-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-790525478-839522115-1004\..\SearchScopes\{691CF8BD-A736-4BB4-98B7-E1FB2F4B7793}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-1085031214-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7BCE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B%7D:3.9
FF - prefs.js..extensions.enabledAddons: readability%40readability.com:2.4
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.3.2%20-%201
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.6
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Norton Safe Search"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/?fr=yfp-t-403"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\ [2013/11/03 03:22:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF [2013/10/13 13:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/17 18:17:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/30 18:15:53 | 000,000,000 | ---D | M]
 
[2010/12/15 21:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Extensions
[2013/08/06 18:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\extensions
[2012/08/30 06:15:35 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/06/25 12:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\extensions\nostmp
[2012/09/21 17:50:18 | 000,243,287 | ---- | M] () (No name found) -- C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\extensions\amznUWL2@amazon.com.xpi
[2013/08/06 18:45:09 | 000,260,810 | ---- | M] () (No name found) -- C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\extensions\readability@readability.com.xpi
[2013/02/10 09:58:36 | 000,328,332 | ---- | M] () (No name found) -- C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2012/06/21 17:45:42 | 000,002,562 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Application Data\Mozilla\Firefox\Profiles\mbh9wbgl.default\searchplugins\aol-search.xml
[2013/10/17 18:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/17 18:17:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/03 03:22:37 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\COFFPLGN
[2013/10/13 13:17:59 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF
[2011/01/27 16:36:29 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/01/27 16:36:16 | 000,171,832 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://my.yahoo.com/
CHR - Extension: Google Docs = C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/06/21 06:33:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
O4 - Startup: C:\Documents and Settings\Jay Goldbaum\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Jay Goldbaum\Application Data\HP SimpleSave Application\StartHelper.exe ()
O4 - Startup: C:\Documents and Settings\Jay Goldbaum\Start Menu\Programs\Startup\My Program.lnk = C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-790525478-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-790525478-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-790525478-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-790525478-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1085031214-790525478-839522115-1004\..Trusted Domains:   ([]msn in My Computer)
O15 - HKU\S-1-5-21-1085031214-790525478-839522115-1004\..Trusted Domains: schonfeld.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1085031214-790525478-839522115-1004\..Trusted Domains: schonfeld.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345034063980 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39C64DFF-05CB-47FB-A0D9-AD13D2F45233}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bw+0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\offline-8876480 {D1214E63-35D6-4210-894B-5B7BCF2D64A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\759\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\759\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/26 12:49:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 15:56:58 | 000,000,030 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/03 07:35:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay Goldbaum\Desktop\OTL.exe
[2013/11/02 11:13:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/10/30 18:11:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/30 18:01:34 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jay Goldbaum\Desktop\TDSSKiller.exe
[2013/10/30 17:59:27 | 001,033,335 | ---- | C] (Thisisu) -- C:\Documents and Settings\Jay Goldbaum\Desktop\JRT.exe
[2013/10/28 17:16:18 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/24 04:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/24 04:52:29 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/24 04:52:29 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/10/24 04:52:02 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/24 04:52:02 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/24 04:52:02 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/24 04:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/23 19:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/10/23 19:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/23 19:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/23 19:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/20 07:08:15 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Jay Goldbaum\Desktop\dds(1).com
[2013/10/17 20:28:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/10/13 13:04:40 | 000,142,936 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/10/13 13:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/10/13 13:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/10/13 13:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2013/10/13 13:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2013/10/13 08:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\NPE
[2013/10/12 08:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/10/11 17:57:24 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Jay Goldbaum\Desktop\NPE.exe
[2013/10/10 15:25:13 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/10 15:25:13 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/10 15:24:31 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/10 15:24:31 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/10 15:24:31 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/10 15:24:31 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/08 19:21:42 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/03 07:36:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Goldbaum\Desktop\OTL.exe
[2013/11/03 07:21:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/03 07:21:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/03 07:18:15 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/11/03 07:17:54 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2007.lnk
[2013/11/03 03:19:44 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/03 03:19:30 | 000,002,652 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2013/11/03 03:19:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/03 03:18:59 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/03 02:24:15 | 000,505,236 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/03 02:24:14 | 000,089,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/02 11:11:05 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jay Goldbaum\Desktop\TDSSKiller.exe
[2013/11/02 10:41:56 | 000,407,498 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\commoncore.pdf
[2013/10/31 14:21:50 | 000,017,830 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1501000.012\VT20131031.017
[2013/10/30 17:59:31 | 001,033,335 | ---- | M] (Thisisu) -- C:\Documents and Settings\Jay Goldbaum\Desktop\JRT.exe
[2013/10/30 17:58:02 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\adwcleaner.exe
[2013/10/30 13:20:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/24 19:01:46 | 001,995,201 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\ppo-1-benefits-booklet.pdf
[2013/10/23 19:41:38 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/20 07:08:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Jay Goldbaum\Desktop\dds(1).com
[2013/10/18 02:06:59 | 000,688,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1501000.012\Cat.DB
[2013/10/17 20:44:52 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/17 20:41:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/17 18:32:08 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2013/10/17 18:18:17 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/10/17 18:18:17 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/10/16 23:22:49 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2013/10/16 05:34:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/15 20:09:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/13 13:04:40 | 000,142,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/10/13 13:04:40 | 000,008,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/10/13 13:04:40 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/10/13 11:18:20 | 000,000,336 | RHS- | M] () -- C:\boot.ini
[2013/10/12 16:10:55 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\BitTorrent.lnk
[2013/10/12 08:23:50 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Leawo Video Converter.lnk
[2013/10/12 08:18:52 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\MPC-HC.lnk
[2013/10/12 08:17:53 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/10/12 08:02:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/10/12 07:57:11 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\Download App.lnk
[2013/10/11 20:41:33 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\Norton Installation Files.lnk
[2013/10/11 17:57:27 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Jay Goldbaum\Desktop\NPE.exe
[2013/10/11 04:25:25 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/10 17:19:50 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\Document.rtf
[2013/10/08 19:22:19 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/08 19:22:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/08 19:21:49 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/10/08 07:04:41 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1501000.012\isolate.ini
[2013/10/08 06:50:41 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/08 06:46:52 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/08 06:46:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/08 06:46:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/08 06:29:36 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
 
========== Files Created - No Company Name ==========
 
[2013/11/02 10:41:56 | 000,407,498 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\commoncore.pdf
[2013/10/30 17:57:54 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\adwcleaner.exe
[2013/10/24 19:01:42 | 001,995,201 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\ppo-1-benefits-booklet.pdf
[2013/10/23 19:41:37 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/20 06:51:43 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/13 13:04:40 | 000,008,194 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/10/13 13:04:40 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/10/13 13:04:16 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2013/10/12 08:23:44 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Leawo Video Converter.lnk
[2013/10/12 08:17:52 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/10/11 20:41:31 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\Norton Installation Files.lnk
[2013/10/10 17:26:28 | 000,344,156 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-790525478-839522115-1004-0.dat
[2013/10/10 17:26:11 | 000,271,346 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/10/10 17:19:48 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\Desktop\Document.rtf
[2013/08/21 18:41:31 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2013/04/29 19:16:17 | 000,061,304 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\g2mdlhlpx.exe
[2013/03/26 17:37:55 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/03/26 17:37:54 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/03/26 17:37:54 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/03/26 17:37:36 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/09/09 14:26:43 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
[2012/02/16 00:28:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/27 16:54:10 | 000,020,448 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\addresses2011a
[2011/11/27 16:50:23 | 000,019,784 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\addresses2011
[2011/10/11 12:59:19 | 013,338,112 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\PCPE_3.0.1.msi
[2011/05/12 13:44:09 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 13:39:00 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/05 15:11:50 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\fusioncache.dat
[2011/01/10 20:11:48 | 002,346,376 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\Backup Set A.rbc
[2009/10/31 13:13:48 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/30 18:29:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\CUSTOM.DICCUSTOM.DIC
[2009/07/26 14:11:45 | 000,006,506 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\addresses.csv
[2009/07/26 14:11:45 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\default.pls
[2004/02/22 23:08:41 | 006,918,144 | ---- | C] () -- C:\Documents and Settings\Jay Goldbaum\PCPE_3.0.msi
 
========== ZeroAccess Check ==========
 
[2009/08/01 20:47:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 03:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
 
 

OTL Extras logfile created on: 11/3/2013 7:43:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jay Goldbaum\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.27% Memory free
3.35 Gb Paging File | 2.99 Gb Available in Paging File | 89.14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 4.02 Gb Free Space | 5.40% Space Free | Partition Type: NTFS
Drive E: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.11 Gb Total Space | 414.42 Gb Free Space | 89.10% Space Free | Partition Type: NTFS
 
Computer Name: OFFICE | User Name: Jay Goldbaum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1085031214-790525478-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Documents and Settings\Jay Goldbaum\My Documents\Downloads\BitTorrent-7.5.exe" = C:\Documents and Settings\Jay Goldbaum\My Documents\Downloads\BitTorrent-7.5.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\FingerPrint\FingerPrintService.exe" = C:\Program Files\FingerPrint\FingerPrintService.exe:*:Enabled:FingerPrint Service -- (Collobos Software)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire
"C:\Documents and Settings\Jay Goldbaum\Application Data\BitTorrent\BitTorrent.exe" = C:\Documents and Settings\Jay Goldbaum\Application Data\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent Inc.)
"C:\Documents and Settings\Jay Goldbaum\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Jay Goldbaum\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe:*:Enabled:RTLDHCP -- (Realtek)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DA75811-6C2C-ABFA-7DBF-9B9EDAA005E3}" = ATI Catalyst Install Manager
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.0
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" = Leawo Video Converter version  6.0.0.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{42D65288-92F3-4AD6-892C-DFEE475F69A9}" = Citrix Receiver Updater
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4895FF85-5A1B-46E4-B1E4-B2E8ACB9DC75}" = calibre
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" =  Leawo AVI Converter version  4.0.0.0
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1" = FingerPrint 2.2.0.609
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F27717C9-F009-4E51-9F46-524556C1F5FD}" = iTunes
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Across Lite 2.0" = Across Lite 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AIM_7" = AIM 7
"ATI Display Driver" = ATI Display Driver
"Autoplay Repair" = Autoplay Repair 2.2.0
"BN_DesktopReader" = NOOK for PC
"Canon iP7200 series On-screen Manual" = Canon iP7200 series On-screen Manual
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Easy Outlook Express Repair_is1" = Easy Outlook Express Repair 1.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Everything" = Everything 1.2.1.371
"Free DVD ISO Maker (by minidvdsoft)_is1" = Free DVD ISO Maker version 1.2
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"Intelli-studio" = SAMSUNG Intelli-studio
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.8.0
"Logitech Unifying" = Logitech Unifying Software 2.10
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"mediainfolite_is1" = MediaInfo Lite 0.7.62
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MXOFX" = USB Storage Adapter FX (MXO)
"N360" = Norton 360
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"Photo Resize Magic" = Photo Resize Magic 1.1
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Adapters and Drivers
"sp6" = Logitech SetPoint 6.20
"Unlocker" = Unlocker 1.9.2
"Visioneer OneTouch 7300" = Visioneer OneTouch 7300
"VLC media player" = VLC media player 2.1.0
"vrq" = NortonVRQ
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1085031214-790525478-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"CNET TechTracker" = CNET TechTracker
"Download App" = Download App
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.5.0.1132
"Juniper Secure Meeting 6.5.0" = Juniper Networks Secure Meeting 6.5.0
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/25/2013 5:34:16 AM | Computer Name = OFFICE | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 30.0.1599.101, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 10/25/2013 10:36:02 PM | Computer Name = OFFICE | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 30.0.1599.101, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 11/1/2013 3:19:45 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053 
 
Error - 11/1/2013 3:19:45 AM | Computer Name = OFFICE | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10053 (An established connection was aborted
 by the software in your host machine.)
 
Error - 11/3/2013 1:47:01 AM | Computer Name = OFFICE | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 30.0.1599.101, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 10/28/2013 3:20:14 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 10/29/2013 3:20:03 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 10/30/2013 5:27:48 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 10/30/2013 7:19:09 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 10/31/2013 3:20:51 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 11/1/2013 3:19:50 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 11/2/2013 3:20:01 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 11/2/2013 12:19:10 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 11/3/2013 3:21:33 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 11/3/2013 4:19:34 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
 
< End of report >
 
 


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 03 November 2013 - 10:14 AM

No need to be sorry. It is usually a multi-step process to rid a computer of the nasties. Good first step in indentifying and now confirming we have deleted the rootkit. :thumbsup:

There is one non-malware issue of concern I would like to bring to your attention. You have very little hard drive space left and this is bound to result in performance issues. Very roughly speaking you need 15% or more free space for an operating system to function properly (that number can fluctuate depending on the size of the hard drive and operating system). Clearly 5.4% is troublesome so just be aware of potential diffiucuties.
 

Drive C: | 74.46 Gb Total Space | 4.02 Gb Free Space | 5.40% Space Free | Partition Type: NTFS


Please run this for me now.

===================================================

Run OTL Fix

--------------------
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\jnprva.sys -- (jnprva)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JAYGOL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1085031214-790525478-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-790525478-839522115-1004\..\SearchScopes\{691CF8BD-A736-4BB4-98B7-E1FB2F4B7793}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-1085031214-790525478-839522115-1004\..\SearchScopes\{6e748c7d-2523-4b09-a5b5-f237920a1628}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120621180456772&tb_oid=21-06-2012&tb_mrud=21-06-2012
O18 - Protocol\Handler\bw+0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {d1214e63-35d6-4210-894b-5b7bcf2d64a1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\offline-8876480 {D1214E63-35D6-4210-894B-5B7BCF2D64A1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
:Commands
[emptytemp]
[emptyjava]
[emptyflash]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • OTL log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 jjrob

jjrob
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 03 November 2013 - 04:37 PM

 Would disk cleanup and/or disk defrag help in system tools free up some space?

 

 All processes killed

========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service RimUsb stopped successfully!
Service RimUsb deleted successfully!
File System32\Drivers\RimUsb.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service LMIInfo stopped successfully!
Service LMIInfo deleted successfully!
File C:\Program Files\LogMeIn\x86\RaInfo.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service jnprva stopped successfully!
Service jnprva deleted successfully!
File system32\DRIVERS\jnprva.sys not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\JAYGOL~1\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-790525478-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-790525478-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{691CF8BD-A736-4BB4-98B7-E1FB2F4B7793}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{691CF8BD-A736-4BB4-98B7-E1FB2F4B7793}\ not found.
Registry key HKEY_USERS\S-1-5-21-1085031214-790525478-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6e748c7d-2523-4b09-a5b5-f237920a1628}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e748c7d-2523-4b09-a5b5-f237920a1628}\ not found.
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw+0\ deleted successfully.
Invalid CLSID key: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw+0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw-0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw00\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw00s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw-0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw10\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw10s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw20\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw20s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw30\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw30s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw40\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw40s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw50\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw50s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw60\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw60s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw70\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw70s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw80\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw80s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw90\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bw90s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwa0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwa0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwb0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwb0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwc0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwc0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwd0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwd0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwe0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwe0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwf0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwf0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwfile-8876480\ deleted successfully.
Invalid CLSID key: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwg0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwg0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwh0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwh0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwi0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwi0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwj0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwj0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwk0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwk0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwl0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwl0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwm0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwm0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwn0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwn0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwo0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwo0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwp0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwp0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwq0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwq0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwr0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwr0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bws0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bws0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwt0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwt0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwu0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwu0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwv0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwv0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bww0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bww0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwx0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwx0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwy0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwy0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwz0\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwz0s\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\offline-8876480\ deleted successfully.
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 623245 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Google Chrome cache emptied: 594288 bytes
 
User: All Users
 
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Jay Goldbaum
->Temp folder emptied: 15080058 bytes
->Temporary Internet Files folder emptied: 508306 bytes
->Java cache emptied: 1129809 bytes
->FireFox cache emptied: 64995906 bytes
->Google Chrome cache emptied: 272516928 bytes
->Flash cache emptied: 3479 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99085 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 121798840 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2669430714 bytes
 
Total Files Cleaned = 3,001.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: Jay Goldbaum
->Java cache emptied: 0 bytes
 
User: LocalService
->Java cache emptied: 0 bytes
 
User: NetworkService
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: Jay Goldbaum
->Flash cache emptied: 0 bytes
 
User: LocalService
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11032013_132150
 
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_39c.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 AM

Posted 03 November 2013 - 06:29 PM

Greetings,
 

Would disk cleanup and/or disk defrag help in system tools free up some space?

We just performed the equivalent of disk cleanup.  Unfortunately, defrag probably won't work because you may not have enough free space.  You can try it but you may get a pop up saying you do not have enough free space.
 
Let me know how you do with that.
 
What symptoms do you have?  Still no Administrator User Account showing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users